Marcus Updateinfo to OVAL Converter5.52025-01-29T13:24:46Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
Update to 90.0.4480.84
- DNA-101690 Cherry-pick fix for CVE-2022-3075 from chromium
Update to 90.0.4480.80
- DNA-99188 Tab Tooltip doesn't disappear
- DNA-100664 Shopping corner widget
- DNA-100843 Options to install and update VPN Pro app, when
it's not installed
- DNA-100901 Disappearing 'X' when closing tabs.
- DNA-101093 Changing News section is not working
- DNA-101246 Use long tail list for suggesting instead of
current Speed Dial Suggestions
- DNA-101278 PDF don't work on Opera with CN location
- DNA-101312 Allow changing logged in user with BrowserAPI
- DNA-101315 Can not connect to free VPN in private window
- DNA-101411 [Linux] Clicking VpnPopup Settings to
'vpnWithDisclaimer' leads to black popup
- DNA-101422 Crash at void content::NavigationControllerImpl::
NavigateToExistingPendingEntry(content::ReloadType, int, bool)
- DNA-101429 News loads for Global-EN language by default
- DNA-101482 Crash at ProfileKey::GetProtoDatabaseProvider()
- DNA-101485 Crash at base::SequencedTaskRunnerHandle::Get()
via extensions::OperaTouchPrivateGetImageFunction::PerformGetImage
- DNA-101524 [Mac] Tab should be highlighted again after
dismissing context menu
- DNA-101549 Crash at views::View::IsMouseHovered()
ImportantCVE-2022-3075 at SUSECVE-2022-3075 at NVDSecurity update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 99.0.4788.13
* CHR-9290 Update Chromium on desktop-stable-113-4788 to
113.0.5672.127
* DNA-107317 __delayLoadHelper2 crash in crashreporter
- The update to chromium 113.0.5672.127 fixes following issues:
CVE-2023-2721, CVE-2023-2722, CVE-2023-2723, CVE-2023-2724,
CVE-2023-2725, CVE-2023-2726
- Update to 99.0.4788.9
* CHR-9283 Update Chromium on desktop-stable-113-4788 to
113.0.5672.93
* DNA-107638 Translations for O99
* DNA-107678 Crash Report [@ BrowserContextKeyedServiceFactory::
BrowserContextKeyedServiceFactory(char const*,
BrowserContextDependencyManager*) ]
* DNA-107795 Fix wrong german translation of
'Close All Duplicate Tabs'
* DNA-107800 Fonts on section#folder and AddSitePanel not
readable when animated wallpaper chosen
* DNA-107840 Promote O99 to stable
- Update to 98.0.4759.39
* DNA-102363 ChromeFileSystemAccessPermissionContextTest.
ConfirmSensitiveEntryAccess_DangerousFile fails
* DNA-105534 [Add to Opera] Incorrect scroll on modal when
browser window size is too small
* DNA-106649 Opening new tab when pinned tab is active gives
2 active tabs
* DNA-107226 Speed Dial freezes and empty space remains after
Continue booking tile dragging
* DNA-107435 Building archive_source_release target fails
* DNA-107441 [Start page] Right mouse click on tile in continue
on section opens target site in current tab
* DNA-107508 Crash at permissions::PermissionRecoverySuccessRate
Tracker::TrackUsage(ContentSettingsType)
* DNA-107528 Handle real-time SD impression reporting
* DNA-107546 Context menus broken with one workspace
* DNA-107548 Paste from Context Menu doesn’t work for Search
on StartPage
* DNA-107560 Optimize real-time SD impression reporting
ImportantCVE-2022-3196 at SUSECVE-2022-3196 at NVDCVE-2022-3197 at SUSECVE-2022-3197 at NVDCVE-2022-3198 at SUSECVE-2022-3198 at NVDCVE-2022-3199 at SUSECVE-2022-3199 at NVDCVE-2022-3200 at SUSECVE-2022-3200 at NVDCVE-2022-3201 at SUSECVE-2022-3201 at NVDCVE-2022-3445 at SUSECVE-2022-3445 at NVDCVE-2022-3446 at SUSECVE-2022-3446 at NVDCVE-2022-3447 at SUSECVE-2022-3447 at NVDCVE-2022-3448 at SUSECVE-2022-3448 at NVDCVE-2022-3449 at SUSECVE-2022-3449 at NVDCVE-2022-3450 at SUSECVE-2022-3450 at NVDCVE-2022-3723 at SUSECVE-2022-3723 at NVDCVE-2022-3885 at SUSECVE-2022-3885 at NVDCVE-2022-3886 at SUSECVE-2022-3886 at NVDCVE-2022-3887 at SUSECVE-2022-3887 at NVDCVE-2022-3888 at SUSECVE-2022-3888 at NVDCVE-2022-3889 at SUSECVE-2022-3889 at NVDCVE-2022-4262 at SUSECVE-2022-4262 at NVDCVE-2022-4436 at SUSECVE-2022-4436 at NVDCVE-2022-4437 at SUSECVE-2022-4437 at NVDCVE-2022-4438 at SUSECVE-2022-4438 at NVDCVE-2022-4439 at SUSECVE-2022-4439 at NVDCVE-2022-4440 at SUSECVE-2022-4440 at NVDCVE-2023-0471 at SUSECVE-2023-0471 at NVDCVE-2023-0472 at SUSECVE-2023-0472 at NVDCVE-2023-0473 at SUSECVE-2023-0473 at NVDCVE-2023-0474 at SUSECVE-2023-0474 at NVDCVE-2023-0696 at SUSECVE-2023-0696 at NVDCVE-2023-0697 at SUSECVE-2023-0697 at NVDCVE-2023-0698 at SUSECVE-2023-0698 at NVDCVE-2023-0699 at SUSECVE-2023-0699 at NVDCVE-2023-0700 at SUSECVE-2023-0700 at NVDCVE-2023-0701 at SUSECVE-2023-0701 at NVDCVE-2023-0702 at SUSECVE-2023-0702 at NVDCVE-2023-0703 at SUSECVE-2023-0703 at NVDCVE-2023-0704 at SUSECVE-2023-0704 at NVDCVE-2023-0705 at SUSECVE-2023-0705 at NVDCVE-2023-0927 at SUSECVE-2023-0927 at NVDCVE-2023-0928 at SUSECVE-2023-0928 at NVDCVE-2023-0929 at SUSECVE-2023-0929 at NVDCVE-2023-0930 at SUSECVE-2023-0930 at NVDCVE-2023-0931 at SUSECVE-2023-0931 at NVDCVE-2023-0932 at SUSECVE-2023-0932 at NVDCVE-2023-0933 at SUSECVE-2023-0933 at NVDCVE-2023-0941 at SUSECVE-2023-0941 at NVDCVE-2023-1213 at SUSECVE-2023-1213 at NVDCVE-2023-1214 at SUSECVE-2023-1214 at NVDCVE-2023-1215 at SUSECVE-2023-1215 at NVDCVE-2023-1216 at SUSECVE-2023-1216 at NVDCVE-2023-1217 at SUSECVE-2023-1217 at NVDCVE-2023-1218 at SUSECVE-2023-1218 at NVDCVE-2023-1219 at SUSECVE-2023-1219 at NVDCVE-2023-1220 at SUSECVE-2023-1220 at NVDCVE-2023-1221 at SUSECVE-2023-1221 at NVDCVE-2023-1222 at SUSECVE-2023-1222 at NVDCVE-2023-1223 at SUSECVE-2023-1223 at NVDCVE-2023-1224 at SUSECVE-2023-1224 at NVDCVE-2023-1225 at SUSECVE-2023-1225 at NVDCVE-2023-1226 at SUSECVE-2023-1226 at NVDCVE-2023-1227 at SUSECVE-2023-1227 at NVDCVE-2023-1228 at SUSECVE-2023-1228 at NVDCVE-2023-1229 at SUSECVE-2023-1229 at NVDCVE-2023-1230 at SUSECVE-2023-1230 at NVDCVE-2023-1231 at SUSECVE-2023-1231 at NVDCVE-2023-1232 at SUSECVE-2023-1232 at NVDCVE-2023-1233 at SUSECVE-2023-1233 at NVDCVE-2023-1234 at SUSECVE-2023-1234 at NVDCVE-2023-1235 at SUSECVE-2023-1235 at NVDCVE-2023-1236 at SUSECVE-2023-1236 at NVDCVE-2023-1528 at SUSECVE-2023-1528 at NVDCVE-2023-1529 at SUSECVE-2023-1529 at NVDCVE-2023-1530 at SUSECVE-2023-1530 at NVDCVE-2023-1531 at SUSECVE-2023-1531 at NVDCVE-2023-1532 at SUSECVE-2023-1532 at NVDCVE-2023-1533 at SUSECVE-2023-1533 at NVDCVE-2023-1534 at SUSECVE-2023-1534 at NVDCVE-2023-2033 at SUSECVE-2023-2033 at NVDCVE-2023-2133 at SUSECVE-2023-2133 at NVDCVE-2023-2134 at SUSECVE-2023-2134 at NVDCVE-2023-2135 at SUSECVE-2023-2135 at NVDCVE-2023-2136 at SUSECVE-2023-2136 at NVDCVE-2023-2137 at SUSECVE-2023-2137 at NVDCVE-2023-2721 at SUSECVE-2023-2721 at NVDCVE-2023-2722 at SUSECVE-2023-2722 at NVDCVE-2023-2723 at SUSECVE-2023-2723 at NVDCVE-2023-2724 at SUSECVE-2023-2724 at NVDCVE-2023-2725 at SUSECVE-2023-2725 at NVDCVE-2023-2726 at SUSECVE-2023-2726 at NVDSecurity update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Update to version 114.0.5735.106:
- CVE-2023-3079: Type Confusion in V8 (boo#1212044)
ImportantSUSE bug 1212044CVE-2023-3079 at SUSECVE-2023-3079 at NVDcpe:/o:opensuse:leap:15.5Security update for syncthing (Moderate)openSUSE Leap 15.5
This update for syncthing fixes the following issues:
- Update to 1.13.5
* This release fixes CVE-2022-46165 “Cross-site Scripting (XSS) in Web GUI”
* Bugfixes:
#8503: 'syncthing cli config devices add' reflect error when using --addresses flag
#8764: Ignore patterns creating during folder addition are not loaded
#8778: Tests fail on Windows with Go 1.20
#8779: Test cleanup fails all model tests on Windows on Go 1.20
#8859: Incorrect handling of path for auto accepted folder
* Other issues:
#8799: 'fatal error: checkptr: converted pointer straddles multiple allocations' in crypto tests
- Update to 1.23.4
- Bugfixes:
#8851: 'Running global migration to fix encryption file sizes' on every start
- Update to 1.23.3
* Bugfixes:
#5408: Selection of time in versions GUI not possible without editing the string inside the textfield
#8277: Mutual encrypted sharing doesn't work (both sides with password)
#8556: Increased file size when sharing between encrypted devices
#8599: Key generation at connect time is slow for encrypted connections
* Enhancements:
#7859: Allow sub-second watcher delay (use case: remote development)
* Other issues:
#8828: cmd/stdiscosrv: TestDatabaseGetSet flake
- Adding a desktop file for the Web UI
- Update to 1.23.2
* Bugfixes:
#8749: Relay listener does not restart sometimes
* Enhancements:
#8660: GUI editor for xattr filter patterns
#8781: gui: Remove duplicate Spanish translation
* Other issues:
#8768: Update quic-go for Go 1.20
ModerateSUSE bug 1212085CVE-2022-46165 at SUSECVE-2022-46165 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Critical)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 114.0.5735.133 (boo#1212302):
- CVE-2023-3214: Use after free in Autofill payments
- CVE-2023-3215: Use after free in WebRTC
- CVE-2023-3216: Type Confusion in V8
- CVE-2023-3217: Use after free in WebXR
- Various fixes from internal audits, fuzzing and other initiatives
CriticalSUSE bug 1212302CVE-2023-3214 at SUSECVE-2023-3214 at NVDCVE-2023-3215 at SUSECVE-2023-3215 at NVDCVE-2023-3216 at SUSECVE-2023-3216 at NVDCVE-2023-3217 at SUSECVE-2023-3217 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 114.0.5735.198 (boo#1212755):
* CVE-2023-3420: Type Confusion in V8
* CVE-2023-3421: Use after free in Media
* CVE-2023-3422: Use after free in Guest View
- Install Qt5 library & prepare for Qt6 in 115
ImportantSUSE bug 1212755CVE-2023-3420 at SUSECVE-2023-3420 at NVDCVE-2023-3421 at SUSECVE-2023-3421 at NVDCVE-2023-3422 at SUSECVE-2023-3422 at NVDcpe:/o:opensuse:leap:15.5Security update for gifsicle (Important)openSUSE Leap 15.5
This update for gifsicle fixes the following issues:
- Update to version 1.94:
* Fix some bugs, including fix for CVE-2023-36193: heap buffer overflow (read) via the ambiguity_error component at /src/clp.c (boo#1212645).
ImportantSUSE bug 1212645CVE-2023-36193 at SUSECVE-2023-36193 at NVDcpe:/o:opensuse:leap:15.5Security update for libjxl (Moderate)openSUSE Leap 15.5
This update for libjxl fixes the following issues:
Update to release 0.8.2
* CVE-2023-35790: Fix an integer underflow bug in patch decoding. (bsc#1212492)
ModerateSUSE bug 1212492CVE-2023-35790 at SUSECVE-2023-35790 at NVDcpe:/o:opensuse:leap:15.5Security update for xonotic (Moderate)openSUSE Leap 15.5
This update for xonotic fixes the following issues:
Update to version 0.8.6
SECURITY ALERT: A bug was discovered in versions older than 0.8.6
that is believed to be exploitable by malicious server admins to
crash clients or, if they defeat mitigations, execute arbitrary code.
(boo#1212632)
update to 0.8.5:
* https://xonotic.org/posts/2022/xonotic-0-8-5-release/
ModerateSUSE bug 1212632cpe:/o:opensuse:leap:15.5Security update for keepass (Important)openSUSE Leap 15.5
This update for keepass fixes the following issues:
- Update to 2.54
* Security:
+ Improved process memory protection of secure edit controls (CVE-2023-32784, boo#1211397).
* New Features:
+ Triggers, global URL overrides, password generator profiles and a few more settings are now stored in the enforced configuration file.
+ Added dialog 'Enforce Options (All Users)' (menu 'Tools' → 'Advanced Tools' → 'Enforce Options'), which facilitates storing certain options in the enforced configuration file.
+ In report dialogs, passwords (and other sensitive data) are now hidden using asterisks by default (if hiding is activated in the main window); the hiding can be toggled using the new '***' button in the toolbar.
+ The 'Print' command in most report dialogs now requires the 'Print' application policy flag, and the master key must be entered if the 'Print - No Key Repeat' application policy flag is deactivated.
+ The 'Export' command in most report dialogs now requires the 'Export' application policy flag, and the master key must be entered.
+ Single line edit dialogs now support hiding the value using asterisks.
+ Commands that require elevation now have a shield icon like on Windows.
+ TrlUtil: added 'Move Selected Unused Text to Dialog Control' command.
* Improvements:
* The content mode of the configuration elements '/Configuration/Application/TriggerSystem', '/Configuration/Integration/UrlSchemeOverrides' and '/Configuration/PasswordGenerator/UserProfiles' is now 'Replace' by default.
* The built-in override for the 'ssh' URI scheme is now deactivated by default (it can be activated in the 'URL Overrides' dialog).
* When opening the password generator dialog without a derived profile, the '(Automatically generated passwords for new entries)' profile is now selected by default, if profiles are enabled (otherwise the default profile is used).
* The clipboard workarounds are now disabled by default (they are not needed anymore on most systems).
* Improved clipboard clearing.
* Improved starting of an elevated process.
* Bugfixes:
+ In report dialogs, the 'Print' and 'Export' commands now always use the actual data (in previous versions, asterisks were printed/exported when the application policy flag 'Unhide Passwords' was turned off).
ImportantSUSE bug 1211397CVE-2023-32784 at SUSECVE-2023-32784 at NVDcpe:/o:opensuse:leap:15.5Security update for nextcloud-desktop (Important)openSUSE Leap 15.5
This update for nextcloud-desktop fixes the following issues:
Update ot 3.8.0
- Resize WebView widget once the loginpage rendered
- Feature/secure file drop
- Check German translation for wrong wording
- L10n: Correct word
- Fix displaying of file details button for local syncfileitem activities
- Improve config upgrade warning dialog
- Only accept folder setup page if overrideLocalDir is set
- Update CHANGELOG.
- Prevent ShareModel crash from accessing bad pointers
- Bugfix/init value for pointers
- Log to stdout when built in Debug config
- Clean up account creation and deletion code
- L10n: Added dot to end of sentence
- L10n: Fixed grammar
- Fix 'Create new folder' menu entries in settings not working correctly on macOS
- Ci/clang tidy checks init variables
- Fix share dialog infinite loading
- Fix edit locally job not finding the user account: wrong user id
- Skip e2e encrypted files with empty filename in metadata
- Use new connect syntax
- Fix avatars not showing up in settings dialog account actions until clicked on
- Always discover blacklisted folders to avoid data loss when modifying selectivesync list.
- Fix infinite loading in the share dialog when public link shares are disabled on the server
- With cfapi when dehydrating files add missing flag
- Fix text labels in Sync Status component
- Display 'Search globally' as the last sharees list element
- Fix display of 2FA notification.
- Bugfix/do not restore virtual files
- Show server name in tray main window
- Add Ubuntu Lunar
- Debian build classification 'beta' cannot override 'release'.
- Update changelog
- Follow shouldNotify flag to hide notifications when needed
- Bugfix/stop after creating config file
- E2EE cut extra zeroes from derypted byte array.
- When local sync folder is overriden, respect this choice
- Feature/e2ee fixes
- This update also fixes security issues:
- (boo#1205798, CVE-2022-39331)
- Arbitrary HyperText Markup Language injection in notifications
- (boo#1205799, CVE-2022-39332)
- Arbitrary HyperText Markup Language injection in user status and information
- (boo#1205800, CVE-2022-39333)
- Arbitrary HyperText Markup Language injection in desktop client application
- (boo#1205801, CVE-2022-39334)
- Client incorrectly trusts invalid TLS certificates
- (boo#1207976, CVE-2023-23942)
- missing sanitisation on qml labels leading to javascript injection
ImportantSUSE bug 1205798SUSE bug 1205799SUSE bug 1205800SUSE bug 1205801SUSE bug 1207976CVE-2022-39331 at SUSECVE-2022-39331 at NVDCVE-2022-39332 at SUSECVE-2022-39332 at NVDCVE-2022-39333 at SUSECVE-2022-39333 at NVDCVE-2022-39334 at SUSECVE-2022-39334 at NVDCVE-2023-23942 at SUSECVE-2023-23942 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django1 (Important)openSUSE Leap 15.5
This update of python-Django1 fixes the following issue:
- CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (boo#1212742)
ImportantSUSE bug 1212742CVE-2023-36053 at SUSECVE-2023-36053 at NVDcpe:/o:opensuse:leap:15.5Security update for zabbix (Moderate)openSUSE Leap 15.5
This update for zabbix fixes the following issues:
Updated to latest release 4.0.47, this version fixes CVE-2023-29454 (boo#1213338):
- New Features and Improvements
+ ZBXNEXT-7694 Added 'utf8mb3' character set support for MySQL database
+ ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian,
Romanian, Spanish and Vietnamese languages in frontend
- Bug Fixes
+ ZBX-22987 Fixed inefficient URL schema validation
+ ZBX-22688 Fixed AlertScriptPath not allowing links
+ ZBX-22386 Fixed encoding of HTML entities in the user interface
+ ZBX-22858 Fixed xss vulnerability in graph item properties
+ ZBX-22859 Fixed validation of input parameters in action configuration form
+ ZBX-22622 Fixed alert script path validation
+ ZBX-22520 Fixed versions of integrations
+ ZBX-22026 Fixed SNMP agent item going to unsupported state on NULL result
+ ZBX-22050 Fixed spoofing X-Forwarded-For request header allowing to access
Zabbix frontend in maintenance mode
+ ZBX-21416 Fixed check now not working on calculated items,
aggregate checks and some internal items
+ ZBX-21449 Fixed accessibility attributes
+ ZBX-21306 Fixed xss in discovery rules
+ ZBX-21305 Fixed xss in graph
+ ZBX-20600 Fixed vmware hv.datastore.latency item when multiple
datastores with duplicate name
+ ZBX-20844 Fixed external check becoming unsupported when Zabbix
server or Zabbix proxy is stopped
+ ZBX-19789 Added SourceIP support to ldap simple checks
+ ZBX-20680 Fixed reflected XSS issues
+ ZBX-20387 Fixed default language of the setup routine for logged in superadmin users
+ ZBX-19652 Fixed JavaScript syntax for Internet Explorer 11 compatibility
ModerateSUSE bug 1213338CVE-2023-29454 at SUSECVE-2023-29454 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 115.0.5790.102:
* stability fix
Chromium 115.0.5790.98:
* Security: The Storage, Service Worker, and Communication APIs
are now partitioned in third-party contexts to prevent certain
types of side-channel cross-site tracking
* HTTPS: Automatically and optimistically upgrade all main-frame
navigations to HTTPS, with fast fallback to HTTP.
* CSS: accept multiple values of the display property
* CSS: support boolean context style container queries
* CSS: support scroll-driven animations
* Increase the maximum size of a WebAssembly.Module() on the main
thread to 8 MB
* FedCM: Support credential management mediation requirements for
auto re-authentication
* Deprecate the document.domain setter
* Deprecate mutation events
* Security fixes (boo#1213462):
- CVE-2023-3727: Use after free in WebRTC
- CVE-2023-3728: Use after free in WebRTC
- CVE-2023-3730: Use after free in Tab Groups
- CVE-2023-3732: Out of bounds memory access in Mojo
- CVE-2023-3733: Inappropriate implementation in WebApp Installs
- CVE-2023-3734: Inappropriate implementation in Picture In Picture
- CVE-2023-3735: Inappropriate implementation in Web API Permission Prompts
- CVE-2023-3736: Inappropriate implementation in Custom Tabs
- CVE-2023-3737: Inappropriate implementation in Notifications
- CVE-2023-3738: Inappropriate implementation in Autofill
- CVE-2023-3740: Insufficient validation of untrusted input in Themes
- Various fixes from internal audits, fuzzing and other initiatives
ImportantSUSE bug 1213462CVE-2023-3727 at SUSECVE-2023-3727 at NVDCVE-2023-3728 at SUSECVE-2023-3728 at NVDCVE-2023-3730 at SUSECVE-2023-3730 at NVDCVE-2023-3732 at SUSECVE-2023-3732 at NVDCVE-2023-3733 at SUSECVE-2023-3733 at NVDCVE-2023-3734 at SUSECVE-2023-3734 at NVDCVE-2023-3735 at SUSECVE-2023-3735 at NVDCVE-2023-3736 at SUSECVE-2023-3736 at NVDCVE-2023-3737 at SUSECVE-2023-3737 at NVDCVE-2023-3738 at SUSECVE-2023-3738 at NVDCVE-2023-3740 at SUSECVE-2023-3740 at NVDcpe:/o:opensuse:leap:15.5Security update for libredwg (Important)openSUSE Leap 15.5
This update for libredwg fixes the following issues:
Update to version 0.12.5.5907
Security issues fixed:
* CVE-2022-33025: Fixed multiple security issues [boo#1200898]
* CVE-2023-36271: Fixed heap buffer overflow via the function bit_wcs2nlen [boo#1212709]
* CVE-2023-36272: Fixed heap buffer overflow via the function bit_utf8_to_TU [boo#1212707]
* CVE-2023-36273: Fixed heap buffer overflow via the function bit_calc_CRC [boo#1212706]
* CVE-2023-36274: Fixed heap buffer overflow via the function bit_write_TF [boo#1212705]
ImportantSUSE bug 1200898SUSE bug 1212705SUSE bug 1212706SUSE bug 1212707SUSE bug 1212709CVE-2022-33025 at SUSECVE-2022-33025 at NVDCVE-2023-36271 at SUSECVE-2023-36271 at NVDCVE-2023-36272 at SUSECVE-2023-36272 at NVDCVE-2023-36273 at SUSECVE-2023-36273 at NVDCVE-2023-36274 at SUSECVE-2023-36274 at NVDcpe:/o:opensuse:leap:15.5Security update for amanda (Moderate)openSUSE Leap 15.5
This update for amanda fixes the following issues:
- CVE-2023-30577: Fixed improper argument checking for runtar.c [boo#1213701]
ModerateSUSE bug 1213701CVE-2023-30577 at SUSECVE-2023-30577 at NVDcpe:/o:opensuse:leap:15.5Security update for trytond (Moderate)openSUSE Leap 15.5
This update for trytond fixes the following issues:
- Version 6.0.34 - Security Bugfix Release
See https://discuss.tryton.org/t/security-release-for-issue-12428/6397
- Version 6.0.33 - Bugfix Release
ModerateSUSE bug 1213869cpe:/o:opensuse:leap:15.5Security update for virtualbox (Important)openSUSE Leap 15.5
This update for virtualbox fixes the following issues:
VirtualBox 7.0.10 (released July 18 2023)
This is a maintenance release. The following items were fixed and/or added:
- OCI: Introduced general improvements
- VMM: Fixed a bug while walking page tables while executing nested VMs causing flooding of the release log as a consequence (Intel hosts only, bug #21551)
- GUI: Added general improvements
- TPM: Fixed a crash when a VM has a TPM version 1.2 configured (bug #21622)
- 3D: Initial support for OpenGL 4.1
- 3D: Fixed various graphics issues with Windows 11 guests (bugs #21136, #21515)
- Guest Control/VBoxManage: Fixed parameter '--ignore-orphaned-processes'
- Guest Control/VBoxManage: Fixed behavior of how handling argument 0 for a started guest process works: One can now explicitly specify it with the newly added option '--arg0'. This will effectively restore the behavior of former VirtualBox versions
- Audio: Also use the PulseAudio backend when pipewire-pulse is running instead of falling back to ALSA (bug #21575)
- NAT: Adjusted UDP proxy timeout from 18-21 to 21-24 range to respect intended 20 second timeout (bug #21560)
- Linux Host: Added initial support for Indirect Branch Tracking (bug #21435)
- Linux Host: Added initial support for kernel 6.5 (NOTE: Guest Additions do not support kernel 6.5 yet)
- Linux Host and Guest: Improved condition check when kernel modules need to be signed
- Linux Host and Guest: Added initial support for RHEL 8.8 (bug #21692), 8.9 (bug #21690) and 9.3 (bugs #21598 and #21671) kernels
- Linux Guest Additions: Fixed issue when kernel modules were rebuilt on each boot when guest system has no X11 installed
- Linux Guest Additions: Added initial support for kernel 6.4
- Linux Guest Additions: Fixed issue when vboxvideo module reloading caused kernel panic in some guests (bug #21740)
- Linux Guest Additions: Introduced general improvements in the installer area
- Windows Guest Additions: Introduced general improvements in graphics drivers area
- Fix issue with kernel on newer CPU (boo#1212209)
- Turn build of VBoxSDL back on. This update addresses boo#1211941.
- Detect vboxpython module with python 3.11
- Fix Vagrant/virtualbox startup problems boo#1209727
ImportantSUSE bug 1209727SUSE bug 1211941SUSE bug 1212209SUSE bug 1212761cpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 115.0.5790.170 (boo#1213920)
* CVE-2023-4068: Type Confusion in V8
* CVE-2023-4069: Type Confusion in V8
* CVE-2023-4070: Type Confusion in V8
* CVE-2023-4071: Heap buffer overflow in Visuals
* CVE-2023-4072: Out of bounds read and write in WebGL
* CVE-2023-4073: Out of bounds memory access in ANGLE
* CVE-2023-4074: Use after free in Blink Task Scheduling
* CVE-2023-4075: Use after free in Cast
* CVE-2023-4076: Use after free in WebRTC
* CVE-2023-4077: Insufficient data validation in Extensions
* CVE-2023-4078: Inappropriate implementation in Extensions
- Specify re2 build dependency in a way that makes Leap packages
build in devel project and in Maintenance
ImportantSUSE bug 1213920CVE-2023-4068 at SUSECVE-2023-4068 at NVDCVE-2023-4069 at SUSECVE-2023-4069 at NVDCVE-2023-4070 at SUSECVE-2023-4070 at NVDCVE-2023-4071 at SUSECVE-2023-4071 at NVDCVE-2023-4072 at SUSECVE-2023-4072 at NVDCVE-2023-4073 at SUSECVE-2023-4073 at NVDCVE-2023-4074 at SUSECVE-2023-4074 at NVDCVE-2023-4075 at SUSECVE-2023-4075 at NVDCVE-2023-4076 at SUSECVE-2023-4076 at NVDCVE-2023-4077 at SUSECVE-2023-4077 at NVDCVE-2023-4078 at SUSECVE-2023-4078 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-Net-Netmask (Moderate)openSUSE Leap 15.5
This update for perl-Net-Netmask fixes the following issues:
* CVE-2021-29424: Leading zeros are no longer allowed for IPv4 octets. This
(in some situations) allows attackers to bypass access control
that is based on IP addresses. (boo#1184425)
ModerateSUSE bug 1184425CVE-2021-29424 at SUSECVE-2021-29424 at NVDcpe:/o:opensuse:leap:15.5Recommended update for kitty (Moderate)openSUSE Leap 15.5
This update for kitty fixes the following issues:
- Update to 0.29.2:
* Detect .tex and Makefiles as plain text files (#6492)
* unicode_input kitten: Fix scrolling over multiple screens not working (#6497)
- Update to 0.29.1
* A new value for background_image_layout to scale the background image while
preserving its aspect ratio. Also have centered images work even for images
larger than the window size (#6458)
* Fix a regression that caused using unicode placeholders to display images to
break and also partially offscreen images to sometimes be slightly
distorted (#6467)
* macOS: Fix a regression that caused rendering to hang when transitioning to
full screen with macos_colorspace set to default (#6435)
* macOS: Fix a regression causing burn-in of text when resizing semi-transparent
OS windows (#6439)
* macOS: Add a new value titlebar-and-corners for hide_window_decorations that
emulates the behavior of hide_window_decorations yes in older versions of kitty
* macOS: Fix a regression in the previous release that caused
hide_window_decorations = yes to prevent window from being resizable (#6436)
* macOS: Fix a regression that caused the titlebar to be translucent even for
non-translucent windows (#6450)
* GNOME: Fix wayland_titlebar_color not being applied until the color is changed
at least once (#6447)
* Remote control launch: Fix --env not implemented when using --cwd=current with
the SSH kitten (#6438)
* Allow using a custom OS window icon on X11 as well as macOS (#6475)
- Update to 0.29.0
* A new escape code <ESC>[22J that moves the current contents of the screen
into the scrollback before clearing it
* A new kitten run-shell to allow creating sub-shells with shell integration
enabled
* A new option background_blur to blur the background for transparent
windows (#6135)
* The --hold flag now holds the window open at a shell prompt instead of
asking the user to press a key
* A new option text_fg_override_threshold to force text colors to have high
contrast regardless of color scheme (#6283)
* When resizing OS Windows make the animation less jerky. Also show the
window size in cells during the resize (#6341)
* unicode_input kitten: Fix a regression in 0.28.0 that caused the order of
recent and favorites entries to not be respected (#6214)
* unicode_input kitten: Fix a regression in 0.28.0 that caused editing of
favorites to sometimes hang
* clipboard kitten: Fix a bug causing the last MIME type available on the
clipboard not being recognized when pasting
* clipboard kitten: Dont set clipboard when getting clipboard in filter
mode (#6302)
* Fix regression in 0.28.0 causing color fringing when rendering in
transparent windows on light backgrounds (#6209)
* show_key kitten: In kitty mode show the actual bytes sent by the terminal
rather than a re-encoding of the parsed key event
* hints kitten: Fix a regression in 0.28.0 that broke using sub-groups in
regexp captures (#6228)
* hints kitten: Fix a regression in 0.28.0 that broke using
lookahead/lookbehind in regexp captures (#6265)
* diff kitten: Fix a regression in 0.28.0 that broke using relative paths
as arguments to the kitten (#6325)
* Fix re-using the image id of an animated image for a still image causing
a crash (#6244)
* kitty +open: Ask for permission before executing script files that are not
marked as executable. This prevents accidental execution of script files
via MIME type association from programs that unconditionally open
attachments/downloaded files
* edit-in-kitty: Fix running edit-in-kitty with elevated privileges to edit a
restricted file not working (#6245)
* ssh kitten: Fix a regression in 0.28.0 that caused interrupt during setup
to not be handled gracefully (#6254)
* ssh kitten: Allow configuring the ssh kitten to skip some hosts via a new
delegate config directive
* Graphics: Move images up along with text when the window is shrunk
vertically (#6278)
* Fix a regression in 0.28.0 that caused a buffer overflow when clearing the
screen (#6306, #6308)
* Fix a regression in 0.27.0 that broke setting of specific edge
padding/margin via remote control (#6333)
* macOS: Fix window shadows not being drawn for transparent
windows (#2827, #6416)
* Do not echo invalid DECRQSS queries back, behavior inherited from xterm
(CVE-2008-2383). Similarly, fix an echo bug in the file transfer protocol
due to insufficient sanitization of safe strings.
- Update to 0.28.1:
* Fix a regression in the previous release that broke the remote file kitten (#6186)
* Fix a regression in the previous release that broke handling of some keyboard
shortcuts in some kittens on some keyboard layouts (#6189)
* Fix a regression in the previous release that broke usage of custom themes (#6191)
- Update to 0.28.0:
* Text rendering change: Use sRGB correct linear gamma blending
for nicer font rendering and better color accuracy with
transparent windows. See the option text_composition_strategy for details.
The obsolete macos_thicken_font will make the font too thick
and needs to be removed manually if it is configured. (#5969)
* icat kitten: Support display of images inside tmux >= 3.3 (#5664)
* Graphics protocol: Add support for displaying images inside programs
that do not support the protocol such as vim and tmux (#5664)
* diff kitten: Add support for selecting multi-line text with the mouse
* Fix a regression in 0.27.0 that broke kitty @ set-font-size 0 (#5992)
* launch: When using --cwd=current for a remote system support
running non shell commands as well (#5987)
* When changing the cursor color via escape codes or remote control
to a fixed color, do not reset cursor_text_color (#5994)
* Input Method Extensions: Fix incorrect rendering of IME in-progress
and committed text in some situations (#6049, #6087)
* Linux: Reduce minimum required OpenGL version from 3.3
to 3.1 + extensions (#2790)
* Fix a regression that broke drawing of images below cell backgrounds (#6061)
* When reloading configuration, also reload custom MIME types
from mime.types config file (#6012)
* launch: Allow specifying the state (full screen/maximized/minimized)
for newly created OS Windows (#6026)
* Sessions: Allow specifying the OS window state via
the os_window_state directive (#5863)
* Linux: A new option linux_bell_theme to control which sound theme
is used for the bell sound (#4858)
* ssh kitten: Change the syntax of glob patterns slightly to match common
usage elsewhere. Now the syntax is the same as extendedglob in most shells.
* hints kitten: Allow copying matches to named buffers (#6073)
* Fix overlay windows not inheriting the per-window padding
and margin settings of their parents (#6063)
* Wayland KDE: Fix selecting in un-focused OS window not working correctly (#6095)
* Linux X11: Fix a crash if the X server requests clipboard data
after we have relinquished the clipboard (#5650)
* Allow stopping of URL detection at newlines via url_excluded_characters (#6122)
* Linux Wayland: Fix animated images not being animated continuously (#6126)
* Keyboard input: Fix text not being reported as unicode codepoints
for multi-byte characters in the kitty keyboard protocol (#6167)
- Update to 0.27.0 & 0.27.1:
* Fix modify_font not working for strikethrough position (#5946)
* Fix a regression causing the edit-in-kitty command not working
if kitten is not added to PATH (#5956)
* icat kitten: Fix a regression that broke display of animated
GIFs over SSH (#5958)
* Wayland GNOME: Fix for ibus not working when using XWayland (#5967)
* Fix regression in previous release that caused incorrect entries
in terminfo for modifier+F3 key combinations (#5970)
* Bring back the deprecated and removed kitty +complete and delegate
it to kitten for backward compatibility (#5977)
* Bump the version of Go needed to build kitty to 1.20 so we can
use the Go stdlib ecdh package for crypto.
* A new statically compiled, standalone executable, kitten (written in Go)
that can be used on all UNIX-like servers for remote control (kitten @),
viewing images (kitten icat), manipulating the
clipboard (kitten clipboard), etc.
* clipboard kitten: Allow copying arbitrary data types to/from
the clipboard, not just plain text
* Speed up the kitty @ executable by ~10x reducing the time for
typical remote control commands from ~50ms to ~5ms
* icat kitten: Speed up by using POSIX shared memory when possible
to transfer image data to the terminal. Also support common image
formats GIF/PNG/JPEG/WEBP/TIFF/BMP out of the box without needing ImageMagick.
* Option show_hyperlink_targets to show the target of terminal
hyperlinks when hovering over them with the mouse (#5830)
* Keyboard protocol: Remove CSI R from the allowed encodings of
the F3 key as it conflicts with the Cursor Position Report escape code (#5813)
* Allow using the cwd of the original process for launch --cwd (#5672)
* Session files: Expand environment variables (#5917)
* Pass key events mapped to scroll actions to the program running in
the terminal when the terminal is in alternate screen mode (#5839)
* Implement edit-in-kitty using the new kitten static executable (#5546, #5630)
* Add an option background_tint_gaps to control background image
tinting for window gaps (#5596)
* A new option undercurl_style to control the rendering of undercurls (#5883)
* Bash integration: Fix clone-in-kitty not working on bash >= 5.2 if environment
variable values contain newlines or other special characters (#5629)
* A new sleep action useful in combine based mappings to make
kitty sleep before executing the next action
* Wayland GNOME: Workaround for latest mutter release breaking full
screen for semi-transparent kitty windows (#5677)
* A new option tab_title_max_length to limit the length of tab (#5718)
* When drawing the tab bar have the default left and right margins
drawn in a color matching the neighboring tab (#5719)
* When using the include directive in kitty.conf make the environment
variable KITTY_OS available for OS specific config
* Wayland: Fix signal handling not working with some GPU drivers (#4636)
* Remote control: When matching windows allow using negative id numbers
to match recently created windows (#5753)
* ZSH Integration: Bind alt+left and alt+right to move by word if not already bound.
This mimics the default bindings in Terminal.app (#5793)
* When a multi-key sequence does not match any action,
send all key events to the child program (#5841)
* broadcast kitten: Allow pressing a key to stop echoing of
input into the broadcast window itself (#5868)
* When reporting unused activity in a window, ignore activity
that occurs soon after a window resize (#5881)
* Fix using cursor = none not working on text that has reverse video (#5897) ModerateCVE-2008-2383 at SUSECVE-2008-2383 at NVDcpe:/o:opensuse:leap:15.5Security update for opensuse-welcome (Important)openSUSE Leap 15.5
This update for opensuse-welcome fixes the following issues:
Update to version 0.1.9+git.35.4b9444a:
* CVE-2023-32184: panellayouter: use QTemporaryFile for applyLayout() (boo#1213708).
* Translation updates.
ImportantSUSE bug 1213708CVE-2023-32184 at SUSECVE-2023-32184 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-HTTP-Tiny (Moderate)openSUSE Leap 15.5
This update for perl-HTTP-Tiny fixes the following issues:
perl-HTTP-Tiny was updated to 0.086:
see /usr/share/doc/packages/perl-HTTP-Tiny/Changes
0.086 2023-06-22 10:06:37-04:00 America/New_York
- Fix code to use `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` as documented.
0.084 2023-06-14 06:35:01-04:00 America/New_York
- No changes from 0.083-TRIAL.
0.083 2023-06-11 07:05:45-04:00 America/New_York (TRIAL RELEASE)
[!!! SECURITY !!!]
- Changes the `verify_SSL` default parameter from `0` to `1`.
Fixes CVE-2023-31486 (boo#1211002)
- `$ENV{PERL_HTTP_TINY_SSL_INSECURE_BY_DEFAULT}` can be used to restore the
old default if required.
0.081 2022-07-17 09:01:51-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- No longer deletes the 'headers' key from post_form arguments hashref.
[DOCS]
- Noted that request/response content are handled as raw bytes.
0.079 2021-11-04 12:33:43-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Fixed uninitialized value warnings on older Perls when the REQUEST_METHOD
environment variable is set and CGI_HTTP_PROXY is not.
0.077 2021-07-22 13:07:14-04:00 America/New_York (TRIAL RELEASE)
[ADDED]
- Added a `patch` helper method for the HTTP `PATCH` verb.
- If the REQUEST_METHOD environment variable is set, then CGI_HTTP_PROXY
replaces HTTP_PROXY.
[FIXED]
- Unsupported scheme errors early without giving an uninitialized value
warning first.
- Sends Content-Length: 0 on empty body PUT/POST. This is not in the spec,
but some servers require this.
- Allows optional status line reason, as clarified in RFC 7230.
- Ignore SIGPIPE on reads as well as writes, as IO::Socket::SSL says that
SSL reads can also send writes as a side effect.
- Check if a server has closed a connection before preserving it for reuse.
[DOCS]
- Clarified that exceptions/errors result in 599 status codes.
[PREREQS]
- Optional IO::Socket::IP prereq must be at least version 0.32 to be used.
This ensures correct timeout support.
0.076 2018-08-05 21:07:38-04:00 America/New_York
- No changes from 0.075-TRIAL.
0.075 2018-08-01 07:03:36-04:00 America/New_York (TRIAL RELEASE)
[CHANGED] - The 'peer' option now also can take a code reference
0.073 2018-07-24 11:33:53-04:00 America/New_York (TRIAL RELEASE)
[DOCS] - Documented 'protocol' field in response hash.
0.071 2018-04-22 14:45:43+02:00 Europe/Oslo (TRIAL RELEASE)
[DOCS] - Documented that method argument to request() is case-sensitive.
ModerateSUSE bug 1211002CVE-2023-31486 at SUSECVE-2023-31486 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-Cpanel-JSON-XS (Moderate)openSUSE Leap 15.5
This update for perl-Cpanel-JSON-XS fixes the following issues:
perl-Cpanel-JSON-XS was updated to 4.36
see /usr/share/doc/packages/perl-Cpanel-JSON-XS/Changes
* 4.36 2023-03-02 (rurban)
- remove the SAVESTACK_POS noop. Merged from JSON-XS-3.02,
removed there with 4.0. requested to remove with
L<https://github.com/Perl/perl5/pull/20858>
* 4.35 2023-02-22 (rurban)
- fix utf8 object stringification (jixam PR #212)
* 4.34 2023-02-21 (rurban)
- fix c89 compilation regression, for loop init on centos. GH #211
* 4.33 2023-02-21 (rurban)
- fix a security issue, decoding hash keys without ending :
(GH #208)
- check all bare hash keys for utf8 (GH #209)
- improve overload warnings (Graham Knop PR #205)
- fix a croak leak (GH #206)
Moderatecpe:/o:opensuse:leap:15.5Security update for python-mitmproxy (Moderate)openSUSE Leap 15.5
This update for python-mitmproxy fixes the following issues:
- CVE-2021-39214: Fixed HTTP smuggling attacks (boo#1190603)
ModerateSUSE bug 1190603CVE-2021-39214 at SUSECVE-2021-39214 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 116.0.5845.96
* New CSS features: Motion Path, and 'display' and
'content-visibility' animations
* Web APIs: AbortSignal.any(), BYOB support for Fetch, Back/
forward cache NotRestoredReason API, Document Picture-in-
Picture, Expanded Wildcards in Permissions Policy Origins,
FedCM bundle: Login Hint API, User Info API, and RP Context API,
Non-composed Mouse and Pointer enter/leave events,
Remove document.open sandbox inheritance,
Report Critical-CH caused restart in NavigationTiming
This update fixes a number of security issues (boo#1214301):
* CVE-2023-2312: Use after free in Offline
* CVE-2023-4349: Use after free in Device Trust Connectors
* CVE-2023-4350: Inappropriate implementation in Fullscreen
* CVE-2023-4351: Use after free in Network
* CVE-2023-4352: Type Confusion in V8
* CVE-2023-4353: Heap buffer overflow in ANGLE
* CVE-2023-4354: Heap buffer overflow in Skia
* CVE-2023-4355: Out of bounds memory access in V8
* CVE-2023-4356: Use after free in Audio
* CVE-2023-4357: Insufficient validation of untrusted input in XML
* CVE-2023-4358: Use after free in DNS
* CVE-2023-4359: Inappropriate implementation in App Launcher
* CVE-2023-4360: Inappropriate implementation in Color
* CVE-2023-4361: Inappropriate implementation in Autofill
* CVE-2023-4362: Heap buffer overflow in Mojom IDL
* CVE-2023-4363: Inappropriate implementation in WebShare
* CVE-2023-4364: Inappropriate implementation in Permission Prompts
* CVE-2023-4365: Inappropriate implementation in Fullscreen
* CVE-2023-4366: Use after free in Extensions
* CVE-2023-4367: Insufficient policy enforcement in Extensions API
* CVE-2023-4368: Insufficient policy enforcement in Extensions API
- Fix crash with extensions (boo#1214003)
ImportantSUSE bug 1214003SUSE bug 1214301CVE-2023-2312 at SUSECVE-2023-2312 at NVDCVE-2023-4349 at SUSECVE-2023-4349 at NVDCVE-2023-4350 at SUSECVE-2023-4350 at NVDCVE-2023-4351 at SUSECVE-2023-4351 at NVDCVE-2023-4352 at SUSECVE-2023-4352 at NVDCVE-2023-4353 at SUSECVE-2023-4353 at NVDCVE-2023-4354 at SUSECVE-2023-4354 at NVDCVE-2023-4355 at SUSECVE-2023-4355 at NVDCVE-2023-4356 at SUSECVE-2023-4356 at NVDCVE-2023-4357 at SUSECVE-2023-4357 at NVDCVE-2023-4358 at SUSECVE-2023-4358 at NVDCVE-2023-4359 at SUSECVE-2023-4359 at NVDCVE-2023-4360 at SUSECVE-2023-4360 at NVDCVE-2023-4361 at SUSECVE-2023-4361 at NVDCVE-2023-4362 at SUSECVE-2023-4362 at NVDCVE-2023-4363 at SUSECVE-2023-4363 at NVDCVE-2023-4364 at SUSECVE-2023-4364 at NVDCVE-2023-4365 at SUSECVE-2023-4365 at NVDCVE-2023-4366 at SUSECVE-2023-4366 at NVDCVE-2023-4367 at SUSECVE-2023-4367 at NVDCVE-2023-4368 at SUSECVE-2023-4368 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 116.0.5845.110 (boo#1214487):
* CVE-2023-4427: Out of bounds memory access in V8
* CVE-2023-4428: Out of bounds memory access in CSS
* CVE-2023-4429: Use after free in Loader
* CVE-2023-4430: Use after free in Vulkan
* CVE-2023-4431: Out of bounds memory access in Fonts
ImportantSUSE bug 1214487CVE-2023-4427 at SUSECVE-2023-4427 at NVDCVE-2023-4428 at SUSECVE-2023-4428 at NVDCVE-2023-4429 at SUSECVE-2023-4429 at NVDCVE-2023-4430 at SUSECVE-2023-4430 at NVDCVE-2023-4431 at SUSECVE-2023-4431 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Update to version 116.0.5845.140 (boo#1214758):
* CVE-2023-4572: Use after free in MediaStream
ImportantSUSE bug 1214758CVE-2023-4572 at SUSECVE-2023-4572 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 116.0.5845.179 (boo#1215023):
* CVE-2023-4761: Out of bounds memory access in FedCM
* CVE-2023-4762: Type Confusion in V8
* CVE-2023-4763: Use after free in Networks
* CVE-2023-4764: Incorrect security UI in BFCache
ImportantSUSE bug 1215023CVE-2023-4761 at SUSECVE-2023-4761 at NVDCVE-2023-4762 at SUSECVE-2023-4762 at NVDCVE-2023-4763 at SUSECVE-2023-4763 at NVDCVE-2023-4764 at SUSECVE-2023-4764 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Update to version 116.0.5845.187 (boo#1215231):
* CVE-2023-4863: Heap buffer overflow in WebP
ImportantSUSE bug 1215231CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- CVE-2023-4863: temporary build with the bundled library on Leap (boo#1215231)
ImportantSUSE bug 1215231CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Update to verion 117.0.5938.88 (boo#1215279):
- CVE-2023-4900: Inappropriate implementation in Custom Tabs
- CVE-2023-4901: Inappropriate implementation in Prompts
- CVE-2023-4902: Inappropriate implementation in Input
- CVE-2023-4903: Inappropriate implementation in Custom Mobile Tabs
- CVE-2023-4904: Insufficient policy enforcement in Downloads
- CVE-2023-4905: Inappropriate implementation in Prompts
- CVE-2023-4906: Insufficient policy enforcement in Autofill
- CVE-2023-4907: Inappropriate implementation in Intents
- CVE-2023-4908: Inappropriate implementation in Picture in Picture
- CVE-2023-4909: Inappropriate implementation in Interstitials
ImportantSUSE bug 1215279CVE-2023-4900 at SUSECVE-2023-4900 at NVDCVE-2023-4901 at SUSECVE-2023-4901 at NVDCVE-2023-4902 at SUSECVE-2023-4902 at NVDCVE-2023-4903 at SUSECVE-2023-4903 at NVDCVE-2023-4904 at SUSECVE-2023-4904 at NVDCVE-2023-4905 at SUSECVE-2023-4905 at NVDCVE-2023-4906 at SUSECVE-2023-4906 at NVDCVE-2023-4907 at SUSECVE-2023-4907 at NVDCVE-2023-4908 at SUSECVE-2023-4908 at NVDCVE-2023-4909 at SUSECVE-2023-4909 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 102.0.4880.40
* DNA-111203 Prepare translations for home button in settings
- Changes in 102.0.4880.38
* DNA-110720 [Sidebar] Sidebar app increase size every time
it's reopened
* DNA-110723 Music logo in light mode of 'Select service'
unreadable on hover
* DNA-110821 Run-if-alive callback missing in WMFDecoderImpl
* DNA-110835 Search/copy popup issues
* DNA-111038 Disable profile migration
* DNA-111263 Tab island animation incorrect when tabstrip full
- Update to 102.0.4880.33
* CHR-9411 Update Chromium on desktop-stable-116-4880 to
116.0.5845.141
* DNA-110172 [BUG] Images inside popup does not get rounded
corner
* DNA-110828 Update chess.com build
* DNA-110834 Crash at opera::component_based::
TabAnimationController::StartAnimatedLayout(opera::
component_based::TabAnimationController::AnimationInfo,
base::OnceCallback)
* DNA-111144 Enable a new version of the extension.
- The update to chromium 116.0.5845.141 fixes following issues:
CVE-2023-4572
- Update to 102.0.4880.29
* DNA-109498 Splash screen is shown on every restart of
the browser
* DNA-109698 Test Amazon Music support
* DNA-109840 Amazon music logo is very small and unreadable
* DNA-109841 Amazon music logo in player mode is too wide
* DNA-109842 [opauto] Add tests for Amazon Music in Player
* DNA-109937 Crash at opera::ComponentTabStripController::
SetGroupCollapsed(tab_groups::TabGroupId const, bool)
* DNA-110107 Clicking roblox link on page closes the tab
* DNA-110110 [Tab strip][Tab island] Middle/right mouse click
on top of the screen have no/wrong efect
* DNA-110125 [Win/Lin] New design for default scrollbars on
web page
* DNA-110130 Capture mouse events on the 1-pixel edge to the
right of the web view
* DNA-110586 Shadow is clipped if first tab is selected
* DNA-110637 Revert removal of start page button
* DNA-110684 Add bookmarks permissions
* DNA-110702 [Scrollable] Pin group is not aligned with
address bar
* DNA-110737 [OMenu] Menu button looks weird
* DNA-110788 No 1-pixel edge in full screen mode
* DNA-110828 Update chess.com build
* DNA-110842 [Tab strip] Make + button round(er) again
* DNA-110874 Bring back Home button
* DNA-110876 Search box on Start page without transparency
* DNA-110878 Turn on Amazon Music on developer
* DNA-110905 Amazon Music for all given locales
* DNA-110961 [WinLin] Remove 1-pixel edge in full screen mode
* DNA-111038 Disable profile migration
* DNA-111079 Improve user-profile migration
* DNA-111092 Disable profile migration flag for
desktop-stable-116-4880
- Update to 102.0.4880.16
* CHR-9396 Update Chromium on desktop-stable-116-4880 to
116.0.5845.97
* DNA-110040 Crash at crash_reporter::(anonymous namespace)::
AbslAbortHook(char const*, int, char const*, char const*,
char const*)
* DNA-110315 O-menu opening after pressing alt on site which
have action for Alt press
* DNA-110440 [Tab strip] Tab favicon not cropped when it does
not fit in tab size
* DNA-110469 Move Shopping corner and Loomi to
'Special Features' section
* DNA-110510 [Tab strip] Mute icon displayed over tab title
* DNA-110526 If group is first the tab bar is not aligned
with address bar
* DNA-110828 Update chess.com build
* DNA-110836 Promote 102 to stable
* DNA-110892 Translations for O102
* DNA-110962 Fix ab_tests.json preferences override not working
- The update to chromium 116.0.5845.97 fixes following issues:
CVE-2023-2312, CVE-2023-4349, CVE-2023-4350, CVE-2023-4351,
CVE-2023-4352, CVE-2023-4353, CVE-2023-4354, CVE-2023-4355,
CVE-2023-4356, CVE-2023-4357, CVE-2023-4358, CVE-2023-4359,
CVE-2023-4360, CVE-2023-4361, CVE-2023-4362, CVE-2023-4362,
CVE-2023-4363, CVE-2023-4364, CVE-2023-4365, CVE-2023-4366,
CVE-2023-4367, CVE-2023-4368
- Complete Opera 102 changelog at:
https://blogs.opera.com/desktop/changelog-for-102/
- Update to 101.0.4843.43
* CHR-9381 Update Chromium on desktop-stable-115-4843 to
115.0.5790.171
* DNA-108919 Tab Island 'Move To Island' highlight color is the
same as island color
* DNA-109202 Often extension popup is not displayed
* DNA-109454 Wallpaper customization with remote resource
* DNA-109679 Fix typo in flags schema
* DNA-109927 Add tooltips for visual or incomplete items in
context menu
* DNA-110225 Replace Twitter logo in Sidebar with the new one X
* DNA-110244 Translations for O101
* DNA-110276 Fix race condition in DeferredInstalledWallpapers
* DNA-110400 teaser_event_impression counted when user closes
baner
- The update to chromium 115.0.5790.171 fixes following issues:
CVE-2023-4068, CVE-2023-4069, CVE-2023-4070, CVE-2023-4071,
CVE-2023-4072, CVE-2023-4073, CVE-2023-4074, CVE-2023-4075,
CVE-2023-4076, CVE-2023-4077, CVE-2023-4078
- Update to 101.0.4843.23
* DNA-109400 Enable #adblocker-anticv on developer stream
* DNA-109423 Add histograms to help track
#platform-h264-decoder-in-gpu quality
* DNA-109861 Crash on expading folder on bookmark bar containing
unnamed subfolder
* DNA-109872 WMFAudioDecoder reports spurious dry run if
initialized during pipeline shutdown
* DNA-109908 Crash at opera::(anonymous namespace)::
AddNewTabToWorkspaceIfCurrent(Browser*, opera::WorkspaceId)
(.llvm.13400399341940007321)
* DNA-110005 Duplicated tabs indicator is not shown on tab bar
* DNA-110062 [Linux] QT6 dependency issue with .rpm package
* DNA-110210 Enable #adblocker-anticv on all streams
* DNA-110244 Translations for O101
- Update to 101.0.4843.25
* CHR-9357 Update Chromium on desktop-stable-115-4843 to
115.0.5790.90
* CHR-9362 Update Chromium on desktop-stable-115-4843 to
115.0.5790.102
* DNA-104841 Create a smooth corner background
* DNA-108012 [Opera One] Misaligned inner bookmarks menu
in Opera Menu
* DNA-109129 Crash at opera::component_based::
OperaOneIntroductionAnimationController::AnimateHideVisibility()
* DNA-109209 Dragged island falls under island its being
dragged over
* DNA-109266 Crash at content::WebContentsImpl::
SetDelegate(content::WebContentsDelegate*)
* DNA-109310 Broken session files are not automatically
recovered
* DNA-109448 [AdBlock] Images from ads are missing with AA
enabled
* DNA-109587 'Show bookmarks bar' checkbox on bookmarks
feature(Dark Mode)
* DNA-109674 Closing the tabs in the workspace in the other
window will close Opera
* DNA-109694 Smooth corners on active tab
* DNA-109774 Log when trying to switch workspace while
closing browser
* DNA-110005 Duplicated tabs indicator is not shown on tab bar
* DNA-110244 Translations for O101
- Complete Opera 101 changelog at:
https://blogs.opera.com/desktop/changelog-for-101/
- Update to 100.0.4815.76
* DNA-109129 Crash at opera::component_based::Opera
OneIntroductionAnimationController::AnimateHideVisibility()
* DNA-109233 Crash at crash_reporter::(anonymous namespace)::
AbslAbortHook(char const*, int, char const*, char const*,
char const*)
* DNA-109673 Session stat event teaser_tile_click is not sent
* DNA-109897 Session is lost when new session file is created
- Changes in 100.0.4815.54
* DNA-109148 Allow AI extension to change permissions during
update
* DNA-109172 WMFAudioDecoder fails with
#platform-aac-decoder-in-gpu enabled
* DNA-109633 Do not send TabStripEmpty multiple times
* DNA-109674 Closing the tabs in the workspace in the other
window will close Opera
* DNA-109774 Log when trying to switch workspace while
closing browser
- Changes in 100.0.4815.47
* DNA-108456 WMFAudioDecoder dry run should include decoding
one buffer
* DNA-108478 Disable extension icon on the right side
(where all normal extensions are)
* DNA-108791 Give access to feedbackPopupPrivate
* DNA-109134 Crash at media::FFmpegDemuxer::
OnFindStreamInfoDone(int) if LD_PRELOAD set by user
* DNA-109137 SD images/icons/logo not loading or loading
really slow
* DNA-109182 Please add an event when popup closes
* DNA-109231 Extended click area does not work for groups
* DNA-109242 Session unload kDisablePageLoadsOnStartup
not working
* DNA-109310 Broken session files are not automatically recovered
* DNA-109618 Crash logger RestartAction should be set only
after crash
- Update to 100.0.4815.30
* CHR-9339 Update Chromium on desktop-stable-114-4815 to
114.0.5735.199
* DNA-106986 [Tab strip][Tab islands] Reduce size of tab island
handle
* DNA-107205 Disable banner on fresh installation
'Back up your Opera Browser'
* DNA-107306 Update Contributors list Opera One
* DNA-107337 NotReached in Browser::CloseContents
* DNA-107673 Crash at static void
opera::ComponentTabStripController::ShowHoverCardForGroup()
* DNA-108461 Distribute Aria with the Opera build
* DNA-108540 [Rich Hints] Tab islands a trigger and anchor
* DNA-108545 Track accelerated video decoding support
* DNA-108606 [Mac] Opening context menu closes subfolders menu
on bookmark bar
* DNA-108664 Set minimum and maximum width for Aria extension
* DNA-108702 Tab falls outside island with specific number of
tabs on tab strip
* DNA-108731 Add 'aria' stat to the schema
* DNA-108760 Record tab islands events
* DNA-108761 Implement Later functionality
* DNA-108763 Implement Quit while showing onboarding
* DNA-108806 Command Line not activated when sidebar panel
is opened
* DNA-108858 [Linux] Browser window corners are not rounded
perfectly
* DNA-108863 Sidebar panel isn't properly aligned with sidebar
* DNA-108882 [Icon change] Sync icon without custom image
* DNA-108898 [Autohide] Sidebar panel title bar is not tall
enough
* DNA-108906 Turn on #component-based-context-menu on all streams
* DNA-108907 Empty text (button inactive) button color is wrong
* DNA-108912 Implement rotating animation for Aria command line
* DNA-108921 Enable #opera-one-introduction on all streams
* DNA-108928 Show overlay only if command-line parameter was
given
* DNA-108933 Update repack script to handle introduction
extension
* DNA-108938 Translations for O100
* DNA-108942 Remove Shopping Corner from the sidebar by default
* DNA-108943 Crash at
opera::AriaCommandLineController::~AriaCommandLineController()
* DNA-108949 Make opera://intro display introduction page from
extension
* DNA-108952 Implement splash screen
* DNA-108955 Aria extension is moved to the right after sending
prompt from Command Line when sidebar is set to autohide
* DNA-108957 Opera crashes during shutdown after
opera-one-introduction hid
* DNA-108958 Commandline disappears after clicking Aria
logo on Commandline bar
* DNA-108959 Commandline does not have hover effect on Send
button
* DNA-108980 Add Control+Shift+7 / Command+Shift+7 as alternative
shortcut for Aria command line
* DNA-108992 Opera One introduction appears in every New Window
* DNA-109009 Crash at
opera::component_based::ComponentTabGroup::UpdateTabAppearances()
* DNA-109021 [Stable] No Shopping corner icon in sidebar setup
* DNA-109031 [Tab islands] Island can automatically re-collapse
when clicking handle button to expand it
* DNA-109036 [Private Mode] [Light Team] Icons in address bar
flashed white when pressed
* DNA-109037 [Private Mode][Light] Folders name are not
readable in BB when highlighted
* DNA-109085 Two separators after Search with' option
* DNA-109091 Can't change tab when window is maximized on second
display
* DNA-109096 'Move to workspaces' doesn't fit all workspaces
* DNA-109099 [WinLin] Add Aria command line to Opera menu
* DNA-109102 [O-menu][History] Wrong layout of elements without
icon in history submenu
* DNA-109129 Crash at opera::component_based::OperaOneIntroduction
AnimationController::AnimateHideVisibility()
* DNA-109199 DCHECK when pinning tabs
* DNA-108893 Promote 100 to stable
- Complete Opera 100 changelog at:
https://blogs.opera.com/desktop/changelog-for-100/
- The update to chromium 114.0.5735.199 fixes following issues:
CVE-2023-3420, CVE-2023-3421, CVE-2023-3422
- Update to 99.0.4788.31
* DNA-107338 NotReached in SadTabView::OnPaint
* DNA-107689 Crash at extensions::
ShodanPrivateShowPopupForSelectedTextFunction::Run()
ImportantCVE-2023-2312 at SUSECVE-2023-2312 at NVDCVE-2023-3420 at SUSECVE-2023-3420 at NVDCVE-2023-3421 at SUSECVE-2023-3421 at NVDCVE-2023-3422 at SUSECVE-2023-3422 at NVDCVE-2023-4068 at SUSECVE-2023-4068 at NVDCVE-2023-4069 at SUSECVE-2023-4069 at NVDCVE-2023-4070 at SUSECVE-2023-4070 at NVDCVE-2023-4071 at SUSECVE-2023-4071 at NVDCVE-2023-4072 at SUSECVE-2023-4072 at NVDCVE-2023-4073 at SUSECVE-2023-4073 at NVDCVE-2023-4074 at SUSECVE-2023-4074 at NVDCVE-2023-4075 at SUSECVE-2023-4075 at NVDCVE-2023-4076 at SUSECVE-2023-4076 at NVDCVE-2023-4077 at SUSECVE-2023-4077 at NVDCVE-2023-4078 at SUSECVE-2023-4078 at NVDCVE-2023-4349 at SUSECVE-2023-4349 at NVDCVE-2023-4350 at SUSECVE-2023-4350 at NVDCVE-2023-4351 at SUSECVE-2023-4351 at NVDCVE-2023-4352 at SUSECVE-2023-4352 at NVDCVE-2023-4353 at SUSECVE-2023-4353 at NVDCVE-2023-4354 at SUSECVE-2023-4354 at NVDCVE-2023-4355 at SUSECVE-2023-4355 at NVDCVE-2023-4356 at SUSECVE-2023-4356 at NVDCVE-2023-4357 at SUSECVE-2023-4357 at NVDCVE-2023-4358 at SUSECVE-2023-4358 at NVDCVE-2023-4359 at SUSECVE-2023-4359 at NVDCVE-2023-4360 at SUSECVE-2023-4360 at NVDCVE-2023-4361 at SUSECVE-2023-4361 at NVDCVE-2023-4362 at SUSECVE-2023-4362 at NVDCVE-2023-4363 at SUSECVE-2023-4363 at NVDCVE-2023-4364 at SUSECVE-2023-4364 at NVDCVE-2023-4365 at SUSECVE-2023-4365 at NVDCVE-2023-4366 at SUSECVE-2023-4366 at NVDCVE-2023-4367 at SUSECVE-2023-4367 at NVDCVE-2023-4368 at SUSECVE-2023-4368 at NVDCVE-2023-4572 at SUSECVE-2023-4572 at NVDSecurity update for renderdoc (Important)openSUSE Leap 15.5
This update for renderdoc fixes the following issues:
Security issues fixed:
* CVE-2023-33863: integer overflow to heap-based buffer overflow
* CVE-2023-33864: integer underflow to heap-based buffer overflow
* CVE-2023-33865: symlink vulnerability in /tmp/RenderDoc
ImportantSUSE bug 1212086SUSE bug 1212088SUSE bug 1212089CVE-2023-33863 at SUSECVE-2023-33863 at NVDCVE-2023-33864 at SUSECVE-2023-33864 at NVDCVE-2023-33865 at SUSECVE-2023-33865 at NVDcpe:/o:opensuse:leap:15.5Security update for modsecurity (Moderate)openSUSE Leap 15.5
This update for modsecurity fixes the following issues:
Update to version 3.0.10:
* Security impacting issue (fix boo#1213702, CVE-2023-38285)
- Fix: worst-case time in implementation of four transformations
- Additional information on this issue is available at
https://www.trustwave.com/resources/blogs/spiderlabs-blog/modsecurity-v3-dos-vulnerability-in-four-transformations-cve-2023-38285/
* Enhancements and bug fixes
- Add TX synonym for MSC_PCRE_LIMITS_EXCEEDED
- Make MULTIPART_PART_HEADERS accessible to lua
- Fix: Lua scripts cannot read whole collection at once
- Fix: quoted Include config with wildcard
- Support isolated PCRE match limits
- Fix: meta actions not applied if multiMatch in first rule of chain
- Fix: audit log may omit tags when multiMatch
- Exclude CRLF from MULTIPART_PART_HEADER value
- Configure: use AS_ECHO_N instead echo -n
- Adjust position of memset from 2890
Update to version 3.0.9:
* Add some member variable inits in Transaction class (possible segfault)
* Fix: possible segfault on reload if duplicate ip+CIDR in ip match list
* Resolve memory leak on reload (bison-generated variable)
* Support equals sign in XPath expressions
* Encode two special chars in error.log output
* Add JIT support for PCRE2
* Support comments in ipMatchFromFile file via '#' token
* Use name package name libmaxminddb with pkg-config
* Fix: FILES_TMP_CONTENT collection key should use part name
* Use AS_HELP_STRING instead of obsolete AC_HELP_STRING macro
* During configure, do not check for pcre if pcre2 specified
* Use pkg-config to find libxml2 first
* Fix two rule-reload memory leak issues
* Correct whitespace handling for Include directive
- Fix CVE-2023-28882, a segfault and a resultant crash of a worker process
in some configurations with certain inputs, boo#1210993
Update to version 3.0.8
* Adjust parser activation rules in modsecurity.conf-recommended [#2796]
* Multipart parsing fixes and new MULTIPART_PART_HEADERS collection [#2795]
* Prevent LMDB related segfault [#2755, #2761]
* Fix msc_transaction_cleanup function comment typo [#2788]
* Fix: MULTIPART_INVALID_PART connected to wrong internal variable [#2785]
* Restore Unique_id to include random portion after timestamp [#2752, #2758]
Update to version 3.0.7
* Support PCRE2
* Support SecRequestBodyNoFilesLimit
* Add ctl:auditEngine action support
* Move PCRE2 match block from member variable
* Add SecArgumentsLimit, 200007 to modsecurity.conf-recommended
* Fix memory leak when concurrent log includes REMOTE_USER
* Fix LMDB initialization issues
* Fix initcol error message wording
* Tolerate other parameters after boundary in multipart C-T
* Add DebugLog message for bad pattern in rx operator
* Fix misuses of LMDB API
* Fix duplication typo in code comment
* Fix multiMatch msg, etc, population in audit log
* Fix some name handling for ARGS_*NAMES: regex SecRuleUpdateTargetById, etc.
* Adjust confusing variable name in setRequestBody method
* Multipart names/filenames may include single quote if double-quote enclosed
* Add SecRequestBodyJsonDepthLimit to modsecurity.conf-recommended
Update to version 3.0.6
* Security issue: Support configurable limit on depth of JSON
parsing, possible DoS issue. CVE-2021-42717
Update to version 3.0.5
* New: Having ARGS_NAMES, variables proxied
* Fix: FILES variable does not use multipart part name for key
* GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
* Support configurable limit on number of arguments processed
* Adds support to lua 5.4
* Add support for new operator rxGlobal
* Fix: Replaces put with setenv in SetEnv action
* Fix: Regex key selection should not be case-sensitive
* Fix: Only delete Multipart tmp files after rules have run
* Fixed MatchedVar on chained rules
* Fix IP address logging in Section A
* Fix: rx: exit after full match (remove /g emulation); ensure
capture groups occuring after unused groups still populate TX vars
* Fix rule-update-target for non-regex
* Fix Security Impacting Issues:
* Handle URI received with uri-fragment, CVE-2020-15598
update to 3.0.4:
* Fix: audit log data omitted when nolog,auditlog
* Fix: ModSecurity 3.x inspectFile operator does not pass
* XML: Remove error messages from stderr
* Filter comment or blank line for pmFromFile operator
* Additional adjustment to Cookie header parsing
* Restore chained rule part H logging to be more like 2.9 behaviour
* Small fixes in log messages to help debugging the file upload
* Fix Cookie header parsing issues
* Fix rules with nolog are logging to part H
* Fix argument key-value pair parsing cases
* Fix: audit log part for response body for JSON format to be E
* Make sure m_rulesMessages is filled after successfull match
* Fix @pm lookup for possible matches on offset zero.
* Regex lookup on the key name instead of COLLECTION:key
* Missing throw in Operator::instantiate
* Making block action execution dependent of the SecEngine status
* Making block action execution dependent of the SecEngine status
* Having body limits to respect the rule engine state
* Fix SecRuleUpdateTargetById does not match regular expressions
* Adds missing check for runtime ctl:ruleRemoveByTag
* Adds a new operator verifySVNR that checks for Austrian social security numbers.
* Fix variables output in debug logs
* Correct typo validade in log output
* fix/minor: Error encoding hexa decimal.
* Limit more log variables to 200 characters.
* parser: fix parsed file names
* Allow empty anchored variable
* Fixed FILES_NAMES collection after the end of multipart parsing
* Fixed validateByteRange parsing method
* Removes a memory leak on the JSON parser
* Enables LMDB on the regression tests.
* Fix: Extra whitespace in some configuration directives causing error
* Refactoring on Regex and SMatch classes.
* Fixed buffer overflow in Utils::Md5::hexdigest()
* Implemented merge() method for ConfigInt, ConfigDouble, ConfigString
* Adds initially support to the drop action.
* Complete merging of particular rule properties
* Replaces AC_CHECK_FILE with 'test -f'
* Fix inet addr handling on 64 bit big endian systems
* Fix tests on FreeBSD
* Changes ENV test case to read the default MODSECURTIY env var
* Regression: Sets MODSECURITY env var during the tests execution
* Fix setenv action to strdup key=variable
* Allow 0 length JSON requests.
* Fix 'make dist' target to include default configuration
* Replaced log locking using mutex with fcntl lock
* Correct the usage of modsecurity::Phases::NUMBER_OF_PHASES
* Adds support to multiple ranges in ctl:ruleRemoveById
* Rule variable interpolation broken
* Make the boundary check less strict as per RFC2046
* Fix buffer size for utf8toUnicode transformation
* Fix double macros bug
* Override the default status code if not suitable to redirect action
* parser: Fix the support for CRLF configuration files
* Organizes the server logs
* m_lineNumber in Rule not mapping with the correct line number in file
* Using shared_ptr instead of unique_ptr on rules exceptions
* Changes debuglogs schema to avoid unecessary str allocation
* Fix the SecUnicodeMapFile and SecUnicodeCodePage
* Changes the timing to save the rule message
* Fix crash in msc_rules_add_file() when using disruptive action in chain
* Fix memory leak in AuditLog::init()
* Fix RulesProperties::appendRules()
* Fix RULE lookup in chained rules
* @ipMatch 'Could not add entry' on slash/32 notation in 2.9.0
* Using values after transformation at MATCHED_VARS
* Adds support to UpdateActionById.
* Add correct C function prototypes for msc_init and msc_create_rule_set
* Allow LuaJIT 2.1 to be used
* Match m_id JSON log with RuleMessage and v2 format
* Adds support to setenv action.
* Adds new transaction constructor that accepts the transaction id as parameter.
* Adds request IDs and URIs to the debug log
* Treating variables exception on load-time instead of run time.
* Fix: function m.setvar in Lua scripts and add testcases
* Fix SecResponseBodyAccess and ctl:requestBodyAccess directives
* Fix OpenBSD build
* Fix parser to support GeoLookup with MaxMind
* parser: Fix simple quote setvar in the end of the line
* Fix pc file
* modsec_rules_check: uses the gnu `.la' instead of `.a' file
* good practices: Initialize variables before use it
* Fix utf-8 character encoding conversion
* Adds support for ctl:requestBodyProcessor=URLENCODED
* Add LUA compatibility for CentOS and try to use LuaJIT first if available
* Allow LuaJIT to be used
* Implement support for Lua 5.1
* Variable names must match fully, not partially. Match should be case insensitive.
* Improves the performance while loading the rules
* Allow empty strings to be evaluated by regex::searchAll
* Adds basic pkg-config info
* Fixed LMDB collection errors
* Fixed false positive MULTIPART_UNMATCHED_BOUNDARY errors
* Fix ip tree lookup on netmask content
* Changes the behavior of the default sec actions
* Refactoring on {global,ip,resources,session,tx,user} collections
* Fix race condition in UniqueId::uniqueId()
* Fix memory leak in error message for msc_rules_merge C APIs
* Return false in SharedFiles::open() when an error happens
* Use rvalue reference in ModSecurity::serverLog
* Build System: Fix when multiple lines for curl version.
* Checks if response body inspection is enabled before process it
* Fix setvar parsing of quoted data
* Adds time stamp back to the audit logs
* Disables skip counter if debug log is disabled
* Cosmetics: Represents amount of skipped rules without decimal
* Add missing escapeSeqDecode, urlEncode and trimLeft/Right tfns to parser
* Fix STATUS var parsing and accept STATUS_LINE var for v2 backward comp.
* Fix memory leak in modsecurity::utils::expandEnv()
* Initialize m_dtd member in ValidateDTD class as NULL
* Fix broken @detectxss operator regression test case
* Fix utils::string::ssplit() to handle delimiter in the end of string
* Fix variable FILES_TMPNAMES
* Fix memory leak in Collections
* Fix lib version information while generating the .so file
* Adds support for ctl:ruleRemoveByTag
* Fix SecUploadDir configuration merge
* Include all prerequisites for 'make check' into dist archive
* Fix: Reverse logic of checking output in @inspectFile
* Adds support to libMaxMind
* Adds capture action to detectXSS
* Temporarily accept invalid MULTIPART_SEMICOLON_MISSING operator
* Adds capture action to detectSQLi
* Adds capture action to rbl
* Adds capture action to verifyCC
* Adds capture action to verifySSN
* Adds capture action to verifyCPF
* Prettier error messages for unsupported configurations (UX)
* Add missing verify*** transformation statements to parser
* Fix a set of compilation warnings
* Check for disruptive action on SecDefaultAction.
* Fix block-block infinite loop.
* Correction remove_by_tag and remove_by_msg logic.
* Fix LMDB compile error
* Fix msc_who_am_i() to return pointer to a valid C string
* Added some cosmetics to autoconf related code
* Fix 'make dist' target to include necessary headers for Lua
* Fix 'include /foo/*.conf' for single matched object in directory
* Add missing Base64 transformation statements to parser
* Fixed resource load on ip match from file
* Fixed examples compilation while using disable-shared
* Fixed compilation issue while xml is disabled
* Having LDADD and LDFLAGS organized on Makefile.am
* Checking std::deque size before use it
* perf improvement: Added the concept of RunTimeString and removed all run time parser.
* perf improvement: Checks debuglog level before format debug msg
* perf. improvement/rx: Only compute dynamic regex in case of macro
* Fix uri on the benchmark utility
* disable Lua on systems with liblua5.1
ModerateSUSE bug 1210993SUSE bug 1213702CVE-2020-15598 at SUSECVE-2020-15598 at NVDCVE-2021-42717 at SUSECVE-2021-42717 at NVDCVE-2023-28882 at SUSECVE-2023-28882 at NVDCVE-2023-38285 at SUSECVE-2023-38285 at NVDcpe:/o:opensuse:leap:15.5Security update for python-GitPython (Moderate)openSUSE Leap 15.5
This update for python-GitPython fixes the following issues:
- CVE-2023-41040: Fixed directory traversal attack vulnerability (boo#1214810)
ModerateSUSE bug 1214810CVE-2023-41040 at SUSECVE-2023-41040 at NVDcpe:/o:opensuse:leap:15.5Security update for python-CairoSVG (Moderate)openSUSE Leap 15.5
This update for python-CairoSVG fixes the following issues:
- CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. (boo#1209538)
- Update to version 2.5.2
* Fix marker path scale
- Update to version 2.5.1 (boo#1180648, CVE-2021-21236):
* Security fix: When processing SVG files, CairoSVG was using two
regular expressions which are vulnerable to Regular Expression
Denial of Service (REDoS). If an attacker provided a malicious
SVG, it could make CairoSVG get stuck processing the file for a
very long time.
* Fix marker positions for unclosed paths
* Follow hint when only output_width or output_height is set
* Handle opacity on raster images
* Don’t crash when use tags reference unknown tags
* Take care of the next letter when A/a is replaced by l
* Fix misalignment in node.vertices
- Updates for version 2.5.0.
* Drop support of Python 3.5, add support of Python 3.9.
* Add EPS export
* Add background-color, negate-colors, and invert-images options
* Improve support for font weights
* Fix opacity of patterns and gradients
* Support auto-start-reverse value for orient
* Draw images contained in defs
* Add Exif transposition support
* Handle dominant-baseline
* Support transform-origin
ModerateSUSE bug 1180648SUSE bug 1209538CVE-2021-21236 at SUSECVE-2021-21236 at NVDCVE-2023-27586 at SUSECVE-2023-27586 at NVDcpe:/o:opensuse:leap:15.5Security update for tcpreplay (Moderate)openSUSE Leap 15.5
This update for tcpreplay fixes the following issues:
Update to 4.4.4:
* overflow check fix for parse_mpls.
* tcpreplay-edit: prevent L2 flooding of ipv6 unicast packets.
* CVE-2023-27786: bugs caused by strtok_r. (boo#1209416)
* CVE-2023-27783 reachable assert in tcpedit_dlt_cleanup (boo#1209413)
* reachable assert in fast_edit_packet.
ModerateSUSE bug 1209413SUSE bug 1209416CVE-2023-27783 at SUSECVE-2023-27783 at NVDCVE-2023-27786 at SUSECVE-2023-27786 at NVDcpe:/o:opensuse:leap:15.5Security update for cacti, cacti-spine (Important)openSUSE Leap 15.5
This update for cacti, cacti-spine fixes the following issues:
cacti-spine 1.2.25:
* Spine should see if script to be executed is executable
* Enhance number recognition
* When polling devices, sort by larger number of items first
* Log format may be corrupted when timeout occurs
* Compile warning appears due to GCC flag on RHEL7/RHEL8
* Downed device detection only checks one of the two uptime OIDs
* Compile error appears due to execinfo.h on FreeBSD
* Bootstrap shell script contains some PHP cruft
* Padding is not always removed from the start of non-numeric strings
* Improve SNMP result handling for non-numeric results
* Further improve SNMP result handling for non-numeric results
* Remove check for the max_oids column which has been present since Cacti v1.0
* Minimize Sorting when fetching poller records for maximum performance
* Spine should see if script to be executed is executable
cacti-spine 1.2.24:
* Fix segfault when ignoring older OIDs
cacti 1.2.25:
* CVE-2023-30534: Protect against Insecure deserialization of filter data (boo#1215082)
* CVE-2023-39360: Cross-Site Scripting vulnerability when creating new graphs (boo#1215044)
* CVE-2023-39361: Unauthenticated SQL Injection when viewing graphs (boo#1215045)
* CVE-2023-39357: SQL Injection when saving data with sql_save() (boo#1215040)
* CVE-2023-39362: Authenticated command injection when using SNMP options (boo#1215047)
* CVE-2023-39359: Authenticated SQL injection vulnerability when managing graphs (boo#1215043)
* CVE-2023-39358: Authenticated SQL injection vulnerability when managing reports (boo#1215042)
* CVE-2023-39365: SQL Injection when using regular expressions (boo#1215051)
* CVE-2023-39364: redirect in change password functionality (boo#1215050)
* CVE-2023-39366: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215052)
* CVE-2023-39510: Cross-Site Scripting vulnerability with Device Name when administrating Reports (boo#1215053)
* CVE-2023-39511: Cross-Site Scripting vulnerability with Device Name when editing Graphs whilst managing Reports (boo#1215081)
* CVE-2023-39512: Cross-Site Scripting vulnerability with Device Name when managing Data Sources (boo#1215054)
* CVE-2023-39513: Cross-Site Scripting vulnerability with Device Name when debugging data queries (boo#1215055)
* CVE-2023-39514: Cross-Site Scripting vulnerability with Data Source Name when managing Graphs (boo#1215056)
* CVE-2023-39515: Cross-Site Scripting vulnerability with Data Source Name when debugging Data Queries (boo#1215058)
* CVE-2023-39516: Cross-Site Scripting vulnerability with Data Source Information when managing Data Sources (boo#1215059)
* When rebuilding the Poller Cache from command line, allow it to be multi-threaded
* When searching tree or list views, the URL does not update after changes
* When creating a Data Source Template with a specific snmp port, the port is not always applied
* When a Data Query references a file, the filename should be trimmed to remove spurious spaces
* THold plugin may not always install or upgrade properly
* RRD file structures are not always updated properly, if there are more Data Sources in the Data Template than the Graph Template
* When reindexing devices, errors may sometimes be shown
* Boost may loose data when the database server is overloaded
* Boost can sometimes output unexpected or invalid values
* Boost should not attempt to start if there are no items to process
* Rebuilding the poller cache does not always work as expected
* Host CPU items may not work poll as expected when on a remote data collector where hmib is also enabled
* When creating new graphs, invalid offset errors may be generated
* When importing packages, SQL errors may be generated
* When managing plugins from command line, the --plugin option is not properly handled
* When automating an install of Cacti, error messages can be appear
* When performing automated install of a plugin, warnings can be thrown
* Automation references the wrong table name causing errors
* Data Source Info Mode produces invalid recommendations
* Data Source Debug 'Run All' generates too many log messages
* The description of rebuild poller cache in utilities does not display properly
* When reindexing a device, debug information may not always display properly
* Upon displaying a form with errors, the session error fields variable isn't cleared
* MariaDB clusters will no longer support exclusive locks
* RRDtool can fail to update when sources in Data Template and Graph Template data sources do not match
* Compatibility improvements for Boost under PHP 8.x
* When searching the tree, increase the time before querying for items
* Device Location drop down does not always populate correctly
* When viewing Realtime graphs, undefined variable errors may be reported
* SNMP Uptime is not always ignored for spikekills
* Improve detection of downed Devices
* When reporting missing functions from Plugins, ensure messages do not occur too often
* When starting the Cacti daemon, database errors may be reported when there is no problem
* When reporting from RRDcheck, ensure prefix is in the correct casing
* Improve Orphaned Data Source options and display
* Parsing the PHP Configuration may sometimes produce errors
* Security processes attempt to check for a user lockout even if there is no user logged in
* When attempting to edit a tree, the search filter for Graphs remains disabled
* When reindexing, a Data Source that could be un-orphaned may not always be unorphaned
* When parsing a date value, there could be more than 30 chars
* Untemplated Data Sources can fail to update due to lack of an assigned Graph
* When processing items to check, do not include disabled hosts
* When saving a Data Source Template, SQL errors may be reported
* When importing a Template, errors may be recorded
* Some display strings have invalid formatting that cannot be parsed
* When filtering with regular expressions, the 'does not match' option does not always function as expected
* When enabling a plugin, sometimes it can appear as if nothing happens
* Ensure the Rows Per Page option shows limitations set by configuration
* Plugins are unable to modify fields in the setting 'Change Device Settings'
* When reporting emails being sent, ensure BCC addresses are also included
* Improve compatibility of SNMP class trim handling under PHP 8.x
* When importing legacy Data Query Templates, the Template can become unusable
* Provide ability to raise an event when extending the settings form
* Prevent unsupported SQL Mode flags from being set
* The DSStats summary does not always display expected values
* When performing a fresh install, device classification may be missing.
* Duplication functions for Graph/Template and Data Source/Template do not return and id
* Duplication of Device Templates should be an API call
* Unable to convert database to latin1 instead of utf8 if desired
* When creating Graphs, the process may become slower over time as more items exist
* When a bulk walk size is set to automatic, this is not always set to the optimal value
* Update copyright notice on import packages
* When viewing Orphan Graphs, SQL errors may be reported
* When reindexing hosts from command line, ensure only one process runs at once
* When a Data Query has no Graphs, it may not be deletable
* When duplicating a Graph Template, provide an option to not duplicate Data Query association
* When duplicating a Data Template errors can appear in the Cacti log
* When importing a Package, previewing makes unexpected changes to Cacti Templates
* When enabling boost on a fresh install, an error may be reported
* Improve compatibility for backtrace logging under PHP 8.x
* Improve compatibility for Advanced Ping under PHP 8.x
* Provide new templates for Fortigate and Aruba Cluster to be available during install
* Provide new template for SNMP Printer to be available during install
* When importing devices, allow a device classification to be known
* Extend length of maximum name in settings table
* Extend length of maximum name in user settings table
* Data Queries do not have a Duplication function
* Upgrade d3.js v7.8.2 and billboard.js v3.7.4
* Upgrade ua-parser.js to version 1.0.35
* Update Cisco Device Template to include HSRP graph template
* New hook for device template change 'device_template_change'
cacti 1.2.24
* Fix: Unable to import Local Linux Machine template
* Fix multiple charting and display issues
* Compatibility changes for SNMP under PHP 8.2, and other PHP
compatibility updates
* Fix multiple issues editing settings
* timeout fixes for Basic Auth
* multiple data poller bug fixes
ImportantSUSE bug 1215040SUSE bug 1215042SUSE bug 1215043SUSE bug 1215044SUSE bug 1215045SUSE bug 1215047SUSE bug 1215050SUSE bug 1215051SUSE bug 1215052SUSE bug 1215053SUSE bug 1215054SUSE bug 1215055SUSE bug 1215056SUSE bug 1215058SUSE bug 1215059SUSE bug 1215081SUSE bug 1215082CVE-2023-30534 at SUSECVE-2023-30534 at NVDCVE-2023-39357 at SUSECVE-2023-39357 at NVDCVE-2023-39358 at SUSECVE-2023-39358 at NVDCVE-2023-39359 at SUSECVE-2023-39359 at NVDCVE-2023-39360 at SUSECVE-2023-39360 at NVDCVE-2023-39361 at SUSECVE-2023-39361 at NVDCVE-2023-39362 at SUSECVE-2023-39362 at NVDCVE-2023-39364 at SUSECVE-2023-39364 at NVDCVE-2023-39365 at SUSECVE-2023-39365 at NVDCVE-2023-39366 at SUSECVE-2023-39366 at NVDCVE-2023-39510 at SUSECVE-2023-39510 at NVDCVE-2023-39511 at SUSECVE-2023-39511 at NVDCVE-2023-39512 at SUSECVE-2023-39512 at NVDCVE-2023-39513 at SUSECVE-2023-39513 at NVDCVE-2023-39514 at SUSECVE-2023-39514 at NVDCVE-2023-39515 at SUSECVE-2023-39515 at NVDCVE-2023-39516 at SUSECVE-2023-39516 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Critical)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 117.0.5938.132 (boo#1215776):
* CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx (boo#1215778)
* CVE-2023-5186: Use after free in Passwords
* CVE-2023-5187: Use after free in Extensions
- Chromium 117.0.5938.92:
* stability improvements
CriticalSUSE bug 1215776SUSE bug 1215778CVE-2023-5186 at SUSECVE-2023-5186 at NVDCVE-2023-5187 at SUSECVE-2023-5187 at NVDCVE-2023-5217 at SUSECVE-2023-5217 at NVDcpe:/o:opensuse:leap:15.5Security update for seamonkey (Important)openSUSE Leap 15.5
This update for seamonkey fixes the following issues:
update to SeaMonkey 2.53.17.1
* Upstream libwebp security fix bug 1852749.
* CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649.
* Fix bad string encoded in ansi. l10n fr problem only bug 1847887.
* SeaMonkey 2.53.17 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.17 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 115.3
and Thunderbird 115.3 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
update to SeaMonkey 2.53.17
* Fix macOS Contacts permission request bug 1826719.
* Remove SeaMonkey 2.57 links from debugQA bug 1829683.
* Treat opening urls from the library as external bug 1619108.
* Disable spam warning for autogenerated links in plaintext messages
bug 619031.
* Switch SeaMonkey build files to Python 3 bug 1635849.
* Remove empty overlays from Composer bug 1828533.
* Move xpfe autocomplete to comm-central suite bug 1418512.
* Remove nsIPrefBranch2 and nsIPrefBranchInternal bug 1374847.
* SeaMonkey 2.53.17 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.17 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 102.11
and Thunderbird 102.11 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
Update to SeaMonkey 2.53.16
* No throbber in plaintext editor bug 85498.
* Remove unused gridlines class from EdAdvancedEdit bug 1806632.
* Remove ESR 91 links from debugQA bug 1804534.
* Rename devtools/shim to devtools/startup bug 1812367.
* Remove unused seltype=text|cell css bug 1806653.
* Implement new shared tree styling bug 1807802.
* Use `win.focus()` in macWindowMenu.js bug 1807817.
* Remove WCAP provider bug 1579020.
* Remove ftp/file tree view support bug 1239239.
* Change calendar list tree to a list bug 1561530.
* Various other updates to the calendar code.
* Continue the switch from Python 2 to Python 3 in the build system.
* Verified compatibility with Rust 1.66.1.
* SeaMonkey 2.53.16 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.16 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 102.9
and Thunderbird 102.9 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
Update to SeaMonkey 2.53.15
* Microtasks and promises bug 1193394.
* Implement queueMicrotask()bug 1480236.
* Remove old synchronous contentPrefService from the tree bug 886907
and bug 1392929.
* Remove remaining uses of 'general.useragent.locale' bug 1410736
and bug 1410738.
* Migrate to intl.locale.requested.locale list from
'general.useragent.locale' bug 1441016.
* Introduce a pref to store BCP47 locale list bug 1414390, bug
1423532 and bug 1441026.
* Remove synchronous certificate verification APIs from
nsIX509CertDB bug 1453741 and bug 1453778.
* Taskbar preview's favicon appears blank bug 1475524.
* Call Imagelibs decodeImageAsyncWindows using a callback bug
1790695.
* Remove PermissionsService from process Windows sandboxing code bug
1788233, bug 1789782 and bug 1794394.
* Security info dialog doesn't show cert status anymore bug 1293378.
* Replace nsIPlatfromCharset in mailnews bug 1381762.
* Replace use of nsMsgI18NFileSystemCharset() with
NS_CopyUnicodeToNative/NS_CopyNativeToUnicode() bug 1506422.
* Cater for Outlook's/Hotmail's 'Deleted' folder bug 1320191.
* Make some filter methods scriptable bug 1497513.
* Fix crash in nsMsgFilterAfterTheFact::ApplyFilter() caused by
async reset of 'm_curFolder' bug 537017.
* Localize messages from nsIMsgFolder.logRuleHitFail() bug 1352731.
* Add logging of message filter runs and actions bug 697522.
* Check that we got a non-null header before running a filter on it
(and crashing) bug 1563959.
* With CONDSTORE, eliminate unneeded flag fetches at startup bug
1428097.
* Fix so custom tags (keywords) are visible to all users bug 583677.
* Improve handling of tags on shared folders bug 1596371.
* Allow setting/resetting junk marking by user for yahoo/aol to
stick bug 1260059.
* Don't check subject if spellchecker is not ready bug 1069787.
* Grammar issues in mailnews_account_settings.xhtml bug 1793291.
* Remove use of nsIMemory bug 1792578.
* Replace obsolete GetStringBundleService call in SeaMonkey bug
1794400.
* SeaMonkey crashes on MacOS Ventura 13.0 bug 1797696.
* Continue the switch from Python 2 to Python 3 in the build system.
* Added support for clang 15 and macOS SDK 11.3.
* Verified compatibility with Rust 1.65.
* SeaMonkey 2.53.15 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.15 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 102.6
and Thunderbird 102.5 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
ImportantSUSE bug 1207332SUSE bug 1209994SUSE bug 1213986CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:opensuse:leap:15.5Security update for roundcubemail (Moderate)openSUSE Leap 15.5
This update for roundcubemail fixes the following issues:
Update to 1.6.3 (boo#1215433)
* Fix bug where installto.sh/update.sh scripts were removing some
essential options from the config file (#9051)
* Update jQuery-UI to version 1.13.2 (#9041)
* Fix regression that broke use_secure_urls feature (#9052)
* Fix potential PHP fatal error when opening a message with
message/rfc822 part (#8953)
* Fix bug where a duplicate <title> tag in HTML email could cause some
parts being cut off (#9029)
* Fix bug where a list of folders could have been sorted
incorrectly (#9057)
* Fix regression where LDAP addressbook 'filter' option was
ignored (#9061)
* Fix wrong order of a multi-folder search result when sorting by
size (#9065)
* Fix so install/update scripts do not require PEAR (#9037)
* Fix regression where some mail parts could have been decoded
incorrectly, or not at all (#9096)
* Fix handling of an error case in Cyrus IMAP BINARY FETCH, fallback to
non-binary FETCH (#9097)
* Fix PHP8 deprecation warning in the reconnect plugin (#9083)
* Fix 'Show source' on mobile with x_frame_options = deny (#9084)
* Fix various PHP warnings (#9098)
* Fix deprecated use of ldap_connect() in password's ldap_simple driver (#9060)
* Fix cross-site scripting (XSS) vulnerability in handling of linkrefs
in plain text messages
Update to 1.6.2
* Add Uyghur localization
* Fix regression in OAuth request URI caused by use of REQUEST_URI
instead of SCRIPT_NAME as a default (#8878)
* Fix bug where false attachment reminder was displayed on HTML mail
with inline images (#8885)
* Fix bug where a non-ASCII character in app.js could cause error in
javascript engine (#8894)
* Fix JWT decoding with url safe base64 schema (#8890)
* Fix bug where .wav instead of .mp3 file was used for the new mail
notification in Firefox (#8895)
* Fix PHP8 warning (#8891)
* Fix support for Windows-31J charset (#8869)
* Fix so LDAP VLV option is disabled by default as documented (#8833)
* Fix so an email address with name is supported as input to the managesieve
notify :from parameter (#8918)
* Fix Help plugin menu (#8898)
* Fix invalid onclick handler on the logo image when using non-array
skin_logo setting (#8933)
* Fix duplicate recipients in 'To' and 'Cc' on reply (#8912)
* Fix bug where it wasn't possible to scroll lists by clicking middle
mouse button (#8942)
* Fix bug where label text in a single-input dialog could be partially
invisible in some locales (#8905)
* Fix bug where LDAP (fulltext) search didn't work without 'search_fields'
in config (#8874)
* Fix extra leading newlines in plain text converted from HTML (#8973)
* Fix so recipients with a domain ending with .s are allowed (#8854)
* Fix so vCard output does not contain non-standard/redundant TYPE=OTHER
and TYPE=INTERNET (#8838)
* Fix QR code images for contacts with non-ASCII characters (#9001)
* Fix PHP8 warnings when using list_flags and list_cols properties by
plugins (#8998)
* Fix bug where subfolders could loose subscription on parent folder
rename (#8892)
* Fix connecting to LDAP using an URI with ldapi:// scheme (#8990)
* Fix insecure shell command params handling in cmd_learn driver of markasjunk
plugin (#9005)
* Fix bug where some mail headers didn't work in cmd_learn driver of markasjunk
plugin (#9005)
* Fix PHP fatal error when importing vcf file using PHP 8.2 (#9025)
* Fix so output of log_date_format with microseconds contains time in server
time zone, not UTC
ModerateSUSE bug 1215433cpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 117.0.5938.149:
* CVE-2023-5346: Type Confusion in V8 (boo#1215924)
ImportantSUSE bug 1215924CVE-2023-5346 at SUSECVE-2023-5346 at NVDcpe:/o:opensuse:leap:15.5Security update for exim (Critical)openSUSE Leap 15.5
This update for exim fixes the following issues:
* CVE-2023-42114: NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability (boo#1215784)
* CVE-2023-42115: AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability (boo#1215785)
* CVE-2023-42116: SMTP Challenge Stack-based Buffer Overflow Remote Code Execution Vulnerability (boo#1215786)
CriticalSUSE bug 1215784SUSE bug 1215785SUSE bug 1215786CVE-2023-42114 at SUSECVE-2023-42114 at NVDCVE-2023-42115 at SUSECVE-2023-42115 at NVDCVE-2023-42116 at SUSECVE-2023-42116 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 103.0.4928.16
* CHR-9416 Updating Chromium on desktop-stable-* branches
* CHR-9433 Update Chromium on desktop-stable-117-4928 to
117.0.5938.89
* CHR-9449 Update Chromium on desktop-stable-117-4928 to
117.0.5938.132
* DNA-110337 Opera Intro extension custom versions
* DNA-111454 Player animations visual adjustments
* DNA-111618 Turn on #password-generator on all streams
* DNA-111645 Turn on flag #player-service-react on
developer stream
* DNA-111708 Player home page is shown while music service is
being loaded
* DNA-111722 [Tab strip][Tab island] Add tab in tab island
button appears after size of tabs is changed
* DNA-111727 JsonPrefStore is created twice for Local State file
* DNA-111838 Promote 103.0 to stable
* DNA-111845 Turn on flag #player-service-react on all streams
* DNA-111868 Translations for O103
* DNA-111874 OMenu and Context Menus has transparent few
px border
- The update to chromium 117.0.5938.89 fixes following issues:
CVE-2023-5217, CVE-2023-5186, CVE-2023-5187
- Complete Opera 103 changelog at:
https://blogs.opera.com/desktop/changelog-for-103/
- Update to 102.0.4880.78
* DNA-110952 Crash at base::subtle::RefCountedBase::
ReleaseImpl() const
- Update to 102.0.4880.70
* DNA-105016 Do not open file selector when closing easy files
dialog with 'close this popup' option
* DNA-110437 Extensions font color in dark mode makes the text
not visible
* DNA-110443 Crash at EasyFilesView::ShowFileSelector
* DNA-111231 Amazon Music logo update in sidebar Player
* DNA-111280 Make import from Crypto Browser to Opera Browser
easier
* DNA-111355 [Sidebar] DevTools is not working correctly in
with sidebar panel
* DNA-111708 Player home page is shown while music service is
being loaded
* DNA-111162 Refresh Player home page
* DNA-111164 Implement animation in Player home page
- Update to 102.0.4880.56
* DNA-110785 Crash at static void base::allocator::
UnretainedDanglingRawPtrDetectedDumpWithoutCrashing
(unsigned __int64)
* DNA-110973 Crash after dragging tab from island to another
screen
* DNA-111199 Disable user_education tests from
component_unittests
* DNA-111369 Crash at views::View::DoRemoveChildView(views::
View*, bool, bool, views::View*)
* DNA-111538 All new open windows don`t have a close button 'x'
in the right upper corner.
- Changes in 102.0.4880.51
* CHR-9416 Automatic tries of updating Chromium on
desktop-stable-* branches
* DNA-110101 [Linux] Maximize/restore button does not work
properly
* DNA-110669 duplicated hints on system buttons
* DNA-110823 Uninstallation Survey Countries
* DNA-110881 Scroll bar doesn't change color in dark mode
* DNA-110930 Capture mouse events on the 1-pixel edge for
DevTools
* DNA-110935 ChatSonic colors are unreadable in Dark Mode
* DNA-111034 Dynamic icon does not look good in edit-tile-modal
* DNA-111035 Removal custom-image should restore dynamic icon
* DNA-111177 [Start page] Letter in SD is black on light
wallpaper
* DNA-111488 Improve profile migration for
desktop-stable-116-4880
- Update to 102.0.4880.46
* CHR-9416 Automatic tries of updating Chromium on
desktop-stable-* branches
* DNA-110216 [Sidebar] Straight lines instead of rounded corners
* DNA-110539 [LIN] Crash at content::WebContentsImpl::
GetLastCommittedURL()
* DNA-110631 AB test mechanism for Speed Dial
* DNA-110656 [TabStrip] Memory leak for tab group
* DNA-111322 Only show splash screen on major version update
* DNA-111417 Crash at opera::component_based::
TabAnimationController::StartAnimatedLayout(opera::
component_based::TabAnimationController::AnimationInfo,
base::OnceCallback)
* DNA-111420 Update continue on link for euro rtv agd
* DNA-111440 Crash at opera::component_based::
ComponentTabBar::GetActiveTab()
ImportantCVE-2023-5186 at SUSECVE-2023-5186 at NVDCVE-2023-5187 at SUSECVE-2023-5187 at NVDCVE-2023-5217 at SUSECVE-2023-5217 at NVDSecurity update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 118.0.5993.70 (boo#1216111)
- CVE-2023-5218: Use after free in Site Isolation
- CVE-2023-5487: Inappropriate implementation in Fullscreen
- CVE-2023-5484: Inappropriate implementation in Navigation
- CVE-2023-5475: Inappropriate implementation in DevTools
- CVE-2023-5483: Inappropriate implementation in Intents
- CVE-2023-5481: Inappropriate implementation in Downloads
- CVE-2023-5476: Use after free in Blink History
- CVE-2023-5474: Heap buffer overflow in PDF
- CVE-2023-5479: Inappropriate implementation in Extensions API
- CVE-2023-5485: Inappropriate implementation in Autofill
- CVE-2023-5478: Inappropriate implementation in Autofill
- CVE-2023-5477: Inappropriate implementation in Installer
- CVE-2023-5486: Inappropriate implementation in Input
- CVE-2023-5473: Use after free in Cast
ImportantSUSE bug 1216111CVE-2023-5218 at SUSECVE-2023-5218 at NVDCVE-2023-5473 at SUSECVE-2023-5473 at NVDCVE-2023-5474 at SUSECVE-2023-5474 at NVDCVE-2023-5475 at SUSECVE-2023-5475 at NVDCVE-2023-5476 at SUSECVE-2023-5476 at NVDCVE-2023-5477 at SUSECVE-2023-5477 at NVDCVE-2023-5478 at SUSECVE-2023-5478 at NVDCVE-2023-5479 at SUSECVE-2023-5479 at NVDCVE-2023-5481 at SUSECVE-2023-5481 at NVDCVE-2023-5483 at SUSECVE-2023-5483 at NVDCVE-2023-5484 at SUSECVE-2023-5484 at NVDCVE-2023-5485 at SUSECVE-2023-5485 at NVDCVE-2023-5486 at SUSECVE-2023-5486 at NVDCVE-2023-5487 at SUSECVE-2023-5487 at NVDcpe:/o:opensuse:leap:15.5Security update for exim (Critical)openSUSE Leap 15.5
This update for exim fixes the following issues:
- CVE-2023-42117: Fixes Improper Neutralization of Special Elements Remote Code Execution Vulnerability (boo#1215787)
- CVE-2023-42119: Fixes dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability (boo#1215789)
CriticalSUSE bug 1215787SUSE bug 1215789CVE-2023-42117 at SUSECVE-2023-42117 at NVDCVE-2023-42119 at SUSECVE-2023-42119 at NVDcpe:/o:opensuse:leap:15.5Security update for rxvt-unicode (Moderate)openSUSE Leap 15.5
This update for rxvt-unicode fixes the following issues:
- Update to version 9.31: (CVE-2022-4170 boo#1206069)
- implement a fix for CVE-2022-4170 (reported and analyzed by
David Leadbeater). While present in version 9.30, it should not
be exploitable. It is exploitable in versions 9.25 and 9.26, at
least, and allows anybody controlling output to the terminal to
execute arbitrary code in the urxvt process.
- the background extension no longer requires off focus fading
support to be compiled in.
- the confirm-paste extension now offers a choice betwene pasting
the original or a sanitized version, and also frees up memory
used to store the paste text immediately.
- fix compiling without frills.
- fix rewrapMode: never.
- fix regression that caused urxvt to no longer emit responses to
OSC color queries other than OSC 4 ones.
- fix regression that caused urxvt to no longer process OSC 705.
- restore CENTURY to be 1900 to 'improve' year parsing in urclock
(or at least go back to the old interpretation) (based on an
analysis by Tommy Pettersson).
- exec_async (used e.g. by the matcher extension to spawn
processes) now sets the URXVT_EXT_WINDOWID variable to the
window id of the terminal.
- implement -fps option/refreshRate resource to change the
default 60 Hz maximum refresh limiter. I always wanted an fps
option, but had to wait for a user requesting it.
- new clickthrough extension.
- perl now also requires Xext.
- X region and shape extension functionality has been exposed to
perl extensions.
- RENDER extension no longer depends on ENABLE_XIM_ONTHESPOT.
ModerateSUSE bug 1206069CVE-2022-4170 at SUSECVE-2022-4170 at NVDcpe:/o:opensuse:leap:15.5Security update for bluetuith (Moderate)openSUSE Leap 15.5
This update for bluetuith fixes the following issues:
- Update to 0.1.7:
* New HJSON-based configuration format
* Adapter status indicators
* Cancellable OBEX session creation
* Enhanced popups
* Major bugfixes and improvements
- Update to 0.1.5:
* ui: device: Show address if name is empty
* agent: Display pincode in a modal #14
- Update to 0.1.5:
* Update dependencies to resolve vulnerability
- Update to 0.1.4:
* Minor bugfixes
Moderatecpe:/o:opensuse:leap:15.5Security update for chromium (Critical)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 118.0.5993.88:
* unspecified security fix (boo#1216392)
CriticalSUSE bug 1216392cpe:/o:opensuse:leap:15.5Recommended update for gpp (Moderate)openSUSE Leap 15.5
This update for gpp fixes the following issues:
Update to version 2.28:
* Fixed typos in documentation (Issues #57 and #61)
* Added #sinclude meta-macro for silent includes (Issue #63)
ModerateSUSE bug 1108673CVE-2018-17076 at SUSECVE-2018-17076 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 118.0.5993.117 (boo#1216549)
* CVE-2023-5472: Use after free in Profiles
* Various fixes from internal audits, fuzzing and other initiatives
ImportantSUSE bug 1216549CVE-2023-5472 at SUSECVE-2023-5472 at NVDcpe:/o:opensuse:leap:15.5Security update for sox (Important)openSUSE Leap 15.5
This update for sox fixes the following issues:
- Apply various fix patches taken from Debian package;
it fixes also other entries (CVE-2022-31650 boo#1212060
CVE-2023-34318 boo#1212062 CVE-2023-34432 boo#1212063)
- Fix floating point exception in src/voc.c (CVE-2023-32627 boo#1212061)
ImportantSUSE bug 1212060SUSE bug 1212061SUSE bug 1212062SUSE bug 1212063CVE-2019-13590 at SUSECVE-2019-13590 at NVDCVE-2021-23159 at SUSECVE-2021-23159 at NVDCVE-2021-33844 at SUSECVE-2021-33844 at NVDCVE-2021-3643 at SUSECVE-2021-3643 at NVDCVE-2021-40426 at SUSECVE-2021-40426 at NVDCVE-2022-31650 at SUSECVE-2022-31650 at NVDCVE-2022-31651 at SUSECVE-2022-31651 at NVDCVE-2023-32627 at SUSECVE-2023-32627 at NVDCVE-2023-34318 at SUSECVE-2023-34318 at NVDCVE-2023-34432 at SUSECVE-2023-34432 at NVDcpe:/o:opensuse:leap:15.5Security update for python-bugzilla (Important)openSUSE Leap 15.5
This update for python-bugzilla fixes the following issues:
- Fixed potential API Key leak (boo#1215718)
ImportantSUSE bug 1215718cpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 104.0.4944.23
* DNA-110465 [Scrollable tab strip] Weird animation when
closing tab
* DNA-112021 Favicons disappear from history after being
hovered over
* DNA-112310 Put opening animation on start page behind a flag
* DNA-112462 Crash at opera::SidebarItemViewImpl::
StateChanged(views::Button::ButtonState)
* DNA-112464 Crash at anonymous namespace::SwitchToTabButton::
OnThemeChanged()
* DNA-112518 Force Default as last used Profile
* DNA-112534 Set profiles_order to Default dir
- Changes in 104.0.4944.18
* CHR-9471 Update Chromium on desktop-stable-118-4944 to
118.0.5993.71
* DNA-111704 chrome.webRequest.onHeadersReceived event is not
fired for extension if page opened from SpeedDial tile
* DNA-111878 Highlighting of tabs and bookmarks in dark mode is
almost invisible.
* DNA-111883 [Address bar] Hover effect on page is placed
too high
* DNA-111922 [Linux] Change Opera beta application icon
* DNA-111955 Reduce colors used in Opera as much as possible
* DNA-112075 Rename palette colors in theme for better
reusability
* DNA-112108 Fix dangling WebContents ptr bound to
TabSnoozeInfobarDelegate::Show callback
* DNA-112222 Tab in island not marked as active
* DNA-112242 Disable feature flag #platform-h264-decoder-in-gpu
by default on stable channel
* DNA-112265 Promote 104 to stable
* DNA-112312 Turn on #wallet-selector on all streams
* DNA-112313 Enable #pinboard-popup-refresh on all streams
* DNA-112426 [profile migration] Renaming invalid Default to
Default.old is not needed anymore
- The update to chromium 118.0.5993.71 fixes following issues:
CVE-2023-5218, CVE-2023-5487, CVE-2023-5484, CVE-2023-5475,
CVE-2023-5483, CVE-2023-5481, CVE-2023-5476, CVE-2023-5474,
CVE-2023-5479, CVE-2023-5485, CVE-2023-5478, CVE-2023-5477,
CVE-2023-5486, CVE-2023-5473
- Complete Opera 104 changelog at:
https://blogs.opera.com/desktop/changelog-for-104/
- Update to 103.0.4928.34
* DNA-111680 Fix highlight of bookmarks bar folder elements
* DNA-111703 O icon moves upon opening menu
* DNA-111883 [Address bar] Hover effect on page is placed
too high
* DNA-111940 OMenu text displaced to the right without
any indentation
* DNA-112118 Crash at history::URLDatabase::
CreateContinueOnIndexIfNeeded(std::__Cr::vector)
- Update to 103.0.4928.26
* DNA-111681 Disappearing icons of bookmarks bar folders elements
* DNA-112020 Enable #address-bar-dropdown-cities on all streams
ImportantCVE-2023-5218 at SUSECVE-2023-5218 at NVDCVE-2023-5473 at SUSECVE-2023-5473 at NVDCVE-2023-5474 at SUSECVE-2023-5474 at NVDCVE-2023-5475 at SUSECVE-2023-5475 at NVDCVE-2023-5476 at SUSECVE-2023-5476 at NVDCVE-2023-5477 at SUSECVE-2023-5477 at NVDCVE-2023-5478 at SUSECVE-2023-5478 at NVDCVE-2023-5479 at SUSECVE-2023-5479 at NVDCVE-2023-5481 at SUSECVE-2023-5481 at NVDCVE-2023-5483 at SUSECVE-2023-5483 at NVDCVE-2023-5484 at SUSECVE-2023-5484 at NVDCVE-2023-5485 at SUSECVE-2023-5485 at NVDCVE-2023-5486 at SUSECVE-2023-5486 at NVDCVE-2023-5487 at SUSECVE-2023-5487 at NVDSecurity update for roundcubemail (Important)openSUSE Leap 15.5
This update for roundcubemail fixes the following issues:
Update to version 1.6.4 (boo#1216429):
* CVE-2023-5631: Fix cross-site scripting vulnerability in handling of SVG in HTML messages
* Fix PHP8 warnings
* Fix default 'mime.types' path on Windows
* Managesieve: Fix javascript error when relational or spamtest extension is not enabled
ImportantSUSE bug 1216429CVE-2023-5631 at SUSECVE-2023-5631 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-railties-5.2 (Low)openSUSE Leap 15.5
This update for rubygem-railties-5.2 fixes the following issue:
- CVE-2023-38037: Fixed File Disclosure of Locally Encrypted [bsc#1214807]
LowSUSE bug 1214807CVE-2023-38037 at SUSECVE-2023-38037 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-activesupport-5.2 (Moderate)openSUSE Leap 15.5
This update for rubygem-activesupport-5.2 fixes the following issue:
- CVE-2023-38037: fixed a File Disclosure of Locally Encrypted Files (bsc#1214807)
ModerateSUSE bug 1214807CVE-2023-38037 at SUSECVE-2023-38037 at NVDcpe:/o:opensuse:leap:15.5Security update for virtualbox (Important)openSUSE Leap 15.5
This update for virtualbox fixes the following issues:
- Version bump to VirtualBox 7.0.12 (released October 17 2023 by Oracle)
Fixes the following:
- CVE-2023-22098 (boo#1216363)
- CVE-2023-22099 (boo#1216364)
- CVE-2023-22100 (boo#1216365)
This is a maintenance release. The following items were fixed and/or added:
- VMM: Fixed using a debugger inside the guest under certain circumstances (bugs #21413 and #21546)
- VMM: Fixed detection of VT-x being used by other hypervisors (bug #21867)
- VMM: Introduced additional improvements in Split Lock Detection feature of recent Intel CPUs on Linux hosts (bug #20180)
- GUI: Fixed issue when the nested hardware virtualization setting was not displayed in the VM details panel (bug #21707)
- GUI: Introduced NLS update for Croatian, Indonesian, Italian, Japanese, Korean, Dutch and Turkish languages as well as added general look-and-feel improvements
- Devices: Fixed black screen in Windows guests with multiple guest screens when 3D is disabled (7.0.10 regression)
- Devices: Fixed PCI device identifiers for the VirtIO network interface (bug #21516)
- Devices: Fixed VLAN support for the VirtIO network interface (bug #21778)
- Devices: Fixed loading saved states when a TPM is configured (7.0.10 regression, bug #21773)
- Networking: Fixed memory leaks in the VBoxIntNetSwitch process on macOS (bug #21752)
- Networking: Fixed TCP connections with IP addresses ending on .2 when the NAT network attachment is used (bug #21513)
- VRDP: Added general improvements
- VBoxManage: Added improvements for 'list usbfilters' command
- Unattended: Added kick start file support for Oracle Linux 8 and Oracle Linux 9.
- Main: Added more Linux OS subtypes
- Host Services: Fixed Guest Properties service crash under rare circumstance
- Linux Host and Guest: Fixed few 'field-spanning write' kernel warnings (bugs #21410 and #21862)
- Linux Guest Additions: Added more fixes for RHEL 8.9 and 9.3 kernel
- Linux Guest Additions: Added more fixes for kernel 6.4
- Linux Guest Additions: Added initial support for OpenSUSE 15.5 kernel
- Linux Guest Additions: Added initial support for kernels 6.5 and 6.6
- Linux Guest Additions: Added version reporting for 'rcvboxadd status-kernel' and 'rcvboxadd status-user' commands
- BIOS: Restored support for ISA SCSI HBAs in the BIOS (bug #21736)
- Convert to systemd-sysusers
- Fix problems with 6.5 kernels and shared folders. (boo#1215463).
ImportantSUSE bug 1215463SUSE bug 1216363SUSE bug 1216364SUSE bug 1216365CVE-2023-22098 at SUSECVE-2023-22098 at NVDCVE-2023-22099 at SUSECVE-2023-22099 at NVDCVE-2023-22100 at SUSECVE-2023-22100 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 104.0.4944.36
* CHR-9492 Update Chromium on desktop-stable-118-4944 to
118.0.5993.118
* DNA-112757 [Tab close button] Close button is cutted when
a lot tabs are opened
- The update to chromium 118.0.5993.118 fixes following issues:
CVE-2023-5472
- Update to 104.0.4944.33
* CHR-9487 Update Chromium on desktop-stable-118-4944 to
118.0.5993.96
* DNA-111963 Show duplicate indicator when hovering tab in
tab tooltip
- Changes in 104.0.4944.28
* DNA-112454 [Start Page] No context menu in Search bar using
right button of mouse
* DNA-112053 Context menu is too large on Mac
* DNA-111989 Favicons are displayed too close to titles in
history menu
ImportantCVE-2023-5472 at SUSECVE-2023-5472 at NVDSecurity update for tor (Moderate)openSUSE Leap 15.5
This update for tor fixes the following issues:
- tor 0.4.8.8:
* Mitigate an issue when Tor compiled with OpenSSL can crash during
handshake with a remote relay. (TROVE-2023-004, boo#1216873)
* Regenerate fallback directories generated on November 03, 2023.
* Update the geoip files to match the IPFire Location Database, as
retrieved on 2023/11/03
* directory authority: Look at the network parameter
'maxunmeasuredbw' with the correct spelling
* vanguards addon support: Count the conflux linked cell as
valid when it is successfully processed. This will quiet a
spurious warn in the vanguards addon
- tor 0.4.8.7:
* Fix an issue that prevented us from pre-building more conflux
sets after existing sets had been used
- tor 0.4.8.6:
* onion service: Fix a reliability issue where services were
expiring their introduction points every consensus update.
This caused connectivity issues for clients caching the old
descriptor and intro points
* Log the input and output buffer sizes when we detect a potential
compression bomb
* Disable multiple BUG warnings of a missing relay identity key when
starting an instance of Tor compiled without relay support
* When reporting a pseudo-networkstatus as a bridge authority, or
answering 'ns/purpose/*' controller requests, include accurate
published-on dates from our list of router descriptors
* Use less frightening language and lower the log-level of our
run-time ABI compatibility check message in our Zstd
compression subsystem
- tor 0.4.8.5:
* bugfixes creating log BUG stacktrace
- tor 0.4.8.4:
* Extend DoS protection to partially opened channels and known
relays
* Dynamic Proof-Of-Work protocol to thwart flooding DoS attacks
against hidden services. Disabled by default, enable via
'HiddenServicePoW' in torrc
* Implement conflux traffic splitting
* Directory authorities and relays now interact properly with
directory authorities if they change addresses
- tor 0.4.7.14:
* bugfix affecting vanguards (onion service), and minor fixes
- Enable support for scrypt()
ModerateSUSE bug 1216873cpe:/o:opensuse:leap:15.5Security update for mupdf (Moderate)openSUSE Leap 15.5
This update for mupdf fixes the following issues:
- CVE-2023-31794: Fixed denial of service via crafted pdf in pdf_mark_list_push() (boo#1216728)
ModerateSUSE bug 1216728CVE-2023-31794 at SUSECVE-2023-31794 at NVDcpe:/o:opensuse:leap:15.5Security update for vlc (Moderate)openSUSE Leap 15.5
This update for vlc fixes the following issues:
Update to version 3.0.20:
+ Video Output:
- Fix green line in fullscreen in D3D11 video output
- Fix crash with some AMD drivers old versions
- Fix events propagation issue when double-clicking with mouse wheel
+ Decoders:
- Fix crash when AV1 hardware decoder fails
+ Interface:
- Fix annoying disappearance of the Windows fullscreen controller
+ Demuxers:
- Fix potential security issue (OOB Write) on MMS:// by checking user size bounds
Update to version 3.0.19:
+ Core:
- Fix next-frame freezing in most scenarios
+ Demux:
- Support RIFF INFO tags for Wav files
- Fix AVI files with flipped RAW video planes
- Fix duration on short and small Ogg/Opus files
- Fix some HLS/TS streams with ID3 prefix
- Fix some HLS playlist refresh drift
- Fix for GoPro MAX spatial metadata
- Improve FFmpeg-muxed MP4 chapters handling
- Improve playback for QNap-produced AVI files
- Improve playback of some old RealVideo files
- Fix duration probing on some MP4 with missing information
+ Decoders:
- Multiple fixes on AAC handling
- Activate hardware decoding of AV1 on Windows (DxVA)
- Improve AV1 HDR support with software decoding
- Fix some AV1 GBRP streams, AV1 super-resolution streams and monochrome ones
- Fix black screen on poorly edited MP4 files on Android Mediacodec
- Fix rawvid video in NV12
- Fix several issues on Windows hardware decoding (including 'too large resolution in DxVA')
- Improve crunchyroll-produced SSA rendering
+ Video Output:
- Super Resolution scaling with nVidia and Intel GPUs
- Fix for an issue when cropping on Direct3D9
- Multiple fixes for hardware decoding on D3D11 and OpenGL interop
- Fix an issue when playing -90?rotated video
- Fix subtitles rendering blur on recent macOS
+ Input:
- Improve SMB compatibility with Windows 11 hosts
+ Contribs:
- Update of fluidlite, fixing some MIDI rendering on Windows
- Update of zlib to 1.2.13 (CVE-2022-37434)
- Update of FFmpeg, vpx (CVE-2023-5217), ebml, dav1d, libass
+ Misc:
- Improve muxing timestamps in a few formats (reset to 0)
- Fix some rendering issues on Linux with the fullscreen controller
- Fix GOOM visualization
- Fixes for Youtube playback
- Fix some MPRIS inconsistencies that broke some OS widgets on Linux
- Implement MPRIS TrackList signals
- Fix opening files in read-only mode
- Fix password search using the Kwallet backend
- Fix some crashes on macOS when switching application
- Fix 5.1/7.1 output on macOS and tvOS
- Fix several crashes and bugs in the macOS preferences panel
- Improvements on the threading of the MMDevice audio output on Windows
- Fix a potential security issue on the uninstaller DLLs
- Fix memory leaks when using the media_list_player libVLC APIs
+ Translations:
- Update of most translations
- New translations to Esperanto, Interlingue, Lao, Macedonian, Burmese, Odia, Samoan and Swahili
ModerateSUSE bug 1206142CVE-2022-37434 at SUSECVE-2022-37434 at NVDCVE-2022-41325 at SUSECVE-2022-41325 at NVDCVE-2023-5217 at SUSECVE-2023-5217 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 119.0.6045.123 (boo#1216978)
* CVE-2023-5996: Use after free in WebAudio
Chromium 119.0.6045.105 (boo#1216783)
* CVE-2023-5480: Inappropriate implementation in Payments
* CVE-2023-5482: Insufficient data validation in USB
* CVE-2023-5849: Integer overflow in USB
* CVE-2023-5850: Incorrect security UI in Downloads
* CVE-2023-5851: Inappropriate implementation in Downloads
* CVE-2023-5852: Use after free in Printing
* CVE-2023-5853: Incorrect security UI in Downloads
* CVE-2023-5854: Use after free in Profiles
* CVE-2023-5855: Use after free in Reading Mode
* CVE-2023-5856: Use after free in Side Panel
* CVE-2023-5857: Inappropriate implementation in Downloads
* CVE-2023-5858: Inappropriate implementation in WebApp Provider
* CVE-2023-5859: Incorrect security UI in Picture In Picture
gn was updated to version 0.20231023:
* many updates to support Chromium 119 build
ImportantSUSE bug 1216783SUSE bug 1216978CVE-2023-5480 at SUSECVE-2023-5480 at NVDCVE-2023-5482 at SUSECVE-2023-5482 at NVDCVE-2023-5849 at SUSECVE-2023-5849 at NVDCVE-2023-5850 at SUSECVE-2023-5850 at NVDCVE-2023-5851 at SUSECVE-2023-5851 at NVDCVE-2023-5852 at SUSECVE-2023-5852 at NVDCVE-2023-5853 at SUSECVE-2023-5853 at NVDCVE-2023-5854 at SUSECVE-2023-5854 at NVDCVE-2023-5855 at SUSECVE-2023-5855 at NVDCVE-2023-5856 at SUSECVE-2023-5856 at NVDCVE-2023-5857 at SUSECVE-2023-5857 at NVDCVE-2023-5858 at SUSECVE-2023-5858 at NVDCVE-2023-5859 at SUSECVE-2023-5859 at NVDCVE-2023-5996 at SUSECVE-2023-5996 at NVDcpe:/o:opensuse:leap:15.5Security update for connman (Important)openSUSE Leap 15.5
This update for connman fixes the following issues:
Update to 1.42
* Fix issue with iwd and signal strength calculation.
* Fix issue with iwd and handling service removal.
* Fix issue with iwd and handling new connections.
* Fix issue with handling default online check URL.
* Fix issue with handling nameservers refresh.
* Fix issue with handling proxy from DHCP lease. (boo#1210395 CVE-2023-28488)
* Fix issue with handling multiple proxies from PAC.
* Fix issue with handling manual time update changes.
* Fix issue with handling invalid gateway routes.
* Fix issue with handling hidden WiFi agent requests.
* Fix issue with handling WiFi SAE authentication failure.
* Fix issue with handling DNS Proxy and TCP server replies.
* Add support for regulatory domain following timezone.
* Add support for localtime configuration option.
ImportantSUSE bug 1210395CVE-2023-28488 at SUSECVE-2023-28488 at NVDcpe:/o:opensuse:leap:15.5Security update for jhead (Moderate)openSUSE Leap 15.5
This update for jhead fixes the following issues:
- Fixed autorotation problem caused by CVE-2022-41751 patch. [boo#1207150]
ModerateSUSE bug 1207150CVE-2022-41751 at SUSECVE-2022-41751 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 119.0.6045.159 (boo#1217142)
* CVE-2023-5997: Use after free in Garbage Collection
* CVE-2023-6112: Use after free in Navigation
* Various fixes from internal audits, fuzzing and other initiatives
ImportantSUSE bug 1217142CVE-2023-5997 at SUSECVE-2023-5997 at NVDCVE-2023-6112 at SUSECVE-2023-6112 at NVDcpe:/o:opensuse:leap:15.5Security update for yt-dlp (Moderate)openSUSE Leap 15.5
This update for yt-dlp fixes the following issues:
- Update to release 2023.11.14
* Security: [CVE-2023-46121] Patch Generic Extractor MITM
Vulnerability via Arbitrary Proxy Injection
* Disallow smuggling of arbitrary http_headers; extractors now
only use specific headers
- Make yt-dlp require the one pythonXX-yt-dlp that /usr/bin/yt-dlp
was built with.
- Rework Python build procedure [boo#1216467]
- Enable Python library [boo#1216467]
- Update to release 2023.10.13
* youtube: fix some bug with --extractor-retries inf
- Update to release 2023.10.07
* yt: Fix heatmap extraction
* yt: Raise a warning for Incomplete Data instead of an error
- Update to release 2023.09.24
* Extract subtitles from SMIL manifests
* fb: Add dash manifest URL
* crunchyroll: Remove initial state extraction
* youtube: Add player_params extractor arg
- remove suggests on brotlicffi - this is only for != cpython
- Update to release 2023.07.06
* Prevent Cookie leaks on HTTP redirect [boo#1213124] [CVE-2023-35934]
* yt: Avoid false DRM detection
* yt: Process post_live over 2 hours
* yt: Support shorts-only playlists
- Update to release 2023.06.22
* youtube: add IOS to default clients used
- Update to release 2023.06.21
* Add option --compat-option playlist-match-filter
* Add options --no-quiet, option --color, --netrc-cmd, --xff
* Auto-select default format in -f-
* Improve HTTP redirect handling
* Support decoding multiple content encodings
- Use python3.11 on Leap 15.5
* python3.11 is the only python3 > 3.6 version would be shipped
in Leap 15.5
- Update to release 2023.03.04
* A bunch of extractor fixes
- Update to release 2023.03.03
* youtube: Construct dash formats with range query
* yt: Detect and break on looping comments
* yt: Extract channel view_count when /about tab is passed
- Update to release 2023.02.17
* Merge youtube-dl: Upto commit/2dd6c6e (Feb 17 2023)
* Fix --concat-playlist
* Imply --no-progress when --print
* Improve default subtitle language selection
* Make title completely non-fatal
* Sanitize formats before sorting
* [hls] Allow extractors to provide AES key
* [extractor/generic] Avoid catastrophic backtracking in KVS regex
* [jsinterp] Support if statements
* [plugins] Fix zip search paths
* [utils] Don't use Content-length with encoding
* [utils] Fix time_seconds to use the provided TZ
* [utils] Fix race condition in make_dir
* [extractor/anchorfm] Add episode
* [extractor/boxcast] Add extractor
* [extractor/ebay] Add extractor
* [extractor/hypergryph] Add extractor
* [extractor/NZOnScreen] Add extractor
* [extractor/rozhlas] Add extractor
* [extractor/tempo] Add IVXPlayer extractor
* [extractor/txxx] Add extractors
* [extractor/vocaroo] Add extractor
* [extractor/wrestleuniverse] Add extractors
* [extractor/yappy] Add extractor
* [extractor/youtube] Fix uploader_id extraction
* [extractor/youtube] Add hyperpipe instances
* [extractor/youtube] Handle consent.youtube
* [extractor/youtube] Support /live/ URL
* [extractor/youtube] Update invidious and piped instances
* [extractor/91porn] Fix title and comment extraction
* [extractor/AbemaTV] Cache user token whenever appropriate
* [extractor/bfmtv] Support rmc prefix
* [extractor/biliintl] Add intro and ending chapters
* [extractor/clyp] Support wav
* [extractor/crunchyroll] Add intro chapter
* [extractor/crunchyroll] Better message for premium videos
* [extractor/crunchyroll] Fix incorrect premium-only error
* [extractor/DouyuTV] Use new API
* [extractor/embedly] Embedded links may be for other extractors
* [extractor/freesound] Workaround invalid URL in webpage
* [extractor/GoPlay] Use new API
* [extractor/Hidive] Fix subtitles and age-restriction
* [extractor/huya] Support HD streams
* [extractor/moviepilot] Fix extractor
* [extractor/nbc] Fix NBC and NBCStations extractors
* [extractor/nbc] Fix XML parsing
* [extractor/nebula] Remove broken cookie support
* [extractor/nfl] Add NFLPlus extractor
* [extractor/niconico] Add support for like history
* [extractor/nitter] Update instance list by OIRNOIR
* [extractor/npo] Fix extractor and add HD support
* [extractor/odkmedia] Add OnDemandChinaEpisodeIE
* [extractor/pornez] Handle relative URLs in iframe
* [extractor/radiko] Fix format sorting for Time Free
* [extractor/rcs] Fix extractors
* [extractor/reddit] Support user posts
* [extractor/rumble] Fix format sorting
* [extractor/servus] Rewrite extractor
* [extractor/slideslive] Fix slides and chapters/duration
* [extractor/SportDeutschland] Fix extractor
* [extractor/Stripchat] Fix extractor
* [extractor/tnaflix] Fix extractor
* [extractor/tvp] Support stream.tvp.pl
* [extractor/twitter] Fix --no-playlist and add media
view_count when using GraphQL
* [extractor/twitter] Fix graphql extraction on some tweets
* [extractor/vimeo] Fix playerConfig extraction
* [extractor/viu] Add ViuOTTIndonesiaIE extractor
* [extractor/vk] Fix playlists for new API
* [extractor/vlive] Replace with VLiveWebArchiveIE
* [extractor/ximalaya] Update album _VALID_URL
* [extractor/zdf] Use android API endpoint for UHD downloads
* [youtube] Improve description extraction
* [youtube] Prevent excess HTTP 301
* [bellmedia] Add support for cp24.com clip URLs ModerateSUSE bug 1213124SUSE bug 1216467CVE-2023-35934 at SUSECVE-2023-35934 at NVDCVE-2023-46121 at SUSECVE-2023-46121 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-bad (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2023-37329: Fixed GStreamer SRT File Parsing Heap-based Buffer Overflow (bsc#1213126).
ImportantSUSE bug 1213126CVE-2023-37329 at SUSECVE-2023-37329 at NVDcpe:/o:opensuse:leap:15.5Security update for optipng (Important)openSUSE Leap 15.5
This update for optipng fixes the following issues:
optipng was updated to 0.7.8:
* Upgraded libpng to version 1.6.40.
* Upgraded zlib to version 1.3-optipng.
* Upgraded cexcept to version 2.0.2-optipng.
* Fixed a global-buffer-overflow vulnerability in the GIF reader (boo#1215937 CVE-2023-43907).
* Fixed a stack-print-after-scope defect in the error handler.
* Fixed an assertion failure in the image reduction module.
* Fixed the command-line wildargs expansion in the Windows port.
* Raised the minimum required libpng version from 1.2.9 to 1.6.35.
* Raised the minimum required zlib version from 1.2.1 to 1.2.8.
* Refactored the structured exception handling.
ImportantSUSE bug 1215937CVE-2023-43907 at SUSECVE-2023-43907 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 105.0.4970.21
* DNA-112425 Choosing Workspace Icons doesn’t work as expected
* DNA-112787 glow around tiles in Top Sites section in BABE in
dark theme
- The update to chromium 119.0.6045.159 fixes following issues:
CVE-2023-5997, CVE-2023-6112
- Update to 105.0.4970.16
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-111903 [Lin] [Component-based-scrollbar] Old design is
displayed on Ubuntu 20.04
* DNA-112914 Visual glitch with HWA enabled in some random places
* DNA-113137 [WinLin][Sidebar autohide] Sidebar panel is not
connected with sidebar
- Update to 105.0.4970.13
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-111885 [Address bar] Hover effect on padlock icon is not
rounded
* DNA-112411 Active Tab in Tab Island in Dark Mode should have
different colour
* DNA-112431 Dragging tab quickly past last island on the right,
causes tab to be dropped at the end of tab strip instead
of at location of the cursor
* DNA-112878 [Tab strip] Detached tab not restored after
restarting browser
* DNA-112900 Crash at opera::component_based::
ComponentTabDragController::StopViewDragging
* DNA-112996 Translations for O105
* DNA-113213 Promote 105 to stable
- Complete Opera 105 changelog at:
https://blogs.opera.com/desktop/changelog-for-105/
- Update to 104.0.4944.54
* DNA-111938 Option 'Automatically hide sidebar' and Full screen
makes Opera freeze
* DNA-112241 Stuttering video on some systems with OOP
SW H.264 decoding
* DNA-112636 [Tab strip] Detach button on meeting tabs moves
on hover and is replaced by close tab
* DNA-112862 Crash at extensions::BookmarksPrivateAPI::
OnListenerAdded(extensions::EventListenerInfo const&)
* DNA-112990 Crash when closing tab tooltip and opening
Search tabs
ImportantCVE-2023-5997 at SUSECVE-2023-5997 at NVDCVE-2023-6112 at SUSECVE-2023-6112 at NVDSecurity update for chromium (Important)openSUSE Leap 15.5
This update for Chromium fixes the following issue:
Chromium 119.0.6045.199 (boo#1217616)
* CVE-2023-6348: Type Confusion in Spellcheck
* CVE-2023-6347: Use after free in Mojo
* CVE-2023-6346: Use after free in WebAudio
* CVE-2023-6350: Out of bounds memory access in libavif (boo#1217614)
* CVE-2023-6351: Use after free in libavif (boo#1217615)
* CVE-2023-6345: Integer overflow in Skia
* Various fixes from internal audits, fuzzing and other initiatives.
ImportantSUSE bug 1217614SUSE bug 1217615SUSE bug 1217616CVE-2023-6345 at SUSECVE-2023-6345 at NVDCVE-2023-6346 at SUSECVE-2023-6346 at NVDCVE-2023-6347 at SUSECVE-2023-6347 at NVDCVE-2023-6348 at SUSECVE-2023-6348 at NVDCVE-2023-6350 at SUSECVE-2023-6350 at NVDCVE-2023-6351 at SUSECVE-2023-6351 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django1 (Moderate)openSUSE Leap 15.5
This update for python-Django1 fixes the following issues:
- CVE-2023-43665: Fixed Denial-of-service vulnerability in django.utils.text.Truncator (boo#1215978).
ModerateSUSE bug 1215978CVE-2023-43665 at SUSECVE-2023-43665 at NVDcpe:/o:opensuse:leap:15.5Security update for libtorrent-rasterbar, qbittorrent (Moderate)openSUSE Leap 15.5
This update for libtorrent-rasterbar, qbittorrent fixes the following issues:
Changes in libtorrent-rasterbar:
- Update to version 2.0.9
* fix issue with web seed connections when they close and
re-open
* fallocate() not supported is not a fatal error
* fix proxying of IPv6 connections via IPv4 proxy
* treat CGNAT address range as local IPs
* add stricter checking of piece layers when loading torrents
* add stricter checking of v1 and v2 hashes being consistent
* cache failed DNS lookups as well as successful ones
* add an i2p torrent state to control interactions with clear
swarms
* fix i2p SAM protocol parsing of quoted messages
* expose i2p peer destination in peer_info
* fix i2p tracker announces
* fix issue with read_piece() stopping torrent on pieces not
yet downloaded
* improve handling of allow_i2p_mixed setting to work for
magnet links
* fix web seed request for renamed single-file torrents
* fix issue where web seeds could disappear from resume data
* extend save_resume with additional conditional flags
* fix issue with retrying trackers in tiers > 0
* fix last_upload and last_download resume data fields to use
posix time
* improve error messages for no_connect_privileged_ports, by
untangle it from the port filter
* fix I2P issue introduced in 2.0.0
* add async tracker status query, post_trackers()
* add async torrent status query, post_status()
* support loading version 2 of resume data format
* fix issue with odd piece sizes
* add async piece availability query, post_piece_availability()
* add async download queue query, post_download_queue()
* add async file_progress query, post_file_progress()
* add async peer_info query, post_peer_info()
- Update to version 2.0.8
* fix uTP streams timing out instead of closing cleanly
* add write_torrent_file_buf() overload for generating
.torrent files
* add create_torrent::generate_buf() function to generate into
a buffer
* fix copy_file when the file ends with a sparse region
* uTP performance, fix packet loss when sending is stalled
* fix trackers being stuck after session pause/resume
* fix bug in hash_picker with empty files
* uTP performance, prevent premature timeouts/resends
* add option to not memory map files below a certain size
* settings_pack now returns default values when queried for
missing settings
* fix copy_file fall-back when SEEK_HOL/SEEK_DATA is not
supported
* improve error reporting from file copy and move
* tweak pad file placement to match reference implementation
(tail-padding)
* uTP performance, more lenient nagle's algorithm to always
allow one outstanding undersized packet
* uTP performance, piggy-back held back undersized packet with
ACKs
* uTP performance, don't send redundant deferred ACKs
* support incoming SOCKS5 packets with hostnames as source
address, for UDP trackers
* ignore duplicate network interface change notifications on
linux
* fix total_want/want accounting when forcing a recheck
* fix merging metadata with magnet links added on top of
existing torrents
* add torrent_flag to default all file priorities to
dont_download
* fix &so= feature in magnet links
* improve compatibility of SOCKS5 UDP ASSOCIATE
* fix madvise range for flushing cache in mmap_storage
* open files with no_cache set in O_SYNC mode
- Update to version 2.0.7
* fix issue in use of copy_file_range()
* avoid open-file race in the file_view_pool
* fix issue where stop-when-ready would not close files
* fix issue with duplicate hybrid torrent via separate v1 and
v2 magnet links
* added new function to load torrent files, load_torrent_*()
* support sync_file_range()
* fix issue in write_torrent_file() when file size is exactly
piece size
* fix file_num_blocks() and file_num_pieces() for empty files
* add new overload to make_magnet_uri()
* add missing protocol version to tracker_reply_alert and
tracker_error_alert
* fix privilege issue with SetFileValidData()
* add asynchronous overload of torrent_handle::add_piece()
* default to a single hashing thread, for full checks
* Fix bug when checking files and the first piece is invalid
Changes in qbittorrent, qbittorrent:
- Update to version 4.6.2
Bug fixes:
* Do not apply share limit if the previous one was applied
* Show Add new torrent dialog on main window screen
Web UI:
* Fix JS memory leak
* Disable stdout buffering for qbt-nox
Wayland:
* Fix parent widget of 'Lock qBittorrent' submenu
- Also fixes boo#1217677 (CVE-2023-30801, upstream reference
gh#qbittorrent/qBittorrent#19738)
- Update to version 4.6.1
New features:
* Add option to enable previous Add new torrent dialog behavior
Fixed bugs:
* Prevent crash due to race condition when adding magnet link
* Fix Enter key behavior when add new torrent
* Add missing main window icon
* Update size of selected files when selection is changed
* Correctly handle changing save path of torrent w/o metadata
* Use appropriate icon for 'moving' torrents in transfer list
Web UI:
* Drop WebUI default credentials
* Add I2P settings to WebUI
* Fix duplicate scrollbar on Transfer List
* Fix incorrect subcategory sorting
* Correctly set save path in RSS rules
* Allow to request torrents count via WebAPI
* Improve performance of getting torrent numbers via WebAPI
* Improve free disk space checking for WebAPI
Misc:
* Fix invisible tray icon with Qt5 in Linux
- Update to version 4.6.0
New features:
* Add (experimental) I2P support
* Provide UI editor for the default theme
* Various UI theming improvements
* Implement torrent tags editing dialog
* Revamp 'Watched folder options' and 'Automated RSS
downloader' dialog
* Allow to use another icons in dark mode
* Allow to add new torrents to queue top
* Allow to filter torrent list by save path
* Expose 'socket send/receive buffer size' options
* Expose 'max torrent file size' setting
* Expose 'bdecode limits' settings
* Add options to adjust behavior of merging trackers to
existing torrent
* Add option to stop seeding when torrent has been inactive
* Allow to use proxy per subsystem
* Expand the scope of 'Proxy hostname lookup' option
* Add shortcut for 'Ban peer permanently' function
* Add option to auto hide zero status filters
* Allow to disable confirmation of Pause/Resume All
* Add alternative shortcut CTRL+E for CTRL+F
* Show filtered port numbers in logs
* Add button to copy library versions to clipboard
Bug fixes:
* Ensure ongoing storage moving job will be completed when
shutting down
* Refactored many areas to call non UI blocking code
* Various improvements to the SQLite backend
* Improve startup window state handling
* Use tray icon from system theme only if option is set
* Inhibit system sleep while torrents are moving
* Use hostname instead of domain name in tracker filter list
* Visually validate input path in torrent creator dialog
* Disable symlink resolving in Torrent creator
* Change default value for `file pool size` and `stop tracker
timeout` settings
* Log when duplicate torrents are being added
* Inhibit suspend instead of screen idle
* Ensure file name is valid when exporting torrents
* Open 'Save path' if torrent has no metadata
* Prevent torrent starting unexpectedly edge case with magnet
* Better ergonomics of the 'Add new torrent' dialog
WebUI:
* Add log viewer
* WebAPI: Allow to specify session cookie name
* Improve sync API performance
* Add filelog settings
* Add multi-file renaming
* Add 'Add to top of queue' option
* Implement subcategories
* Set 'SameSite=None' if CSRF Protection is disabled
* Show only hosts in tracker filter list
* Set Connection status and Speed limits tooltips
* set Cross Origin Opener Policy to `same-origin`
* Fix response for HTTP HEAD method
* Preserve the network interfaces when connection is down
* Add 'Add Tags' field for RSS rules
* Fix missing error icon
RSS:
* Add 'Rename rule' button to RSS Downloader
* Allow to edit RSS feed URL
* Allow to assign priority to RSS download rule
Search:
* Use python isolate mode
* Bump python version minimum requirement to 3.7.0
Other:
* Numerous code improvements and refactorings
- Update to version 4.5.5
Bug fixes:
* Fix transfer list tab hotkey
* Don't forget to enable the Apply button in the Options dialog
* Immediately update torrent status on moving files
* Improve performance when scrolling the file list of large
torrents
* Don't operate on random torrents when multiple are selected
and a sort/filter is applied
RSS:
* Fix overwriting feeds.json with an incomplete load of it
- Update to version 4.5.4
Bug fixes:
* Allow to disable confirmation of Pause/Resume All
* Sync flag icons with upstream
Web UI:
* Fix category save path
- Update to version 4.5.3
Bug fixes:
* Correctly check if database needs to be updated
* Prevent incorrect log message about torrent content deletion
* Improve finished torrent handling
* Correctly initialize group box children as disabled in
Preferences
* Don't miss saving 'download path' in SQLite storage
* Improve logging of running external program
Web UI:
* Disable UPnP for web UI by default
* Use workaround for IOS file picker
* Work around Chrome download limit
* Improve 'exporting torrent' behavior
- Update to version 4.5.2
Bug fixes:
* Don't unexpectedly activate queued torrents when prefetching
metadata for added magnets
* Update the cached torrent state once recheck is started
* Be more likely to allow the system to use power saving modes
Web UI:
* Migrate away from unsafe function
* Blacklist bad ciphers for TLS in the server
* Allow only TLS 1.2+ in the server
* Allow to set read-only directory as torrent location
* Reject requests that contain backslash in path
RSS:
* Prevent RSS folder from being moved into itself
- Update to version 4.5.1
New features:
* Re-allow to use icons from system theme
Bug fixes:
* Fix Speed limit icon size
* Revise and fix some text colors
* Correctly load folder based UI theme
* Fix crash due to invalid encoding of tracker URLs
* Don't drop !qB extension when renaming incomplete file
* Correctly count the number of torrents in subcategories
* Use 'additional trackers' when metadata retrieving
* Apply correct tab order to Category options dialog
* Add all torrents passed via the command line
* Fix startup performance on Qt5
* Automatic move will now overwrite existing files
* Some fixes for loading Chinese locales
* New Pause icon color for toolbar/menu
* Adjust env variable for PDB discovery
Web UI:
* Fix missing 'queued' icon
* Return paths using platform-independent separator format
* Change order of accepted types of file input
* Add missing icons
* Add 'Resume data storage type' option
* Make rename file dialog resizable
* Prevent incorrect line breaking
* Improve hotkeys
* Remove suggestions while searching for torrents
* Expose 'IS PRIVATE' flag
* Return name/hash/infohash_v1/infohash_v2 torrent properties
Other:
* Fix tray icon issues
- Update to version 4.5.0
New features:
* Add `Auto resize columns` functionality
* Allow to use Category paths in `Manual` mode
* Allow to disable Automatic mode when default 'temp' path
changed
* Add tuning options related to performance warnings
* Add right click menu for status filters
* Allow setting the number of maximum active checking torrents
* Add option to toggle filters sidebar
* Allow to set `working set limit` on non-Windows OS
* Add `Export .torrent` action
* Add keyboard navigation keys
* Allow to use POSIX-compliant disk IO type
* Add `Filter files` field in new torrent dialog
* Implement new icon/color theme
* Add file name filter/blacklist
* Add support for custom SMTP ports
* Split the OS cache settings into Disk IO read/write modes
* When duplicate torrent is added set metadata to existing one
* Greatly improve startup time with many torrents
* Add keyboard shortcut to Download URL dialog
* Add ability to run external program on torrent added
* Add infohash and download path columns
* Allow to set torrent stop condition
* Add a `Moving` status filter
* Change color palettes for both dark, light themes
* Add a `Use proxy for hostname lookup` option
* Introduce a `change listen port` cmd option
* Implement `Peer ID Client` column for `Peers` tab
* Add port forwarding option for embedded tracker
Bug fixes:
* Store hybrid torrents using `torrent ID` as basename
* Enable Combobox editor for the `Mixed` file download priority
* Allow shortcut folders for the Open and Save directory
dialogs
* Rename content tab `Size` column to `Total Size`
* Fix scrolling to the lowermost visible torrent
* Allow changing file priorities for finished torrents
* Focus save path when Manual mode is selected initially
* Disable force reannounce when it is not possible
* Add horizontal scrolling for tracker list and torrent content
* Enlarge 'speed limits' icons
* Change Downloaded to Times Downloaded in trackers tab
* Remove artificial max limits from `Torrent Queueing` related
options
* Preserve `skip hash check` when there is no metadata
* Fix DHT/PeX/LSD status when it is globally disabled
* Fix rate calculation when interval is too low
* Add tooltip message when system tray icon isn't available
* Improve sender field in mail notifications
* Fix 'Add torrent dialog' spill-over on smaller screens
* Fix peer count issue when tracker responds with zero figure
* Don't merge trackers by default
* Don't inhibit system sleep/auto shutdown for torrents stuck
at downloading metadata
* Allow to pause a checking torrent from context menu
* Allow to use subnet notation in reverse proxy list
* Fine tune translations loading for Chinese locales
* Fix torrent content checkboxes not updated properly
* Correctly load state of `Use another path for incomplete
torrents` in Watched folders
* Add confirmation to resume/pause all
* Fix wrong count of errored trackers
WebUI:
* Allow blank lines in multipart form-data input
* Make various dialogs resizable
* Fix wrong v2 hash string displayed
* WebAPI: return correct status
* Fix empty selection in language combobox
* Store WebUI port setting in human readable number
* Add support for exporting .torrent
* WebAPI: Add endpoint to set speed limit mode
* Improve progress bar rendering
* Add transfer list refresh interval settings
* Use natural sort
* Apply i18n translation only to built-in WebUI
* Alert when HTTPS settings are incomplete
* Handle drag and drop events
* Fix wrong behavior for shutdown action
* Don't disable combobox for file priority
RSS:
* Increase limit of maximum number of articles per feed
Other:
* Mark as single window app in .desktop file
* Add Dockerfile
* Remove option of using icons from system theme
- Update to version 4.4.5
Bug fixes:
* Fix missing trackers when adding magnet link. Affects
libtorrent 2.0.x builds.
- Update to version 4.4.4.
* Improve D-Bus notifications handling
Bug fixes:
* Correctly handle data decompression with Qt 6.3
* Fix wrong file names displayed in tooltip
* Fix incorrect 'max outgoing port' setting
* Make working set limit available only on libtorrent 2.0.x
builds
* Try to recover missing tags
RSS:
* Clear RSS parsing error after use
Web API:
* Set HTTP method restriction on WebAPI actions
- Update to version 4.4.3.1
Bug fixes:
* Fix broken translations
- Update to version 4.4.3
Bug fixes:
* Correctly handle changing of temp save path
* Fix storage in SQLite
* Correctly apply content layout when 'Skip hash check' is
enabled
* Don't corrupt IDs of v2 torrents
* Reduce the number of hashing threads by default (improves
hashing speed on HDDs)
* Prevent the 'update dialog' from blocking input on other
windows
* Add trackers in exported .torrent files
* Fix wrong GUI behavior in 'Optional IP address to bind to'
setting
Web UI:
* Fix WebUI crash due to missing tags from config
* Show correct location path
ModerateSUSE bug 1217677CVE-2023-30801 at SUSECVE-2023-30801 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 105.0.4970.34
* DNA-112796 [Import] Import bookmarks and history don't work
* DNA-113147 Add strength setting for Lucid Mode
* DNA-113148 Update 'Lucid Mode' button on videos to enable / disable split preview
* DNA-113287 Add strength setting for Lucid Mode in Easy Setup
* DNA-113310 Remove Lucid Mode for Images
* DNA-113360 [Lucid Mode] Shadow around lucid mode button
* DNA-113447 Split preview line should be white
* DNA-113630 Lucid Mode strength should default to highest (in desktop)
- Changes in 105.0.4970.29
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-113292 Extension icons not shown after restart
- The update to chromium 119.0.6045.199 fixes following issues:
CVE-2023-6348, CVE-2023-6347, CVE-2023-6346, CVE-2023-6350,
CVE-2023-6351, CVE-2023-6345
ImportantCVE-2023-6345 at SUSECVE-2023-6345 at NVDCVE-2023-6346 at SUSECVE-2023-6346 at NVDCVE-2023-6347 at SUSECVE-2023-6347 at NVDCVE-2023-6348 at SUSECVE-2023-6348 at NVDCVE-2023-6350 at SUSECVE-2023-6350 at NVDCVE-2023-6351 at SUSECVE-2023-6351 at NVDSecurity update for fish (Moderate)openSUSE Leap 15.5
This update for fish fixes the following issues:
- CVE-2023-49284: Fixed shell expansion triggered by command substitution output (boo#1217808).
ModerateSUSE bug 1217808CVE-2023-49284 at SUSECVE-2023-49284 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-bad (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2023-40474: Fixed integer overflow causing out of bounds writes when handling invalid uncompressed video (bsc#1215796).
- CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1 (bsc#1215793).
ImportantSUSE bug 1215793SUSE bug 1215796CVE-2023-40474 at SUSECVE-2023-40474 at NVDCVE-2023-40476 at SUSECVE-2023-40476 at NVDcpe:/o:opensuse:leap:15.5Security update for putty (Important)openSUSE Leap 15.5
This update for putty fixes the following issues:
putty is updated to release 0.80
* Fix CVE-2023-48795 [boo#1218128]
- Update to release 0.79
* Terminal mouse tracking: support for mouse movements which are
not drags, and support for horizontal scroll events (e.g.
generated by trackpads).
* Fixed: PuTTY could fail an assertion if a resize control
sequence was sent by the server while the window was docked to
one half of the screen in KDE.
* Fixed: PuTTY could fail an assertion if you tried to change the
font size while the window was maximised. ImportantSUSE bug 1218128CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for cppcheck (Moderate)openSUSE Leap 15.5
This update for cppcheck fixes the following issues:
- CVE-2023-39070: Fixed heap use-after-free in removeContradiction() (boo#1215233)
- update to 2.12.1:
* Support importing projects with project-name
- update to 2.12.0:
* uselessOverride finds overriding functions that either
duplicate code from or delegate back to the base class
implementation
* knownPointerToBool finds pointer to bool conversions that are
always true or false
* truncLongCastAssignment and truncLongCastReturn check
additional types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling
library functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report
in a file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be
removed in a future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions
in the loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even
when conditionals are used
* ValueFlow will now forward the container sizes being returned
from a function
* ValueFlow can infer possible values from possible symbolic
values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls
how much checking is made by Cppcheck. The default checking
level is 'normal'. If you feel that you can wait longer on
results you can use --check-level=exhaustive.
* It is no longer necessary to run '--check-config' to get
detailed 'missingInclude' and 'missingIncludeSystem'
messages. They will always be issued in the regular analysis
if 'missingInclude' is enabled.
* 'missingInclude' and 'missingIncludeSystem' are reported with
'-j' is > 1 and processes are used in the backend (default in
non-Windows binaries)
* 'missingInclude' and 'missingIncludeSystem' will now cause
the '--error-exitcode' to be applied
* '--enable=information' will no longer implicitly enable
'missingInclude' starting with 2.16. Please enable it
explicitly if you require it.
* The `constParameter` and `constVariable` checks have been
split into 3 different IDs based on if the variable is a
pointer, a reference, or local. The different IDs will allow
users to suppress different const warning based on variable
type.
* `constParameter`
* `constParameterReference`
* `constParameterPointer`
* `constVariable`
* `constVariableReference`
* `constVariablePointer`
* More command-line parameters will now check if the given
integer argument is actually valid. Several other internal
string-to-integer conversions will now be error checked.
* scanning projects (with -j1) will now defer the analysis of
markup files until the whole code was processed
- update to 2.10.3:
* SymbolDatabase: Fix handling of function pointer arguments
- update to 2.10.2:
* GUI: Set proper title for compliance report dialog
* GUI: Generate compliance report
* Tokenizer: tweaked simplification of function pointers
* fix whole program analysis
* Import Project: Fix problem with define value with space
* Fix execution of executable addons from GUI
* fix for windows installer, no other changes
* Fixes when importing AST from clang
* comments can be added at end of suppression in suppressions file
is similar to GCC. If you want to get warnings in the old
* Added Cppcheck annotations cppcheck_low(VALUE) and
* Added API01-C: Avoid laying out strings in memory directly
* Duplicate expression for condition and assignment: if (x==3) x=3;
* Patch was submitted (https://github.com/danmar/cppcheck/pull/1554)
and accepted so this change should be reverted and replaced with a CMake compile definition
- Multifile checking for buffer overruns and uninitialized
- A bunch of additions to several Libraries, especially
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
- Library files have now a 'format' attribute. Format version
- Cppcheck does no longer abort checking if unhandled
- Detect shift by too many bits, signed integer overflow and
- Dead pointer usage when pointer alias local variable that
- Improved AST creation (support placement new, C++-style
- Support GCC extension __attriute__((used)) and MSVC
- Better support for static member variables, inherited
- Improved typedef support where multiple variables are
- Avoid checking code multiple times by calculating a checksum.
- HTML report: display 'verbose' message using clickable
* Additionally, lots of false positives and bugs have been fixed
- Returning references to literals or references to calculation
- Enhanced support for commutative operators in duplicate
- Definition of minsize for buffer arguments in .cfg files
- Fixed handling of #error: Do not report them if -f and -D
- Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList
- Cppcheck requires a C++11 compiler supporting the common
subset of features supported by GCC 4.4, Visual Studio 2010
- Much improved support of complex combinations of function
- More robust error detection in several checks due to usage
- Allocation/Deallocation functions can be extend across
- Better handling of some C++11 language features like enum
- Check for unhandled exceptions when exception specifiers
* Additionally, a large number of false positives and crashs
has been fixed.
- New option to enable warnings but not style messages:
- Cppcheck used to skip includes where the header filename
is enclosed in <>. You can now include these headers also by
using -I.
- New POSIX checks: pipe() buffer size, redundant calls of
set/get user id, too big value passed to usleep(), buffer
- Storing getc() return value in char variable and comparing
- Portability check that warns when using NULL as argument to
variadic function. It has undefined behaviour on some
- Improved checking for uninitialized struct members,
- Added --include to the cppcheck command line client. This forces
inclusion of the given file. This can for instance be used
- The threads handling has been improved. Using -jN now works in
- NULL pointers: Improved checking of default function
argument values.
- full change log
http://raw.github.com/danmar/cppcheck/master/Changelog ModerateSUSE bug 1215233CVE-2023-39070 at SUSECVE-2023-39070 at NVDcpe:/o:opensuse:leap:15.5Security update for zabbix (Important)openSUSE Leap 15.5
This update for zabbix fixes the following issues:
Updated to latest release 4.0.50:
- CVE-2023-32727: Fixed potential arbitrary code execution in icmpping (boo#1218199)
ImportantSUSE bug 1218199CVE-2023-32727 at SUSECVE-2023-32727 at NVDcpe:/o:opensuse:leap:15.5Security update for proftpd (Important)openSUSE Leap 15.5
This update for proftpd fixes the following issues:
Update to version 1.3.8a
* Implemented mitigations for 'Terrapin' SSH attack (CVE-2023-48795).
* http://proftpd.org/docs/NEWS-1.3.8b
ImportantCVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for deepin-compressor (Moderate)openSUSE Leap 15.5
This update for deepin-compressor fixes the following issues:
- CVE-2023-50255: Fix Zip Path Traversal (boo#1218428)
ModerateSUSE bug 1218428CVE-2023-50255 at SUSECVE-2023-50255 at NVDcpe:/o:opensuse:leap:15.5Security update for sngrep (Moderate)openSUSE Leap 15.5
This update for sngrep fixes the following issues:
- Update to version 1.8.1
* Fix CVE-2024-3119: sngrep: buffer overflow due to improper
handling of 'Call-ID' and 'X-Call-ID' SIP headers.
* Fix CVE-2024-3120: sngrep: stack-buffer overflow due to
inadequate bounds checking when copying 'Content-Length' and
'Warning' headers into fixed-size buffers.
- Update to versino 1.8.0
* fix typo in message, thanks to lintian.
* fix compiler warnings about unused variables.
* Fixed a typo in comment line in filter.c
* Redefine usage of POSIX signals.
* Support for building sngrep using CMake added.
- Update to version 1.7.0
* save: add option --text to save captured data to plain text
* capture: fix memory overflows while parsing IP headers
* hep: fix hep listener enabled in offline mode
* core: stop sngrep when parent process has ended
* ssl: fix decrypt with AES256 GCM SHA384 cipher
ModerateCVE-2024-3119 at SUSECVE-2024-3119 at NVDCVE-2024-3120 at SUSECVE-2024-3120 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 109.0.5097.38
* CHR-9695 Update Chromium on desktop-stable-123-5097 to
123.0.6312.87
* DNA-115156 [Login and Password suggestion] Suggestions are
bolded and highlight doesn`t fill all area
* DNA-115313 No video playback on skyshowtime.com
* DNA-115639 [Version 109][Detached window] Missing functions
names in light mode
* DNA-115812 Enable #startpage-opening-animation on all streams
* DNA-115836 Lucid mode visual issues on H264 videos
- The update to chromium 109.0.5097.38 fixes following issues:
CVE-2024-2883, CVE-2024-2885, CVE-2024-2886, CVE-2024-2887
- Update to 109.0.5097.33
* CHR-9674 Update Chromium on desktop-stable-123-5097 to
123.0.6312.46
* DNA-115357 [Settings] Search toolbar has wrong position
* DNA-115396 Bolded camera icon when camera access is allowed
* DNA-115478 AI Prompts in text highlight popup not displayed
properly
* DNA-115563 Wallet selector not working
* DNA-115601 Remove 'moving text' animation in the tab cycler
* DNA-115645 Internal pages icons unreadable when highlight
* DNA-115717 'Your extension was disabled because it is
corrupted' message is displayed to user
* DNA-115770 Promote 109 to stable
- Complete Opera 109 changelog at:
https://blogs.opera.com/desktop/changelog-for-109/
ImportantCVE-2024-2883 at SUSECVE-2024-2883 at NVDCVE-2024-2885 at SUSECVE-2024-2885 at NVDCVE-2024-2886 at SUSECVE-2024-2886 at NVDCVE-2024-2887 at SUSECVE-2024-2887 at NVDSecurity update for putty (Important)openSUSE Leap 15.5
This update for putty fixes the following issues:
Update to release 0.81
* Fix CVE-2024-31497: NIST P521 / ecdsa-sha2-nistp521 signatures are no longer
generated with biased values of k. The previous bias compromises private keys.
ImportantCVE-2024-31497 at SUSECVE-2024-31497 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-CryptX (Moderate)openSUSE Leap 15.5
This update for perl-CryptX fixes the following issues:
Updated to version 0.080:
0.080 2023-10-04
- fix #95 AES-NI troubles on MS Windows (gcc compiler)
- fix #96 Tests failure with Math::BigInt >= 1.999840
- Enabled AES-NI for platforms with gcc/clang/llvm
0.079 2023-10-01
- fix #92 update libtomcrypt
- bundled libtomcrypt update branch:develop (commit:1e629e6f 2023-06-22)
0.078 2023-04-28
- fix #89 Crypt::Mac::HMAC b64mac and b64umac object methods do not work
ModerateSUSE bug 1221528CVE-2018-25099 at SUSECVE-2018-25099 at NVDcpe:/o:opensuse:leap:15.5Security update for dcmtk (Important)openSUSE Leap 15.5
This update for dcmtk fixes the following issues:
* Fixed incorrect type conversion in the DVPSSoftcopyVOI_PList:createFromImage functionality of OFFIS DCMTK (boo#1223324, CVE-2024-28130)
- Add missing requirements for dcmtk-devel (boo#1220809)
- Update to 3.6.8
See DOCS/CHANGES.368 for the full list of changes
ImportantSUSE bug 1220809SUSE bug 1223324CVE-2024-28130 at SUSECVE-2024-28130 at NVDcpe:/o:opensuse:leap:15.5Security update for pdns-recursor (Important)openSUSE Leap 15.5
This update for pdns-recursor fixes the following issues:
- update to 4.8.8:
* fixes a case when a crafted responses can lead to a denial of
service in Recursor if recursive forwarding is configured
(boo#1223262, CVE-2024-25583)
- changes in 4.8.7:
* If serving stale, wipe CNAME records from cache when we get
a NODATA negative response for them
* Fix the zoneToCache regression introduced by last security
update
ImportantSUSE bug 1223262CVE-2024-25583 at SUSECVE-2024-25583 at NVDcpe:/o:opensuse:leap:15.5Security update for php81 (Important)openSUSE Leap 15.5
This update for php81 fixes the following issues:
Version update to 8.1.28
* Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) [boo#1222857]
* Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) [boo#1222858]
ImportantSUSE bug 1222857SUSE bug 1222858CVE-2022-31629 at SUSECVE-2022-31629 at NVDCVE-2024-2756 at SUSECVE-2024-2756 at NVDCVE-2024-3096 at SUSECVE-2024-3096 at NVDcpe:/o:opensuse:leap:15.5Security update for python-python-jose (Important)openSUSE Leap 15.5
This update for python-python-jose fixes the following issues:
CVE-2024-33663: Fixed algorithm confusion with OpenSSH ECDSA keys and other key formats (boo#1223417).
ImportantSUSE bug 1223417CVE-2024-33663 at SUSECVE-2024-33663 at NVDcpe:/o:opensuse:leap:15.5Security update for tinyproxy (Important)openSUSE Leap 15.5
This update for tinyproxy fixes the following issues:
- Update to release 1.11.2
* Fix potential use-after-free in header handling [CVE-2023-49606, boo#1223746]
* Prevent junk from showing up in error page in invalid requests [CVE-2022-40468, CVE-2023-40533, boo#1223743]
- Move tinyproxy program to /usr/bin.
- Update to release 1.11.1
* New fnmatch based filtertype
- Update to release 1.11
* Support for multiple bind directives.
- update to 1.10.0:
* Configuration file has moved from /etc/tinyproxy.conf to
/etc/tinyproxy/tinyproxy.conf.
* Add support for basic HTTP authentication
* Add socks upstream support
* Log to stdout if no logfile is specified
* Activate reverse proxy by default
* Support bind with transparent mode
* Allow multiple listen statements in the configuration
* Fix CVE-2017-11747: Create PID file before dropping privileges.
* Fix CVE-2012-3505: algorithmic complexity DoS in hashmap
* Bugfixes
* BB#110: fix algorithmic complexity DoS in hashmap
* BB#106: fix CONNECT requests with IPv6 literal addresses as host
* BB#116: fix invalid free for GET requests to ipv6 literal address
* BB#115: Drop supplementary groups
* BB#109: Fix crash (infinite loop) when writing to log file fails
* BB#74: Create log and pid files after we drop privs
* BB#83: Use output of id instead of $USER
ImportantSUSE bug 1200028SUSE bug 1203553SUSE bug 1223743SUSE bug 1223746CVE-2012-3505 at SUSECVE-2012-3505 at NVDCVE-2017-11747 at SUSECVE-2017-11747 at NVDCVE-2022-40468 at SUSECVE-2022-40468 at NVDCVE-2023-40533 at SUSECVE-2023-40533 at NVDCVE-2023-49606 at SUSECVE-2023-49606 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter (boo#1219048)
ImportantSUSE bug 1219048CVE-2023-50447 at SUSECVE-2023-50447 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 110.0.5130.23
* CHR-9706 Update Chromium on desktop-stable-124-5130 to
124.0.6367.62
* DNA-116450 Promote 110 to stable
- Complete Opera 110 changelog at:
https://blogs.opera.com/desktop/changelog-for-110/
- The update to chromium 124.0.6367.62 fixes following issues:
CVE-2024-3832, CVE-2024-3833, CVE-2024-3914, CVE-2024-3834,
CVE-2024-3837, CVE-2024-3838, CVE-2024-3839, CVE-2024-3840,
CVE-2024-3841, CVE-2024-3843, CVE-2024-3844, CVE-2024-3845,
CVE-2024-3846, CVE-2024-3847
- Update to 109.0.5097.80
* DNA-115738 Crash at extensions::ExtensionRegistry::
GetExtensionById(std::__Cr::basic_string const&, int)
* DNA-115797 [Flow] Never ending loading while connecting to flow
* DNA-116315 Chat GPT in Sidebar Panel doesn’t work
- Update to 109.0.5097.59
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-115810 Enable #drag-multiple-tabs on all streams
- Update to 109.0.5097.45
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-114737 [Search box] It's getting blurred when click
on it, also lower corners are not rounded sometimes
* DNA-115042 '+' button is not responsive when 30+ tabs opened
* DNA-115326 Wrong fonts and padding after intake
* DNA-115392 [Badges] Text displayed in red
* DNA-115501 'Review your payment' native popup has wrong colors
* DNA-115809 Enable #show-duplicate-indicator-on-link on
all streams
ImportantCVE-2024-3832 at SUSECVE-2024-3832 at NVDCVE-2024-3833 at SUSECVE-2024-3833 at NVDCVE-2024-3834 at SUSECVE-2024-3834 at NVDCVE-2024-3837 at SUSECVE-2024-3837 at NVDCVE-2024-3838 at SUSECVE-2024-3838 at NVDCVE-2024-3839 at SUSECVE-2024-3839 at NVDCVE-2024-3840 at SUSECVE-2024-3840 at NVDCVE-2024-3841 at SUSECVE-2024-3841 at NVDCVE-2024-3843 at SUSECVE-2024-3843 at NVDCVE-2024-3844 at SUSECVE-2024-3844 at NVDCVE-2024-3845 at SUSECVE-2024-3845 at NVDCVE-2024-3846 at SUSECVE-2024-3846 at NVDCVE-2024-3847 at SUSECVE-2024-3847 at NVDCVE-2024-3914 at SUSECVE-2024-3914 at NVDSecurity update for opusfile (Moderate)openSUSE Leap 15.5
This update for opusfile fixes the following issues:
- CVE-2022-47021: Fixed a NULL pointer dereference (boo#1207381)
ModerateSUSE bug 1207381CVE-2022-47021 at SUSECVE-2022-47021 at NVDcpe:/o:opensuse:leap:15.5Security update for git-cliff (Important)openSUSE Leap 15.5
This update for git-cliff fixes the following issues:
- update to 2.2.2:
* (changelog) Allow adding custom context
* (changelog) Ignore empty lines when using split_commits
* (parser) Allow matching empty commit body
* Documentation updates
- update to 2.2.1:
* Make rendering errors more verbose
* Support detecting config from project manifest
* Make the bump version rules configurable
* bug fixes and documentation updates
- CVE-2024-32650: rust-rustls: Infinite loop with proper client
input fixes (boo#1223218)
- Update to version 2.1.2:
* feat(npm): add programmatic API for TypeScript
* chore(fixtures): enable verbose logging for output
* refactor(clippy): apply clippy suggestions
* refactor(changelog): do not output to stdout when prepend is used
* feat(args): add `--tag-pattern` argument
* fix(config): fix commit parser regex in the default config
* fix(github): sanitize the GitHub token in debug logs
* chore(config): add animation to the header of the changelog
* refactor(clippy): apply clippy suggestions
* docs(security): update security policy
* chore(project): add readme to core package
* chore(embed): do not allow missing docs
* chore(config): skip dependabot commits for dev updates
* docs(readme): mention RustLab 2023 talk
* chore(config): revamp the configuration files
* chore(docker): update versions in Dockerfile
* chore(example): use full links in GitHub templates
* chore(project): bump MSRV to 1.74.1
* revert(config): use postprocessors for checking the typos
* feat(template): support using PR labels in the GitHub template
* docs(configuration): fix typo
* feat(args): add `--no-exec` flag for skipping command execution
* chore(command): explicitly set the directory of command to current dir
* refactor(ci): use hardcoded workspace members for cargo-msrv command
* refactor(ci): simplify cargo-msrv installation
* refactor(clippy): apply clippy suggestions
* refactor(config): use postprocessors for checking the typos
* chore(project): update copyright years
* chore(github): update templates about GitHub integration
* feat(changelog): set the timestamp of the previous release
* feat(template): support using PR title in the GitHub template
* feat(changelog): improve skipping via `.cliffignore` and `--skip-commit`
* chore(changelog): disable the default behavior of next-version
* fix(git): sort commits in topological order
* test(changelog): use the correct version for missing tags
* chore(changelog): use 0.1.0 as default next release if no tag is found
* feat(github)!: support integration with GitHub repos
* refactor(changelog): support `--bump` for processed releases
* fix(cli): fix broken pipe when stdout is interrupted
* test(fixtures): update the bumped value output to add prefix
* feat(changelog): support tag prefixes with `--bump`
* feat(changelog)!: set tag to `0.0.1` via `--bump` if no tags exist
* fix(commit): trim the trailing newline from message
* docs(readme): use the raw link for the animation
* chore(example): remove limited commits example
* feat(args): add `-x` short argument for `--context`
* revert(deps): bump actions/upload-pages-artifact from 2 to 3
* revert(deps): bump actions/deploy-pages from 3 to 4
* chore(dependabot): group the dependency updates for creating less PRs
* feat(parser): support using SHA1 of the commit
* feat(commit): add merge_commit flag to the context
* chore(mergify): don't update PRs for the main branch
* fix(links): skip checking the GitHub commit URLs
* fix(changelog): fix previous version links
* feat(parser): support using regex scope values
* test(fixture): update the date for example test fixture
* docs(fixtures): add instructions for adding new fixtures
* feat(args): support initialization with built-in templates
* feat(changelog)!: support templating in the footer
* feat(args): allow returning the bumped version
* test(fixture): add test fixture for bumping version
* fix: allow version bump with a single previous release
* fix(changelog): set the correct previous tag when a custom tag is given
* feat(args): set `CHANGELOG.md` as default missing value for output option
* refactor(config): remove unnecessary newline from configs
- Update to version 1.4.0:
* Support bumping the semantic version via `--bump`
* Add 'typos' check
* Log the output of failed external commands -
* breaking change: Support regex in 'tag_pattern' configuration
* Add field and value matchers to the commit parser
- Update to version 1.2.0:
* Update clap and clap extras to v4
* Make the fields of Signature public
* Add a custom configuration file for the repository
* Support placing configuration inside pyproject.toml
* Generate SBOM/provenance for the Docker image
* Support using regex group values
* [breaking] Nested environment config overrides
* Set max of limit_commits to the number of commits
* Set the node cache dependency path
* Use the correct argument in release script
- Update to version 1.1.2:
* Do not skip all tags when skip_tags is empty (#136)
* Allow saving context to a file (#138)
* Derive the tag order from commits instead of timestamp (#139)
* Use timestamp for deriving the tag order (#139)
- Update to version 1.1.1:
* Relevant change: Update README.md about the NPM package
* Fix type casting in base NPM package
* Rename the package on Windows
* Disable liquid parsing in README.md by using raw blocks
* Support for generating changelog for multiple git repositories
* Publish binaries for more platforms/architectures
- Update to version 1.0.0:
* Bug Fixes
- Fix test fixture failures
* Documentation
- Fix GitHub badges in README.md
* Features
- [breaking] Replace --date-order by --topo-order
- Allow running with --prepend and --output
- [breaking] Use current time for --tag argument
- Include completions and mangen in binary releases
- Publish Debian package via release workflow
* Miscellaneous Tasks
- Run all test fixtures
- Remove deprecated set-output usage
- Update actions/checkout to v3
- Comment out custom commit preprocessor
* Refactor
- Apply clippy suggestions
* Styling
- Update README.md about the styling of footer field
ImportantSUSE bug 1223218CVE-2024-32650 at SUSECVE-2024-32650 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Moderate)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- Fixed ImagePath.Path array handling (boo#1194551, boo#1194552, CVE-2022-22815, CVE-2022-22816)
ModerateSUSE bug 1194551SUSE bug 1194552CVE-2022-22815 at SUSECVE-2022-22815 at NVDCVE-2022-22816 at SUSECVE-2022-22816 at NVDcpe:/o:opensuse:leap:15.5Security update for gitui (Moderate)openSUSE Leap 15.5
This update for gitui fixes the following issues:
- update to version 0.26.2:
* respect configuration for remote when fetching (also applies
to pulling)
* add : character to sign-off trailer to comply with Conventional
Commits standard
* support overriding build_date for reproducible builds
- update vendored dependencies for CVE-2023-48795 (boo#1218264)
- Update to version 0.26.1:
Added:
* sign commits using openpgp
* support ssh commit signing (when user.signingKey and gpg.format
= ssh of gitconfig are set; ssh-agent isn't yet supported)
* provide nightly builds (see NIGHTLIES.md)
* more version info in gitui -V and help popup (including git
hash)
* support core.commitChar filtering
* allow reset in branch popup
* respect configuration for remote when pushing
Changed:
* Make info and error message popups scrollable
* clarify x86_64 linux binary in artifact names:
gitui-linux-x86_64.tar.gz (formerly known as musl)
Fixes:
* add syntax highlighting support for more file types, e.g.
Typescript, TOML, etc.
- Update to version 0.25.1:
Added:
* support for new-line in text-input (e.g. commit message editor)
* add syntax highlighting for blame view
* allow aborting pending commit log search
* theme.ron now supports customizing line break symbol
* add confirmation for dialog for undo commit
* support prepare-commit-msg hook
* new style block_title_focused to allow customizing title text
of focused frame/block
* allow fetch command in both tabs of branchlist popup
* check branch name validity while typing
Changed:
* do not allow tagging when tag.gpgsign enabled until gpg-signing
is supported
Fixes:
* bump yanked dependency bumpalo to fix build from source
* pin ratatui version to fix building without locked cargo
install gitui
* stash window empty after file history popup closes
* allow push to empty remote
* better diagnostics for theme file loading
* fix ordering of commits in diff view
- Update to version 0.24.3:
* log: fix major lag when going beyond last search hit
* parallelise log search - performance gain ~100%
* search message body/summary separately
* fix commit log not updating after branch switch
* fix stashlist not updating after pop/drop
* fix commit log corruption when tabbing in/out while parsing log
* fix performance problem in big repo with a lot of incoming commits
* fix error switching to a branch with '/' in the name
* search commits by message, author or files in diff
* support 'n'/'p' key to move to the next/prev hunk in diff component
* simplify theme overrides
* support for sign-off of commits
* switched from textwrap to bwrap for text wrapping
* more logging diagnostics when a repo cannot be
* added to anaconda
* visualize empty line substituted with content in diff better
* checkout branch works with non-empty status report
* jump to commit by SHA
* fix commit dialog char count for multibyte characters
* fix wrong hit highlighting in fuzzy find popup
* fix symlink support for configuration files
* fix expansion of ~ in commit.template
* fix hunk (un)staging/reset for # of context lines != 3
* fix delay when opening external editor
- Update to version 0.23.0
- Breaking Change
* focus_XYZ key bindings are merged into the move_XYZ set, so only one way to bind arrow-like keys from now on
- Added
* allow reset (soft,mixed,hard) from commit log
* support reword of commit from log
* fuzzy find branch
* list changes in commit message inside external editor
* allow detaching HEAD and checking out specific commit from log view
* add no-verify option on commits to not run hooks
* allow fetch on status tab
* allow copy file path on revision files and status tree
* print message of where log will be written if -l is set
* show remote branches in log
- Fixes
* fixed side effect of crossterm 0.26 on windows that caused double input of all keys
* commit msg history ordered the wrong way
* improve help documentation for amend cmd
* lag issue when showing files tab
* fix key binding shown in bottom bar for stash_open
* --bugreport does not require param
* edit-file command shown on commits msg
* crash on branches popup in small terminal
* edit command duplication
* syntax errors in key_bindings.ron will be logged
* Fix UI freeze when copying with xclip installed on Linux
* Fix UI freeze when copying with wl-copy installed on Linux
* commit hooks report 'command not found' on Windows with wsl2 installed
* crashes on entering submodules
* fix race issue: revlog messages sometimes appear empty
* default to tick-based updates
* add support for options handling in log and stashes views
- Changed
* minimum supported rust version bumped to 1.65 (thank you time crate)
ModerateSUSE bug 1218264CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Critical)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 125.0.6422.60 (boo#1224341)
* CVE-2024-4947: Type Confusion in V8
* CVE-2024-4948: Use after free in Dawn
* CVE-2024-4949: Use after free in V8
* CVE-2024-4950: Inappropriate implementation in Downloads
- Chromium 125.0.6422.41
* New upstream (early) stable release.
- Chromium 124.0.6367.207 (boo#1224294)
* CVE-2024-4761: Out of bounds write in V8
- Chromium 124.0.6367.201 (boo#1224208)
CriticalSUSE bug 1224208SUSE bug 1224294SUSE bug 1224341CVE-2024-4761 at SUSECVE-2024-4761 at NVDCVE-2024-4947 at SUSECVE-2024-4947 at NVDCVE-2024-4948 at SUSECVE-2024-4948 at NVDCVE-2024-4949 at SUSECVE-2024-4949 at NVDCVE-2024-4950 at SUSECVE-2024-4950 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 125.0.6422.76 (boo#1224818)
* CVE-2024-5157: Use after free in Scheduling
* CVE-2024-5158: Type Confusion in V8
* CVE-2024-5159: Heap buffer overflow in ANGLE
* CVE-2024-5160: Heap buffer overflow in Dawn
* Various fixes from internal audits, fuzzing and other initiatives
ImportantSUSE bug 1224818CVE-2024-5157 at SUSECVE-2024-5157 at NVDCVE-2024-5158 at SUSECVE-2024-5158 at NVDCVE-2024-5159 at SUSECVE-2024-5159 at NVDCVE-2024-5160 at SUSECVE-2024-5160 at NVDcpe:/o:opensuse:leap:15.5Security update for qt6-networkauth (Moderate)openSUSE Leap 15.5
This update for qt6-networkauth fixes the following issues:
- CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782).
ModerateSUSE bug 1224782CVE-2024-36048 at SUSECVE-2024-36048 at NVDcpe:/o:opensuse:leap:15.5Security update for cJSON (Important)openSUSE Leap 15.5
This update for cJSON fixes the following issues:
- Update to 1.7.18:
* CVE-2024-31755: NULL pointer dereference via cJSON_SetValuestring() (boo#1223420)
* Remove non-functional list handling of compiler flags
* Fix heap buffer overflow
* remove misused optimization flag -01
* Set free'd pointers to NULL whenever they are not reassigned
immediately after
- Update to version 1.7.17 (boo#1218098, CVE-2023-50472,
boo#1218099, CVE-2023-50471):
* Fix null reference in cJSON_SetValuestring (CVE-2023-50472).
* Fix null reference in cJSON_InsertItemInArray (CVE-2023-50471).
- Update to 1.7.16:
* Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt
* Add cmake_policy to CMakeLists.txt
* Add cJSON_SetBoolValue
* Add meson documentation
* Fix memory leak in merge_patch
* Fix conflicting target names 'uninstall'
* Bump cmake version to 3.0 and use new version syntax
* Print int without decimal places
* Fix 'cjson_utils-static' target not exist
* Add allocate check for replace_item_in_object
* Fix a null pointer crash in cJSON_ReplaceItemViaPointer
ImportantSUSE bug 1218098SUSE bug 1218099SUSE bug 1223420CVE-2023-50471 at SUSECVE-2023-50471 at NVDCVE-2023-50472 at SUSECVE-2023-50472 at NVDCVE-2024-31755 at SUSECVE-2024-31755 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Critical)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 125.0.6422.112
* CVE-2024-5274: Type Confusion in V8 (boo#1225199)
CriticalSUSE bug 1225199CVE-2024-5274 at SUSECVE-2024-5274 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 110.0.5130.39
* DNA-115603 [Rich Hints] Pass trigger source to the Rich Hint
* DNA-116680 Import 0-day fix for CVE-2024-5274
- Update to 110.0.5130.35
* CHR-9721 Update Chromium on desktop-stable-124-5130 to
124.0.6367.202
* DNA-114787 Crash at views::View::DoRemoveChildView(views::
View*, bool, bool, views::View*)
* DNA-115640 Tab island is not properly displayed after
drag&drop in light theme
* DNA-116191 Fix link in RTV Euro CoS
* DNA-116218 Crash at SkGpuShaderImageFilter::onFilterImage
(skif::Context const&)
* DNA-116241 Update affiliation link for media expert
'Continue On'
* DNA-116256 Crash at TabHoverCardController::UpdateHoverCard
(opera::TabDataView*, TabHoverCardController::UpdateType,
bool)
* DNA-116270 Show 'Suggestions' inside expanding Speed Dial
field
* DNA-116474 Implement the no dynamic hover approach
* DNA-116493 Make sure that additional elements like
(Sync your browser) etc. doesn’t shift content down on page
* DNA-116515 Import 0-day fix from Chromium '[wasm-gc] Only
normalize JSObject targets in SetOrCopyDataProperties'
* DNA-116543 Twitter migrate to x.com
* DNA-116552 Change max width of the banner
* DNA-116569 Twitter in Panel loading for the first time opens
two Tabs automatically
* DNA-116587 Translate settings strings for every language
- The update to chromium 124.0.6367.202 fixes following issues:
CVE-2024-4671
ImportantCVE-2024-4671 at SUSECVE-2024-4671 at NVDCVE-2024-5274 at SUSECVE-2024-5274 at NVDSecurity update for libqt5-qtnetworkauth (Moderate)openSUSE Leap 15.5
This update for libqt5-qtnetworkauth fixes the following issues:
- CVE-2024-36048: Fixed data race and poor seeding in generateRandomString() (boo#1224782).
ModerateSUSE bug 1224782CVE-2024-36048 at SUSECVE-2024-36048 at NVDcpe:/o:opensuse:leap:15.5Security update for gifsicle (Important)openSUSE Leap 15.5
This update for gifsicle fixes the following issues:
Update to version 1.95:
- CVE-2023-46009: Fixed floating point exception vulnerability via resize_stream at src/xform.c (boo#1216403)
ImportantSUSE bug 1216403CVE-2023-46009 at SUSECVE-2023-46009 at NVDcpe:/o:opensuse:leap:15.5Security update for libredwg (Important)openSUSE Leap 15.5
This update for libredwg fixes the following issues:
Update to tag 0.12.5.6924:
- CVE-2023-26157: Fixed out-of-bound read involving section->num_pages in decode_r2007.c (boo#1218473)
ImportantSUSE bug 1218473CVE-2023-26157 at SUSECVE-2023-26157 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 125.0.6422.141 (boo#1225690)
* CVE-2024-5493: Heap buffer overflow in WebRTC
* CVE-2024-5494: Use after free in Dawn
* CVE-2024-5495: Use after free in Dawn
* CVE-2024-5496: Use after free in Media Session
* CVE-2024-5497: Out of bounds memory access in Keyboard Inputs
* CVE-2024-5498: Use after free in Presentation API
* CVE-2024-5499: Out of bounds write in Streams API
ImportantSUSE bug 1225690CVE-2024-5493 at SUSECVE-2024-5493 at NVDCVE-2024-5494 at SUSECVE-2024-5494 at NVDCVE-2024-5495 at SUSECVE-2024-5495 at NVDCVE-2024-5496 at SUSECVE-2024-5496 at NVDCVE-2024-5497 at SUSECVE-2024-5497 at NVDCVE-2024-5498 at SUSECVE-2024-5498 at NVDCVE-2024-5499 at SUSECVE-2024-5499 at NVDcpe:/o:opensuse:leap:15.5Security update for python-python-jose (Important)openSUSE Leap 15.5
This update for python-python-jose fixes the following issues:
- CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio (boo#1223422)
ImportantSUSE bug 1223422CVE-2024-33664 at SUSECVE-2024-33664 at NVDcpe:/o:opensuse:leap:15.5Security update for libhtp (Moderate)openSUSE Leap 15.5
This update for libhtp fixes the following issues:
- CVE-2024-23837: excessive processing time of HTTP headers can
lead to denial of service (boo#1220403)
ModerateSUSE bug 1220403CVE-2024-23837 at SUSECVE-2024-23837 at NVDcpe:/o:opensuse:leap:15.5Security update for plasma5-workspace (Important)openSUSE Leap 15.5
This update for plasma5-workspace fixes the following issues:
- CVE-2024-36041: Fixed an authentication issue where unauthorized users can access session manager (boo#1225774).
ImportantSUSE bug 1225774CVE-2024-36041 at SUSECVE-2024-36041 at NVDcpe:/o:opensuse:leap:15.5Security update for nano (Important)openSUSE Leap 15.5
This update for nano fixes the following issues:
- CVE-2024-5742: Avoid privilege escalations via symlink attacks on emergency save file (boo#1226099)
ImportantSUSE bug 1226099CVE-2024-5742 at SUSECVE-2024-5742 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
opera was updated to 106.0.4998.28
* CHR-9566 Update Chromium on desktop-stable-120-4998 to
120.0.6099.200
* DNA-113161 [Weather] 'Weather Location' description is almost
invisible in dark mode
* DNA-113351 'Previous tile' should be the same size
as 'next tile'
* DNA-113443 Crash at opera::ComponentTabCyclerView::
HighlightContents(content::WebContents*, bool)
* DNA-114170 [Google Meet][Tab] Links from Google Meet open
as blank tabs till change workspace
- The update to chromium 120.0.6099.200 fixes following issues:
CVE-2024-0222, CVE-2024-0223, CVE-2024-0224, CVE-2024-0225
ImportantCVE-2024-0222 at SUSECVE-2024-0222 at NVDCVE-2024-0223 at SUSECVE-2024-0223 at NVDCVE-2024-0224 at SUSECVE-2024-0224 at NVDCVE-2024-0225 at SUSECVE-2024-0225 at NVDSecurity update for gdcm (Important)openSUSE Leap 15.5
This update for gdcm fixes the following issues:
- CVE-2024-22373: Fixed out-of-bounds write vulnerability in JPEG2000Codec::DecodeByStreamsCommon (boo#1223398).
ImportantSUSE bug 1223398CVE-2024-22373 at SUSECVE-2024-22373 at NVDcpe:/o:opensuse:leap:15.5Security update for python-django-grappelli (Moderate)openSUSE Leap 15.5
This update for python-django-grappelli fixes the following issues:
Update to 2.14.4:
- CVE-2021-46898: Fixed views/switch.py vulnerable to protocol-relative URL attacks (boo#1216481)
- Fixed: Redirect with switch user.
- Improved: Remove extra filtering in AutocompleteLookup.
- Improved: Added import statement with URLs for quickstart docs.
- Improved: Added additional blocks with inlines to allow override.
- Fixed: Compatibility with Django 3.1.
- Fixed: Docs about adding Grappelli documentation URLS.
ModerateSUSE bug 1216481CVE-2021-46898 at SUSECVE-2021-46898 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Js2Py (Important)openSUSE Leap 15.5
This update for python-Js2Py fixes the following issues:
- CVE-2024-28397: Fixed an issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call.
(boo#1226660, gh#PiotrDabkowski/Js2Py#323)
ImportantSUSE bug 1226660CVE-2024-28397 at SUSECVE-2024-28397 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 111.0.5168.43
* DNA-115228 Adblocker is blocking ads when turned off
* DNA-116605 Crash at opera::BrowserContentsView::
NonClientHitTestPoint(gfx::Point const&)
* DNA-116855 Cannot close tab island’s tab when popup
was hovered
* DNA-116885 Add chrome.cookies api permission to Rich Hints
* DNA-116948 [Linux] Theme toggle in settings is not working
- Update to 111.0.5168.25
* CHR-9754 Update Chromium on desktop-stable-125-5168 to
125.0.6422.142
* DNA-116089 [Win/Lin] Fullscreen view has rounded corners
* DNA-116208 The red dot on the Aria’s icon is misaligned
* DNA-116693 X (twitter) logo is not available on
opera:about page
* DNA-116737 [Bookmarks] Bookmarks bar favicon have light
theme color in new window
* DNA-116769 Extension popup – pin icon is replaced
* DNA-116850 Fix full package installer link
* DNA-116852 Promote 111 to stable
* DNA-116491 Site info popup is cut with dropdown opened
* DNA-116661 [opera:settings] IPFS/IPNS Gateway box has the
wrong design
* DNA-116789 Translations for O111
* DNA-116813 [React emoji picker] Flag emojis are not load
correctly
* DNA-116893 Put 'Show emojis in tab tooltip' in Settings
* DNA-116918 Translations for 'Show emojis in tab tooltip'
- Complete Opera 111 changelog at:
https://blogs.opera.com/desktop/changelog-for-111
- The update to chromium 125.0.6422.142 fixes following issues:
CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496,
CVE-2024-5497, CVE-2024-5498, CVE-2024-5499
- Update to 110.0.5130.64
* CHR-9748 Update Chromium on desktop-stable-124-5130
to 124.0.6367.243
* DNA-116317 Create outline or shadow around emojis on tab strip
* DNA-116320 Create animation for emoji disappearing from
tab strip
* DNA-116564 Assign custom emoji from emoji picker
* DNA-116690 Make chrome://emoji-picker attachable by webdriver
* DNA-116732 Introduce stat event for setting / unsetting emoji
on a tab
* DNA-116753 Emoji picker does not follow browser theme
* DNA-116755 Record tab emojis added / removed
* DNA-116777 Enable #tab-art on all streams
- Update to 110.0.5130.49
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-116706 [gpu-crash] Crash at SkGpuShaderImageFilter::
onFilterImage(skif::Context const&)
ImportantCVE-2024-5493 at SUSECVE-2024-5493 at NVDCVE-2024-5494 at SUSECVE-2024-5494 at NVDCVE-2024-5495 at SUSECVE-2024-5495 at NVDCVE-2024-5496 at SUSECVE-2024-5496 at NVDCVE-2024-5497 at SUSECVE-2024-5497 at NVDCVE-2024-5498 at SUSECVE-2024-5498 at NVDCVE-2024-5499 at SUSECVE-2024-5499 at NVDSecurity update for keybase-client (Moderate)openSUSE Leap 15.5
This update for keybase-client fixes the following issues:
Update to version 6.2.8
* Update client CA
* Fix incomplete locking in config file handling.
- Update the Image dependency to address CVE-2023-29408 /
boo#1213928. This is done via the new update-image-tiff.patch.
- Limit parallel test execution as that seems to cause failing
builds on OBS that don't occur locally.
- Integrate KBFS packages previously build via own source package
* Upstream integrated these into the same source.
* Also includes adding kbfs-related patches
ensure-mount-dir-exists.patch and
ensure-service-stop-unmounts-filesystem.patch.
- Upgrade Go version used for compilation to 1.19.
- Use Systemd unit file from upstream source.
ModerateSUSE bug 1213928CVE-2023-29408 at SUSECVE-2023-29408 at NVDcpe:/o:opensuse:leap:15.5Security update for obs-service-download_url (Moderate)openSUSE Leap 15.5
This update for obs-service-download_url fixes the following issues:
Update to version 0.2.1:
* CVE-2024-22033: fixed argument parsing to avoid argument injection (boo#1227203)
Update to version 0.2.0:
* BREAKING CHANGE: enable sslvalidation by default
* Fix filename option
* added new parameter 'download-manifest' for bulk downloads
ModerateSUSE bug 1227203CVE-2024-22033 at SUSECVE-2024-22033 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 106.0.4998.19
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-113887 Translations for O106
- The update to chromium 120.0.6099.130 fixes following issues:
CVE-2023-7024
- Update to 106.0.4998.16
* CHR-9553 Update Chromium on desktop-stable-120-4998 to
120.0.6099.109
* DNA-112522 'Find in page' option does not show text cursor
* DNA-113349 Lucid mode strength in full settings bar is
visible only after change
* DNA-113462 Crash at opera::fcm::FcmRegistrationServiceImpl::
RemoveTokenObserverForClient(opera::fcm::FcmClient*,
syncer::FCMRegistrationTokenObserver*)
* DNA-113748 Split preview shows on videoconferencing
* DNA-114091 Promote 106 to stable
- Complete Opera 106 changelog at:
https://blogs.opera.com/desktop/changelog-for-106/
- The update to chromium 120.0.6099.109 fixes following issues:
CVE-2023-6702, CVE-2023-6703, CVE-2023-6704, CVE-2023-6705,
CVE-2023-6706, CVE-2023-6707
- Update to 105.0.4970.48
* DNA-112522 'Find in page' option does not show text cursor
ImportantCVE-2023-6702 at SUSECVE-2023-6702 at NVDCVE-2023-6703 at SUSECVE-2023-6703 at NVDCVE-2023-6704 at SUSECVE-2023-6704 at NVDCVE-2023-6705 at SUSECVE-2023-6705 at NVDCVE-2023-6706 at SUSECVE-2023-6706 at NVDCVE-2023-6707 at SUSECVE-2023-6707 at NVDCVE-2023-7024 at SUSECVE-2023-7024 at NVDSecurity update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 120.0.6099.216 (boo#1217839, boo#1218048, boo#1218302,
boo#1218533, boo#1218719)
* CVE-2024-0333: Insufficient data validation in Extensions
* CVE-2024-0222: Use after free in ANGLE
* CVE-2024-0223: Heap buffer overflow in ANGLE
* CVE-2024-0224: Use after free in WebAudio
* CVE-2024-0225: Use after free in WebGPU
* CVE-2023-7024: Heap buffer overflow in WebRTC
* CVE-2023-6702: Type Confusion in V8
* CVE-2023-6703: Use after free in Blink
* CVE-2023-6704: Use after free in libavif (boo#1218303)
* CVE-2023-6705: Use after free in WebRTC
* CVE-2023-6706: Use after free in FedCM
* CVE-2023-6707: Use after free in CSS
* CVE-2023-6508: Use after free in Media Stream
* CVE-2023-6509: Use after free in Side Panel Search
* CVE-2023-6510: Use after free in Media Capture
* CVE-2023-6511: Inappropriate implementation in Autofill
* CVE-2023-6512: Inappropriate implementation in Web Browser UI
ImportantSUSE bug 1217839SUSE bug 1218048SUSE bug 1218302SUSE bug 1218303SUSE bug 1218533SUSE bug 1218719CVE-2023-6508 at SUSECVE-2023-6508 at NVDCVE-2023-6509 at SUSECVE-2023-6509 at NVDCVE-2023-6510 at SUSECVE-2023-6510 at NVDCVE-2023-6511 at SUSECVE-2023-6511 at NVDCVE-2023-6512 at SUSECVE-2023-6512 at NVDCVE-2023-6702 at SUSECVE-2023-6702 at NVDCVE-2023-6703 at SUSECVE-2023-6703 at NVDCVE-2023-6704 at SUSECVE-2023-6704 at NVDCVE-2023-6705 at SUSECVE-2023-6705 at NVDCVE-2023-6706 at SUSECVE-2023-6706 at NVDCVE-2023-6707 at SUSECVE-2023-6707 at NVDCVE-2023-7024 at SUSECVE-2023-7024 at NVDCVE-2024-0222 at SUSECVE-2024-0222 at NVDCVE-2024-0223 at SUSECVE-2024-0223 at NVDCVE-2024-0224 at SUSECVE-2024-0224 at NVDCVE-2024-0225 at SUSECVE-2024-0225 at NVDCVE-2024-0333 at SUSECVE-2024-0333 at NVDcpe:/o:opensuse:leap:15.5Security update for Botan (Moderate)openSUSE Leap 15.5
This update for Botan fixes the following issues:
Update to 2.19.5:
* Fix multiple Denial of service attacks due to X.509 cert processing:
* CVE-2024-34702 - boo#1227238
* CVE-2024-34703 - boo#1227607
* CVE-2024-39312 - boo#1227608
* Fix a crash in OCB
* Fix a test failure in compression with certain versions of zlib
* Fix some iterator debugging errors in TLS CBC decryption.
* Avoid a miscompilation in ARIA when using XCode 14
ModerateSUSE bug 1227238SUSE bug 1227607SUSE bug 1227608CVE-2024-34702 at SUSECVE-2024-34702 at NVDCVE-2024-34703 at SUSECVE-2024-34703 at NVDCVE-2024-39312 at SUSECVE-2024-39312 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 126.0.6478.126 (boo#1226504, boo#1226205, boo#1226933)
* CVE-2024-6290: Use after free in Dawn
* CVE-2024-6291: Use after free in Swiftshader
* CVE-2024-6292: Use after free in Dawn
* CVE-2024-6293: Use after free in Dawn
* CVE-2024-6100: Type Confusion in V8
* CVE-2024-6101: Inappropriate implementation in WebAssembly
* CVE-2024-6102: Out of bounds memory access in Dawn
* CVE-2024-6103: Use after free in Dawn
* CVE-2024-5830: Type Confusion in V8
* CVE-2024-5831: Use after free in Dawn
* CVE-2024-5832: Use after free in Dawn
* CVE-2024-5833: Type Confusion in V8
* CVE-2024-5834: Inappropriate implementation in Dawn
* CVE-2024-5835: Heap buffer overflow in Tab Groups
* CVE-2024-5836: Inappropriate Implementation in DevTools
* CVE-2024-5837: Type Confusion in V8
* CVE-2024-5838: Type Confusion in V8
* CVE-2024-5839: Inappropriate Implementation in Memory Allocator
* CVE-2024-5840: Policy Bypass in CORS
* CVE-2024-5841: Use after free in V8
* CVE-2024-5842: Use after free in Browser UI
* CVE-2024-5843: Inappropriate implementation in Downloads
* CVE-2024-5844: Heap buffer overflow in Tab Strip
* CVE-2024-5845: Use after free in Audio
* CVE-2024-5846: Use after free in PDFium
* CVE-2024-5847: Use after free in PDFium
- Amend fix_building_widevinecdm_with_chromium.patch to allow
Widevine on ARM64 (boo#1226170)
ImportantSUSE bug 1226170SUSE bug 1226205SUSE bug 1226504SUSE bug 1226933CVE-2024-5830 at SUSECVE-2024-5830 at NVDCVE-2024-5831 at SUSECVE-2024-5831 at NVDCVE-2024-5832 at SUSECVE-2024-5832 at NVDCVE-2024-5833 at SUSECVE-2024-5833 at NVDCVE-2024-5834 at SUSECVE-2024-5834 at NVDCVE-2024-5835 at SUSECVE-2024-5835 at NVDCVE-2024-5836 at SUSECVE-2024-5836 at NVDCVE-2024-5837 at SUSECVE-2024-5837 at NVDCVE-2024-5838 at SUSECVE-2024-5838 at NVDCVE-2024-5839 at SUSECVE-2024-5839 at NVDCVE-2024-5840 at SUSECVE-2024-5840 at NVDCVE-2024-5841 at SUSECVE-2024-5841 at NVDCVE-2024-5842 at SUSECVE-2024-5842 at NVDCVE-2024-5843 at SUSECVE-2024-5843 at NVDCVE-2024-5844 at SUSECVE-2024-5844 at NVDCVE-2024-5845 at SUSECVE-2024-5845 at NVDCVE-2024-5846 at SUSECVE-2024-5846 at NVDCVE-2024-5847 at SUSECVE-2024-5847 at NVDCVE-2024-6100 at SUSECVE-2024-6100 at NVDCVE-2024-6101 at SUSECVE-2024-6101 at NVDCVE-2024-6102 at SUSECVE-2024-6102 at NVDCVE-2024-6103 at SUSECVE-2024-6103 at NVDCVE-2024-6290 at SUSECVE-2024-6290 at NVDCVE-2024-6291 at SUSECVE-2024-6291 at NVDCVE-2024-6292 at SUSECVE-2024-6292 at NVDCVE-2024-6293 at SUSECVE-2024-6293 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 112.0.5197.25
* CHR-9787 Update Chromium on desktop-stable-126-5197 to
126.0.6478.127
- The update to chromium 126.0.6478.127 fixes following issues:
CVE-2024-6290, CVE-2024-6291, CVE-2024-6292, CVE-2024-6293
- Update to 112.0.5197.24
* CHR-9762 Update Chromium on desktop-stable-126-5197 to
126.0.6478.62
* DNA-117001 Crash at base::internal::check_is_test_impl
(base::NotFatalUntil)
* DNA-117050 [Settings][Sync] Synchronization options aren't
visible
* DNA-117076 [Player] Background of the icons has changed and
the Tidal icon is now missing
* DNA-117109 Browser freezes when trying to remove a tab
* DNA-117181 Translations for O112
* DNA-117202 Crash at syncer::SyncServiceImpl::NotifyObservers()
* DNA-117295 Remove emoji names field in picker
* DNA-117347 Start page is not rendered on first switch to
workspace after its creation
* DNA-117431 Promote 112 to stable
- Complete Opera 112 changelog at:
https://blogs.opera.com/desktop/changelog-for-112
- The update to chromium >= 126.0.6478.54 fixes following issues:
CVE-2024-5830, CVE-2024-5831, CVE-2024-5832, CVE-2024-5833,
CVE-2024-5834, CVE-2024-5835, CVE-2024-5836, CVE-2024-5837,
CVE-2024-5838, CVE-2024-5839, CVE-2024-5840, CVE-2024-5841,
CVE-2024-5842, CVE-2024-5843, CVE-2024-5844, CVE-2024-5845,
CVE-2024-5846, CVE-2024-5847
- Update to 111.0.5168.55
* DNA-116749 Unnecessary icons in the advanced sync settings
* DNA-116961 Evaluate #vtvd-as-platform-sw-decoder in the field
* DNA-117003 #vtvd-as-platform-sw-decoder is not registered in
media unittests
ImportantCVE-2024-5830 at SUSECVE-2024-5830 at NVDCVE-2024-5831 at SUSECVE-2024-5831 at NVDCVE-2024-5832 at SUSECVE-2024-5832 at NVDCVE-2024-5833 at SUSECVE-2024-5833 at NVDCVE-2024-5834 at SUSECVE-2024-5834 at NVDCVE-2024-5835 at SUSECVE-2024-5835 at NVDCVE-2024-5836 at SUSECVE-2024-5836 at NVDCVE-2024-5837 at SUSECVE-2024-5837 at NVDCVE-2024-5838 at SUSECVE-2024-5838 at NVDCVE-2024-5839 at SUSECVE-2024-5839 at NVDCVE-2024-5840 at SUSECVE-2024-5840 at NVDCVE-2024-5841 at SUSECVE-2024-5841 at NVDCVE-2024-5842 at SUSECVE-2024-5842 at NVDCVE-2024-5843 at SUSECVE-2024-5843 at NVDCVE-2024-5844 at SUSECVE-2024-5844 at NVDCVE-2024-5845 at SUSECVE-2024-5845 at NVDCVE-2024-5846 at SUSECVE-2024-5846 at NVDCVE-2024-5847 at SUSECVE-2024-5847 at NVDCVE-2024-6290 at SUSECVE-2024-6290 at NVDCVE-2024-6291 at SUSECVE-2024-6291 at NVDCVE-2024-6292 at SUSECVE-2024-6292 at NVDCVE-2024-6293 at SUSECVE-2024-6293 at NVDSecurity update for perl-Spreadsheet-ParseXLSX (Moderate)openSUSE Leap 15.5
This update for perl-Spreadsheet-ParseXLSX fixes the following issues:
Updated to 0.29:
see /usr/share/doc/packages/perl-Spreadsheet-ParseXLSX/Changes
0.29:
- Fix for 'Argument '' isn't numeric in addition (+) at /usr/local/shar…
- Incorrect cell values due to phonetic data doy#72
- Fix die message in parse()
- Cannot open password protected SHA1 encrypted files. doy#68
- use date format detection based on Spreadsheet::XLSX
- Add rudimentary support for hyperlinks in cells
0.28:
- CVE-2024-22368: out-of-memory condition during parsing of a crafted XLSX document (boo#1218651)
- Fix possible memory bomb as reported in https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md
- Updated Dist::Zilla configuration fixing deprecation warnings
ModerateSUSE bug 1218651CVE-2024-22368 at SUSECVE-2024-22368 at NVDcpe:/o:opensuse:leap:15.5Security update for global (Important)openSUSE Leap 15.5
This update for global fixes the following issues:
- CVE-2024-38448: htags may allow code execution via untrusted dbpath (boo#1226420)
ImportantSUSE bug 1226420CVE-2024-38448 at SUSECVE-2024-38448 at NVDcpe:/o:opensuse:leap:15.5Security update for caddy (Moderate)openSUSE Leap 15.5
This update for caddy fixes the following issues:
Update to version 2.8.4:
* cmd: fix regression in auto-detect of Caddyfile (#6362)
* Tag v2.8.3 was mistakenly made on the v2.8.2 commit and is skipped
Update to version 2.8.2:
* cmd: fix auto-detetction of .caddyfile extension (#6356)
* caddyhttp: properly sanitize requests for root path (#6360)
* caddytls: Implement certmagic.RenewalInfoGetter
Update to version 2.8.1:
* caddyhttp: Fix merging consecutive `client_ip` or `remote_ip` matchers (#6350)
* core: MkdirAll appDataDir in InstanceID with 0o700 (#6340)
Update to version 2.8.0:
* acmeserver: Add `sign_with_root` for Caddyfile (#6345)
* caddyfile: Reject global request matchers earlier (#6339)
* core: Fix bug in AppIfConfigured (fix #6336)
* fix a typo (#6333)
* autohttps: Move log WARN to INFO, reduce confusion (#6185)
* reverseproxy: Support HTTP/3 transport to backend (#6312)
* context: AppIfConfigured returns error; consider not-yet-provisioned modules (#6292)
* Fix lint error about deprecated method in smallstep/certificates/authority
* go.mod: Upgrade dependencies
* caddytls: fix permission requirement with AutomationPolicy (#6328)
* caddytls: remove ClientHelloSNICtxKey (#6326)
* caddyhttp: Trace individual middleware handlers (#6313)
* templates: Add `pathEscape` template function and use it in file browser (#6278)
* caddytls: set server name in context (#6324)
* chore: downgrade minimum Go version in go.mod (#6318)
* caddytest: normalize the JSON config (#6316)
* caddyhttp: New experimental handler for intercepting responses (#6232)
* httpcaddyfile: Set challenge ports when http_port or https_port are used
* logging: Add support for additional logger filters other than hostname (#6082)
* caddyhttp: Log 4xx as INFO; 5xx as ERROR (close #6106)
* caddyhttp: Alter log message when request is unhandled (close #5182)
* reverseproxy: Pointer to struct when loading modules; remove LazyCertPool (#6307)
* tracing: add trace_id var (`http.vars.trace_id` placeholder) (#6308)
* go.mod: CertMagic v0.21.0
* reverseproxy: Implement health_follow_redirects (#6302)
* caddypki: Allow use of root CA without a key. Fixes #6290 (#6298)
* go.mod: Upgrade to quic-go v0.43.1
* reverseproxy: HTTP transport: fix PROXY protocol initialization (#6301)
* caddytls: Ability to drop connections (close #6294)
* httpcaddyfile: Fix expression matcher shortcut in snippets (#6288)
* caddytls: Evict internal certs from cache based on issuer (#6266)
* chore: add warn logs when using deprecated fields (#6276)
* caddyhttp: Fix linter warning about deprecation
* go.mod: Upgrade to quic-go v0.43.0
* fileserver: Set 'Vary: Accept-Encoding' header (see #5849)
* events: Add debug log
* reverseproxy: handle buffered data during hijack (#6274)
* ci: remove `android` and `plan9` from cross-build workflow (#6268)
* run `golangci-lint run --fix --fast` (#6270)
* caddytls: Option to configure certificate lifetime (#6253)
* replacer: Implement `file.*` global replacements (#5463)
* caddyhttp: Address some Go 1.20 features (#6252)
* Quell linter (false positive)
* reverse_proxy: Add grace_period for SRV upstreams to Caddyfile (#6264)
* doc: add `verifier` in `ClientAuthentication` caddyfile marshaler doc (#6263)
* caddytls: Add Caddyfile support for on-demand permission module (close #6260)
* reverseproxy: Remove long-deprecated buffering properties
* reverseproxy: Reuse buffered request body even if partially drained
* reverseproxy: Accept EOF when buffering
* logging: Fix default access logger (#6251)
* fileserver: Improve Vary handling (#5849)
* cmd: Only validate config is proper JSON if config slice has data (#6250)
* staticresp: Use the evaluated response body for sniffing JSON content-type (#6249)
* encode: Slight fix for the previous commit
* encode: Improve Etag handling (fix #5849)
* httpcaddyfile: Skip automate loader if disable_certs is specified (fix #6148)
* caddyfile: Populate regexp matcher names by default (#6145)
* caddyhttp: record num. bytes read when response writer is hijacked (#6173)
* caddyhttp: Support multiple logger names per host (#6088)
* chore: fix some typos in comments (#6243)
* encode: Configurable compression level for zstd (#6140)
* caddytls: Remove shim code supporting deprecated lego-dns (#6231)
* connection policy: add `local_ip` matcher (#6074)
* reverseproxy: Wait for both ends of websocket to close (#6175)
* caddytls: Upgrade ACMEz to v2; support ZeroSSL API; various fixes (#6229)
* caddytls: Still provision permission module if ask is specified
* fileserver: read etags from precomputed files (#6222)
* fileserver: Escape # and ? in img src (fix #6237)
* reverseproxy: Implement modular CA provider for TLS transport (#6065)
* caddyhttp: Apply auto HTTPS redir to all interfaces (fix #6226)
* cmd: Fix panic related to config filename (fix #5919)
* cmd: Assume Caddyfile based on filename prefix and suffix (#5919)
* admin: Make `Etag` a header, not a trailer (#6208)
* caddyhttp: remove duplicate strings.Count in path matcher (fixes #6233) (#6234)
* caddyconfig: Use empty struct instead of bool in map (close #6224) (#6227)
* gitignore: Add rule for caddyfile.go (#6225)
* chore: Fix broken links in README.md (#6223)
* chore: Upgrade some dependencies (#6221)
* caddyhttp: Add plaintext response to `file_server browse` (#6093)
* admin: Use xxhash for etag (#6207)
* modules: fix some typo in conments (#6206)
* caddyhttp: Replace sensitive headers with REDACTED (close #5669)
* caddyhttp: close quic connections when server closes (#6202)
* reverseproxy: Use xxhash instead of fnv32 for LB (#6203)
* caddyhttp: add http.request.local{,.host,.port} placeholder (#6182)
* chore: remove repetitive word (#6193)
* Added a null check to avoid segfault on rewrite query ops (#6191)
* rewrite: `uri query` replace operation (#6165)
* logging: support `ms` duration format and add docs (#6187)
* replacer: use RWMutex to protect static provider (#6184)
* caddyhttp: Allow `header` replacement with empty string (#6163)
* vars: Make nil values act as empty string instead of `'<nil>'` (#6174)
* chore: Update quic-go to v0.42.0 (#6176)
* caddyhttp: Accept XFF header values with ports, when parsing client IP (#6183)
* reverseproxy: configurable active health_passes and health_fails (#6154)
* reverseproxy: Configurable forward proxy URL (#6114)
* caddyhttp: upgrade to cel v0.20.0 (#6161)
* chore: Bump Chroma to v2.13.0, includes new Caddyfile lexer (#6169)
* caddyhttp: suppress flushing if the response is being buffered (#6150)
* chore: encode: use FlushError instead of Flush (#6168)
* encode: write status immediately when status code is informational (#6164)
* httpcaddyfile: Keep deprecated `skip_log` in directive order (#6153)
* httpcaddyfile: Add `RegisterDirectiveOrder` function for plugin authors (#5865)
* rewrite: Implement `uri query` operations (#6120)
* fix struct names (#6151)
* fileserver: Preserve query during canonicalization redirect (#6109)
* logging: Implement `log_append` handler (#6066)
* httpcaddyfile: Allow nameless regexp placeholder shorthand (#6113)
* logging: Implement `append` encoder, allow flatter filters config (#6069)
* ci: fix the integration test `TestLeafCertLoaders` (#6149)
* vars: Allow overriding `http.auth.user.id` in replacer as a special case (#6108)
* caddytls: clientauth: leaf verifier: make trusted leaf certs source pluggable (#6050)
* cmd: Adjust config load logs/errors (#6032)
* reverseproxy: SRV dynamic upstream failover (#5832)
* ci: bump golangci/golangci-lint-action from 3 to 4 (#6141)
* core: OnExit hooks (#6128)
* cmd: fix the output of the `Usage` section (#6138)
* caddytls: verifier: caddyfile: re-add Caddyfile support (#6127)
* acmeserver: add policy field to define allow/deny rules (#5796)
* reverseproxy: cookie should be Secure and SameSite=None when TLS (#6115)
* caddytest: Rename adapt tests to `*.caddyfiletest` extension (#6119)
* tests: uses testing.TB interface for helper to be able to use test server in benchmarks. (#6103)
* caddyfile: Assert having a space after heredoc marker to simply check (#6117)
* chore: Update Chroma to get the new Caddyfile lexer (#6118)
* reverseproxy: use context.WithoutCancel (#6116)
* caddyfile: Reject directives in the place of site addresses (#6104)
* caddyhttp: Register post-shutdown callbacks (#5948)
* caddyhttp: Only attempt to enable full duplex for HTTP/1.x (#6102)
* caddyauth: Drop support for `scrypt` (#6091)
* Revert 'caddyfile: Reject long heredoc markers (#6098)' (#6100)
* caddyauth: Rename `basicauth` to `basic_auth` (#6092)
* logging: Inline Caddyfile syntax for `ip_mask` filter (#6094)
* caddyfile: Reject long heredoc markers (#6098)
* chore: Rename CI jobs, run on M1 mac (#6089)
* fix: add back text/*
* fix: add more media types to the compressed by default list
* acmeserver: support specifying the allowed challenge types (#5794)
* matchers: Drop `forwarded` option from `remote_ip` matcher (#6085)
* caddyhttp: Test cases for `%2F` and `%252F` (#6084)
* fileserver: Browse can show symlink target if enabled (#5973)
* core: Support NO_COLOR env var to disable log coloring (#6078)
* Update comment in setcap helper script
* caddytls: Make on-demand 'ask' permission modular (#6055)
* core: Add `ctx.Slogger()` which returns an `slog` logger (#5945)
* chore: Update quic-go to v0.41.0, bump Go minimum to 1.21 (#6043)
* chore: enabling a few more linters (#5961)
* caddyfile: Correctly close the heredoc when the closing marker appears immediately (#6062)
* caddyfile: Switch to slices.Equal for better performance (#6061)
* tls: modularize trusted CA providers (#5784)
* logging: Automatic `wrap` default for `filter` encoder (#5980)
* caddyhttp: Fix panic when request missing ClientIPVarKey (#6040)
* caddyfile: Normalize & flatten all unmarshalers (#6037)
* cmd: reverseproxy: log: use caddy logger (#6042)
* matchers: `query` now ANDs multiple keys (#6054)
* caddyfile: Add heredoc support to `fmt` command (#6056)
* refactor: move automaxprocs init in caddycmd.Main()
* caddyfile: Allow heredoc blank lines (#6051)
* httpcaddyfile: Add optional status code argument to `handle_errors` directive (#5965)
* httpcaddyfile: Rewrite `root` and `rewrite` parsing to allow omitting matcher (#5844)
* fileserver: Implement caddyfile.Unmarshaler interface (#5850)
* reverseproxy: Add `tls_curves` option to HTTP transport (#5851)
* caddyhttp: Security enhancements for client IP parsing (#5805)
* replacer: Fix escaped closing braces (#5995)
* filesystem: Globally declared filesystems, `fs` directive (#5833)
* ci/cd: use the build tag `nobadger` to exclude badgerdb (#6031)
* httpcaddyfile: Fix redir <to> html (#6001)
* httpcaddyfile: Support client auth verifiers (#6022)
* tls: add reuse_private_keys (#6025)
* reverseproxy: Only change Content-Length when full request is buffered (#5830)
* Switch Solaris-derivatives away from listen_unix (#6021)
* chore: check against errors of `io/fs` instead of `os` (#6011)
* caddyhttp: support unix sockets in `caddy respond` command (#6010)
* fileserver: Add total file size to directory listing (#6003)
* httpcaddyfile: Fix cert file decoding to load multiple PEM in one file (#5997)
* cmd: use automaxprocs for better perf in containers (#5711)
* logging: Add `zap.Option` support (#5944)
* httpcaddyfile: Sort skip_hosts for deterministic JSON (#5990)
* metrics: Record request metrics on HTTP errors (#5979)
* go.mod: Updated quic-go to v0.40.1 (#5983)
* fileserver: Enable compression for command by default (#5855)
* fileserver: New --precompressed flag (#5880)
* caddyhttp: Add `uuid` to access logs when used (#5859)
* proxyprotocol: use github.com/pires/go-proxyproto (#5915)
* cmd: Preserve LastModified date when exporting storage (#5968)
* core: Always make AppDataDir for InstanceID (#5976)
* chore: cross-build for AIX (#5971)
* caddytls: Sync distributed storage cleaning (#5940)
* caddytls: Context to DecisionFunc (#5923)
* tls: accept placeholders in string values of certificate loaders (#5963)
* templates: Offically make templates extensible (#5939)
* http2 uses new round-robin scheduler (#5946)
* panic when reading from backend failed to propagate stream error (#5952)
* chore: Bump otel to v1.21.0. (#5949)
* httpredirectlistener: Only set read limit for when request is HTTP (#5917)
* fileserver: Add .m4v for browse template icon
* Revert 'caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)' (#5924)
* go.mod: update quic-go version to v0.40.0 (#5922)
* update quic-go to v0.39.3 (#5918)
* chore: Fix usage pool comment (#5916)
* test: acmeserver: add smoke test for the ACME server directory (#5914)
* Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
* caddyhttp: Adjust `scheme` placeholder docs (#5910)
* go.mod: Upgrade quic-go to v0.39.1
* go.mod: CVE-2023-45142 Update opentelemetry (#5908)
* templates: Delete headers on `httpError` to reset to clean slate (#5905)
* httpcaddyfile: Remove port from logger names (#5881)
* core: Apply SO_REUSEPORT to UDP sockets (#5725)
* caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
* cmd: Add newline character to version string in CLI output (#5895)
* core: quic listener will manage the underlying socket by itself (#5749)
* templates: Clarify `include` args docs, add `.ClientIP` (#5898)
* httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
* cmd: upgrade: resolve symlink of the executable (#5891)
* caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
- CVEs:
* CVE-2024-22189 (boo#1222468)
* CVE-2023-45142
- Remove the manual user/group provides: the package uses
sysusers.d; the auto-provides were not working due to the broken
go_provides.
- Provide user and group (due to RPM 4.19)
- Update caddy.sysusers to also create a group
- Update to version 2.7.6:
* caddytls: Sync distributed storage cleaning (#5940)
* caddytls: Context to DecisionFunc (#5923)
* tls: accept placeholders in string values of certificate loaders (#5963)
* templates: Offically make templates extensible (#5939)
* http2 uses new round-robin scheduler (#5946)
* panic when reading from backend failed to propagate stream error (#5952)
* chore: Bump otel to v1.21.0. (#5949)
* httpredirectlistener: Only set read limit for when request is HTTP (#5917)
* fileserver: Add .m4v for browse template icon
* Revert 'caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)' (#5924)
* go.mod: update quic-go version to v0.40.0 (#5922)
* update quic-go to v0.39.3 (#5918)
* chore: Fix usage pool comment (#5916)
* test: acmeserver: add smoke test for the ACME server directory (#5914)
* Upgrade acmeserver to github.com/go-chi/chi/v5 (#5913)
* caddyhttp: Adjust `scheme` placeholder docs (#5910)
* go.mod: Upgrade quic-go to v0.39.1
* go.mod: CVE-2023-45142 Update opentelemetry (#5908)
* templates: Delete headers on `httpError` to reset to clean slate (#5905)
* httpcaddyfile: Remove port from logger names (#5881)
* core: Apply SO_REUSEPORT to UDP sockets (#5725)
* caddyhttp: Use sync.Pool to reduce lengthReader allocations (#5848)
* cmd: Add newline character to version string in CLI output (#5895)
* core: quic listener will manage the underlying socket by itself (#5749)
* templates: Clarify `include` args docs, add `.ClientIP` (#5898)
* httpcaddyfile: Fix TLS automation policy merging with get_certificate (#5896)
* cmd: upgrade: resolve symlink of the executable (#5891)
* caddyfile: Fix variadic placeholder false positive when token contains `:` (#5883)
- Update to version 2.7.5:
* admin: Respond with 4xx on non-existing config path (#5870)
* ci: Force the Go version for govulncheck (#5879)
* fileserver: Set canonical URL on browse template (#5867)
* tls: Add X25519Kyber768Draft00 PQ 'curve' behind build tag (#5852)
* reverseproxy: Add more debug logs (#5793)
* reverseproxy: Fix `least_conn` policy regression (#5862)
* reverseproxy: Add logging for dynamic A upstreams (#5857)
* reverseproxy: Replace health header placeholders (#5861)
* httpcaddyfile: Sort TLS SNI matcher for deterministic JSON output (#5860)
* cmd: Fix exiting with custom status code, add `caddy -v` (#5874)
* reverseproxy: fix parsing Caddyfile fails for unlimited request/response buffers (#5828)
* reverseproxy: Fix retries on 'upstreams unavailable' error (#5841)
* httpcaddyfile: Enable TLS for catch-all site if `tls` directive is specified (#5808)
* encode: Add `application/wasm*` to the default content types (#5869)
* fileserver: Add command shortcuts `-l` and `-a` (#5854)
* go.mod: Upgrade dependencies incl. x/net/http
* templates: Add dummy `RemoteAddr` to `httpInclude` request, proxy compatibility (#5845)
* reverseproxy: Allow fallthrough for response handlers without routes (#5780)
* fix: caddytest.AssertResponseCode error message (#5853)
* caddyhttp: Use LimitedReader for HTTPRedirectListener
* fileserver: browse template SVG icons and UI tweaks (#5812)
* reverseproxy: fix nil pointer dereference in AUpstreams.GetUpstreams (#5811)
* httpcaddyfile: fix placeholder shorthands in named routes (#5791)
* cmd: Prevent overwriting existing env vars with `--envfile` (#5803)
* ci: Run govulncheck (#5790)
* logging: query filter for array of strings (#5779)
* logging: Clone array on log filters, prevent side-effects (#5786)
* fileserver: Export BrowseTemplate
* ci: ensure short-sha is exported correctly on all platforms (#5781)
* caddyfile: Fix case where heredoc marker is empty after newline (#5769)
* go.mod: Update quic-go to v0.38.0 (#5772)
* chore: Appease gosec linter (#5777)
* replacer: change timezone to UTC for 'time.now.http' placeholders (#5774)
* caddyfile: Adjust error formatting (#5765)
* update quic-go to v0.37.6 (#5767)
* httpcaddyfile: Stricter errors for site and upstream address schemes (#5757)
* caddyfile: Loosen heredoc parsing (#5761)
* fileserver: docs: clarify the ability to produce JSON array with `browse` (#5751)
* fix package typo (#5764)
- Switch to sysuser for user setup
Update to version 2.7.4:
* go.mod: Upgrade CertMagic and quic-go
* reverseproxy: Always return new upstreams (fix #5736) (#5752)
* ci: use gci linter (#5708)
* fileserver: Slightly more fitting icons
* cmd: Require config for caddy validate (fix #5612) (#5614)
* caddytls: Update docs for on-demand config
* fileserver: Don't repeat error for invalid method inside error context (#5705)
* ci: Update to Go 1.21 (#5719)
* ci: Add riscv64 (64-bit RISC-V) to goreleaser (#5720)
* go.mod: Upgrade golang.org/x/net to 0.14.0 (#5718)
* ci: Use gofumpt to format code (#5707)
* templates: Fix httpInclude (fix #5698)
Update to version 2.7.3:
* go.mod: Upgrade to quic-go v0.37.3
* cmd: Split unix sockets for admin endpoint addresses (#5696)
* reverseproxy: do not parse upstream address too early if it contains replaceble parts (#5695)
* caddyfile: check that matched key is not a substring of the replacement key (#5685)
* chore: use `--clean` instead of `--rm-dist` for goreleaser (#5691)
* go.mod: Upgrade quic-go to v0.37.2 (fix #5680)
* fileserver: browse: Render SVG images in grid
- Update to version 2.7.2:
* reverseproxy: Fix hijack ordering which broke websockets (#5679)
* httpcaddyfile: Fix `string does not match ~[]E` error (#5675)
* encode: Fix infinite recursion (#5672)
* caddyhttp: Make use of `http.ResponseController` (#5654)
* go.mod: Upgrade dependencies esp. smallstep/certificates
* core: Allow loopback hosts for admin endpoint (fix #5650) (#5664)
* httpcaddyfile: Allow `hostnames` & logger name overrides for log directive (#5643)
* reverseproxy: Connection termination cleanup (#5663)
* go.mod: Use quic-go 0.37.1
* reverseproxy: Export ipVersions type (#5648)
* go.mod: Use latest CertMagic (v0.19.1)
* caddyhttp: Preserve original error (fix #5652)
* fileserver: add lazy image loading (#5646)
* go.mod: Update quic-go to v0.37.0, bump to Go 1.20 minimum (#5644)
* core: Refine mutex during reloads (fix #5628) (#5645)
* go.mod: update quic-go to v0.36.2 (#5636)
* fileserver: Tweak grid view of browse template
* fileserver: add `export-template` sub-command to `file-server` (#5630)
* caddyfile: Fix comparing if two tokens are on the same line (#5626)
* caddytls: Reuse certificate cache through reloads (#5623)
* Minor tweaks to security.md
* reverseproxy: Pointer receiver
* caddyhttp: Trim dot/space only on Windows (fix #5613)
* update quic-go to v0.36.1 (#5611)
* caddyconfig: Specify config adapter for HTTP loader (close #5607)
* core: Embed net.UDPConn to gain optimizations (#5606)
* chore: remove deprecated property `rlcp` in goreleaser config (#5608)
* core: Skip `chmod` for abstract unix sockets (#5596)
* core: Add optional unix socket file permissions (#4741)
* reverseproxy: Honor `tls_except_port` for active health checks (#5591)
* Appease linter
* Fix compile on Windows, hopefully
* core: Properly preserve unix sockets (fix #5568)
* go.mod: Upgrade CertMagic for hotfix
* go.mod: Upgrade some dependencies
* chore: upgrade otel (#5586)
* go.mod: Update quic-go to v0.36.0 (#5584)
* reverseproxy: weighted_round_robin load balancing policy (#5579)
* reverseproxy: Experimental streaming timeouts (#5567)
* chore: remove refs of deprecated io/ioutil (#5576)
* headers: Allow `>` to defer shortcut for replacements (#5574)
* caddyhttp: Support custom network for HTTP/3 (#5573)
* reverseproxy: Fix parsing of source IP in case it's an ipv6 address (#5569)
* fileserver: browse: Better grid layout (#5564)
* caddytls: Clarify some JSON config docs
* cmd: Implement storage import/export (#5532)
* go.mod: Upgrade quic-go to 0.35.1
* update quic-go to v0.35.0 (#5560)
* templates: Add `readFile` action that does not evaluate templates (#5553)
* caddyfile: Track import name instead of modifying filename (#5540)
* core: Use SO_REUSEPORT_LB on FreeBSD (#5554)
* caddyfile: Do not replace import tokens if they are part of a snippet (#5539)
* fileserver: Don't set Etag if mtime is 0 or 1 (close #5548) (#5550)
* fileserver: browse: minor tweaks for grid view, dark mode (#5545)
* fileserver: Only set Etag if not already set (fix #5546) (#5547)
* fileserver: Fix file browser breadcrumb font (#5543)
* caddyhttp: Fix h3 shutdown (#5541)
* fileserver: More filetypes for browse icons
* fileserver: Fix file browser footer in grid mode (#5536)
* cmd: Avoid spammy log messages (fix #5538)
* httpcaddyfile: Sort Caddyfile slice
* caddyhttp: Implement named routes, `invoke` directive (#5107)
* rewrite: use escaped path, fix #5278 (#5504)
* headers: Add > Caddyfile shortcut for enabling defer (#5535)
* go.mod: Upgrade several dependencies
* reverseproxy: Expand port ranges to multiple upstreams in CLI + Caddyfile (#5494)
* fileserver: Use EscapedPath for browse (#5534)
* caddyhttp: Refactor cert Managers (fix #5415) (#5533)
* Slightly more helpful error message
* caddytls: Check for nil ALPN; close #5470 (#5473)
* cmd: Reduce spammy logs from --watch
* caddyhttp: Add a getter for Server.name (#5531)
* caddytls: Configurable fallback SNI (#5527)
* caddyhttp: Update quic's TLS configs after reload (#5517) (fix #4849)
* Add doc comment about changing admin endpoint
* feature: watch include directory (#5521)
* chore: remove deprecated linters (#5525)
* go.mod: Upgrade CertMagic again
* go.mod: Upgrade CertMagic
* reverseproxy: Optimize base case for least_conn and random_choose policies (#5487)
* reverseproxy: Fix active health check header canonicalization, refactor (#5446)
* reverseproxy: Add `fallback` for some policies, instead of always random (#5488)
* logging: Actually honor the SoftStart parameter
* logging: Soft start for net writer (close #5520)
* fastcgi: Fix `capture_stderr` (#5515)
* acmeserver: Configurable `resolvers`, fix smallstep deprecations (#5500)
* go.mod: Update some dependencies
* logging: Add traceID field to access logs when tracing is active (#5507)
* caddyhttp: Impl `ResponseWriter.Unwrap()`, prep for Go 1.20's `ResponseController` (#5509)
* reverseproxy: Fix reinitialize upstream healthy metrics (#5498)
* fix some comments (#5508)
* templates: Add `fileStat` function (#5497)
* caddyfile: Stricter parsing, error for brace on new line (#5505)
* core: Return default logger if no modules loaded
* celmatcher: Implement `pkix.Name` conversion to string (#5492)
* chore: Adjustments to CI caching (#5495)
* reverseproxy: Remove deprecated `lookup_srv` (#5396)
* cmd: Support `'` quotes in envfile parsing (#5437)
* Update contributing guidelines (#5466)
* caddyhttp: Serve http2 when listener wrapper doesn't return *tls.Conn (#4929)
* reverseproxy: Add `query` and `client_ip_hash` lb policies (#5468)
* cmd: Create pidfile before config load (close #5477)
* fileserver: Add color-scheme meta tag (#5475)
* proxyprotocol: Add PROXY protocol support to `reverse_proxy`, add HTTP listener wrapper (#5424)
* reverseproxy: Add mention of which half a copyBuffer err comes from (#5472)
* caddyhttp: Log request body bytes read (#5461)
* log: Make sink logs encodable (#5441)
* caddytls: Eval replacer on automation policy subjects (#5459)
* headers: Support deleting all headers as first op (#5464)
* replacer: Add HTTP time format (#5458)
* reverseproxy: Header up/down support for CLI command (#5460)
* caddyhttp: Determine real client IP if trusted proxies configured (#5104)
* httpcaddyfile: Adjust path matcher sorting to solve for specificity (#5462)
* caddytls: Zero out throttle window first (#5443)
* ci: add `--yes` to cosign arguments (#5440)
* reverseproxy: Reset Content-Length to prevent FastCGI from hanging (#5435)
* caddytls: Allow on-demand w/o ask for internal-only
* caddytls: Require 'ask' endpoint for on-demand TLS
* fileserver: New file browse template (#5427)
* go.mod: Upgrade dependencies
* tracing: Support autoprop from OTEL_PROPAGATORS (#5147)
* caddyhttp: Enable 0-RTT QUIC (#5425)
* encode: flush status code when hijacked. (#5419)
* fileserver: Remove trailing slash on fs filenames (#5417)
* core: Eliminate unnecessary shutdown delay on Unix (#5413)
* caddyhttp: Fix `vars_regexp` matcher with placeholders (#5408)
* context: Rename func to `AppIfConfigured` (#5397)
* reverseproxy: allow specifying ip version for dynamic `a` upstream (#5401)
* caddyfile: Fix heredoc fuzz crasher, drop trailing newline (#5404)
* caddyfile: Implement heredoc support (#5385)
* cmd: Expand cobra support, add short flags (#5379)
* ci: Update minimum Go version to 1.19
* go.mod: Upgrade quic-go to v0.33.0 (Go 1.19 min)
* reverseproxy: refactor HTTP transport layer (#5369)
* caddytls: Relax the warning for on-demand (#5384)
* cmd: Strict unmarshal for validate (#5383)
* caddyfile: Implement variadics for import args placeholders (#5249)
* cmd: make `caddy fmt` hints more clear (#5378)
* cmd: Adjust documentation for commands (#5377)
- Update to version 2.6.4:
* reverseproxy: Don't buffer chunked requests (fix #5366) (#5367)
ModerateSUSE bug 1222468CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2024-22189 at SUSECVE-2024-22189 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 126.0.6478.182 (boo#1227979):
- CVE-2024-6772: Inappropriate implementation in V8
- CVE-2024-6773: Type Confusion in V8
- CVE-2024-6774: Use after free in Screen Capture
- CVE-2024-6775: Use after free in Media Stream
- CVE-2024-6776: Use after free in Audio
- CVE-2024-6777: Use after free in Navigation
- CVE-2024-6778: Race in DevTools
- CVE-2024-6779: Out of bounds memory access in V8
ImportantSUSE bug 1227979CVE-2024-6772 at SUSECVE-2024-6772 at NVDCVE-2024-6773 at SUSECVE-2024-6773 at NVDCVE-2024-6774 at SUSECVE-2024-6774 at NVDCVE-2024-6775 at SUSECVE-2024-6775 at NVDCVE-2024-6776 at SUSECVE-2024-6776 at NVDCVE-2024-6777 at SUSECVE-2024-6777 at NVDCVE-2024-6778 at SUSECVE-2024-6778 at NVDCVE-2024-6779 at SUSECVE-2024-6779 at NVDcpe:/o:opensuse:leap:15.5Security update for python-sentry-sdk (Moderate)openSUSE Leap 15.5
This update for python-sentry-sdk fixes the following issues:
- CVE-2024-40647: Do not leak environment variables to child processes. (bsc#1228128)
ModerateSUSE bug 1228128CVE-2024-40647 at SUSECVE-2024-40647 at NVDcpe:/o:opensuse:leap:15.5Security update for exim (Important)openSUSE Leap 15.5
This update for exim fixes the following issues:
- CVE-2024-39929: Fixed incorrect parsing of multiline rfc2231 header filename (boo#1227423).
ImportantSUSE bug 1227423CVE-2024-39929 at SUSECVE-2024-39929 at NVDcpe:/o:opensuse:leap:15.5Security update for python-nltk (Important)openSUSE Leap 15.5
This update for python-nltk fixes the following issues:
- CVE-2024-39705: Fixed remote code execution through unsafe pickle usage (boo#1227174).
ImportantSUSE bug 1227174CVE-2024-39705 at SUSECVE-2024-39705 at NVDcpe:/o:opensuse:leap:15.5Security update for keybase-client (Moderate)openSUSE Leap 15.5
This update for keybase-client fixes the following issues:
- Update the Image dependency to address CVE-2024-24792 (boo#1227167).
ModerateSUSE bug 1227167CVE-2024-24792 at SUSECVE-2024-24792 at NVDcpe:/o:opensuse:leap:15.5Security update for assimp (Moderate)openSUSE Leap 15.5
This update for assimp fixes the following issues:
- CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class (boo#1228142),
ModerateSUSE bug 1218474SUSE bug 1228142CVE-2024-40724 at SUSECVE-2024-40724 at NVDcpe:/o:opensuse:leap:15.5Security update for gh (Moderate)openSUSE Leap 15.5
This update for gh fixes the following issues:
Update to version 2.53.0:
* CVE-2024-6104: gh: hashicorp/go-retryablehttp: url might write sensitive information to log file (boo#1227035)
* Disable `TestGetTrustedRoot/successfully_verifies_TUF_root` test due to https://github.com/cli/cli/issues/8928
* Rename package directory and files
* Rename package name to `update_branch`
* Rename `gh pr update` to `gh pr update-branch`
* Add test case for merge conflict error
* Handle merge conflict error
* Return error if PR is not mergeable
* Replace literals with consts for `Mergeable` field values
* Add separate type for `PullRequest.Mergeable` field
* Remove unused flag
* Print message on stdout instead of stderr
* Raise error if editor is used in non-tty mode
* Add tests for JSON field support on issue and pr view commands
* docs: Update documentation for `gh repo create` to clarify owner
* Ensure PR does not panic when stateReason is requested
* Add `createdAt` field to tests
* Add `createdAt` field to `Variable` type
* Add test for exporting as JSON
* Add test for JSON output
* Only populate selected repo information for JSON output
* Add test to verify JSON exporter gets set
* Add `--json` option support
* Use `Variable` type defined in `shared` package
* Add tests for JSON output
* Move `Variable` type and `PopulateSelectedRepositoryInformation` func to shared
* Fix query parameter name
* Update tests to account for ref comparison step
* Improve query variable names
* Check if PR branch is already up-to-date
* Add `ComparePullRequestBaseBranchWith` function
* Run `go mod tidy`
* Add test to verify `--repo` requires non-empty selector
* Require non-empty selector when `--repo` override is used
* Run `go mod tidy`
* Register `update` command
* Add tests for `pr update` command
* Add `pr update` command
* Add `UpdatePullRequestBranch` method
* Upgrade `shurcooL/githubv4`
Update to version 2.52.0:
* Attestation Verification - Buffer Fix
* Remove beta note from attestation top level command
* Removed beta note from `gh at download`.
* Removed beta note from `gh at verify`, clarified reusable workflows use case.
* add `-a` flag to `gh run list`
ModerateSUSE bug 1227035CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:opensuse:leap:15.5Security update for libuev (Moderate)openSUSE Leap 15.5
This update for libuev fixes the following issues:
- Update to 2.4.1:
* Update README with list of moden Linux APIs used
* Fix #27: possible buffer overrun in uev_run()
boo#1218749 CVE-2022-48620
ModerateSUSE bug 1218749CVE-2022-48620 at SUSECVE-2022-48620 at NVDcpe:/o:opensuse:leap:15.5Security update for python-notebook (Moderate)openSUSE Leap 15.5
This update for python-notebook fixes the following issues:
- Update to 5.7.11
* sanitizer fix CVE-2021-32798 (boo#1227583)
- Update to 5.7.10
* no upstream changelog
- Update to 5.7.9
* Update JQuery dependency to version 3.4.1 to fix security
vulnerability (CVE-2019-11358)
* Update from preact to React
ModerateSUSE bug 1227583CVE-2019-11358 at SUSECVE-2019-11358 at NVDCVE-2021-32798 at SUSECVE-2021-32798 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiosmtpd (Important)openSUSE Leap 15.5
This update for python-aiosmtpd fixes the following issues:
- CVE-2024-34083: Fixed MiTM attack could inject extra unencrypted commands after STARTTLS (boo#1224467)
- CVE-2024-27305: Fixed SMTP smuggling (boo#1221328)
ImportantSUSE bug 1221328SUSE bug 1224467CVE-2024-27305 at SUSECVE-2024-27305 at NVDCVE-2024-34083 at SUSECVE-2024-34083 at NVDcpe:/o:opensuse:leap:15.5Security update for apptainer (Important)openSUSE Leap 15.5
This update for apptainer fixes the following issues:
- Make sure, digest values handled by the Go library
github.com/opencontainers/go-digest and used throughout the
Go-implemented containers ecosystem are always validated. This
prevents attackers from triggering unexpected authenticated
registry accesses. (CVE-2024-3727, boo#1224114).
- Updated apptainer to version 1.3.0
* FUSE mounts are now supported in setuid mode, enabling full
functionality even when kernel filesystem mounts are insecure due to
unprivileged users having write access to raw filesystems in
containers. When allow `setuid-mount extfs = no` (the default) in
apptainer.conf, then the fuse2fs image driver will be used to mount
ext3 images in setuid mode instead of the kernel driver (ext3 images
are primarily used for the `--overlay` feature), restoring
functionality that was removed by default in Apptainer 1.1.8 because
of the security risk.
The allow `setuid-mount squashfs` configuration option in
`apptainer.conf` now has a new default called `iflimited` which allows
kernel squashfs mounts only if there is at least one `limit container`
option set or if Execution Control Lists are activated in ecl.toml.
If kernel squashfs mounts are are not allowed, then the squashfuse
image driver will be used instead.
`iflimited` is the default because if one of those limits are used
the system administrator ensures that unprivileged users do not have
write access to the containers, but on the other hand using FUSE
would enable a user to theoretically bypass the limits via `ptrace()`
because the FUSE process runs as that user.
The `fuse-overlayfs` image driver will also now be tried in setuid
mode if the kernel overlayfs driver does not work (for example if
one of the layers is a FUSE filesystem). In addition, if `allow
setuid-mount encrypted = no` then the unprivileged gocryptfs format
will be used for encrypting SIF files instead of the kernel
device-mapper. If a SIF file was encrypted using the gocryptfs
format, it can now be mounted in setuid mode in addition to
non-setuid mode.
* Change the default in user namespace mode to use either kernel
overlayfs or fuse-overlayfs instead of the underlay feature for the
purpose of adding bind mount points. That was already the default in
setuid mode; this change makes it consistent. The underlay feature
can still be used with the `--underlay` option, but it is deprecated
because the implementation is complicated and measurements have
shown that the performance of underlay is similar to overlayfs and
fuse-overlayfs.
For now the underlay feature can be made the default again with a
new `preferred` value on the `enable underlay` configuration option.
Also the `--underlay` option can be used in setuid mode or as the
root user, although it was ignored previously.
* Prefer again to use kernel overlayfs over fuse-overlayfs when a
lower layer is FUSE and there's no writable upper layer, undoing the
change from 1.2.0. Another workaround was found for the problem that
change addressed. This applies in both setuid mode and in user
namespace mode.
* `--cwd` is now the preferred form of the flag for setting the
container's working directory, though `--pwd` is still supported for
compatibility.
* The way `--home` is handled when running as root (e.g. sudo apptainer)
or with `--fakeroot` has changed. Previously, we were only modifying
the `HOME` environment variable in these cases, while leaving the
container's `/etc/passwd` file unchanged (with its homedir field
pointing to `/root`, regardless of the value passed to `--home`). With
this change, both value of HOME and the contents of `/etc/passwd` in
the container will reflect the value passed to `--home` if the
container is readonly. If the container is writable, the
`/etc/passwd` file is left alone because it can interfere with
commands that want to modify it.
* The `--vm` and related flags to start apptainer inside a VM have been
removed. This functionality was related to the retired Singularity Desktop
/ SyOS projects.
* The keyserver-related commands that were under `remote` have been moved to
their own, dedicated `keyserver` command. Run `apptainer help keyserver`
for more information.
* The commands related to OCI/Docker registries that were under `remote` have
been moved to their own, dedicated `registry` command. Run
`apptainer help registry` for more information.
* The the `remote list` subcommand now outputs only remote endpoints (with
keyservers and OCI/Docker registries having been moved to separate
commands), and the output has been streamlined.
* Adding a new remote endpoint using the `apptainer remote add` command will
now set the new endpoint as default. This behavior can be suppressed by
supplying the `--no-default` (or `-n`) flag to `remote add`.
* Skip parsing build definition file template variables after comments
beginning with a hash symbol.
* The global `/tmp` directory is no longer used for gocryptfs mountpoints.
- New Features & Functionality
* The `remote status` command will now print the username, realname, and
email of the logged-in user, if available.
* Add monitoring feature support, which requires the usage of an
additional tool named `apptheus`, this tool will put apptainer starter
into a newly created cgroup and collect system metrics.
* A new `--no-pid` flag for `apptainer run/shell/exec` disables the PID
namespace inferred by `--containall` and `--compat`.
* Added `--config` option to `keyserver` commands.
* Honor an optional remoteName argument to the `keyserver list` command.
* Added the `APPTAINER_ENCRYPTION_PEM_DATA` env var to allow for
encrypting and running encrypted containers without a PEM file.
* Adding `--sharens` mode for `apptainer exec/run/shell`, which enables to
run multiple apptainer instances created by the same parent using
the same image in the same user namespace.
- Make 'gocryptfs' an optional dependency.
- Make apptainer definition templates version dependent.
- Fix 'apptainer build' using signed packages from the SUSE
Registry (boo#1221364).
- Updated apptainer to version 1.2.5
* Added `libnvidia-nvvm` to `nvliblist.conf`. Newer NVIDIA
Drivers (known with >= 525.85.05) require this lib to compile
OpenCL programs against NVIDIA GPUs, i.e. `libnvidia-opencl`
depends on `libnvidia-nvvm`.
* Disable the usage of cgroup in instance creation when
`--fakeroot` is passed.
* Disable the usage of cgroup in instance creation when `hidepid`
mount option on `/proc` is set.
* Fixed a regression introduced in 1.2.0 where the user's
password file information was not copied in to the container
when there was a parent root-mapped user namespace (as is the
case for example in `cvmfsexec`).
* Added the upcoming NVIDIA driver library `libnvidia-gpucomp.so`
to the list of libraries to add to NVIDIA GPU-enabled
containers. Fixed missing error handling during the creation
of an encrypted image that lead to the generation of corrupted
images.
* Use `APPTAINER_TMPDIR` for temporary files during privileged
image encryption.
* If rootless unified cgroups v2 is available when starting an
image but `XDG_RUNTIME_DIR` or `DBUS_SESSION_BUS_ADDRESS` is
not set, print an info message that stats will not be available
instead of exiting with a fatal error.
* Allow templated build arguments to definition files to have
empty values.
- Package .def templates separately for different SPs.
- Do not build squashfuse, require it as a dependency.
- Replace awkward 'Obsoletes: singularity-*' as well as the
'Provides: Singularity' by 'Conflicts:' and drop the provides -
the versioning scheme does not match and we do not automatically
migrate from one to the other.
- Exclude platforms which do not provide all build dependencies.
- updated to 1.2.3 with following changes:
* The apptainer push/pull commands now show a progress bar for the oras
protocol like there was for docker and library protocols.
* The --nv and --rocm flags can now be used simultaneously.
* Fix the use of APPTAINER_CONFIGDIR with apptainer instance start and action
commands that refer to instance://.
* Fix the issue that apptainer would not read credentials from the Docker
fallback path ~/.docker/config.json if missing in the apptainer
credentials.
- updated to 1.2.2 with following changes:
* Fix $APPTAINER_MESSAGELEVEL to correctly set the logging level.
* Fix build failures when in setuid mode and unprivileged user namespaces are
unavailable and the --fakeroot option is not selected.
- updated to 1.2.1 to fix CVE-2023-38496 although not relevant as package is
compiled with setuid
- update to 1.2.0 with following changes:
* binary is built reproducible which disables plugins
* Create the current working directory in a container when it doesn't exist.
This restores behavior as it was before singularity 3.6.0. As a result,
using --no-mount home won't have any effect when running apptainer from a
home directory and will require --no-mount home,cwd to avoid mounting that
directory.
* Handle current working directory paths containing symlinks both on the host
and in a container but pointing to different destinations. If detected, the
current working directory is not mounted when the destination directory in
the container exists.
* Destination mount points are now sorted by shortest path first to ensure
that a user bind doesn't override a previous bind path when set in
arbitrary order on the CLI. This is also applied to image binds.
* When the kernel supports unprivileged overlay mounts in a user namespace,
the container will be constructed by default using an overlay instead of an
underlay layout for bind mounts. A new --underlay action option can be used
to prefer underlay instead of overlay.
* sessiondir maxsize in apptainer.conf now defaults to 64 MiB for new
installations. This is an increase from 16 MiB in prior versions.
* The apptainer cache is now architecture aware, so the same home directory
cache can be shared by machines with different architectures.
* Overlay is blocked on the panfs filesystem, allowing sandbox directories to
be run from panfs without error.
* Lookup and store user/group information in stage one prior to entering any
namespaces, to fix an issue with winbind not correctly looking up
user/group information when using user namespaces.
- New features / functionalities
* Support for unprivileged encryption of SIF files using gocryptfs. This is
not compatible with privileged encryption, so containers encrypted by root
need to be rebuilt by an unprivileged user.
* Templating support for definition files. Users can now define variables in
definition files via a matching pair of double curly brackets. Variables of
the form {{ variable }} will be replaced by a value defined either by a
variable=value entry in the %arguments section of the definition file or
through new build options --build-arg or --build-arg-file.
* Add a new instance run command that will execute the runscript when an
instance is initiated instead of executing the startscript.
* The sign and verify commands now support signing and verification with
non-PGP key material by specifying the path to a private key via the --key
flag.
* The verify command now supports verification with X.509 certificates by
specifying the path to a certificate via the --certificate flag. By
default, the system root certificate pool is used as trust anchors unless
overridden via the --certificate-roots flag. A pool of intermediate
certificates that are not trust anchors, but can be used to form a
certificate chain, can also be specified via the
--certificate-intermediates flag.
* Support for online verification checks of X.509 certificates using OCSP
protocol via the new verify --ocsp-verify option.
* The instance stats command displays the resource usage every second. The
--no-stream option disables this interactive mode and shows the
point-in-time usage.
* Instances are now started in a cgroup by default, when run as root or when
unified cgroups v2 with systemd as manager is configured. This allows
apptainer instance stats to be supported by default when possible.
* The instance start command now accepts an optional --app <name> argument
which invokes a start script within the %appstart <name> section in the
definition file. The instance stop command still only requires the instance
name.
* The instance name is now available inside an instance via the new
APPTAINER_INSTANCE environment variable.
* The --no-mount flag now accepts the value bind-paths to disable mounting of
all bind path entries in apptainer.conf.
Support for DOCKER_HOST parsing when using docker-daemon://
DOCKER_USERNAME and DOCKER_PASSWORD supported without APPTAINER_ prefix.
Add new Linux capabilities CAP_PERFMON, CAP_BPF, and CAP_CHECKPOINT_RESTORE.
* The remote get-login-password command allows users to retrieve a remote's
token. This enables piping the secret directly into docker login while
preventing it from showing up in a shell's history.
* Define EUID in %environment alongside UID.
* In --rocm mode, the whole of /dev/dri is now bound into the container when
--contain is in use. This makes /dev/dri/render devices available, required
for later ROCm versions.
- update to 1.1.9 with following changes:
* Remove warning about unknown xino=on option from fuse-overlayfs, introduced
in 1.1.8.
* Ignore extraneous warning from fuse-overlayfs about a readonly /proc.
* Fix dropped 'n' characters on some platforms in definition file stored as
part of SIF metadata.
* Remove duplicated group ids.
* Fix not being able to handle multiple entries in LD_PRELOAD when binding
fakeroot into container during apptainer startup for --fakeroot with
fakeroot command.
- Included a fix for CVE-2023-30549 which is a vulnerability in setuid-root
installations of Apptainer iwhich was not active in the recent openSUSE
packages. Still this is included for completenss. The fix adds allow
setuid-mount configuration options encrypted, squashfs, and extfs, and makes
the default for extfs be 'no'. That disables the use of extfs mounts
including for overlays or binds while in the setuid-root mode, while leaving
it enabled for unprivileged user namespace mode. The default for encrypted
and squashfs is 'yes'.
- Other bug fixes:
* Fix loop device 'no such device or address' spurious errors when using shared
loop devices.
* Add xino=on mount option for writable kernel overlay mount points to fix
inode numbers consistency after kernel cache flush (not applicable to
fuse-overlayfs).
- updated to 1.1.7 with following changes:
* Allow gpu options such as --nv to be nested by always inheriting all
libraries bound in to a parent container's /.singularity.d/libs.
* Map the user's home directory to the root home directory by default in the
non-subuid fakeroot mode like it was in the subuid fakeroot mode, for both
action commands and building containers from definition files.
* Make the error message more helpful in another place where a remote is
found to have no library client.
* Avoid incorrect error when requesting fakeroot network.
* Pass computed LD_LIBRARY_PATH to wrapped unsquashfs. Fixes issues where
unsquashfs on host uses libraries in non-default paths.
ImportantSUSE bug 1221364SUSE bug 1224114CVE-2023-30549 at SUSECVE-2023-30549 at NVDCVE-2023-38496 at SUSECVE-2023-38496 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:opensuse:leap:15.5Security update for sngrep (Moderate)openSUSE Leap 15.5
This update for sngrep fixes the following issues:
- CVE-2024-35434: Fixed heap buffer overflow in rtp_check_packet (boo#1225638)
ModerateSUSE bug 1225638CVE-2024-35434 at SUSECVE-2024-35434 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Critical)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Update to 120.0.6099.224 (boo#1218892):
- CVE-2024-0517: Out of bounds write in V8
- CVE-2024-0518: Type Confusion in V8
- CVE-2024-0519: Out of bounds memory access in V8
- Various fixes from internal audits, fuzzing and other initiatives
CriticalSUSE bug 1218892CVE-2024-0517 at SUSECVE-2024-0517 at NVDCVE-2024-0518 at SUSECVE-2024-0518 at NVDCVE-2024-0519 at SUSECVE-2024-0519 at NVDcpe:/o:opensuse:leap:15.5Security update for sleuthkit (Moderate)openSUSE Leap 15.5
This update for sleuthkit fixes the following issues:
* CVE-2019-14531: Fixed an out of bounds read on iso9660 while parsing System Use Sharing Protocol data in fs/iso9660.c. (boo#1144304)
update to 4.12.1:
* C/C++:
* Bug fixes from Luis Nassif and Joachim Metz
* Added check to stop for very large folders to prevent memory exhaustion
* Java:
* Added File Repository concept for files to be stored in another location
* Schema updated to 9.4
* Fixed OS Account merge bug and now fire events when accounts are merged
update to 4.12.0:
* Add Linux LVM support
* Logical File System support (a folder structure is parsed by TSK libraries)
* Many small fixes
update to 4.11.1:
* C/C++:
* Several fixes from @joachimmetz
* NTFS Decompression bug fix from @kastonework and @uckelman-sf
* Java:
* Fixed connection leak when making OS Accounts in bridge
* OsAccount updates for instance types and special Windows SIDs
Fixed issue with duplicate value in Japanese timeline translation
update to 4.11.0:
* C/C++:
* Added checks at various layers to detect encrypted file systems and disks to give more useful error messages.
* Added checks to detect file formats that are not supported (such as AD1, ZIP, etc.) to give more useful error messages.
* Added tsk_imageinfo tool that detects if an image is supported by TSK and if it is encrypted.
* Add numerous bound checks from @joachimmetz
* Clarified licenses as pointed out by @joachimmetz
* Java:
* Updated from Schema 8.6 to 9.1.
* Added tables and classes for OS Accounts and Realms (Domains).
* Added tables and classes for Host Addresses (IP, MAC, etc.).
* Added tables and classes for Analysis Results vs Data Artifacts by adding onto BlackboardArtifacts.
* Added tables and classes for Host and Person to make it easier to group data sources.
* Added static types for standard artifact types.
* Added File Attribute table to allow custom information to be stored for each file.
* Made ordering of getting lock and connection consistent.
* Made the findFile methods more efficient by using extension (which is indexed).
ModerateSUSE bug 1144304CVE-2019-14531 at SUSECVE-2019-14531 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 112.0.5197.53
* CHR-9814 Update Chromium on desktop-stable-126-5197 to
126.0.6478.226
* DNA-116974 Site settings popup size not expanding causing
display issues
* DNA-117115 Tab islands are extending partially after Workspace
change
* DNA-117708 H.264 SW decoding only possible if HW decoding
is possible
* DNA-117792 Crash at content::RenderWidgetHostImpl::
ForwardMouseEventWithLatencyInfo(blink::
WebMouseEvent const&, ui::LatencyInfo const&)
- The update to chromium >= 126.0.6478.182 fixes following issues:
CVE-2024-6772, CVE-2024-6773, CVE-2024-6774, CVE-2024-6775,
CVE-2024-6776, CVE-2024-6777, CVE-2024-6778, CVE-2024-6779
- Update to 112.0.5197.30
* CHR-9416 Updating Chromium on desktop-stable-* branches
ImportantCVE-2024-6772 at SUSECVE-2024-6772 at NVDCVE-2024-6773 at SUSECVE-2024-6773 at NVDCVE-2024-6774 at SUSECVE-2024-6774 at NVDCVE-2024-6775 at SUSECVE-2024-6775 at NVDCVE-2024-6776 at SUSECVE-2024-6776 at NVDCVE-2024-6777 at SUSECVE-2024-6777 at NVDCVE-2024-6778 at SUSECVE-2024-6778 at NVDCVE-2024-6779 at SUSECVE-2024-6779 at NVDSecurity update for python-Pillow (Moderate)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2022-45198: Fixed improper handling of highly compressed GIF data (boo#1205416)
ModerateSUSE bug 1205416CVE-2022-45198 at SUSECVE-2022-45198 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium, gn, rust-bindgen (Important)openSUSE Leap 15.5
This update for chromium, gn, rust-bindgen fixes the following issues:
- Chromium 127.0.6533.119 (boo#1228941)
* CVE-2024-7532: Out of bounds memory access in ANGLE
* CVE-2024-7533: Use after free in Sharing
* CVE-2024-7550: Type Confusion in V8
* CVE-2024-7534: Heap buffer overflow in Layout
* CVE-2024-7535: Inappropriate implementation in V8
* CVE-2024-7536: Use after free in WebAudio
- Chromium 127.0.6533.88 (boo#1228628, boo#1228940, boo#1228942)
* CVE-2024-6988: Use after free in Downloads
* CVE-2024-6989: Use after free in Loader
* CVE-2024-6991: Use after free in Dawn
* CVE-2024-6992: Out of bounds memory access in ANGLE
* CVE-2024-6993: Inappropriate implementation in Canvas
* CVE-2024-6994: Heap buffer overflow in Layout
* CVE-2024-6995: Inappropriate implementation in Fullscreen
* CVE-2024-6996: Race in Frames
* CVE-2024-6997: Use after free in Tabs
* CVE-2024-6998: Use after free in User Education
* CVE-2024-6999: Inappropriate implementation in FedCM
* CVE-2024-7000: Use after free in CSS. Reported by Anonymous
* CVE-2024-7001: Inappropriate implementation in HTML
* CVE-2024-7003: Inappropriate implementation in FedCM
* CVE-2024-7004: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-7005: Insufficient validation of untrusted input
in Safe Browsing
* CVE-2024-6990: Uninitialized Use in Dawn
* CVE-2024-7255: Out of bounds read in WebTransport
* CVE-2024-7256: Insufficient data validation in Dawn
gh:
- Update to version 0.20240730:
* Rust: link_output, depend_output and runtime_outputs for dylibs
* Add missing reference section to function_toolchain.cc
* Do not cleanup args.gn imports located in the output directory.
* Fix expectations in NinjaRustBinaryTargetWriterTest.SwiftModule
* Do not add native dependencies to the library search path
* Support linking frameworks and swiftmodules in Rust targets
* [desc] Silence print() statements when outputing json
* infra: Move CI/try builds to Ubuntu-22.04
* [MinGW] Fix mingw building issues
* [gn] Fix 'link' in the //examples/simple_build/build/toolchain/BUILD.gn
* [template] Fix 'rule alink_thin' in the //build/build_linux.ninja.template
* Allow multiple --ide switches
* [src] Add '#include <limits>' in the //src/base/files/file_enumerator_win.cc
* Get updates to infra/recipes.py from upstream
* Revert 'Teach gn to handle systems with > 64 processors'
* [apple] Rename the code-signing properties of create_bundle
* Fix a typo in 'gn help refs' output
* Revert '[bundle] Use 'phony' builtin tool for create_bundle targets'
* [bundle] Use 'phony' builtin tool for create_bundle targets
* [ios] Simplify handling of assets catalog
* [swift] List all outputs as deps of 'source_set' stamp file
* [swift] Update `gn check ...` to consider the generated header
* [swift] Set `restat = 1` to swift build rules
* Fix build with gcc12
* [label_matches] Add new functions label_matches(), filter_labels_include() and filter_labels_exclude()
* [swift] Remove problematic use of 'stamp' tool
* Implement new --ninja-outputs-file option.
* Add NinjaOutputsWriter class
* Move InvokePython() function to its own source file.
* zos: build with -DZOSLIB_OVERRIDE_CLIB to override creat
* Enable C++ runtime assertions in debug mode.
* Fix regression in MakeRelativePath()
* fix: Fix Windows MakeRelativePath.
* Add long path support for windows
* Ensure read_file() files are considered by 'gn analyze'
* apply 2to3 to for some Python scripts
* Add rustflags to desc and help output
* strings: support case insensitive check only in StartsWith/EndsWith
* add .git-blame-ignore-revs
* use std::{string,string_view}::{starts_with,ends_with}
* apply clang-format to all C++ sources
* add forward declaration in rust_values.h
* Add `root_patterns` list to build configuration.
* Use c++20 in GN build
* update windows sdk to 2024-01-11
* update windows sdk
* Add linux-riscv64.
* Update OWNERS list.
* remove unused function
* Ignore build warning -Werror=redundant-move
* Fix --as=buildfile `gn desc deps` output.
* Update recipe engine to 9dea1246.
* treewide: Fix spelling mistakes
Added rust-bindgen:
- Version 0.69.1
ImportantSUSE bug 1228628SUSE bug 1228940SUSE bug 1228941SUSE bug 1228942CVE-2024-6988 at SUSECVE-2024-6988 at NVDCVE-2024-6989 at SUSECVE-2024-6989 at NVDCVE-2024-6990 at SUSECVE-2024-6990 at NVDCVE-2024-6991 at SUSECVE-2024-6991 at NVDCVE-2024-6992 at SUSECVE-2024-6992 at NVDCVE-2024-6993 at SUSECVE-2024-6993 at NVDCVE-2024-6994 at SUSECVE-2024-6994 at NVDCVE-2024-6995 at SUSECVE-2024-6995 at NVDCVE-2024-6996 at SUSECVE-2024-6996 at NVDCVE-2024-6997 at SUSECVE-2024-6997 at NVDCVE-2024-6998 at SUSECVE-2024-6998 at NVDCVE-2024-6999 at SUSECVE-2024-6999 at NVDCVE-2024-7000 at SUSECVE-2024-7000 at NVDCVE-2024-7001 at SUSECVE-2024-7001 at NVDCVE-2024-7003 at SUSECVE-2024-7003 at NVDCVE-2024-7004 at SUSECVE-2024-7004 at NVDCVE-2024-7005 at SUSECVE-2024-7005 at NVDCVE-2024-7255 at SUSECVE-2024-7255 at NVDCVE-2024-7256 at SUSECVE-2024-7256 at NVDCVE-2024-7532 at SUSECVE-2024-7532 at NVDCVE-2024-7533 at SUSECVE-2024-7533 at NVDCVE-2024-7534 at SUSECVE-2024-7534 at NVDCVE-2024-7535 at SUSECVE-2024-7535 at NVDCVE-2024-7536 at SUSECVE-2024-7536 at NVDCVE-2024-7550 at SUSECVE-2024-7550 at NVDcpe:/o:opensuse:leap:15.5Security update for roundcubemail (Moderate)openSUSE Leap 15.5
This update for roundcubemail fixes the following issues:
Update to 1.6.7
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides a fix to a recently reported XSS vulnerabilities:
* Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes.
Reported by Valentin T. and Lutz Wolf of CrowdStrike.
* Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences.
Reported by Huy Nguyễn Phạm Nhật.
* Fix command injection via crafted im_convert_path/im_identify_path on Windows.
Reported by Huy Nguyễn Phạm Nhật.
CHANGELOG
* Makefile: Use phpDocumentor v3.4 for the Framework docs (#9313)
* Fix bug where HTML entities in URLs were not decoded on HTML to plain text conversion (#9312)
* Fix bug in collapsing/expanding folders with some special characters in names (#9324)
* Fix PHP8 warnings (#9363, #9365, #9429)
* Fix missing field labels in CSV import, for some locales (#9393)
* Fix cross-site scripting (XSS) vulnerability in handling SVG animate attributes
* Fix cross-site scripting (XSS) vulnerability in handling list columns from user preferences
* Fix command injection via crafted im_convert_path/im_identify_path on Windows
Update to 1.6.6:
* Fix regression in handling LDAP search_fields configuration parameter (#9210)
* Enigma: Fix finding of a private key when decrypting a message using GnuPG v2.3
* Fix page jump menu flickering on click (#9196)
* Update to TinyMCE 5.10.9 security release (#9228)
* Fix PHP8 warnings (#9235, #9238, #9242, #9306)
* Fix saving other encryption settings besides enigma's (#9240)
* Fix unneeded php command use in installto.sh and deluser.sh scripts (#9237)
* Fix TinyMCE localization installation (#9266)
* Fix bug where trailing non-ascii characters in email addresses
could have been removed in recipient input (#9257)
* Fix IMAP GETMETADATA command with options - RFC5464
Update to 1.6.5 (boo#1216895):
* Fix cross-site scripting (XSS) vulnerability in setting
Content-Type/Content-Disposition for attachment
preview/download CVE-2023-47272
Other changes:
* Fix PHP8 fatal error when parsing a malformed BODYSTRUCTURE (#9171)
* Fix duplicated Inbox folder on IMAP servers that do not use Inbox
folder with all capital letters (#9166)
* Fix PHP warnings (#9174)
* Fix UI issue when dealing with an invalid managesieve_default_headers
value (#9175)
* Fix bug where images attached to application/smil messages
weren't displayed (#8870)
* Fix PHP string replacement error in utils/error.php (#9185)
* Fix regression where smtp_user did not allow pre/post strings
before/after %u placeholder (#9162)
ModerateSUSE bug 1216895CVE-2023-47272 at SUSECVE-2023-47272 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 128.0.6613.84 (boo#1229591)
* CVE-2024-7964: Use after free in Passwords
* CVE-2024-7965: Inappropriate implementation in V8
* CVE-2024-7966: Out of bounds memory access in Skia
* CVE-2024-7967: Heap buffer overflow in Fonts
* CVE-2024-7968: Use after free in Autofill
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-7971: Type confusion in V8
* CVE-2024-7972: Inappropriate implementation in V8
* CVE-2024-7973: Heap buffer overflow in PDFium
* CVE-2024-7974: Insufficient data validation in V8 API
* CVE-2024-7975: Inappropriate implementation in Permissions
* CVE-2024-7976: Inappropriate implementation in FedCM
* CVE-2024-7977: Insufficient data validation in Installer
* CVE-2024-7978: Insufficient policy enforcement in Data Transfer
* CVE-2024-7979: Insufficient data validation in Installer
* CVE-2024-7980: Insufficient data validation in Installer
* CVE-2024-7981: Inappropriate implementation in Views
* CVE-2024-8033: Inappropriate implementation in WebApp Installs
* CVE-2024-8034: Inappropriate implementation in Custom Tabs
* CVE-2024-8035: Inappropriate implementation in Extensions
* Various fixes from internal audits, fuzzing and other initiatives
ImportantSUSE bug 1229426SUSE bug 1229591CVE-2024-7964 at SUSECVE-2024-7964 at NVDCVE-2024-7965 at SUSECVE-2024-7965 at NVDCVE-2024-7966 at SUSECVE-2024-7966 at NVDCVE-2024-7967 at SUSECVE-2024-7967 at NVDCVE-2024-7968 at SUSECVE-2024-7968 at NVDCVE-2024-7969 at SUSECVE-2024-7969 at NVDCVE-2024-7971 at SUSECVE-2024-7971 at NVDCVE-2024-7972 at SUSECVE-2024-7972 at NVDCVE-2024-7973 at SUSECVE-2024-7973 at NVDCVE-2024-7974 at SUSECVE-2024-7974 at NVDCVE-2024-7975 at SUSECVE-2024-7975 at NVDCVE-2024-7976 at SUSECVE-2024-7976 at NVDCVE-2024-7977 at SUSECVE-2024-7977 at NVDCVE-2024-7978 at SUSECVE-2024-7978 at NVDCVE-2024-7979 at SUSECVE-2024-7979 at NVDCVE-2024-7980 at SUSECVE-2024-7980 at NVDCVE-2024-7981 at SUSECVE-2024-7981 at NVDCVE-2024-8033 at SUSECVE-2024-8033 at NVDCVE-2024-8034 at SUSECVE-2024-8034 at NVDCVE-2024-8035 at SUSECVE-2024-8035 at NVDcpe:/o:opensuse:leap:15.5Security update for seamonkey (Moderate)openSUSE Leap 15.5
This update for seamonkey fixes the following issues:
Update to 2.53.18.1:
* Update the NSS library to the latest esr 115 version for the final
2.53.18.1 release.
* SeaMonkey 2.53.18.1 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.18.1 shares most parts of the mail and news code
with Thunderbird. Please read the Thunderbird 60.8.0 release notes
for specific security fixes in this release.
* Additional important security fixes up to Current Firefox 115.7
and Thunderbird 115.7 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able to.
Moderatecpe:/o:opensuse:leap:15.5Security update for php81 (Moderate)openSUSE Leap 15.5
This update for php81 fixes the following issue:
- Version update to 8.1.29 [bsc#1226073]
- Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL). (CVE-2024-5458)
ModerateSUSE bug 1226073CVE-2024-5458 at SUSECVE-2024-5458 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 128.0.6613.113 (boo#1229897)
* CVE-2024-7969: Type Confusion in V8
* CVE-2024-8193: Heap buffer overflow in Skia
* CVE-2024-8194: Type Confusion in V8
* CVE-2024-8198: Heap buffer overflow in Skia
ImportantSUSE bug 1229897CVE-2024-7969 at SUSECVE-2024-7969 at NVDCVE-2024-8193 at SUSECVE-2024-8193 at NVDCVE-2024-8194 at SUSECVE-2024-8194 at NVDCVE-2024-8198 at SUSECVE-2024-8198 at NVDcpe:/o:opensuse:leap:15.5Security update for trivy (Moderate)openSUSE Leap 15.5
trivy was updated to fix the following issues:
Update to version 0.54.1:
* fix(flag): incorrect behavior for deprected flag `--clear-cache` [backport: release/v0.54] (#7285)
* fix(java): Return error when trying to find a remote pom to avoid segfault [backport: release/v0.54] (#7283)
* fix(plugin): do not call GitHub content API for releases and tags [backport: release/v0.54] (#7279)
* docs: update ecosystem page reporting with plopsec.com app (#7262)
* feat(vex): retrieve VEX attestations from OCI registries (#7249)
* feat(sbom): add image labels into `SPDX` and `CycloneDX` reports (#7257)
* refactor(flag): return error if both `--download-db-only` and `--download-java-db-only` are specified (#7259)
* fix(nodejs): detect direct dependencies when using `latest` version for files `yarn.lock` + `package.json` (#7110)
* chore: show VEX notice for OSS maintainers in CI environments (#7246)
* feat(vuln): add `--pkg-relationships` (#7237)
* docs: show VEX cli pages + update config file page for VEX flags (#7244)
* fix(dotnet): show `nuget package dir not found` log only when checking `nuget` packages (#7194)
* feat(vex): VEX Repository support (#7206)
* fix(secret): skip regular strings contain secret patterns (#7182)
* feat: share build-in rules (#7207)
* fix(report): hide empty table when all secrets/license/misconfigs are ignored (#7171)
* fix(cli): error on missing config file (#7154)
* fix(secret): update length of `hugging-face-access-token` (#7216)
* feat(sbom): add vulnerability support for SPDX formats (#7213)
* fix(secret): trim excessively long lines (#7192)
* chore(vex): update subcomponents for CVE-2023-42363/42364/42365/42366 (#7201)
* fix(server): pass license categories to options (#7203)
* feat(mariner): Add support for Azure Linux (#7186)
* docs: updates config file (#7188)
* refactor(fs): remove unused field for CompositeFS (#7195)
* fix: add missing platform and type to spec (#7149)
* feat(misconf): enabled China configuration for ACRs (#7156)
* fix: close file when failed to open gzip (#7164)
* docs: Fix PR documentation to use GitHub Discussions, not Issues (#7141)
* docs(misconf): add info about limitations for terraform plan json (#7143)
* chore: add VEX for Trivy images (#7140)
* chore: add VEX document and generator for Trivy (#7128)
* fix(misconf): do not evaluate TF when a load error occurs (#7109)
* feat(cli): rename `--vuln-type` flag to `--pkg-types` flag (#7104)
* refactor(secret): move warning about file size after `IsBinary` check (#7123)
* feat: add openSUSE tumbleweed detection and scanning (#6965)
* test: add missing advisory details for integration tests database (#7122)
* fix: Add dependencyManagement exclusions to the child exclusions (#6969)
* fix: ignore nodes when listing permission is not allowed (#7107)
* fix(java): use `go-mvn-version` to remove `Package` duplicates (#7088)
* refactor(secret): add warning about large files (#7085)
* feat(nodejs): add license parser to pnpm analyser (#7036)
* refactor(sbom): add sbom prefix + filepaths for decode log messages (#7074)
* feat: add `log.FilePath()` function for logger (#7080)
* chore: bump golangci-lint from v1.58 to v1.59 (#7077)
* perf(debian): use `bytes.Index` in `emptyLineSplit` to cut allocation (#7065)
* refactor: pass DB dir to trivy-db (#7057)
* docs: navigate to the release highlights and summary (#7072)
Update to version 0.53.0 (bsc#1227022, CVE-2024-6257):
* feat(conda): add licenses support for `environment.yml` files (#6953)
* fix(sbom): fix panic when scanning SBOM file without root component into SBOM format (#7051)
* feat: add memory cache backend (#7048)
* fix(sbom): use package UIDs for uniqueness (#7042)
* feat(php): add installed.json file support (#4865)
* docs: ✨ Updated ecosystem docs with reference to new community app (#7041)
* fix: use embedded when command path not found (#7037)
* refactor: use google/wire for cache (#7024)
* fix(cli): show info message only when --scanners is available (#7032)
* chore: enable float-compare rule from testifylint (#6967)
* docs: Add sudo on commands, chmod before mv on install docs (#7009)
* fix(plugin): respect `--insecure` (#7022)
* feat(k8s)!: node-collector dynamic commands support (#6861)
* fix(sbom): take pkg name from `purl` for maven pkgs (#7008)
* feat!: add clean subcommand (#6993)
* chore: use `!` for breaking changes (#6994)
* feat(aws)!: Remove aws subcommand (#6995)
* refactor: replace global cache directory with parameter passing (#6986)
* fix(sbom): use `purl` for `bitnami` pkg names (#6982)
* chore: bump Go toolchain version (#6984)
* refactor: unify cache implementations (#6977)
* docs: non-packaged and sbom clarifications (#6975)
* BREAKING(aws): Deprecate `trivy aws` as subcmd in favour of a plugin (#6819)
* docs: delete unknown URL (#6972)
* refactor: use version-specific URLs for documentation references (#6966)
* refactor: delete db mock (#6940)
* refactor: add warning if severity not from vendor (or NVD or GH) is used (#6726)
* feat: Add local ImageID to SARIF metadata (#6522)
* fix(suse): Add SLES 15.6 and Leap 15.6 (#6964)
* feat(java): add support for sbt projects using sbt-dependency-lock (#6882)
* feat(java): add support for `maven-metadata.xml` files for remote snapshot repositories. (#6950)
* fix(purl): add missed os types (#6955)
* fix(cyclonedx): trim non-URL info for `advisory.url` (#6952)
* fix(c): don't skip conan files from `file-patterns` and scan `.conan2` cache dir (#6949)
* fix(image): parse `image.inspect.Created` field only for non-empty values (#6948)
* fix(misconf): handle source prefix to ignore (#6945)
* fix(misconf): fix parsing of engine links and frameworks (#6937)
* feat(misconf): support of selectors for all providers for Rego (#6905)
* fix(license): return license separation using separators `,`, `or`, etc. (#6916)
* feat(misconf): add support for AWS::EC2::SecurityGroupIngress/Egress (#6755)
* BREAKING(misconf): flatten recursive types (#6862)
* test: bump docker API to 1.45 (#6914)
* feat(sbom): migrate to `CycloneDX v1.6` (#6903)
* feat(image): Set User-Agent header for Trivy container registry requests (#6868)
* fix(debian): take installed files from the origin layer (#6849)
* fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken (#6858)
* feat(misconf): API Gateway V1 support for CloudFormation (#6874)
* feat(plugin): add support for nested archives (#6845)
* fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files (#6866)
* fix(secret): `Asymmetric Private Key` shouldn't start with space (#6867)
* chore: auto label discussions (#5259)
* docs: explain how VEX is applied (#6864)
* fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase (#6852)
* fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857)
* feat(dart): use first version of constraint for dependencies using SDK version (#6239)
* fix(misconf): parsing numbers without fraction as int (#6834)
* fix(misconf): fix caching of modules in subdirectories (#6814)
* feat(misconf): add metadata to Cloud schema (#6831)
* test: replace embedded Git repository with dynamically created repository (#6824)
Update to version 0.52.2:
* test: bump docker API to 1.45 [backport: release/v0.52] (#6922)
* fix(debian): take installed files from the origin layer [backport: release/v0.52] (#6892)
Update to version 0.52.1:
* fix(nodejs): fix infinite loop when package link from `package-lock.json` file is broken [backport: release/v0.52] (#6888)
* fix(sbom): don't overwrite `srcEpoch` when decoding SBOM files [backport: release/v0.52] (#6881)
* fix(python): compare pkg names from `poetry.lock` and `pyproject.toml` in lowercase [backport: release/v0.52] (#6878)
* docs: explain how VEX is applied (#6864)
* fix(nodejs): fix infinity loops for `pnpm` with cyclic imports (#6857)
Update to version 0.52.0 (bsc#1224781, CVE-2024-35192):
* fix(plugin): initialize logger (#6836)
* fix(cli): always output fatal errors to stderr (#6827)
* fix: close testfile (#6830)
* docs(julia): add scanner table (#6826)
* feat(python): add license support for `requirement.txt` files (#6782)
* docs: add more workarounds for out-of-disk (#6821)
* chore: improve error message for image not found (#6822)
* fix(sbom): fix panic for `convert` mode when scanning json file derived from sbom file (#6808)
* fix: clean up golangci lint configuration (#6797)
* fix(python): add package name and version validation for `requirements.txt` files. (#6804)
* feat(vex): improve relationship support in CSAF VEX (#6735)
* chore(alpine): add eol date for Alpine 3.20 (#6800)
* docs(plugin): add missed `plugin` section (#6799)
* fix: include packages unless it is not needed (#6765)
* feat(misconf): support for VPC resources for inbound/outbound rules (#6779)
* chore: replace interface{} with any (#6751)
* fix: close settings.xml (#6768)
* refactor(go): add priority for gobinary module versions from `ldflags` (#6745)
* build: use main package instead of main.go (#6766)
* feat(misconf): resolve tf module from OpenTofu compatible registry (#6743)
* docs: add info on adding compliance checks (#6275)
* docs: Add documentation for contributing additional checks to the trivy policies repo (#6234)
* feat(nodejs): add v9 pnpm lock file support (#6617)
* feat(vex): support non-root components for products in OpenVEX (#6728)
* feat(python): add line number support for `requirement.txt` files (#6729)
* chore: respect timeout value in .golangci.yaml (#6724)
* fix: node-collector high and critical cves (#6707)
* Merge pull request from GHSA-xcq4-m2r3-cmrj
* chore: auto-bump golang patch versions (#6711)
* fix(misconf): don't shift ignore rule related to code (#6708)
* feat(plugin): specify plugin version (#6683)
* chore: enforce golangci-lint version (#6700)
* fix(go): include only `.version`|`.ver` (no prefixes) ldflags for `gobinaries` (#6705)
* fix(go): add only non-empty root modules for `gobinaries` (#6710)
* refactor: unify package addition and vulnerability scanning (#6579)
* fix: Golang version parsing from binaries w/GOEXPERIMENT (#6696)
* feat(misconf): Add support for deprecating a check (#6664)
* feat: Add Julia language analyzer support (#5635)
* feat(misconf): register builtin Rego funcs from trivy-checks (#6616)
* fix(report): hide empty tables if all vulns has been filtered (#6352)
* feat(report): Include licenses and secrets filtered by rego to ModifiedFindings (#6483)
* feat: add support for plugin index (#6674)
* docs: add support table for client server mode (#6498)
* fix: close APKINDEX archive file (#6672)
* fix(misconf): skip Rego errors with a nil location (#6666)
* refactor: move artifact types under artifact package to avoid import cycles (#6652)
* refactor(misconf): remove extrafs (#6656)
* refactor: re-define module structs for serialization (#6655)
* chore(misconf): Clean up iac logger (#6642)
* feat(misconf): support symlinks inside of Helm archives (#6621)
* feat(misconf): add Terraform 'removed' block to schema (#6640)
* refactor: unify Library and Package structs (#6633)
* fix: use of specified context to obtain cluster name (#6645)
* perf(misconf): parse rego input once (#6615)
* fix(misconf): skip Rego errors with a nil location (#6638)
* docs: link warning to both timeout config options (#6620)
* docs: fix usage of image-config-scanners (#6635)
Update to version 0.51.1:
* fix(fs): handle default skip dirs properly (#6628)
* fix(misconf): load cached tf modules (#6607)
* fix(misconf): do not use semver for parsing tf module versions (#6614)
* refactor: move setting scanners when using compliance reports to flag parsing (#6619)
* feat: introduce package UIDs for improved vulnerability mapping (#6583)
* perf(misconf): Improve cause performance (#6586)
* docs: trivy-k8s new experiance remove un-used section (#6608)
* docs: remove mention of GitLab Gold because it doesn't exist anymore (#6609)
* feat(misconf): Use updated terminology for misconfiguration checks (#6476)
* docs: use `generic` link from `trivy-repo` (#6606)
* docs: update trivy k8s with new experience (#6465)
* feat: support `--skip-images` scanning flag (#6334)
* BREAKING: add support for k8s `disable-node-collector` flag (#6311)
* feat: add ubuntu 23.10 and 24.04 support (#6573)
* docs(go): add stdlib (#6580)
* feat(go): parse main mod version from build info settings (#6564)
* feat: respect custom exit code from plugin (#6584)
* docs: add asdf and mise installation method (#6063)
* feat(vuln): Handle scanning conan v2.x lockfiles (#6357)
* feat: add support `environment.yaml` files (#6569)
* fix: close plugin.yaml (#6577)
* fix: trivy k8s avoid deleting non-default node collector namespace (#6559)
* BREAKING: support exclude `kinds/namespaces` and include `kinds/namespaces` (#6323)
* feat(go): add main module (#6574)
* feat: add relationships (#6563)
* docs: mention `--show-suppressed` is available in table (#6571)
* chore: fix sqlite to support loong64 (#6511)
* fix(debian): sort dpkg info before parsing due to exclude directories (#6551)
* docs: update info about config file (#6547)
* docs: remove RELEASE_VERSION from trivy.repo (#6546)
* fix(sbom): change error to warning for multiple OSes (#6541)
* fix(vuln): skip empty versions (#6542)
* feat(c): add license support for conan lock files (#6329)
* fix(terraform): Attribute and fileset fixes (#6544)
* refactor: change warning if no vulnerability details are found (#6230)
* refactor(misconf): improve error handling in the Rego scanner (#6527)
* feat(go): parse main module of go binary files (#6530)
* refactor(misconf): simplify the retrieval of module annotations (#6528)
* docs(nodejs): add info about supported versions of pnpm lock files (#6510)
* feat(misconf): loading embedded checks as a fallback (#6502)
* fix(misconf): Parse JSON k8s manifests properly (#6490)
* refactor: remove parallel walk (#5180)
* fix: close pom.xml (#6507)
* fix(secret): convert severity for custom rules (#6500)
* fix(java): update logic to detect `pom.xml` file snapshot artifacts from remote repositories (#6412)
* fix: typo (#6283)
* docs(k8s,image): fix command-line syntax issues (#6403)
* fix(misconf): avoid panic if the scheme is not valid (#6496)
* feat(image): goversion as stdlib (#6277)
* fix: add color for error inside of log message (#6493)
* docs: fix links to OPA docs (#6480)
* refactor: replace zap with slog (#6466)
* docs: update links to IaC schemas (#6477)
* chore: bump Go to 1.22 (#6075)
* refactor(terraform): sync funcs with Terraform (#6415)
* feat(misconf): add helm-api-version and helm-kube-version flag (#6332)
* fix(terraform): eval submodules (#6411)
* refactor(terraform): remove unused options (#6446)
* refactor(terraform): remove unused file (#6445)
* fix(misconf): Escape template value correctly (#6292)
* feat(misconf): add support for wildcard ignores (#6414)
* fix(cloudformation): resolve `DedicatedMasterEnabled` parsing issue (#6439)
* refactor(terraform): remove metrics collection (#6444)
* feat(cloudformation): add support for logging and endpoint access for EKS (#6440)
* fix(db): check schema version for image name only (#6410)
* feat(misconf): Support private registries for misconf check bundle (#6327)
* feat(cloudformation): inline ignore support for YAML templates (#6358)
* feat(terraform): ignore resources by nested attributes (#6302)
* perf(helm): load in-memory files (#6383)
* feat(aws): apply filter options to result (#6367)
* feat(aws): quiet flag support (#6331)
* fix(misconf): clear location URI for SARIF (#6405)
* test(cloudformation): add CF tests (#6315)
* fix(cloudformation): infer type after resolving a function (#6406)
* fix(sbom): fix error when parent of SPDX Relationships is not a package. (#6399)
* docs: add info about support for package license detection in `fs`/`repo` modes (#6381)
* fix(nodejs): add support for parsing `workspaces` from `package.json` as an object (#6231)
* fix: use `0600` perms for tmp files for post analyzers (#6386)
* fix(helm): scan the subcharts once (#6382)
* docs(terraform): add file patterns for Terraform Plan (#6393)
* fix(terraform): сhecking SSE encryption algorithm validity (#6341)
* fix(java): parse modules from `pom.xml` files once (#6312)
* fix(server): add Locations for `Packages` in client/server mode (#6366)
* fix(sbom): add check for `CreationInfo` to nil when detecting SPDX created using Trivy (#6346)
* fix(report): don't include empty strings in `.vulnerabilities[].identifiers[].url` when `gitlab.tpl` is used (#6348)
* chore(ubuntu): Add Ubuntu 22.04 EOL date (#6371)
* feat(java): add support licenses and graph for gradle lock files (#6140)
* feat(vex): consider root component for relationships (#6313)
* fix: increase the default buffer size for scanning dpkg status files by 2 times (#6298)
* chore: updates wazero to v1.7.0 (#6301)
* feat(sbom): Support license detection for SBOM scan (#6072)
* refactor(sbom): use intermediate representation for SPDX (#6310)
* docs(terraform): improve documentation for filtering by inline comments (#6284)
* fix(terraform): fix policy document retrieval (#6276)
* refactor(terraform): remove unused custom error (#6303)
* refactor(sbom): add intermediate representation for BOM (#6240)
* fix(amazon): check only major version of AL to find advisories (#6295)
* fix(db): use schema version as tag only for `trivy-db` and `trivy-java-db` registries by default (#6219)
* fix(nodejs): add name validation for package name from `package.json` (#6268)
* docs: Added install instructions for FreeBSD (#6293)
* feat(image): customer podman host or socket option (#6256)
* feat(java): mark dependencies from `maven-invoker-plugin` integration tests pom.xml files as `Dev` (#6213)
* fix(license): reorder logic of how python package licenses are acquired (#6220)
* test(terraform): skip cached modules (#6281)
* feat(secret): Support for detecting Hugging Face Access Tokens (#6236)
* fix(cloudformation): support of all SSE algorithms for s3 (#6270)
* feat(terraform): Terraform Plan snapshot scanning support (#6176)
* fix: typo function name and comment optimization (#6200)
* fix(java): don't ignore runtime scope for pom.xml files (#6223)
* fix(license): add FilePath to results to allow for license path filtering via trivyignore file (#6215)
* test(k8s): use test-db for k8s integration tests (#6222)
* fix(terraform): fix root module search (#6160)
* test(parser): squash test data for yarn (#6203)
* fix(terraform): do not re-expand dynamic blocks (#6151)
* docs: update ecosystem page reporting with db app (#6201)
* fix: k8s summary separate infra and user finding results (#6120)
* fix: add context to target finding on k8s table view (#6099)
* fix: Printf format err (#6198)
* refactor: better integration of the parser into Trivy (#6183)
* feat(terraform): Add hyphen and non-ASCII support for domain names in credential extraction (#6108)
* fix(vex): CSAF filtering should consider relationships (#5923)
* refactor(report): Replacing `source_location` in `github` report when scanning an image (#5999)
* feat(vuln): ignore vulnerabilities by PURL (#6178)
* feat(java): add support for fetching packages from repos mentioned in pom.xml (#6171)
* feat(k8s): rancher rke2 version support (#5988)
* docs: update kbom distribution for scanning (#6019)
* chore: update CODEOWNERS (#6173)
* fix(swift): try to use branch to resolve version (#6168)
* fix(terraform): ensure consistent path handling across OS (#6161)
* fix(java): add only valid libs from `pom.properties` files from `jars` (#6164)
* fix(sbom): skip executable file analysis if Rekor isn't a specified SBOM source (#6163)
* docs(report): add remark about `path` to filter licenses using `.trivyignore.yaml` file (#6145)
* docs: update template path for gitlab-ci tutorial (#6144)
* feat(report): support for filtering licenses and secrets via rego policy files (#6004)
* fix(cyclonedx): move root component from scanned cyclonedx file to output cyclonedx file (#6113)
* docs: add SecObserve in CI/CD and reporting (#6139)
* fix(alpine): exclude empty licenses for apk packages (#6130)
* docs: add docs tutorial on custom policies with rego (#6104)
* fix(nodejs): use project dir when searching for workspaces for Yarn.lock files (#6102)
* feat(vuln): show suppressed vulnerabilities in table (#6084)
* docs: rename governance to principles (#6107)
* docs: add governance (#6090)
* feat(java): add dependency location support for `gradle` files (#6083)
* fix(misconf): get `user` from `Config.User` (#6070)
Update to version 0.49.1:
* fix: check unescaped `BomRef` when matching `PkgIdentifier` (#6025)
* docs: Fix broken link to 'pronunciation' (#6057)
* fix: fix cursor usage in Redis Clear function (#6056)
* fix(nodejs): add local packages support for `pnpm-lock.yaml` files (#6034)
* test: fix flaky `TestDockerEngine` (#6054)
* fix(java): recursive check all nested depManagements with import scope for pom.xml files (#5982)
* fix(cli): inconsistent behavior across CLI flags, environment variables, and config files (#5843)
* feat(rust): Support workspace.members parsing for Cargo.toml analysis (#5285)
* docs: add note about Bun (#6001)
* fix(report): use `AWS_REGION` env for secrets in `asff` template (#6011)
* fix: check returned error before deferring f.Close() (#6007)
* feat(misconf): add support of buildkit instructions when building dockerfile from image config (#5990)
* feat(vuln): enable `--vex` for all targets (#5992)
* docs: update link to data sources (#6000)
* feat(java): add support for line numbers for pom.xml files (#5991)
* refactor(sbom): use new `metadata.tools` struct for CycloneDX (#5981)
* docs: Update troubleshooting guide with image not found error (#5983)
* style: update band logos (#5968)
* docs: update cosign tutorial and commands, update kyverno policy (#5929)
* docs: update command to scan go binary (#5969)
* fix: handle non-parsable images names (#5965)
* fix(amazon): save system files for pkgs containing `amzn` in src (#5951)
* fix(alpine): Add EOL support for alpine 3.19. (#5938)
* feat: allow end-users to adjust K8S client QPS and burst (#5910)
* fix(nodejs): find licenses for packages with slash (#5836)
* fix(sbom): use `group` field for pom.xml and nodejs files for CycloneDX reports (#5922)
* fix: ignore no init containers (#5939)
* docs: Fix documentation of ecosystem (#5940)
* docs(misconf): multiple ignores in comment (#5926)
* fix(secret): find aws secrets ending with a comma or dot (#5921)
* docs: ✨ Updated ecosystem docs with reference to new community app (#5918)
* fix(java): check if a version exists when determining GAV by file name for `jar` files (#5630)
* feat(vex): add PURL matching for CSAF VEX (#5890)
* fix(secret): `AWS Secret Access Key` must include only secrets with `aws` text. (#5901)
* revert(report): don't escape new line characters for sarif format (#5897)
* docs: improve filter by rego (#5402)
* docs: add_scan2html_to_trivy_ecosystem (#5875)
* fix(vm): update ext4-filesystem fix reading groupdescriptor in 32bit mode (#5888)
* feat(vex): Add support for CSAF format (#5535)
* feat(python): parse licenses from dist-info folder (#4724)
* feat(nodejs): add yarn alias support (#5818)
* refactor: propagate time through context values (#5858)
* refactor: move PkgRef under PkgIdentifier (#5831)
* fix(cyclonedx): fix unmarshal for licenses (#5828)
* feat(vuln): include pkg identifier on detected vulnerabilities (#5439)
Update to version 0.48.1:
* fix(bitnami): use a different comparer for detecting vulnerabilities (#5633)
* refactor(sbom): disable html escaping for CycloneDX (#5764)
* refactor(purl): use `pub` from `package-url` (#5784)
* docs(python): add note to using `pip freeze` for `compatible releases` (#5760)
* fix(report): use OS information for OS packages purl in `github` template (#5783)
* fix(report): fix error if miconfigs are empty (#5782)
* refactor(vuln): don't remove VendorSeverity in JSON report (#5761)
* fix(report): don't mark misconfig passed tests as failed in junit.tpl (#5767)
* docs(k8s): replace --scanners config with --scanners misconfig in docs (#5746)
* fix(report): update Gitlab template (#5721)
* feat(secret): add support of GitHub fine-grained tokens (#5740)
* fix(misconf): add an image misconf to result (#5731)
* feat(secret): added support of Docker registry credentials (#5720)
Update to version 0.48.0:
* feat: filter k8s core components vuln results (#5713)
* feat(vuln): remove duplicates in Fixed Version (#5596)
* feat(report): output plugin (#4863)
* docs: typo in modules.md (#5712)
* feat: Add flag to configure node-collector image ref (#5710)
* feat(misconf): Add `--misconfig-scanners` option (#5670)
* chore: bump Go to 1.21 (#5662)
* feat: Packagesprops support (#5605)
* docs: update adopters discussion template (#5632)
* docs: terraform tutorial links updated to point to correct loc (#5661)
* fix(secret): add `sec` and space to secret prefix for `aws-secret-access-key` (#5647)
* fix(nodejs): support protocols for dependency section in yarn.lock files (#5612)
* fix(secret): exclude upper case before secret for `alibaba-access-key-id` (#5618)
* docs: Update Arch Linux package URL in installation.md (#5619)
* chore: add prefix to image errors (#5601)
* docs(vuln): fix link anchor (#5606)
* docs: Add Dagger integration section and cleanup Ecosystem CICD docs page (#5608)
* fix: k8s friendly error messages kbom non cluster scans (#5594)
* feat: set InstalledFiles for DEB and RPM packages (#5488)
* fix(report): use time.Time for CreatedAt (#5598)
* test: retry containerd initialization (#5597)
* feat(misconf): Expose misconf engine debug logs with `--debug` option (#5550)
* test: mock VM walker (#5589)
* chore: bump node-collector v0.0.9 (#5591)
* feat(misconf): Add support for `--cf-params` for CFT (#5507)
* feat(flag): replace '--slow' with '--parallel' (#5572)
* fix(report): add escaping for Sarif format (#5568)
* chore: show a deprecation notice for `--scanners config` (#5587)
* feat(report): Add CreatedAt to the JSON report. (#5542) (#5549)
* test: mock RPM DB (#5567)
* feat: add aliases to '--scanners' (#5558)
* refactor: reintroduce output writer (#5564)
* chore: not load plugins for auto-generating docs (#5569)
* chore: sort supported AWS services (#5570)
* fix: no schedule toleration (#5562)
* fix(cli): set correct `scanners` for `k8s` target (#5561)
* fix(sbom): add `FilesAnalyzed` and `PackageVerificationCode` fields for SPDX (#5533)
* refactor(misconf): Update refactored dependencies (#5245)
* feat(secret): add built-in rule for JWT tokens (#5480)
* fix: trivy k8s parse ecr image with arn (#5537)
* fix: fail k8s resource scanning (#5529)
* refactor(misconf): don't remove Highlighted in json format (#5531)
* docs(k8s): fix link in kubernetes.md (#5524)
* docs(k8s): fix whitespace in list syntax (#5525)
Update to version 0.47.0:
* docs: add info that license scanning supports file-patterns flag (#5484)
* docs: add Zora integration into Ecosystem session (#5490)
* fix(sbom): Use UUID as BomRef for packages with empty purl (#5448)
* fix: correct error mismatch causing race in fast walks (#5516)
* docs: k8s vulnerability scanning (#5515)
* docs: remove glad for java datasources (#5508)
* chore: remove unused logger attribute in amazon detector (#5476)
* fix: correct error mismatch causing race in fast walks (#5482)
* fix(server): add licenses to `BlobInfo` message (#5382)
* feat: scan vulns on k8s core component apps (#5418)
* fix(java): fix infinite loop when `relativePath` field points to `pom.xml` being scanned (#5470)
* fix(sbom): save digests for package/application when scanning SBOM files (#5432)
* docs: fix the broken link (#5454)
* docs: fix error when installing `PyYAML` for gh pages (#5462)
* fix(java): download java-db once (#5442)
* docs(misconf): Update `--tf-exclude-downloaded-modules` description (#5419)
* feat(misconf): Support `--ignore-policy` in config scans (#5359)
* docs(misconf): fix broken table for `Use container image` section (#5425)
* feat(dart): add graph support (#5374)
* refactor: define a new struct for scan targets (#5397)
* fix(sbom): add missed `primaryURL` and `source severity` for CycloneDX (#5399)
* fix: correct invalid MD5 hashes for rpms ending with one or more zero bytes (#5393)
* docs: remove --scanners none (#5384)
* docs: Update container_image.md #5182 (#5193)
* feat(report): Add `InstalledFiles` field to Package (#4706)
* feat(k8s): add support for vulnerability detection (#5268)
* fix(python): override BOM in `requirements.txt` files (#5375)
* docs: add kbom documentation (#5363)
* test: use maximize build space for VM tests (#5362)
* fix(report): add escaping quotes in misconfig Title for asff template (#5351)
* fix: Report error when os.CreateTemp fails (to be consistent with other uses) (#5342)
* fix: add config files to FS for post-analyzers (#5333)
* fix: fix MIME warnings after updating to Go 1.20 (#5336)
* build: fix a compile error with Go 1.21 (#5339)
* feat: added `Metadata` into the k8s resource's scan report (#5322)
* chore: update adopters template (#5330)
* fix(sbom): use PURL or Group and Name in case of Java (#5154)
* docs: add buildkite repository to ecosystem page (#5316)
* chore: enable go-critic (#5302)
* close java-db client (#5273)
* fix(report): removes git::http from uri in sarif (#5244)
* Improve the meaning of sentence (#5301)
* add app nil check (#5274)
* typo: in secret.md (#5281)
* docs: add info about `github` format (#5265)
* feat(dotnet): add license support for NuGet (#5217)
* docs: correctly export variables (#5260)
* chore: Add line numbers for lint output (#5247)
* chore(cli): disable java-db flags in server mode (#5263)
* feat(db): allow passing registry options (#5226)
* refactor(purl): use TypeApk from purl (#5232)
* chore: enable more linters (#5228)
* Fix typo on ide.md (#5239)
* refactor: use defined types (#5225)
* fix(purl): skip local Go packages (#5190)
* docs: update info about license scanning in Yarn projects (#5207)
* fix link (#5203)
* fix(purl): handle rust types (#5186)
* chore: auto-close issues (#5177)
* fix(k8s): kbom support addons labels (#5178)
* test: validate SPDX with the JSON schema (#5124)
* chore: bump trivy-kubernetes-latest (#5161)
* docs: add 'Signature Verification' guide (#4731)
* docs: add image-scanner-with-trivy for ecosystem (#5159)
* fix(fs): assign the absolute path to be inspected to ROOTPATH when filesystem (#5158)
* Update filtering.md (#5131)
* chaging adopters discussion tempalte (#5091)
* docs: add Bitnami (#5078)
* feat(docker): add support for scanning Bitnami components (#5062)
* feat: add support for .trivyignore.yaml (#5070)
* fix(terraform): improve detection of terraform files (#4984)
* feat: filter artifacts on --exclude-owned flag (#5059)
* fix(sbom): cyclonedx advisory should omit `null` value (#5041)
* build: maximize build space for build tests (#5072)
* feat: improve kbom component name (#5058)
* fix(pom): add licenses for pom artifacts (#5071)
* chore: bump Go to `1.20` (#5067)
* feat: PURL matching with qualifiers in OpenVEX (#5061)
* feat(java): add graph support for pom.xml (#4902)
* feat(swift): add vulns for cocoapods (#5037)
* fix: support image pull secret for additional workloads (#5052)
* fix: #5033 Superfluous double quote in html.tpl (#5036)
* docs(repo): update trivy repo usage and example (#5049)
* perf: Optimize Dockerfile for reduced layers and size (#5038)
* feat: scan K8s Resources Kind with --all-namespaces (#5043)
* fix: vulnerability typo (#5044)
* docs: adding a terraform tutorial to the docs (#3708)
* feat(report): add licenses to sarif format (#4866)
* feat(misconf): show the resource name in the report (#4806)
* chore: update alpine base images (#5015)
* feat: add Package.resolved swift files support (#4932)
* feat(nodejs): parse licenses in yarn projects (#4652)
* fix: k8s private registries support (#5021)
* bump github.com/testcontainers/testcontainers-go from 0.21.0 to 0.23.0 (#5018)
* feat(vuln): support last_affected field from osv (#4944)
* feat(server): add version endpoint (#4869)
* feat: k8s private registries support (#4987)
* fix(server): add indirect prop to package (#4974)
* docs: add coverage (#4954)
* feat(c): add location for lock file dependencies. (#4994)
* docs: adding blog post on ec2 (#4813)
* revert 32bit bins (#4977)
Update to version 0.44.1:
* fix(report): return severity colors in table format (#4969)
* build: maximize available disk space for release (#4937)
* test(cli): Fix assertion helptext (#4966)
* test: validate CycloneDX with the JSON schema (#4956)
* fix(server): add licenses to the Result message (#4955)
* fix(aws): resolve endpoint if endpoint is passed (#4925)
* fix(sbom): move licenses to `name` field in Cyclonedx format (#4941)
* use testify instead of gotest.tools (#4946)
* fix(nodejs): do not detect lock file in node_modules as an app (#4949)
* bump go-dep-parser (#4936)
* test(aws): move part of unit tests to integration (#4884)
* docs(cli): update help string for file and dir skipping (#4872)
* docs: update the discussion template (#4928)
Update to version 0.44.0:
* feat(repo): support local repositories (#4890)
* bump go-dep-parser (#4893)
* fix(misconf): add missing fields to proto (#4861)
* fix: remove trivy-db package replacement (#4877)
* chore(test): bump the integration test timeout to 15m (#4880)
* chore: update CODEOWNERS (#4871)
* feat(vuln): support vulnerability status (#4867)
* feat(misconf): Support custom URLs for policy bundle (#4834)
* refactor: replace with sortable packages (#4858)
* docs: correct license scanning sample command (#4855)
* fix(report): close the file (#4842)
* feat(misconf): Add support for independently enabling libraries (#4070)
* feat(secret): add secret config file for cache calculation (#4837)
* Fix a link in gitlab-ci.md (#4850)
* fix(flag): use globalstar to skip directories (#4854)
* fix(license): using common way for splitting licenses (#4434)
* fix(containerd): Use img platform in exporter instead of strict host platform (#4477)
* remove govulndb (#4783)
* fix(java): inherit licenses from parents (#4817)
* refactor: add allowed values for CLI flags (#4800)
* add example regex to allow rules (#4827)
* feat(misconf): Support custom data for rego policies for cloud (#4745)
* docs: correcting the trivy k8s tutorial (#4815)
* feat(cli): add --tf-exclude-downloaded-modules flag (#4810)
* fix(sbom): cyclonedx recommendations should include fixed versions for each package (#4794)
* feat(misconf): enable --policy flag to accept directory and files both (#4777)
* feat(python): add license fields (#4722)
* fix: support trivy k8s-version on k8s sub-command (#4786)
Update to version 0.43.1:
* docs(image): fix the comment on the soft/hard link (#4740)
* check Type when filling pkgs in vulns (#4776)
* feat: add support of linux/ppc64le and linux/s390x architectures for Install.sh script (#4770)
* fix(rocky): add architectures support for advisories (#4691)
* fix: documentation about reseting trivy image (#4733)
* fix(suse): Add openSUSE Leap 15.5 eol date as well (#4744)
* fix: update Amazon Linux 1 EOL (#4761)
Update to version 0.43.0:
* feat(nodejs): support yarn workspaces (#4664)
* fix(image): pass the secret scanner option to scan the img config (#4735)
* fix: scan job pod it not found on k8s-1.27.x (#4729)
* feat(docker): add support for mTLS authentication when connecting to registry (#4649)
* fix: skip scanning the gpg-pubkey package (#4720)
* Fix http registry oci pull (#4701)
* feat(misconf): Support skipping services (#4686)
* docs: fix supported modes for pubspec.lock files (#4713)
* fix(misconf): disable the terraform plan analyzer for other scanners (#4714)
* clarifying a dir path is required for custom policies (#4716)
* chore: update alpine base images (#4715)
* fix last-history-created (#4697)
* feat: kbom and cyclonedx v1.5 spec support (#4708)
* docs: add information about Aqua (#4590)
* fix: k8s escape resource filename on windows os (#4693)
* feat: cyclondx sbom custom property support (#4688)
* add SUSE Linux Enterprise Server 15 SP5 and update SP4 eol date (#4690)
* use group field for jar in cyclonedx (#4674)
* feat(java): capture licenses from pom.xml (#4681)
* feat(helm): make sessionAffinity configurable (#4623)
* fix: Show the correct URL of the secret scanning (#4682)
* document expected file pattern definition format (#4654)
* fix: format arg error (#4642)
* feat(k8s): cyclonedx kbom support (#4557)
* fix(nodejs): remove unused fields for the pnpm lockfile (#4630)
* fix(vm): update ext4-filesystem parser for parse multi block extents (#4616)
* fix(debian): update EOL for Debian 12 (#4647)
* chore: unnecessary use of fmt.Sprintf (S1039) (#4637)
* fix(db): change argument order in Exists query for JavaDB (#4595)
* feat(aws): Add support to see successes in results (#4427)
* feat: trivy k8s private registry support (#4567)
* docs: add general coverage page (#3859)
* chore: create SECURITY.md (#4601)
Update to version 0.42.1:
* fix(misconf): deduplicate misconf results (#4588)
* fix(vm): support sector size of 4096 (#4564)
* fix(misconf): terraform relative paths (#4571)
* fix(purl): skip unsupported library type (#4577)
* fix(terraform): recursively detect all Root Modules (#4457)
* fix(vm): support post analyzer for vm command (#4544)
* fix(nodejs): change the type of the devDependencies field (#4560)
* fix(sbom): export empty dependencies in CycloneDX (#4568)
* refactor: add composite fs for post-analyzers (#4556)
* feat: add SBOM analyzer (#4210)
* fix(sbom): update logic for work with files in spdx format (#4513)
* feat: azure workload identity support (#4489)
* feat(ubuntu): add eol date for 18.04 ESM (#4524)
* fix(misconf): Update required extensions for terraformplan (#4523)
* refactor(cyclonedx): add intermediate representation (#4490)
* fix(misconf): Remove debug print while scanning (#4521)
* fix(java): remove duplicates of jar libs (#4515)
* fix(java): fix overwriting project props in pom.xml (#4498)
* docs: Update compilation instructions (#4512)
* fix(nodejs): update logic for parsing pnpm lock files (#4502)
* fix(secret): remove aws-account-id rule (#4494)
* feat(oci): add support for referencing an input image by digest (#4470)
* docs: fixed the format (#4503)
* fix(java): add support of * for exclusions for pom.xml files (#4501)
* feat: adding issue template for documentation (#4453)
* docs: switch glad to ghsa for Go (#4493)
* feat(misconf): Add terraformplan support (#4342)
* feat(debian): add digests for dpkg (#4445)
* feat(k8s): exclude node scanning by node labels (#4459)
* docs: add info about multi-line mode for regexp from custom secret rules (#4159)
* feat(cli): convert JSON reports into a different format (#4452)
* feat(image): add logic to guess base layer for docker-cis scan (#4344)
* fix(cyclonedx): set original names for packages (#4306)
* feat: group subcommands (#4449)
* feat(cli): add retry to cache operations (#4189)
* fix(vuln): report architecture for `apk` packages (#4247)
* refactor: enable cases where return values are not needed in pipeline (#4443)
* fix(image): resolve scan deadlock when error occurs in slow mode (#4336)
* docs(misconf): Update docs for kubernetes file patterns (#4435)
* test: k8s integration tests (#4423)
* feat(redhat): add package digest for rpm (#4410)
* feat(misconf): Add `--reset-policy-bundle` for policy bundle (#4167)
* fix: typo (#4431)
* add user instruction to imgconf (#4429)
* fix(k8s): add image sources (#4411)
* docs(scanning): Add versioning banner (#4415)
* feat(cli): add mage command to update golden integration test files (#4380)
* feat: node-collector custom namespace support (#4407)
* refactor(sbom): use multiline json for spdx-json format (#4404)
* fix(ubuntu): add EOL date for Ubuntu 23.04 (#4347)
* refactor: code-optimization (#4214)
* feat(image): Add image-src flag to specify which runtime(s) to use (#4047)
* test: skip wrong update of test golden files (#4379)
* refactor: don't return error for package.json without version/name (#4377)
* docs: cmd error (#4376)
* test(cli): add test for config file and env combination (#2666)
* fix(report): set a correct file location for license scan output (#4326)
* chore(alpine): Update Alpine to 3.18 (#4351)
* fix(alpine): add EOL date for Alpine 3.18 (#4308)
* feat: allow root break for mapfs (#4094)
* docs(misconf): Remove examples.md (#4256)
* fix(ubuntu): update eol dates for Ubuntu (#4258)
* feat(alpine): add digests for apk packages (#4168)
* chore: add discussion templates (#4190)
* fix(terraform): Support tfvars (#4123)
* chore: separate docs:generate (#4242)
* refactor: define vulnerability scanner interfaces (#4117)
* feat: unified k8s scan resources (#4188)
* chore: trivy bin ignore (#4212)
* feat(image): enforce image platform (#4083)
* fix(ubuntu): fix version selection logic for ubuntu esm (#4171)
* chore: install.sh support for windows (#4155)
* docs: moving skipping files out of others (#4154)
Update to version 0.41.0:
* fix(spdx): add workaround for no src packages (#4118)
* test(golang): rename broken go.mod (#4129)
* feat(sbom): add supplier field (#4122)
* test(misconf): skip downloading of policies for tests #4126
* refactor: use debug message for post-analyze errors (#4037)
* feat(sbom): add VEX support (#4053)
* feat(sbom): add primary package purpose field for SPDX (#4119)
* fix(k8s): fix quiet flag (#4120)
* fix(python): parse of pip extras (#4103)
* feat(java): use full path for nested jars (#3992)
* feat(license): add new flag for classifier confidence level (#4073)
* feat: config and fs compliance support (#4097)
* feat(spdx): add support for SPDX 2.3 (#4058)
* fix: k8s all-namespaces support (#4096)
* perf(misconf): replace with post-analyzers (#4090)
* fix(helm): update networking API version detection (#4106)
* feat(image): custom docker host option (#3599)
* style: debug flag is incorrect and needs extra - (#4087)
* docs(vuln): Document inline vulnerability filtering comments (#4024)
* feat(fs): customize error callback during fs walk (#4038)
* fix(ubuntu): skip copyright files from subfolders (#4076)
* docs: restructure scanners (#3977)
* fix: fix `file does not exist` error for post-analyzers (#4061)
Update to version 0.40.0:
* feat(flag): Support globstar for `--skip-files` and `--skip-directories` (#4026)
* fix: return insecure option to download javadb (#4064)
* fix(nodejs): don't stop parsing when unsupported yarn.lock protocols are found (#4052)
* fix(k8s): current context title (#4055)
* fix(k8s): quit support on k8s progress bar (#4021)
* chore: add a note about Dockerfile.canary (#4050)
* fix(vuln): report architecture for debian packages (#4032)
* feat: add support for Chainguard's commercial distro (#3641)
* fix(vuln): fix error message for remote scanners (#4031)
* feat(report): add image metadata to SARIF (#4020)
* docs: fix broken cache link on Installation page (#3999)
* fix: lock downloading policies and database (#4017)
* fix: avoid concurrent access to the global map (#4014)
* feat(rust): add Cargo.lock v3 support (#4012)
* feat: auth support oci download server subcommand (#4008)
* chore: install.sh support for armv7 (#3985)
Update to version 0.39.1:
* fix(rust): fix panic when 'dependencies' field is not used in cargo.toml (#3997)
* fix(sbom): fix infinite loop for cyclonedx (#3998)
* fix: use warning for errors from enrichment files for post-analyzers (#3972)
* fix(helm): added annotation to psp configurable from values (#3893)
* fix(secret): update built-in rule `tests` (#3855)
* test: rewrite scripts in Go (#3968)
* docs(cli): Improve glob documentation (#3945)
Update to version 0.39.0:
* docs(cli): added makefile and go file to create docs (#3930)
* feat(cyclonedx): support dependency graph (#3177)
* feat(server): redis with public TLS certs support (#3783)
* feat(flag): Add glob support to `--skip-dirs` and `--skip-files` (#3866)
* chore: replace make with mage (#3932)
* fix(sbom): add checksum to files (#3888)
* chore: remove unused mount volumes (#3927)
* feat: add auth support for downloading OCI artifacts (#3915)
* refactor(purl): use epoch in qualifier (#3913)
* feat(image): add registry options (#3906)
* feat(rust): dependency tree and line numbers support for cargo lock file (#3746)
* feat(php): add support for location, licenses and graph for composer.lock files (#3873)
* feat(image): discover SBOM in OCI referrers (#3768)
* docs: change cache-dir key in config file (#3897)
* fix(sbom): use release and epoch for SPDX package version (#3896)
* docs: Update incorrect comment for skip-update flag (#3878)
* refactor(misconf): simplify policy filesystem (#3875)
* feat(nodejs): parse package.json alongside yarn.lock (#3757)
* fix(spdx): add PkgDownloadLocation field (#3879)
* chore(amazon): update EOL (#3876)
* fix(nodejs): improvement logic for package-lock.json v2-v3 (#3877)
* feat(amazon): add al2023 support (#3854)
* docs(misconf): Add information about selectors (#3703)
* docs(cli): update CLI docs with cobra (#3815)
* feat: k8s parallel processing (#3693)
* docs: add DefectDojo in the Security Management section (#3871)
* refactor: add pipeline (#3868)
* feat(cli): add javadb metadata to version info (#3835)
* feat(sbom): add support for CycloneDX JSON Attestation of the correct specification (#3849)
* feat: add node toleration option (#3823)
* fix: allow mapfs to open dirs (#3867)
* fix(report): update uri only for os class targets (#3846)
* feat(nodejs): Add v3 npm lock file support (#3826)
* feat(nodejs): parse package.json files alongside package-lock.json (#2916)
* docs(misconf): Fix links to built in policies (#3841)
Update to version 0.38.3:
from 1.86.1 to 1.89.1
* fix(java): skip empty files for jar post analyzer
* fix(docker): build healthcheck command for line without
/bin/sh prefix
* refactor(license): use goyacc for license parser (#3824)
23.0.0-rc.1+incompatible to 23.0.1+incompatible
* fix: populate timeout context to node-collector
* fix: exclude node collector scanning (#3771)
* fix: display correct flag in error message when skipping
java db update #3808
* fix: disable jar analyzer for scanners other than vuln (#3810)
* fix(sbom): fix incompliant license format for spdx (#3335)
* fix(java): the project props take precedence over the
parent's props (#3320)
* docs: add canary build info to README.md (#3799)
* docs: adding link to gh token generation (#3784)
* docs: changing docs in accordance with #3460 (#3787)
Update to version 0.38.2:
* fix(license): disable jar analyzer for licence scan only (#3780)
* bump trivy-issue-action to v0.0.0; skip `pkg` dir (#3781)
* fix: skip checking dirs for required post-analyzers (#3773)
* docs: add information about plugin format (#3749)
* fix(sbom): add trivy version to spdx creators tool field (#3756)
Update to version 0.38.1:
* feat(misconf): Add support to show policy bundle version (#3743)
* fix(python): fix error with optional dependencies in pyproject.toml (#3741)
* add id for package.json files (#3750)
Update to version 0.38.0:
* fix(cli): pass integer to exit-on-eol (#3716)
* feat: add kubernetes pss compliance (#3498)
* feat: Adding --module-dir and --enable-modules (#3677)
* feat: add special IDs for filtering secrets (#3702)
* docs(misconf): Add guide on input schema (#3692)
* feat(go): support dependency graph and show only direct dependencies in the tree (#3691)
* feat: docker multi credential support (#3631)
* feat: summarize vulnerabilities in compliance reports (#3651)
* feat(python): parse pyproject.toml alongside poetry.lock (#3695)
* feat(python): add dependency tree for poetry lock file (#3665)
* fix(cyclonedx): incompliant affect ref (#3679)
* chore(helm): update skip-db-update environment variable (#3657)
* fix(spdx): change CreationInfo timestamp format RFC3336Nano to RFC3336 (#3675)
* fix(sbom): export empty dependencies in CycloneDX (#3664)
* docs: java-db air-gap doc tweaks (#3561)
* feat(go): license support (#3683)
* feat(ruby): add dependency tree/location support for Gemfile.lock (#3669)
* fix(k8s): k8s label size (#3678)
* fix(cyclondx): fix array empty value, null to [] (#3676)
* refactor: rewrite gomod analyzer as post-analyzer (#3674)
* feat: config outdated-api result filtered by k8s version (#3578)
* fix: Update to Alpine 3.17.2 (#3655)
* feat: add support for virtual files (#3654)
* feat: add post-analyzers (#3640)
* feat(python): add dependency locations for Pipfile.lock (#3614)
* fix(java): fix groupID selection by ArtifactID for jar files. (#3644)
* fix(aws): Adding a fix for update-cache flag that is not applied on AWS scans. (#3619)
* feat(cli): add command completion (#3061)
* docs(misconf): update dockerfile link (#3627)
* feat(flag): add exit-on-eosl option (#3423)
* fix(cli): make java db repository configurable (#3595)
* chore: bump trivy-kubernetes (#3613)
ModerateSUSE bug 1224781SUSE bug 1227022CVE-2023-42363 at SUSECVE-2023-42363 at NVDCVE-2024-35192 at SUSECVE-2024-35192 at NVDCVE-2024-6257 at SUSECVE-2024-6257 at NVDcpe:/o:opensuse:leap:15.5Security update for rust-bindgen. (Moderate)openSUSE Leap 15.5
rust-bindgen was updated to fix the following issues:
Update to version 0.70.1:
* Revert 'Only trigger the publish workflow manually'
* Fix `collapsible_match` clippy warning
* Add `#[clippy::allow]` attribute to `const` layout tests
* Fix creduce example
* Fix creduce install link
* Fix create-tag.yml
Update to version 0.70.0:
* Fix generation of extern 'C' blocks with llvm 18
* Update shlex dependency (RUSTSEC-2024-0006, boo#1229375)
* Try to avoid repr(packed) for explicitly aligned types when not needed
* Support Float16
* Fix alignment contribution from bitfields
* Replace peeking_take_while by itertools
* Add blocklist_var
* Stabilize thiscall_abi
* Allow older itertools
* Add target mappings for riscv64imac and riscv32imafc.
* Add a complex macro fallback API
* Add option to use DST structs for flexible arrays
* Add option to dynamically load variables
* Add option in CLI to use rustified non-exhaustive enums
* Remove which and lazy-static dependencies
* Generate compile-time layout tests
* Print bindgen-cli errors to stderr instead of stdout
* Fix --formatter=prettyplease not working in bindgen-cli by adding prettyplease feature and enabling it by default for bindgen-cli
* Fix --allowlist-item so anonymous enums are no longer ignored
* Use clang_getFileLocation instead of clang_getSpellingLocation to fix clang-trun
* Fix generated constants: f64::INFINITY, f64::NEG_ INFINITY,f64::NAN
* Update tempfile and rustix due to GHSA-c827-hfw6-qwvm (boo#1229376)
ModerateSUSE bug 1229375SUSE bug 1229376CVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:opensuse:leap:15.5Security update for cacti, cacti-spine (Important)openSUSE Leap 15.5
This update for cacti, cacti-spine fixes the following issues:
- cacti 1.2.27:
* CVE-2024-34340: Authentication Bypass when using using older password hashes (boo#1224240)
* CVE-2024-25641: RCE vulnerability when importing packages (boo#1224229)
* CVE-2024-31459: RCE vulnerability when plugins include files (boo#1224238)
* CVE-2024-31460: SQL Injection vulnerability when using tree rules through Automation API (boo#1224239)
* CVE-2024-29894: XSS vulnerability when using JavaScript based messaging API (boo#1224231)
* CVE-2024-31458: SQL Injection vulnerability when using form templates (boo#1224241)
* CVE-2024-31444: XSS vulnerability when reading tree rules with Automation API (boo#1224236)
* CVE-2024-31443: XSS vulnerability when managing data queries (boo#1224235)
* CVE-2024-31445: SQL Injection vulnerability when retrieving graphs using Automation API (boo#1224237)
* CVE-2024-27082: XSS vulnerability when managing trees (boo#1224230)
* Improve PHP 8.3 support
* When importing packages via command line, data source profile could not be selected
* When changing password, returning to previous page does not always work
* When using LDAP authentication the first time, warnings may appear in logs
* When editing/viewing devices, add IPv6 info to hostname tooltip
* Improve speed of polling when Boost is enabled
* Improve support for Half-Hour time zones
* When user session not found, device lists can be incorrectly returned
* On import, legacy templates may generate warnings
* Improve support for alternate locations of Ping
* Improve PHP 8.1 support for Installer
* Fix issues with number formatting
* Improve PHP 8.1 support when SpikeKill is run first time
* Improve PHP 8.1 support for SpikeKill
* When using Chinese to search for graphics, garbled characters appear.
* When importing templates, preview mode will not always load
* When remote poller is installed, MySQL TimeZone DB checks are not performed
* When Remote Poller installation completes, no finish button is shown
* Unauthorized agents should be recorded into logs
* Poller cache may not always update if hostname changes
* When using CMD poller, Failure and Recovery dates may have incorrect values
* Saving a Tree can cause the tree to become unpublished
* Web Basic Authentication does not record user logins
* When using Accent-based languages, translations may not work properly
* Fix automation expressions for device rules
* Improve PHP 8.1 Support during fresh install with boost
* Add a device 'enabled/disabled' indicator next to the graphs
* Notify the admin periodically when a remote data collector goes into heartbeat status
* Add template for Aruba Clearpass
* Add fliter/sort of Device Templates by Graph Templates
- cacti-spine 1.2.27:
* Restore AES Support
ImportantSUSE bug 1224229SUSE bug 1224230SUSE bug 1224231SUSE bug 1224235SUSE bug 1224236SUSE bug 1224237SUSE bug 1224238SUSE bug 1224239SUSE bug 1224240SUSE bug 1224241CVE-2024-25641 at SUSECVE-2024-25641 at NVDCVE-2024-27082 at SUSECVE-2024-27082 at NVDCVE-2024-29894 at SUSECVE-2024-29894 at NVDCVE-2024-31443 at SUSECVE-2024-31443 at NVDCVE-2024-31444 at SUSECVE-2024-31444 at NVDCVE-2024-31445 at SUSECVE-2024-31445 at NVDCVE-2024-31458 at SUSECVE-2024-31458 at NVDCVE-2024-31459 at SUSECVE-2024-31459 at NVDCVE-2024-31460 at SUSECVE-2024-31460 at NVDCVE-2024-34340 at SUSECVE-2024-34340 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 113.0.5230.32
* DNA-118250 Backport fix for CVE-2024-7971 from Chrome to
Opera 113
- Changes in 113.0.5230.31
* CHR-9819 Update Chromium on desktop-stable-127-5230 to
127.0.6533.120
* DNA-116113 Print window boxes have frames and text is not
vertically centered
* DNA-117467 Crash at static void views::Combobox::
PaintIconAndText(class gfx::Canvas*)
* DNA-117557 Fix detected dangling ptr in WorkspacesTabCycler
ControllerIndexInCycleOrderTest.IndexInCyclingOrder
* DNA-117721 [Lin] When I drag a tab out of the tab strip and
drop it, it is not possible to do so without creating a
new window.
* DNA-117854 Pinned tab takes whole tab strip
* DNA-117857 [Sync][Lost password] After profile error can’t add
passwords and sync can’t display synced passwords
* DNA-118215 Promote 113 to stable
- Complete Opera 113 changelog at:
https://blogs.opera.com/desktop/changelog-for-113
ImportantCVE-2024-7971 at SUSECVE-2024-7971 at NVDSecurity update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 128.0.6613.119 (released 2024-09-02) (boo#1230108)
* CVE-2024-8362: Use after free in WebAudio
* CVE-2024-7970: Out of bounds write in V8
ImportantSUSE bug 1230108CVE-2024-7970 at SUSECVE-2024-7970 at NVDCVE-2024-8362 at SUSECVE-2024-8362 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 128.0.6613.137 (released 2024-09-10) (boo#1230391)
* CVE-2024-8636: Heap buffer overflow in Skia
* CVE-2024-8637: Use after free in Media Router
* CVE-2024-8638: Type Confusion in V8
* CVE-2024-8639: Use after free in Autofill
ImportantSUSE bug 1230391CVE-2024-8636 at SUSECVE-2024-8636 at NVDCVE-2024-8637 at SUSECVE-2024-8637 at NVDCVE-2024-8638 at SUSECVE-2024-8638 at NVDCVE-2024-8639 at SUSECVE-2024-8639 at NVDcpe:/o:opensuse:leap:15.5Security update for htmldoc (Moderate)openSUSE Leap 15.5
This update for htmldoc fixes the following issues:
- CVE-2024-45508: Fixed an out-of-bounds write in parse_paragraph in ps-pdf.cxx because of an attempt to strip leading whitespace from a whitespace-only node [boo#1230022].
ModerateSUSE bug 1230022CVE-2024-45508 at SUSECVE-2024-45508 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-bad (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-bad fixes the following issues:
Adding references for already fixed vulnerability:
- CVE-2023-50186: Fixed heap-based buffer overflow in the AV1 codec parser (ZDI-CAN-22300, bsc#1218534, bsc#1223263)
- CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792).
- CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213).
- CVE-2023-44429: Fixed GStreamer AV1 Codec Parsing Heap-based Buffer Overflow (bsc#1217211).
ImportantSUSE bug 1215792SUSE bug 1217211SUSE bug 1217213SUSE bug 1218534SUSE bug 1223263CVE-2023-40475 at SUSECVE-2023-40475 at NVDCVE-2023-44429 at SUSECVE-2023-44429 at NVDCVE-2023-44446 at SUSECVE-2023-44446 at NVDCVE-2023-50186 at SUSECVE-2023-50186 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-bad, libvpl (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-bad, libvpl fixes the following issues:
- Dropped support for libmfx to fix the following CVEs:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
The libmfx dependency is replaced by libvpl.
ImportantSUSE bug 1218534SUSE bug 1219494SUSE bug 1223263SUSE bug 1226892SUSE bug 1226897SUSE bug 1226898SUSE bug 1226899SUSE bug 1226900SUSE bug 1226901CVE-2023-22656 at SUSECVE-2023-22656 at NVDCVE-2023-45221 at SUSECVE-2023-45221 at NVDCVE-2023-47169 at SUSECVE-2023-47169 at NVDCVE-2023-47282 at SUSECVE-2023-47282 at NVDCVE-2023-48368 at SUSECVE-2023-48368 at NVDCVE-2023-50186 at SUSECVE-2023-50186 at NVDcpe:/o:opensuse:leap:15.5Security update for cacti, cacti-spine (Important)openSUSE Leap 15.5
This update for cacti, cacti-spine fixes the following issues:
cacti-spine 1.2.26:
* Fix: Errors when uptime OID is not present
* Fix: MySQL reconnect option is depreciated
* Fix: Spine does not check a host with no poller items
* Fix: Poller may report the wrong number of devices polled
* Feature: Allow users to override the threads setting at the command line
* Feature: Allow spine to run in ping-only mode
cacti 1.2.26:
* CVE-2023-50250: XSS vulnerability when importing a template file (boo#1218380)
* CVE-2023-49084: RCE vulnerability when managing links (boo#1218360)
* CVE-2023-49085: SQL Injection vulnerability when managing poller devices (boo#1218378)
* CVE-2023-49086: XSS vulnerability when adding new devices (boo#1218366)
* CVE-2023-49088: XSS vulnerability when viewing data sources in debug mode (boo#1218379)
* CVE-2023-51448: SQL Injection vulnerability when managing SNMP Notification Receivers (boo#1218381)
* When viewing data sources, an undefined variable error may be seen
* Improvements for Poller Last Run Date
* Attempting to edit a Data Query that does not exist throws warnings and not an GUI error
* Improve PHP 8.1 support when adding devices
* Viewing Data Query Cache can cause errors to be logged
* Preserve option is not properly honoured when removing devices at command line
* Infinite recursion is possible during a database failure
* Monitoring Host CPU's does not always work on Windows endpoints
* Multi select drop down list box not rendered correctly in Chrome and Edge
* Selective Plugin Debugging may not always work as intended
* During upgrades, Plugins may be falsely reported as incompatible
* Plugin management at command line does not work with multiple plugins
* Improve PHP 8.1 support for incrementing only numbers
* Allow the renaming of guest and template accounts
* DS Stats issues warnings when the RRDfile has not been initialized
* When upgrading, missing data source profile can cause errors to be logged
* When deleting a single Data Source, purge historical debug data
* Improvements to form element warnings
* Some interface aliases do not appear correctly
* Aggregate graph does not show other percentiles
* Settings table updates for large values reverted by database repair
* When obtaining graph records, error messages may be recorded
* Unable to change a device's community at command line
* Increase timeout for RRDChecker
* When viewing a graph, option to edit template may lead to incorrect URL
* When upgrading, failures may occur due to missing color table keys
* On installation, allow a more appropriate template to be used as the default
* When data input parameters are allowed to be null, allow null
* CSV Exports may not always output data correctly
* When debugging a graph, long CDEF's can cause undesirable scrolling
* Secondary LDAP server not evaluated when the first one has failed
* When adding a device, using the bulk walk option can make version information appear
* When parsing a Data Query resource, an error can be reported if no direction is specified
* Database reconnection can cause errors to be reported incorrectly
* fix returned value if $sau is empty
* Add Aruba switch, Aruba controller and HPE iLO templates
* Add OSCX 6x00 templates
ImportantSUSE bug 1218360SUSE bug 1218366SUSE bug 1218378SUSE bug 1218379SUSE bug 1218380SUSE bug 1218381CVE-2023-49084 at SUSECVE-2023-49084 at NVDCVE-2023-49085 at SUSECVE-2023-49085 at NVDCVE-2023-49086 at SUSECVE-2023-49086 at NVDCVE-2023-49088 at SUSECVE-2023-49088 at NVDCVE-2023-50250 at SUSECVE-2023-50250 at NVDCVE-2023-51448 at SUSECVE-2023-51448 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 129.0.6668.58 (stable released 2024-09-17)
(boo#1230678)
* CVE-2024-8904: Type Confusion in V8
* CVE-2024-8905: Inappropriate implementation in V8
* CVE-2024-8906: Incorrect security UI in Downloads
* CVE-2024-8907: Insufficient data validation in Omnibox
* CVE-2024-8908: Inappropriate implementation in Autofill
* CVE-2024-8909: Inappropriate implementation in UI
ImportantSUSE bug 1230678CVE-2024-8904 at SUSECVE-2024-8904 at NVDCVE-2024-8905 at SUSECVE-2024-8905 at NVDCVE-2024-8906 at SUSECVE-2024-8906 at NVDCVE-2024-8907 at SUSECVE-2024-8907 at NVDCVE-2024-8908 at SUSECVE-2024-8908 at NVDCVE-2024-8909 at SUSECVE-2024-8909 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 129.0.6668.70 (stable released 2024-09-24) (boo#1230964)
* CVE-2024-9120: Use after free in Dawn
* CVE-2024-9121: Inappropriate implementation in V8
* CVE-2024-9122: Type Confusion in V8
* CVE-2024-9123: Integer overflow in Skia
ImportantSUSE bug 1230964CVE-2024-9120 at SUSECVE-2024-9120 at NVDCVE-2024-9121 at SUSECVE-2024-9121 at NVDCVE-2024-9122 at SUSECVE-2024-9122 at NVDCVE-2024-9123 at SUSECVE-2024-9123 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
Opera was updated to 114.0.5282.21
* CHR-9843 Update Chromium on desktop-stable-128-5282 to
128.0.6613.138
* DNA-118381 Corrupted extension should be repaired
automatically
* DNA-118423 Crash on exit at opera::VideoPopoutDetachController
::OnTabStripModelChanged
* DNA-118480 Crash when closing tab from island's tooltip with
double-click on X button
* DNA-118586 Translations for O114
* DNA-118605 [Beta 114] [WinLin] Saved bookmarks have hover
effect on the bookmarks bar
* DNA-118736 Crash at opera::SyncLoginHelper::GetMenuItemString
after clicking 'O' menu
* DNA-118822 Promote 114 to stable
- Complete Opera 114 changelog at:
https://blogs.opera.com/desktop/changelog-for-114
- The update to chromium 128.0.6613.138 fixes following issues:
CVE-2024-8636, CVE-2024-8637, CVE-2024-8638, CVE-2024-8639
- Update to 113.0.5230.132
* DNA-117554 Checkboxes in Sidebar setup are not visible in
light theme
* DNA-117952 Crash at opera::component_based::ComponentTabBar::
~ComponentTabBar
* DNA-118311 When pinning a tab from a tab island, it pins
'separately' from other pinned tabs
* DNA-118661 Crash at opera::component_based::ComponentTabGroup
::~ComponentTabGroup
* DNA-118688 Crash when opening o-menu with logged in anonymous
hidden account
* DNA-118732 IsLoggedIn should return false for unset type
* DNA-118736 Crash at opera::SyncLoginHelper::GetMenuItemString
after clicking 'O' menu
* DNA-118782 Enable calling Aria via API by clicking on
masthead banner
* DNA-118796 Crash at blink::DocumentRulePredicate::
Parse(blink::JSONObject*, blink::KURL const&, blink::
ExecutionContext*, blink::ExceptionState&, WTF::String*)
- Update to 113.0.5230.86
* DNA-115191 BookmarkModelMerger::Merge() blocks UI thread on
sync start
* DNA-117744 Missing downloads in easy files window when image
copied to clipboard
* DNA-118016 Event of enabling/disabling extension
- Changes in 113.0.5230.62
* DNA-118382 Crash at (anonymous namespace)::ProfileErrorCallback
- Update to 113.0.5230.47
* DNA-115901 Crash when canceling drag and drop tab between
windows
* DNA-118200 Crash at
opera::flow::FlowSessionImpl::GetPairingUrl
* DNA-118271 Miniplayer shows only icons to stop, play next or
previous song
* DNA-118297 Crash at views::Widget::GetWindowBoundsInScreen
* DNA-118300 [startpage] click on link with target = blank opens
page without visible tab
ImportantCVE-2024-8636 at SUSECVE-2024-8636 at NVDCVE-2024-8637 at SUSECVE-2024-8637 at NVDCVE-2024-8638 at SUSECVE-2024-8638 at NVDCVE-2024-8639 at SUSECVE-2024-8639 at NVDSecurity update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 129.0.6668.89 (stable released 2024-09-24)
(boo#1231232)
* CVE-2024-7025: Integer overflow in Layout
* CVE-2024-9369: Insufficient data validation in Mojo
* CVE-2024-9370: Inappropriate implementation in V8
ImportantSUSE bug 1231232CVE-2024-7025 at SUSECVE-2024-7025 at NVDCVE-2024-9369 at SUSECVE-2024-9369 at NVDCVE-2024-9370 at SUSECVE-2024-9370 at NVDcpe:/o:opensuse:leap:15.5Security update for roundcubemail (Moderate)openSUSE Leap 15.5
This update for roundcubemail fixes the following issues:
Update to 1.6.8
This is a security update to the stable version 1.6 of Roundcube Webmail.
It provides fixes to recently reported security vulnerabilities:
* Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
CHANGELOG
* Managesieve: Protect special scripts in managesieve_kolab_master mode
* Fix newmail_notifier notification focus in Chrome (#9467)
* Fix fatal error when parsing some TNEF attachments (#9462)
* Fix double scrollbar when composing a mail with many plain text lines (#7760)
* Fix decoding mail parts with multiple base64-encoded text blocks (#9290)
* Fix bug where some messages could get malformed in an import from a MBOX file (#9510)
* Fix invalid line break characters in multi-line text in Sieve scripts (#9543)
* Fix bug where 'with attachment' filter could fail on some fts engines (#9514)
* Fix bug where an unhandled exception was caused by an invalid image attachment (#9475)
* Fix bug where a long subject title could not be displayed in some cases (#9416)
* Fix infinite loop when parsing malformed Sieve script (#9562)
* Fix bug where imap_conn_option's 'socket' was ignored (#9566)
* Fix XSS vulnerability in post-processing of sanitized HTML content [CVE-2024-42009]
* Fix XSS vulnerability in serving of attachments other than HTML or SVG [CVE-2024-42008]
* Fix information leak (access to remote content) via insufficient CSS filtering [CVE-2024-42010]
ModerateSUSE bug 1228900SUSE bug 1228901CVE-2024-42008 at SUSECVE-2024-42008 at NVDCVE-2024-42009 at SUSECVE-2024-42009 at NVDCVE-2024-42010 at SUSECVE-2024-42010 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
Update to 106.0.4998.52
* CHR-9580 Update Chromium on desktop-stable-120-4998 to 120.0.6099.234
* DNA-113175 Can not merge folders on start page
* DNA-113341 Implement 'special' menus
* DNA-113811 Removing icons in sidepanel heading
* DNA-114059 [Move to context menu] Workspaces icons always displayed in 1 line
* DNA-114361 'Move to workspace' submenu shows icons vertically
* The update to chromium 120.0.6099.234 fixes following issues:
CVE-2024-0517, CVE-2024-0518, CVE-2024-0519
ImportantCVE-2024-0517 at SUSECVE-2024-0517 at NVDCVE-2024-0518 at SUSECVE-2024-0518 at NVDCVE-2024-0519 at SUSECVE-2024-0519 at NVDSecurity update for ntpd-rs (Moderate)openSUSE Leap 15.5
This update for ntpd-rs fixes the following issues:
- Introducing ntpd-rs version 1.2.3.
ModerateCVE-2024-38528 at SUSECVE-2024-38528 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 129.0.6668.100 (boo#1231420)
* CVE-2024-9602: Type Confusion in V8
* CVE-2024-9603: Type Confusion in V8
ImportantSUSE bug 1231420CVE-2024-9602 at SUSECVE-2024-9602 at NVDCVE-2024-9603 at SUSECVE-2024-9603 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 130.0.6723.58 (boo#1231694)
* CVE-2024-9954: Use after free in AI
* CVE-2024-9955: Use after free in Web Authentication
* CVE-2024-9956: Inappropriate implementation in Web Authentication
* CVE-2024-9957: Use after free in UI
* CVE-2024-9958: Inappropriate implementation in PictureInPicture
* CVE-2024-9959: Use after free in DevTools
* CVE-2024-9960: Use after free in Dawn
* CVE-2024-9961: Use after free in Parcel Tracking
* CVE-2024-9962: Inappropriate implementation in Permissions
* CVE-2024-9963: Insufficient data validation in Downloads
* CVE-2024-9964: Inappropriate implementation in Payments
* CVE-2024-9965: Insufficient data validation in DevTools
* CVE-2024-9966: Inappropriate implementation in Navigations
ImportantSUSE bug 1231694CVE-2024-9954 at SUSECVE-2024-9954 at NVDCVE-2024-9955 at SUSECVE-2024-9955 at NVDCVE-2024-9956 at SUSECVE-2024-9956 at NVDCVE-2024-9957 at SUSECVE-2024-9957 at NVDCVE-2024-9958 at SUSECVE-2024-9958 at NVDCVE-2024-9959 at SUSECVE-2024-9959 at NVDCVE-2024-9960 at SUSECVE-2024-9960 at NVDCVE-2024-9961 at SUSECVE-2024-9961 at NVDCVE-2024-9962 at SUSECVE-2024-9962 at NVDCVE-2024-9963 at SUSECVE-2024-9963 at NVDCVE-2024-9964 at SUSECVE-2024-9964 at NVDCVE-2024-9965 at SUSECVE-2024-9965 at NVDCVE-2024-9966 at SUSECVE-2024-9966 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 130.0.6723.69 (boo#1232060)
* CVE-2024-10229: Inappropriate implementation in Extensions
* CVE-2024-10230: Type Confusion in V8
* CVE-2024-10231: Type Confusion in V8
ImportantSUSE bug 1232060CVE-2024-10229 at SUSECVE-2024-10229 at NVDCVE-2024-10230 at SUSECVE-2024-10230 at NVDCVE-2024-10231 at SUSECVE-2024-10231 at NVDcpe:/o:opensuse:leap:15.5Security update for lxc (Moderate)openSUSE Leap 15.5
This update for lxc fixes the following issues:
lxc was updated to 6.0.2:
The LXC team is pleased to announce the release of LXC 6.0.2!
This is the second bugfix release for LXC 6.0 which is supported
until June 2029.
As usual this bugfix releases focus on stability and hardening.
* Some of the highlights for this release are:
- Reduced log level on some common messages
- Fix compilation error on aarch64
* Detailed changelog
- Remove unused function
- idmap: Lower logging level of newXidmap tools to INFO
- Exit 0 when there's no error
- doc: Fix definitions of get_config_path and set_config_path
- README: Update security contact
- fix possible clang compile error in AARCH
Update to 6.0.1:
The LXC team is pleased to announce the release of LXC 6.0.1!
This is the first bugfix release for LXC 6.0 which is supported
until June 2029.
As usual this bugfix releases focus on stability and hardening.
* Highlights
- Fixed some build tooling issues
- Fixed startup failures on system without IPv6 support
- Updated AppArmor rules to avoid potential warnings
Update to 6.0.0:
The LXC team is pleased to announce the release of LXC 6.0 LTS!
This is the result of two years of work since the LXC 5.0 release
and is the sixth LTS release for the LXC project. This release
will be supported until June 2029.
* New multi-call binary?
A new tools-multicall=true configuration option can be used to
produce a single lxc binary which can then have all other
lxc-XYZ commands be symlinked to.
This allows for a massive disk space reduction, particularly
useful for embedded platforms.
* Add a set_timeout function to the library
A new set_timeout function is available on the main
lxc_container struct and allow for setting a global timeout for
interactions with the LXC monitor.
Prior to this, there was no timeout, leading to potential
deadlocks as there's also no way to cancel an monitor request.
As a result of adding this new symbol to the library, we have
bumped the liblxc symbol version to 1.8.0.
* LXC bridge now has IPV6 enabled
The default lxcbr0 bridge now comes with IPv6 enabled by
default, using an IPv6 ULA subnet.
Support for uid/gid selection in lxc-usernsexec
The lxc-usernsexec tool now has both -u and -g options to
control what resulting UID and GID (respectively) the user
wishes to use (defaulting to 0/0).
* Improvements to lxc-checkconfig
lxc-checkconfig now only shows the version if lxc-start is
present (rather than failing).
Additionally, it's seen a number of other cosmetic improvements
as well as now listing the maximum number of allowed namespaces
for every namespace type.
* Support for squashfs OCI images
The built-in oci container template can now handle squashfs
compressed OCI images through the use of atomfs.
* Switched from systemd's dbus to dbus-1
LXC now uses libdbus-1 for DBus interactions with systemd
rather than using libsystemd.
The reason for this change is that libdbus-1 is readily
available for static builds.
* Removed Upstart support
Support for the Upstart init system has finally been removed
from LXC.
This shouldn't really affect anyone at this stage and allowed
for cleaning up some logic and config files from our
repository.
ModerateSUSE bug 1204842SUSE bug 1206779CVE-2022-47952 at SUSECVE-2022-47952 at NVDcpe:/o:opensuse:leap:15.5Security update for Botan (Moderate)openSUSE Leap 15.5
This update for Botan fixes the following issues:
- Fixed CVE-2024-50382, CVE-2024-50383 - various compiler-induced side channel in GHASH when certain LLVM/GCC versions are used to compile Botan.
ModerateSUSE bug 1232296SUSE bug 1232297SUSE bug 1232300SUSE bug 1232301CVE-2024-50382 at SUSECVE-2024-50382 at NVDCVE-2024-50383 at SUSECVE-2024-50383 at NVDcpe:/o:opensuse:leap:15.5Security update for xsd (Moderate)openSUSE Leap 15.5
This update for xsd fixes the following issues:
- CVE-2024-50602: Fixed libexpat DoS via XML_ResumeParser in xsd (boo#1232580)
ModerateSUSE bug 1232580CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:opensuse:leap:15.5Security update for mosquitto (Important)openSUSE Leap 15.5
This update for mosquitto fixes the following issues:
- Update to latest release to address the following security
issues:
* CVE-2024-3935 (boo#1232635)
* CVE-2024-10525 (boo#1232636)
Update to version 2.0.20
Broker:
- Fix QoS 1 / QoS 2 publish incorrectly returning
'no subscribers'.
- Don't allow invalid response topic values.
- Fix some strict protocol compliance issues.
Update to version 2.0.19
Security:
* Fix mismatched subscribe/unsubscribe with normal/shared topics.
* Fix crash on bridge using remapped topic being sent a crafted
packet.
Broker:
* Fix assert failure when loading a persistence file that
contains subscriptions with no client id.
* Fix local bridges being incorrectly expired when
persistent_client_expiration is in use.
* Fix use of CLOCK_BOOTTIME for getting time.
* Fix mismatched subscribe/unsubscribe with normal/shared topics.
* Fix crash on bridge using remapped topic being sent a crafted
packet.
Client library:
* Fix some error codes being converted to string as 'unknown'.
* Clear SSL error state to avoid spurious error reporting.
* Fix 'payload format invalid' not being allowed as a PUBREC
reason code.
* Don't allow SUBACK with missing reason codes.
Update to 2.0.18 (boo#1214918, CVE-2023-28366, boo#1215865,
CVE-2023-0809, boo#1215864, CVE-2023-3592):
* Fix crash on subscribe under certain unlikely conditions.
* Fix mosquitto_rr not honouring `-R`. Closes #2893.
* Fix `max_queued_messages 0` stopping clients from receiving
messages.
* Fix `max_inflight_messages` not being set correctly.
* Fix `mosquitto_passwd -U` backup file creation.
* CVE-2023-28366: Fix memory leak in broker when clients send
multiple QoS 2 messages with the same message ID, but then
never respond to the PUBREC commands.
* CVE-2023-0809: Fix excessive memory being allocated based on
malicious initial packets that are not CONNECT packets.
* CVE-2023-3592: Fix memory leak when clients send v5 CONNECT
packets with a will message that contains invalid property
types.
* Broker will now reject Will messages that attempt to publish
to $CONTROL/.
* Broker now validates usernames provided in a TLS certificate
or TLS-PSK identity are valid UTF-8.
* Fix potential crash when loading invalid persistence file.
* Library will no longer allow single level wildcard
certificates, e.g. *.com
* Fix $SYS messages being expired after 60 seconds and hence
unchanged values disappearing.
* Fix some retained topic memory not being cleared immediately
after used.
* Fix error handling related to the `bind_interface` option.
* Fix std* files not being redirected when daemonising, when
built with assertions removed.
* Fix default settings incorrectly allowing TLS v1.1.
* Use line buffered mode for stdout.
* Fix bridges with non-matching cleansession/local_cleansession
being expired on start after restoring from persistence
* Fix connections being limited to 2048 on Windows. The limit
is now 8192, where supported.
* Broker will log warnings if sensitive files are world
readable/writable, or if the owner/group is not the same as
the user/group the broker is running as. In future versions
the broker will refuse to open these files.
* mosquitto_memcmp_const is now more constant time.
* Only register with DLT if DLT logging is enabled.
* Fix any possible case where a json string might be
incorrectly loaded. This could have caused a crash if a
textname or textdescription field of a role was not a string,
when loading the dynsec config from file only.
* Dynsec plugin will not allow duplicate clients/groups/roles
when loading config from file, which matches the behaviour
for when creating them.
* Fix heap overflow when reading corrupt config with 'log_dest
file'.
* Use CLOCK_BOOTTIME when available, to keep track of time.
This solves the problem of the client OS sleeping and the
client hence not being able to calculate the actual time for
keepalive purposes.
* Fix default settings incorrectly allowing TLS v1.1. Closes
* Fix high CPU use on slow TLS connect.
* Fix incorrect topic-alias property value in mosquitto_sub
json output.
* Fix confusing message on TLS certificate verification.
* mosquitto_passwd uses mkstemp() for backup files.
* `mosquitto_ctrl dynsec init` will refuse to overwrite an
existing file, without a race-condition.
Update to 2.0.15:
* Deleting the group configured as the anonymous group in the Dynamic Security
plugin, would leave a dangling pointer that could lead to a single crash.
This is considered a minor issue - only administrative users should have
access to dynsec, the impact on availability is one-off, and there is no
associated loss of data. It is now forbidden to delete the group configured
as the anonymous group.
* Fix memory leak when a plugin modifies the topic of a message in
MOSQ_EVT_MESSAGE.
* Fix bridge `restart_timeout` not being honoured.
* Fix potential memory leaks if a plugin modifies the message in the
MOSQ_EVT_MESSAGE event.
* Fix unused flags in CONNECT command being forced to be 0, which is not
required for MQTT v3.1. Closes #2522.
* Improve documentation of `persistent_client_expiration` option.
Closes #2404.
* Add clients to session expiry check list when restarting and reloading from
persistence. Closes #2546.
* Fix bridges not sending failure notification messages to the local broker if
the remote bridge connection fails. Closes #2467. Closes #1488.
* Fix some PUBLISH messages not being counted in $SYS stats. Closes #2448.
* Fix incorrect return code being sent in DISCONNECT when a client session is
taken over. Closes #2607.
* Fix confusing 'out of memory' error when a client is kicked in the dynamic
security plugin. Closes #2525.
* Fix confusing error message when dynamic security config file was a
directory. Closes #2520.
* Fix bridge queued messages not being persisted when local_cleansession is
set to false and cleansession is set to true. Closes #2604.
* Dynamic security: Fix modifyClient and modifyGroup commands to not modify
the client/group if a new group/client being added is not valid.
* Dynamic security: Fix the plugin being able to be loaded twice. Currently
only a single plugin can interact with a unique $CONTROL topic. Using
multiple instances of the plugin would produce duplicate entries in the
config file. Closes #2601. Closes #2470.
* Fix case where expired messages were causing queued messages not to be
delivered. Closes #2609.
* Fix websockets not passing on the X-Forwarded-For header.
* Fix use of `MOSQ_OPT_TLS_ENGINE` being unable to be used due to the openssl
ctx not being initialised until starting to connect. Closes #2537.
* Fix incorrect use of SSL_connect. Closes #2594.
* Don't set SIGPIPE to ignore, use MSG_NOSIGNAL instead. Closes #2564.
* Add documentation of struct mosquitto_message to header. Closes #2561.
* Fix documentation omission around mosquitto_reinitialise. Closes #2489.
* Fix use of MOSQ_OPT_SSL_CTX when used in conjunction with
MOSQ_OPT_SSL_CTX_DEFAULTS. Closes #2463.
* Fix failure to close thread in some situations. Closes #2545.
* Fix mosquitto_pub incorrectly reusing topic aliases when reconnecting.
* Fix `-o` not working in `mosquitto_ctrl`, and typo in related documentation.
Update to version 2.0.14:
Broker:
* Fix bridge not respecting receive-maximum when reconnecting
with MQTT v5.
Client library:
* Fix mosquitto_topic_matches_sub2() not using the length
parameters.
* Fix incorrect subscribe_callback in mosquittopp.h.
Update to version 2.0.13:
Broker:
* Fix `max_keepalive` option not being able to be set to 0.
* Fix LWT messages not being delivered if `per_listener_settings`
was set to true.
* Various fixes around inflight quota management.
* Fix problem parsing config files with Windows line endings.
* Don't send retained messages when a shared subscription is made
* Fix client id not showing in log on failed connections, where
possible.
* Fix broker sending duplicate CONNACK on failed MQTT v5
reauthentication.
* Fix mosquitto_plugin.h not including mosquitto_broker.h.
Client library:
* Initialise sockpairR/W to invalid in `mosquitto_reinitialise()`
to avoid closing invalid sockets in `mosquitto_destroy()` on
error.
Clients:
- Fix date format in mosquitto_sub output.
- Update to version 2.0.12
* Includes security fixes for
CVE-2021-34434 (boo#1190048) and CVE-2020-13849 (boo#1190101)
Security :
* An MQTT v5 client connecting with a large number of
user-property properties could cause excessive CPU usage,
leading to a loss of performance and possible denial of
service. This has been fixed.
* Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
connections. These clients are now rejected if their keepalive
value exceeds max_keepalive. This option allows CVE-2020-13849,
which is for the MQTT v3.1.1 protocol itself rather than an
implementation, to be addressed.
* Using certain listener related configuration options e.g.
`cafile`, that apply to the default listener without defining
any listener would cause a remotely accessible listener to be
opened that was not confined to the local machine but did have
anonymous access enabled, contrary to the documentation.
This has been fixed. Closes #2283.
* CVE-2021-34434: If a plugin had granted ACL subscription access
to a durable/non-clean-session client, then removed that
access,the client would keep its existing subscription. This
has been fixed.
* Incoming QoS 2 messages that had not completed the QoS flow
were not being checked for ACL access when a clean
session=False client was reconnecting. This has been fixed.
Broker:
* Fix possible out of bounds memory reads when reading a
corrupt/crafted configuration file. Unless your configuration
file is writable by untrusted users this is not a risk.
* Fix `max_connections` option not being correctly counted.
* Fix TLS certificates and TLS-PSK not being able to be
configured at the same time.
* Disable TLS v1.3 when using TLS-PSK, because it isn't correctly
configured.
* Fix `max_keepalive` not applying to MQTT v3.1.1 and v3.1
connections. These clients are now rejected if their keepalive
value exceeds max_keepalive.
* Fix broker not quiting if e.g. the `password_file` is specified
as a directory. Closes #2241.
* Fix listener mount_point not being removed on outgoing messages.
* Strict protocol compliance fixes, plus test suite.
* Fix $share subscriptions not being recovered for durable
clients that reconnect.
* Update plugin configuration documentation. Closes #2286.
Client library:
* If a client uses TLS-PSK then force the default cipher list to
use 'PSK' ciphers only. This means that a client connecting to
a broker configured with x509 certificates only will now fail.
Prior to this, the client would connect successfully without#
verifying certificates, because they were not configured.
* Disable TLS v1.3 when using TLS-PSK, because it isn't correctly
configured.
* Threaded mode is deconfigured when the mosquitto_loop_start()
thread ends, which allows mosquitto_loop_start() to be called
again.
* Fix MOSQ_OPT_SSL_CTX not being able to be set to NULL.
* Fix reconnecting failing when MOSQ_OPT_TLS_USE_OS_CERTS was in
use, but none of capath, cafile, psk, nor MOSQ_OPT_SSL_CTX were
set, and MOSQ_OPT_SSL_CTX_WITH_DEFAULTS was set to the default
value of true.
Apps:
* Fix `mosquitto_ctrl dynsec setDefaultACLAccess` command not
working.
Clients:
* Document TLS certificate behaviour when using `-p 8883`.
Build:
* Fix installation using WITH_TLS=no. Closes #2281.
* Fix builds with libressl 3.4.0. Closes #2198.
* Remove some unnecessary code guards related to libressl.
* Fix printf format build warning on MIPS. Closes #2271.
Update to version 2.0.11:
Security:
* If a MQTT v5 client connects with a crafted CONNECT packet a
memory leak will occur. This has been fixed.
Broker:
* Fix possible crash having just upgraded from 1.6 if
`per_listener_settings true` is set, and a SIGHUP is sent to
the broker before a client has reconnected to the broker.
* Fix bridge not reconnectng if the first reconnection attempt
fails.
* Improve QoS 0 outgoing packet queueing.
* Fix QoS 0 messages not being queued when `queue_qos0_messages`
was enabled.
Clients:
* If sending mosquitto_sub output to a pipe, mosquitto_sub will
now detect that the pipe has closed and disconnect.
* Fix `mosquitto_pub -l` quitting if a message publication is
attempted when the broker is temporarily unavailable.
ImportantSUSE bug 1181400SUSE bug 1190048SUSE bug 1190101SUSE bug 1214918SUSE bug 1215864SUSE bug 1215865SUSE bug 1232635SUSE bug 1232636CVE-2020-13849 at SUSECVE-2020-13849 at NVDCVE-2021-34434 at SUSECVE-2021-34434 at NVDCVE-2023-0809 at SUSECVE-2023-0809 at NVDCVE-2023-28366 at SUSECVE-2023-28366 at NVDCVE-2023-3592 at SUSECVE-2023-3592 at NVDCVE-2024-10525 at SUSECVE-2024-10525 at NVDCVE-2024-3935 at SUSECVE-2024-3935 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Update to version 130.0.6723.91 (boo#1232566):
- CVE-2024-10487: Out of bounds write in Dawn
- CVE-2024-10488: Use after free in WebRTC
ImportantSUSE bug 1232566CVE-2024-10487 at SUSECVE-2024-10487 at NVDCVE-2024-10488 at SUSECVE-2024-10488 at NVDcpe:/o:opensuse:leap:15.5Security update for htmldoc (Important)openSUSE Leap 15.5
This update for htmldoc fixes the following issues:
- CVE-2024-46478: Fixed a buffer overflow when handling tabs through the parse_pre function (boo#1232380).
ImportantSUSE bug 1232380CVE-2024-46478 at SUSECVE-2024-46478 at NVDcpe:/o:opensuse:leap:15.5Security update for python-mysql-connector-python (Important)openSUSE Leap 15.5
This update for python-mysql-connector-python fixes the following issues:
- Update to 9.1.0 (boo#1231740, CVE-2024-21272)
- WL#16452: Bundle all installable authentication plugins when building the C-extension
- WL#16444: Drop build support for DEB packages
- WL#16442: Upgrade gssapi version to 1.8.3
- WL#16411: Improve wheel metadata information for Classic and XDevAPI connectors
- WL#16341: OpenID Connect (Oauth2 - JWT) Authentication Support
- WL#16307: Remove Python 3.8 support
- WL#16306: Add support for Python 3.13
- BUG#37055435: Connection fails during the TLS negotiation when specifying TLSv1.3 ciphers
- BUG#37013057: mysql-connector-python Parameterized query SQL injection
- BUG#36765200: python mysql connector 8.3.0 raise %-.100s:%u when input a wrong host
- BUG#36577957: Update charset/collation description indicate this is 16 bits
- 9.0.0:
- WL#16350: Update dnspython version
- WL#16318: Deprecate Cursors Prepared Raw and Named Tuple
- WL#16284: Update the Python Protobuf version
- WL#16283: Remove OpenTelemetry Bundled Installation
- BUG#36664998: Packets out of order error is raised while changing user in aio
- BUG#36611371: Update dnspython required versions to allow latest 2.6.1
- BUG#36570707: Collation set on connect using C-Extension is ignored
- BUG#36476195: Incorrect escaping in pure Python mode if sql_mode includes NO_BACKSLASH_ESCAPES
- BUG#36289767: MySQLCursorBufferedRaw does not skip conversion
- 8.4.0
- WL#16203: GPL License Exception Update
- WL#16173: Update allowed cipher and cipher-suite lists
- WL#16164: Implement support for new vector data type
- WL#16127: Remove the FIDO authentication mechanism
- WL#16053: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for C-extension
- BUG#36227964: Improve OpenTelemetry span coverage
- BUG#36167880: Massive memory leak mysqlx native Protobuf adding to collection
- 8.3.0
- WL#16015: Remove use of removed COM_ commands
- WL#15985: Support GSSAPI/Kerberos authentication on Windows using authentication_ldap_sasl_client plug-in for Pure Python
- WL#15983: Stop using mysql_ssl_set api
- WL#15982: Remove use of mysql_shutdown
- WL#15950: Support query parameters for prepared statements
- WL#15942: Improve type hints and standardize byte type handling
- WL#15836: Split mysql and mysqlx into different packages
- WL#15523: Support Python DB API asynchronous execution
- BUG#35912790: Binary strings are converted when using prepared statements
- BUG#35832148: Fix Django timezone.utc deprecation warning
- BUG#35710145: Bad MySQLCursor.statement and result when query text contains code comments
- BUG#21390859: STATEMENTS GET OUT OF SYNCH WITH RESULT SETS
ImportantSUSE bug 1231740CVE-2024-21272 at SUSECVE-2024-21272 at NVDcpe:/o:opensuse:leap:15.5Security update for python-jupyterlab (Moderate)openSUSE Leap 15.5
This update for python-jupyterlab fixes the following issues:
- Build the full pacakge with the javascript dependencies as a new
source in vendor.tar.gz.
- CVE-2024-43805: Fixed data access via malicious Markdown due to HTML injection leading to DOM clobbering (boo#1229914)
ModerateSUSE bug 1229914CVE-2024-43805 at SUSECVE-2024-43805 at NVDcpe:/o:opensuse:leap:15.5Security update for kmail-account-wizard (Moderate)openSUSE Leap 15.5
This update for kmail-account-wizard fixes the following issues:
- CVE-2024-50624: Fixed that plaintext HTTP was used for URLs when retrieving configuration files (boo#1232454, kde#487882)
ModerateSUSE bug 1232454CVE-2024-50624 at SUSECVE-2024-50624 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 130.0.6723.116 (boo#1232843)
- CVE-2024-10826: Use after free in Family Experiences
- CVE-2024-10827: Use after free in Serial
ImportantSUSE bug 1232843CVE-2024-10826 at SUSECVE-2024-10826 at NVDCVE-2024-10827 at SUSECVE-2024-10827 at NVDcpe:/o:opensuse:leap:15.5Security update for tinyssh (Moderate)openSUSE Leap 15.5
This update for tinyssh fixes the following issues:
tinyssh was updated to 20240101 (boo#1218197, CVE-2023-48795):
* fixed channel_forkpty() race condition between close(slave)
in parent process and login_tty(slave) in child process
* fixed behavior when using terminal mode and stdin redirected
to /dev/null 'ssh -tt -n'
* added an 'strict-key' key exchange kex-strict-
s-v00@openssh.com (Mitigates CVE-2023-48795 'Terrapin
attack')
ModerateSUSE bug 1218197CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for python-PyPDF2 (Moderate)openSUSE Leap 15.5
This update for python-PyPDF2 fixes the following issues:
- CVE-2022-24859: Fixed infinite loop vulnerability (boo#1198588)
ModerateSUSE bug 1198588CVE-2022-24859 at SUSECVE-2022-24859 at NVDcpe:/o:opensuse:leap:15.5Security update for mbedtls (Moderate)openSUSE Leap 15.5
This update for mbedtls fixes the following issues:
- Update to version 2.28.7:
- Resolves CVE-2024-23170 boo#1219336
- Update to 2.28.6:
Changes:
* Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
license. Users may choose which license they take the code under.
- Update to 2.28.5:
Features:
* The documentation of mbedtls_ecp_group now describes the optimized
representation of A for some curves. Fixes gh#Mbed-TLS/mbedtls#8045.
Security:
* Developers using mbedtls_pkcs5_pbes2() or mbedtls_pkcs12_pbe() should
review the size of the output buffer passed to this function, and note that
the output after decryption may include CBC padding. Consider moving to the
new functions mbedtls_pkcs5_pbes2_ext() or mbedtls_pkcs12_pbe_ext() which
checks for overflow of the output buffer and reports the actual length of
the output.
* Improve padding calculations in CBC decryption, NIST key unwrapping and
RSA OAEP decryption. With the previous implementation, some compilers
(notably recent versions of Clang and IAR) could produce non-constant time
code, which could allow a padding oracle attack if the attacker has access
to precise timing measurements.
* Fix a buffer overread when parsing short TLS application data records in
ARC4 or null-cipher cipher suites. Credit to OSS-Fuzz.
Bugfix:
* Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
using ECC key. The certificate was rejected by some crypto frameworks.
Fixes gh#Mbed-TLS/mbedtls#2924.
* Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
signature can silently return an incorrect result in low memory conditions.
* Fix IAR compiler warnings. Fixes gh#Mbed-TLS/mbedtls#7873,
gh#Mbed-TLS/mbedtls#4300.
* Fix an issue when parsing an otherName subject alternative name into a
mbedtls_x509_san_other_name struct. The type-id of the otherName was not
copied to the struct. This meant that the struct had incomplete information
about the otherName SAN and contained uninitialized memory.
* Fix the detection of HardwareModuleName otherName SANs. These were being
detected by comparing the wrong field and the check was erroneously
inverted.
* Fix an error when MBEDTLS_ECDSA_SIGN_ALT is defined but not
MBEDTLS_ECDSA_VERIFY_ALT, causing ecdsa verify to fail. Fixes
gh#Mbed-TLS/mbedtls#7498. Functions in the ssl_cache module now return a
negative MBEDTLS_ERR_xxx error code on failure. Before, they returned 1 to
indicate failure in some cases involving a missing entry or a full cache.
Changes:
* In configurations with ARIA or Camellia but not AES, the value of
MBEDTLS_CIPHER_BLKSIZE_MAX was 8, rather than 16 as the name might suggest.
This did not affect any library code, because this macro was only used in
relation with CMAC which does not support these ciphers. Its value is now
16 if ARIA or Camellia are present. This may affect application code that
uses this macro.
- Update to 2.28.4:
Features:
* Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
setting the CMake variable of the same name at configuration time.
Bugfix:
* Fix crypt_and_hash decryption fail when used with a stream cipher
mode of operation, due to the input not being a multiple of the block
size. Resolves #7417.
* Fix a bug where mbedtls_x509_string_to_names() would return success
when given a invalid name string, if it did not contain '=' or ','.
* Fix missing PSA initialization in sample programs when
MBEDTLS_USE_PSA_CRYPTO is enabled.
* Fix clang and armclang compilation error when targeting certain Arm
M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
SecurCore SC000). Fixes #1077.
* Fixed an issue that caused compile errors when using CMake and the IAR
toolchain.
* Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
* Fix builds on Windows with clang.
* Fix compilation warnings in aes.c for certain combinations
of configuration options.
* Fix a compilation error on some platforms when including mbedtls/ssl.h
with all TLS support disabled. Fixes #6628.
Changes:
* Update test data to avoid failures of unit tests after 2023-08-07, and
update expiring certififcates in the certs
- Update to 2.28.3:
Features:
* Use HOSTCC (if it is set) when compiling C code during generation of the
configuration-independent files. This allows them to be generated when CC
is set for cross compilation.
* AES-NI is now supported with Visual Studio.
* AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM is
disabled, when compiling with GCC or Clang or a compatible compiler for a
target CPU that supports the requisite instructions (for example gcc -m32
-msse2 -maes -mpclmul). (Generic x86 builds with GCC-like compilers still
require MBEDTLS_HAVE_ASM and a 64-bit target.)
Security:
* MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on
builds that couldn't compile the GCC-style assembly implementation (most
notably builds with Visual Studio), leaving them vulnerable to timing
side-channel attacks. There is now an intrinsics-based AES-NI
implementation as a fallback for when the assembly one cannot be used.
Bugfix:
* Fix a build issue on Windows where the source and build directory could
not be on different drives (#5751).
* Fix possible integer overflow in mbedtls_timing_hardclock(), which
could cause a crash for certain platforms & compiler options.
* Fix IAR compiler warnings. Fixes #6924.
* Fix a bug in the build where directory names containing spaces were
causing generate_errors.pl to error out resulting in a build failure.
Fixes issue #6879.
* Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are
defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174.
* Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST.
The library would not link if the user didn't provide an external self-test
function. The self-test is now provided regardless of the choice of
internal/alternative timing implementation. Fixes #6923.
* mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
whose binary representation is longer than 20 bytes. This was already
forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
enforced also at code level.
* Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
Aaron Ucko under Valgrind.
* Fix behavior of certain sample programs which could, when run with no
arguments, access uninitialized memory in some cases. Fixes #6700 (which
was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
* Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.
Fixes #6243.
* Fix parsing of X.509 SubjectAlternativeName extension. Previously,
malformed alternative name components were not caught during initial
certificate parsing, but only on subsequent calls to
mbedtls_x509_parse_subject_alt_name(). Fixes #2838.
* Fix bug in conversion from OID to string in
mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed
correctly.
* Reject OIDs with overlong-encoded subidentifiers when converting them to a
string.
* Reject OIDs with subidentifier values exceeding UINT_MAX. Such
subidentifiers can be valid, but Mbed TLS cannot currently handle them.
* Reject OIDs that have unterminated subidentifiers, or (equivalently) have
the most-significant bit set in their last byte.
* Silence a warning about an unused local variable in bignum.c on some
architectures. Fixes #7166.
* Silence warnings from clang -Wdocumentation about empty \retval
descriptions, which started appearing with Clang 15. Fixes #6960.
* Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if
len argument is 0 and buffer is NULL.
Changes:
* The C code follows a new coding style. This is transparent for users but
affects contributors and maintainers of local patches. For more
information, see
https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/
* Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2. As tested in
issue 6790, the correlation between this define and RSA decryption
performance has changed lately due to security fixes. To fix the
performance degradation when using default values the window was reduced
from 6 to 2, a value that gives the best or close to best results when
tested on Cortex-M4 and Intel i7.
- Setup the mbedtls-2 package
- Build AVX2 enabled hwcaps library for x86_64-v3
ModerateSUSE bug 1219336CVE-2024-23170 at SUSECVE-2024-23170 at NVDcpe:/o:opensuse:leap:15.5Security update for icinga2 (Important)openSUSE Leap 15.5
This update for icinga2 fixes the following issues:
Update to 2.13.10:
- CVE-2024-49369: Fix TLS certificate validation bypass (bsc#1233310).
ImportantSUSE bug 1233310CVE-2024-49369 at SUSECVE-2024-49369 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 131.0.6778.69 (stable released 2024-11-12) (boo#1233311)
* CVE-2024-11110: Inappropriate implementation in Blink.
* CVE-2024-11111: Inappropriate implementation in Autofill.
* CVE-2024-11112: Use after free in Media.
* CVE-2024-11113: Use after free in Accessibility.
* CVE-2024-11114: Inappropriate implementation in Views.
* CVE-2024-11115: Insufficient policy enforcement in Navigation.
* CVE-2024-11116: Inappropriate implementation in Paint.
* CVE-2024-11117: Inappropriate implementation in FileSystem.
ImportantSUSE bug 1233311CVE-2024-11110 at SUSECVE-2024-11110 at NVDCVE-2024-11111 at SUSECVE-2024-11111 at NVDCVE-2024-11112 at SUSECVE-2024-11112 at NVDCVE-2024-11113 at SUSECVE-2024-11113 at NVDCVE-2024-11114 at SUSECVE-2024-11114 at NVDCVE-2024-11115 at SUSECVE-2024-11115 at NVDCVE-2024-11116 at SUSECVE-2024-11116 at NVDCVE-2024-11117 at SUSECVE-2024-11117 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
- Chromium 131.0.6778.85 (stable released 2024-11-19) (boo#1233534)
* CVE-2024-11395: Type Confusion in V8
ImportantSUSE bug 1233534CVE-2024-11395 at SUSECVE-2024-11395 at NVDcpe:/o:opensuse:leap:15.5Security update for seamonkey (Important)openSUSE Leap 15.5
This update for seamonkey fixes the following issues:
Update to SeaMonkey 2.53.19:
* Cancel button in SeaMonkey bookmarking star ui not working bug
1872623.
* Remove OfflineAppCacheHelper.jsm copy from SeaMonkey and use the
one in toolkit bug 1896292.
* Remove obsolete registerFactoryLocation calls from cZ bug 1870930.
* Remove needless implements='nsIDOMEventListener' and QI bug
1611010.
* Replace use of nsIStandardURL::Init bug 1864355.
* Switch SeaMonkey website from hg.mozilla.org to heptapod. bug
1870934.
* Allow view-image to open a data: URI by setting a flag on the
loadinfo bug 1877001.
* Save-link-as feature should use the loading principal and context
menu using nsIContentPolicy.TYPE_SAVE_AS_DOWNLOAD bug 1879726.
* Use punycode in SeaMonkey JS bug 1864287.
* Font lists in preferences are no longer grouped by font type, port
asynchronous handling like Bug 1399206 bug 1437393.
* SeaMonkey broken tab after undo closed tab with invalid protocol
bug 1885748.
* SeaMonkey session restore is missing the checkboxes in the Classic
theme bug 1896174.
* Implement about:credits on seamonkey-project.org website bug
1898467.
* Fix for the 0.0.0.0 day vulnerability oligo summary.
* Link in update notification does not open Browser bug 1888364.
* Update ReadExtensionPrefs in Preferences.cpp bug 1890196.
* Add about:seamonkey page to SeaMonkey bug 1897801.
* SeaMonkey 2.53.19 uses the same backend as Firefox and contains
the relevant Firefox 60.8 security fixes.
* SeaMonkey 2.53.19 shares most parts of the mail and news code with
Thunderbird. Please read the Thunderbird 60.8.0 release notes for
specific security fixes in this release.
* Additional important security fixes up to Current Firefox 115.14
and Thunderbird 115.14 ESR plus many enhancements have been
backported. We will continue to enhance SeaMonkey security in
subsequent 2.53.x beta and release versions as fast as we are able
to.
ImportantSUSE bug 1230257cpe:/o:opensuse:leap:15.5Security update for cobbler (Important)openSUSE Leap 15.5
This update for cobbler fixes the following issues:
Update to 3.3.7:
* Security: Fix issue that allowed anyone to connect to the API
as admin (CVE-2024-47533, boo#1231332)
* bind - Fix bug that prevents cname entries from being
generated successfully
* Fix build on RHEL9 based distributions (fence-agents-all split)
* Fix for Windows systems
* Docs: Add missing dependencies for source installation
* Fix issue that prevented systems from being synced when the
profile was edited
Update to 3.3.6:
* Upstream all openSUSE specific patches that were maintained in Git
* Fix rename of items that had uppercase letters
* Skip inconsistent collections instead of crashing the daemon
- Update to 3.3.5:
* Added collection indicies for UUID's, MAC's, IP addresses and hostnames
boo#1219933
* Re-added to_dict() caching
* Added lazy loading for the daemon (off by default)
- Update to 3.3.4:
* Added cobbler-tests-containers subpackage
* Updated the distro_signatures.json database
* The default name for grub2-efi changed to grubx64.efi to match
the DHCP template
- Do generate boot menus even if no profiles or systems - only local boot
- Avoid crashing running buildiso in certain conditions.
- Fix settings migration schema to work while upgrading on existing running
Uyuni and SUSE Manager servers running with old Cobbler settings (boo#1203478)
- Consider case of 'next_server' being a hostname during migration
of Cobbler collections.
- Fix problem with 'proxy_url_ext' setting being None type.
- Update v2 to v3 migration script to allow migration of collections
that contains settings from Cobbler 2. (boo#1203478)
- Fix problem for the migration of 'autoinstall' collection attribute.
- Fix failing Cobbler tests after upgrading to 3.3.3.
- Fix regression: allow empty string as interface_type value (boo#1203478)
- Avoid possible override of existing values during migration
of collections to 3.0.0 (boo#1206160)
- Add missing code for previous patch file around boot_loaders migration.
- Improve Cobbler performance with item cache and threadpool (boo#1205489)
- Skip collections that are inconsistent instead of crashing (boo#1205749)
- Items: Fix creation of 'default' NetworkInterface (boo#1206520)
- S390X systems require their kernel options to have a linebreak at
79 characters (boo#1207595)
- settings-migration-v1-to-v2.sh will now handle paths with whitespace
correct
- Fix renaming Cobbler items (boo#1204900, boo#1209149)
- Fix cobbler buildiso so that the artifact can be booted by EFI firmware.
(boo#1206060)
- Add input_string_*, input_boolean, input_int functiont to public API
ImportantSUSE bug 1203478SUSE bug 1204900SUSE bug 1205489SUSE bug 1205749SUSE bug 1206060SUSE bug 1206160SUSE bug 1206520SUSE bug 1207595SUSE bug 1209149SUSE bug 1219933SUSE bug 1231332CVE-2024-47533 at SUSECVE-2024-47533 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
opera was updated to 115.0.5322.68:
* CHR-9877 Update Chromium on desktop-stable-130-5322 to
130.0.6723.59
* DNA-118660 [Win][Lin] Crash at
opera::TabTracker::UpdateOnDeactivate
* DNA-118840 Crash at
extensions::OperaTouchPrivateDeleteAllDevicesFunction::Run
* DNA-119224 Onboarding Web Content window does not have focus
* DNA-119586 Search Copy browser popup windows issues
* DNA-119685 [Easy Files] Popup is greyed out and unresponsive
with sidebar autohide
* DNA-119687 French text is not fitting
* DNA-119700 Translations for Opera 115
* DNA-119713 Crash at opera::content_filter::
URLLoaderThrottleFactory::Throttle::WillStartRequest
* DNA-119736 [Linux] Address bar not clickable when dropdown
is shown
* DNA-119770 Back “Force dark theme on pages” to 'Easy setup'
* DNA-119902 Promote 115 to stable
- Complete Opera 115 changelog at:
https://blogs.opera.com/desktop/changelog-for-115
- The update to chromium 130.0.6723.59 fixes following issues:
CVE-2024-9954, CVE-2024-9955, CVE-2024-9956, CVE-2024-9957,
CVE-2024-9958, CVE-2024-9959, CVE-2024-9960, CVE-2024-9961,
CVE-2024-9962, CVE-2024-9963, CVE-2024-9964, CVE-2024-9965,
CVE-2024-9966
- Update to 114.0.5282.222
* DNA-118660 [Win][Lin] Crash at
opera::TabTracker::UpdateOnDeactivate
* DNA-119224 Onboarding Web Content window does not have focus
* DNA-119478 Uncaught exception on opera:settings
* DNA-119673 [Miniplayer] Cursor does not change from grab when
hovering over detach button
* DNA-119685 [Easy Files] Popup is greyed out and unresponsive
with sidebar autohide
* DNA-119687 French text is not fitting
- Update to 114.0.5282.185
* DNA-119423 The icon should react on updates in the runtime
* DNA-119524 Disallow installing GX mods
* DNA-119565 Spotify in sidebar should be green in both dark
and light theme
- Update to 114.0.5282.154
* DNA-118382 Crash at
(anonymous namespace)::ProfileErrorCallback
* DNA-119509 After a restart, the wallpaper for an inactive
Classic theme is restored to the default one (Opera One)
* DNA-119528 Crash at opera::VibesServiceImpl::InitService
- Changes in 114.0.5282.144
* DNA-118341 [Sidebar] Context menu appears
* DNA-118450 Crash at opera::component_based::
SplitScreenViewDelegate::UpdateViewWebContentses
* DNA-118738 [Easy setup] When system mode is selected for
classic theme, it will show light theme wallpaper even if
system theme is dark
* DNA-118987 [Address Bar] Page information icon from previous
tab displayed after tabs drag & drop
* DNA-119025 Crash after going back to tab with detached
google meet
* DNA-119128 Custom wallpaper settled for the first time
doesn’t show in Themes preview
* DNA-119337 [Easy setup] Restore Wallpapers section for
Classic theme
* DNA-119369 Crash at PrefValueMap::GetValue
* DNA-119399 Re-enable deleting theme configurations
* DNA-119400 Disable ‘delete’ option when there is only one
classic theme configuration
* DNA-119403 Deleting a wallpaper should remove that wallpaper
from inactive configurations
* DNA-119440 Easy-setup wallpaper cannot load
* DNA-119448 Update translations
* DNA-119482 When launching the browser for the first time,
the existing Classic theme is overwritten instead of creating
a new one when the user uses a custom wallpaper
- Update to 114.0.5282.115
* DNA-117247 Menu button not vertically centered
* DNA-117907 [DevTools] Dark theme selection not persisting
* DNA-117946 Select value for bookmark and history in sidebar
setup can’t be changed by mouse click
* DNA-118105 [Color-theme] [Split screen] Bookmarks bars are
displayed when split screen is turned on
* DNA-118115 Crash at content::(anonymous namespace)::
GetContextLost
* DNA-118586 Translations for O114
* DNA-118661 Crash at opera::component_based::
ComponentTabGroup::~ComponentTabGroup
* DNA-118747 Detach miniplayer using button in sidebar panel
* DNA-118795 [Easy setup] The user theme name is displayed
incorrectly
* DNA-118951 Inactive checkboxes are invisible in the
Sidebar Setup
* DNA-118956 Miniplayer is closed after pressing Esc key
* DNA-119048 Issue came back – Missing ‘System mode’ in easy
setup edit mode menu
* DNA-119087 The mouse cursor should change to a clenched fist
'grabbed' cursor, indicating that it is in the process of
moving the mini player
* DNA-119122 [Split Screen] Crash at opera::
component_based::ComponentTabBar::DidChangeTabs
* DNA-119123 [Split Screen] Crash at opera::component_based::
ComponentTabBar::GetActiveTab
* DNA-119182 Buttons in the theme tile preview become invisible
when a user wallpaper is set
* DNA-119191 Address bar dropdown list has wrong color
* DNA-119192 [Background music] Music is only playing when
clicking in web view
* DNA-119234 Integrate translations for theme descriptions
* DNA-119250 Crash when closing opera window with pinned tab(s)
* DNA-119252 User wallpaper is not visible
* DNA-119272 Crash at logging::NotReachedNoreturnError::
~NotReachedNoreturnError
* DNA-119293 Crash at Browser::CloseContents
* DNA-119306 [Background music] Change music to the one chosen
in DNA-119297
- Update to 114.0.5282.102
* DNA-118231 Crash at opera::VibesServiceImpl::OnVibeUninstalled
* DNA-119119 Netinstaller shows eula-dialog during installation
in silent mode
- Changes in 114.0.5282.101
* CHR-9871 Update Chromium on desktop-stable-128-5282 to
128.0.6613.186
* DNA-118575 Crash at
opera::SelfieViewController::~SelfieViewController
* DNA-118592 Crash at views::View::~View()
* DNA-118594 [browser tests] Crash at ui::
LayerAnimationSequence::Start(ui::LayerAnimationDelegate*)
* DNA-119169 Crash at views::View::~View
- Update to 114.0.5282.86
* CHR-9856 Update Chromium on desktop-stable-128-5282 to
128.0.6613.170
* DNA-116321 React emoji picker is not closing when clicking
outside of sidebar setup
* DNA-117552 [Mac] Spacing in context menus is too large
* DNA-118482 Crash at opera::SidebarPlayerServiceItemView::
PostCloseControlPanelIfNotHovered()
* DNA-118583 Crash at opera::ComponentTabStripController::
CloseTooltipOnMouseEvent
* DNA-118863 Version field doesn’t filled in for Stable
* DNA-118995 Crash at opera::PageContainerView::
UpdateDevToolsForContents
ImportantCVE-2024-9954 at SUSECVE-2024-9954 at NVDCVE-2024-9955 at SUSECVE-2024-9955 at NVDCVE-2024-9956 at SUSECVE-2024-9956 at NVDCVE-2024-9957 at SUSECVE-2024-9957 at NVDCVE-2024-9958 at SUSECVE-2024-9958 at NVDCVE-2024-9959 at SUSECVE-2024-9959 at NVDCVE-2024-9960 at SUSECVE-2024-9960 at NVDCVE-2024-9961 at SUSECVE-2024-9961 at NVDCVE-2024-9962 at SUSECVE-2024-9962 at NVDCVE-2024-9963 at SUSECVE-2024-9963 at NVDCVE-2024-9964 at SUSECVE-2024-9964 at NVDCVE-2024-9965 at SUSECVE-2024-9965 at NVDCVE-2024-9966 at SUSECVE-2024-9966 at NVDSecurity update for radare2 (Important)openSUSE Leap 15.5
This update for radare2 fixes the following issues:
Update to version 5.9.8:
- CVE-2024-29645: buffer overflow vulnerability allows an attacker to
execute arbitrary code via the parse_die function (boo#1234065).
- For more details, check full release notes:
https://github.com/radareorg/radare2/releases/tag/5.9.8
https://github.com/radareorg/radare2/releases/tag/5.9.6
https://github.com/radareorg/radare2/releases/tag/5.9.4
https://github.com/radareorg/radare2/releases/tag/5.9.2
https://github.com/radareorg/radare2/releases/tag/5.9.0
https://github.com/radareorg/radare2/releases/tag/5.8.8
ImportantSUSE bug 1234065CVE-2024-29645 at SUSECVE-2024-29645 at NVDcpe:/o:opensuse:leap:15.5Security update for qt6-webengine (Moderate)openSUSE Leap 15.5
This update for qt6-webengine fixes the following issues:
- CVE-2024-11403: Fixed out of bounds memory read/write in libjxl (boo#1233764)
ModerateSUSE bug 1233764CVE-2024-11403 at SUSECVE-2024-11403 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issues:
Chromium 131.0.6778.108 (stable released 2024-12-04) (boo#1234118)
- CVE-2024-12053: Type Confusion in V8
ImportantSUSE bug 1234118CVE-2024-12053 at SUSECVE-2024-12053 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
Chromium was updated to version 131.0.6778.139 (boo#1234361)
* CVE-2024-12381: Type Confusion in V8
* CVE-2024-12382: Use after free in Translate
* Various fixes from internal audits, fuzzing and other initiatives ImportantSUSE bug 1234361CVE-2024-12381 at SUSECVE-2024-12381 at NVDCVE-2024-12382 at SUSECVE-2024-12382 at NVDcpe:/o:opensuse:leap:15.5Security update for python-python-sql (Moderate)openSUSE Leap 15.5
This update for python-python-sql fixes the following issues:
- CVE-2024-9774: Fixed that unary operators does not escape non-Expression (boo#1234653).
ModerateSUSE bug 1234653CVE-2024-9774 at SUSECVE-2024-9774 at NVDcpe:/o:opensuse:leap:15.5Security update for python-xhtml2pdf (Moderate)openSUSE Leap 15.5
This update for python-xhtml2pdf fixes the following issues:
- CVE-2024-25885: Fixed denial of service through regular expression in utils.py:getColor() (boo#1231408)
ModerateSUSE bug 1231408CVE-2024-25885 at SUSECVE-2024-25885 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This security update for Chromium to version 131.0.6778.204 (boo#1234704) fixes:
* CVE-2024-12692: Type Confusion in V8
* CVE-2024-12693: Out of bounds memory access in V8
* CVE-2024-12694: Use after free in Compositing
* CVE-2024-12695: Out of bounds write in V8
* Various fixes from internal audits, fuzzing and other initiatives
ImportantCVE-2024-12692 at SUSECVE-2024-12692 at NVDCVE-2024-12693 at SUSECVE-2024-12693 at NVDCVE-2024-12694 at SUSECVE-2024-12694 at NVDCVE-2024-12695 at SUSECVE-2024-12695 at NVDcpe:/o:opensuse:leap:15.5Security update for hugin (Important)openSUSE Leap 15.5
This update for hugin fixes the following issues:
Update to version 2023.0.0:
* PTBatcherGUI can now also queue user defined assistant and
user defined output sequences.
* PTBatcherGUI: Added option to generate panorama sequences from
an existing pto template.
* Assistant: Added option to select different output options
like projection, FOV or canvas size depending on different
variables (e.g. image count, field of view, lens type).
* Allow building with epoxy instead of GLEW for OpenGL pointer
management.
* Several improvements to crop tool (outside crop, aspect ratio,
...).
* Several bug fixes (e.g. in verdandi/internal blender).
* Updated translations.
- fixed: boo#1219819 (CVE-2024-25442), boo#1219820 (CVE-2024-25443)
boo#1219821 (CVE-2024-25445), boo#1219822 (CVE-2024-25446)
ImportantSUSE bug 1219819SUSE bug 1219820SUSE bug 1219821SUSE bug 1219822CVE-2024-25442 at SUSECVE-2024-25442 at NVDCVE-2024-25443 at SUSECVE-2024-25443 at NVDCVE-2024-25445 at SUSECVE-2024-25445 at NVDCVE-2024-25446 at SUSECVE-2024-25446 at NVDcpe:/o:opensuse:leap:15.5Security update for pdns-recursor (Important)openSUSE Leap 15.5
This update for pdns-recursor fixes the following issues:
Update to 4.8.6:
* fixes case when crafted DNSSEC records in a zone can lead to
a denial of service in Recursor
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html
(boo#1219823, boo#1219826, CVE-2023-50387, CVE-2023-50868)
Changes in 4.8.5:
* (I)XFR: handle partial read of len prefix.
* YaHTTP: Prevent integer overflow on very large chunks.
* Fix setting of policy tags for packet cache hits.
Changes in 4.8.4:
* Deterred spoofing attempts can lead to authoritative servers
being marked unavailable (boo#1209897, CVE-2023-26437)
ImportantSUSE bug 1209897SUSE bug 1219823SUSE bug 1219826CVE-2023-26437 at SUSECVE-2023-26437 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:opensuse:leap:15.5Security update for bitcoin (Moderate)openSUSE Leap 15.5
This update for bitcoin fixes the following issues:
Update to version 26.0, including the following changes:
- Enable LTO and test package for Leap
- Enable sqlite3 support for wallet
- Enable asm optimizations unconditionally
ModerateCVE-2018-17144 at SUSECVE-2018-17144 at NVDcpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 107.0.5045.21
* CHR-9604 Update Chromium on desktop-stable-121-5045
to 121.0.6167.160
* DNA-114167 Crash at TopLevelStorageAccessPermissionContext::
DecidePermission(permissions::PermissionRequestData, base::
OnceCallback)
* DNA-114303 Crash at auto std::__Cr::remove_if(auto, auto,
base::ObserverList::Compact()::”lambda”(auto const&))
* DNA-114478 Start Page opening animation refresh
* DNA-114553 Change search box animation
* DNA-114723 [Search box] No option to highlight typed text
* DNA-114806 [Tab cycler] Domain address should be bolded
* DNA-114846 Translations for O107
* DNA-114924 Crash at opera::SuggestionModelBase::
NavigateTo(WindowOpenDisposition)
- The update to chromium 121.0.6167.160 fixes following issues:
CVE-2024-1283, CVE-2024-1284
- Update to 107.0.5045.15
* CHR-9593 Update Chromium on desktop-stable-121-5045 to
121.0.6167.140
* DNA-114421 Animate text in tab cycler from the center of
the screen
* DNA-114519 Crash at media::AVStreamToVideoDecoderConfig
(AVStream const*, media::VideoDecoderConfig*)
* DNA-114537 Default value for synchronization changed from
'Do not sync data' to 'Customise sync'
* DNA-114554 Add shadow to tab thumbnails in tab cycler
* DNA-114555 Fade out long tab titles
* DNA-114686 [Import] Import from Opera Crypto is marked as
done even when Crypto is not installed
* DNA-114691 Update font colors
* DNA-114692 Update shadow (glow) of tabs
* DNA-114693 Update position of text and tabs when cycling
through tabs
* DNA-114790 [Linux] Unwanted 1px top border in full screen mode
- Complete Opera 107 changelog at:
https://blogs.opera.com/desktop/changelog-for-107/
- The update to chromium 121.0.6167.140 fixes following issues:
CVE-2024-1059, CVE-2024-1060, CVE-2024-1077
- Update to 106.0.4998.70
* DNA-112467 Shadow on Opera popups
* DNA-114414 The 'Move to' workspace submenu from tab strip
stays blue when its submenu item is selected
- Update to 106.0.4998.66
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-114489 Release and update opera:intro extension version
in Opera
ImportantCVE-2024-1059 at SUSECVE-2024-1059 at NVDCVE-2024-1060 at SUSECVE-2024-1060 at NVDCVE-2024-1077 at SUSECVE-2024-1077 at NVDCVE-2024-1283 at SUSECVE-2024-1283 at NVDCVE-2024-1284 at SUSECVE-2024-1284 at NVDSecurity update for syncthing (Moderate)openSUSE Leap 15.5
This update for syncthing fixes the following issues:
Update to 1.27.3
* Bugfixes:
#9039: Sync from Linux to Mac with ownership - Local additions after rescan
#9241: Versions path does not honor tilde (~) shortcut
* Enhancements:
#8616: Add CLI completion
#9151: Add 'stay logged in' checkbox to login dialog
* Other issues:
#9267: Inconsistent version requirements in lib/build and lib/upgrade
#9313: Different lengths used for short device IDs in UI
- Make syncthing-relaysrv package resolvable by using systemd users
to create the required user and group
Update to 1.27.2
* Bugfixes:
#9041: cli subcommand does not use STHOMEDIR env var
#9183: Filesystem watching (kqueue) is enabled … with a lot of files
#9274: Missing lock in DeviceStatistics ('fatal error: concurrent map read and map write')
* Enhancements:
#7406: Add UPnP support for IPv6
* Other Issues:
#9247: Embed binary releases signing key as a file instead of hardcoding a string
#9287: quic-go v0.40.1 (CVE-2023-49295)
Update to 1.27.1
* Bugfixes:
#9253: Permission error on folder causes 'connection error' dialog when opening folder editor
#9269: panic: nil pointer dereference in (*indexHandlerRegistry).startLocked
* Other issues:
#9274: Missing lock in DeviceStatistics ('fatal error: concurrent map read and map write')
Update to 1.27.0
* Bugfixes:
#9179: spurious log file in $XDG_CONFIG_HOME
#9189: Discovery Returns IP
#9208: Display error in 1.26 with login screen
* Enhancements:
#9178: Default config (state) dir on Unixes should be ~/.local/state/syncthing ($XDG_STATE_HOME/syncthing)
#9200: Login form: login button should have an id attribute
Update to 1.26.1
* Bugfixes:
#9208: Display error in 1.26 with login screen
Update to 1.26.0
* Bugfixes:
#9072: Omitting %s from LDAP search filter results in corrupt search filter
#9106: Posting config with invalid versioner type causes panic
#9120: Deduplicated files on Windows aren't treated as regular files any more (Go 1.21)
#9133: Syncthing Docker container fails to start if underlying filesystem doesn't support chown
#9143: traefik no longer url escape X-Forwarded-Tls-Client-Cert header
#9149: Favicon is stuck in notify state
* Enhancements:
#4137: Use a real login screen + sessions instead of HTTP basic auth
Update to 1.25.0
* Bugfixes:
#8274: Usage report transport type is wrong for QUIC
#8482: Discovery server keeps duplicate entries
#9019: Web GUI loses config changes when doing multiple modifications (e.g. on slow hardware or remotely)
#9112: panic: counter cannot decrease in value
#9123: Hashed passwords via API are hashed again
* Enhancements:
#141: Use multiple simultaneous TCP connections
#5607: Move footer links to header
Update to 1.24.0
* Bugfixes:
#8965: v1.23.6 introduces untrusted sharing regression
* Enhancements:
#5175: Record more performance metrics
#7456: Announce IPv6 ULA
#7973: Restore versions file filter should be case insensitive
#8767: Check interface for FlagRunning
* Other issues:
#9021: panic: bug: ClusterConfig called on closed or nonexistent connection
#9034: Build with Go 1.21 out of the box
Update to 1.13.7
* Bugfixes:
#6597: setLowPriority should not increase process priority when already lower (in Windows)
#7698: ursrv: unrealistic uptime data, likely due to unset RTC (1970-01-01)
#8958: Extended attribute filter editor should be enabled when 'send extended attributes' is checked
#8967: Shared With list ends with comma on 1 device
#9001: relaysrv crash after some weeks of operation
* Enhancements:
#8890: Do not autoexpand tilde sign (~) to an absolute home directory path
#8957: Add environment variables for --home, --conf, and --data
#8968: Error for Windows invalid file names should indicate the invalid character or name part
* Other issues:
#8973: 1.23.6 docker image no longer available for linux/arm/v7
#8983: Integrate govulncheck
Update to 1.13.6
* Bugfixes:
#7638: favicon not working Firefox & derivative browsers
#8899: Omitting %s from LDAP bind DN sends corrupted bind DN string to LDAP server
#8920: Untrusted device should be disallowed from being an introducer
#8960: relaysrv and discosrv docker images haven't been updated for more than year
ModerateCVE-2023-49295 at SUSECVE-2023-49295 at NVDcpe:/o:opensuse:leap:15.5Security update for zabbix (Moderate)openSUSE Leap 15.5
This update for zabbix fixes the following issues:
- CVE-2024-22119: Fixed a stored XSS in graph items select form (boo#1219775).
ModerateSUSE bug 1219775CVE-2024-22119 at SUSECVE-2024-22119 at NVDcpe:/o:opensuse:leap:15.5Security update for exim (Important)openSUSE Leap 15.5
This update for exim fixes the following issues:
exim was updated to 4.97.1 (boo#1218387, CVE-2023-51766):
* Fixes for the smtp protocol smuggling (CVE-2023-51766)
exim was updated to exim 4.96:
* Move from using the pcre library to pcre2.
* Constification work in the filters module required a major version
bump for the local-scan API. Specifically, the 'headers_charset'
global which is visible via the API is now const and may therefore
not be modified by local-scan code.
* Bug 2819: speed up command-line messages being read in. Previously a
time check was being done for every character; replace that with one
per buffer.
* Bug 2815: Fix ALPN sent by server under OpenSSL. Previously the string
sent was prefixed with a length byte.
* Change the SMTP feature name for pipelining connect to be compliant with
RFC 5321. Previously Dovecot (at least) would log errors during
submission.
* Fix macro-definition during '-be' expansion testing. The move to
write-protected store for macros had not accounted for these runtime
additions; fix by removing this protection for '-be' mode.
* Convert all uses of select() to poll().
* Fix use of $sender_host_name in daemon process. When used in certain
main-section options or in a connect ACL, the value from the first ever
connection was never replaced for subsequent connections.
* Bug 2838: Fix for i32lp64 hard-align platforms
* Bug 2845: Fix handling of tls_require_ciphers for OpenSSL when a value
with underbars is given.
* Bug 1895: TLS: Deprecate RFC 5114 Diffie-Hellman parameters.
* Debugging initiated by an ACL control now continues through into routing
and transport processes.
* The 'expand' debug selector now gives more detail, specifically on the
result of expansion operators and items.
* Bug 2751: Fix include_directory in redirect routers. Previously a
bad comparison between the option value and the name of the file to
be included was done, and a mismatch was wrongly identified.
* Support for Berkeley DB versions 1 and 2 is withdrawn.
* When built with NDBM for hints DB's check for nonexistence of a name
supplied as the db file-pair basename.
* Remove the 'allow_insecure_tainted_data' main config option and the
'taint' log_selector.
* Fix static address-list lookups to properly return the matched item.
Previously only the domain part was returned.
* The ${run} expansion item now expands its command string elements after
splitting. Previously it was before; the new ordering makes handling
zero-length arguments simpler.
* Taint-check exec arguments for transport-initiated external processes.
Previously, tainted values could be used. This affects 'pipe', 'lmtp' and
'queryprogram' transport, transport-filter, and ETRN commands.
The ${run} expansion is also affected: in 'preexpand' mode no part of
the command line may be tainted, in default mode the executable name
may not be tainted.
* Fix CHUNKING on a continued-transport. Previously the usabilility of
the facility was not passed across execs, and only the first message
passed over a connection could use BDAT; any further ones using DATA.
* Support the PIPECONNECT facility in the smtp transport when the helo_data
uses $sending_ip_address and an interface is specified.
* OpenSSL: fix transport-required OCSP stapling verification under session
resumption.
* TLS resumption: the key for session lookup in the client now includes
more info that a server could potentially use in configuring a TLS
session, avoiding oferring mismatching sessions to such a server.
* Fix string_copyn() for limit greater than actual string length.
* Bug 2886: GnuTLS: Do not free the cached creds on transport connection
close; it may be needed for a subsequent connection.
* Fix CHUNKING for a second message on a connection when the first was
rejected.
* Fix ${srs_encode ...} to handle an empty sender address, now returning
an empty address.
* Bug 2855: Handle a v4mapped sender address given us by a frontending
proxy.
update to exim 4.95
* includes taintwarn (taintwarn.patch)
* fast-ramp queue run
* native SRS
* TLS resumption
* LMDB lookups with single key
* smtp transport option 'message_linelength_limit'
* optionally ignore lookup caches
* quota checking for appendfile transport during message reception
* sqlite lookups allow a 'file=<path>' option
* lsearch lookups allow a 'ret=full' option
* command line option for the notifier socket
* faster TLS startup
* new main config option 'proxy_protocol_timeout'
* expand 'smtp_accept_max_per_connection'
* log selector 'queue_size_exclusive'
* main config option 'smtp_backlog_monitor'
* main config option 'hosts_require_helo'
* main config option 'allow_insecure_tainted_data' ImportantSUSE bug 1218387CVE-2022-3559 at SUSECVE-2022-3559 at NVDCVE-2023-42114 at SUSECVE-2023-42114 at NVDCVE-2023-42115 at SUSECVE-2023-42115 at NVDCVE-2023-42116 at SUSECVE-2023-42116 at NVDCVE-2023-42117 at SUSECVE-2023-42117 at NVDCVE-2023-42119 at SUSECVE-2023-42119 at NVDCVE-2023-51766 at SUSECVE-2023-51766 at NVDcpe:/o:opensuse:leap:15.5Security update for proftpd (Important)openSUSE Leap 15.5
This update for proftpd fixes the following issues:
proftpd was updated to 1.3.8b - released 19-Dec-2023
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (boo#1218144)
- CVE-2023-51713: Fixed Out-of-bounds buffer read when handling FTP commands. (boo#1218344)
ImportantSUSE bug 1218144SUSE bug 1218344CVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-51713 at SUSECVE-2023-51713 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django1 (Important)openSUSE Leap 15.5
This update for python-Django1 fixes the following issues:
- CVE-2024-27351: Fixed a denial-of-service in regular expression of django.utils.text.Truncator.words() (boo#1220358).
ImportantSUSE bug 1220358CVE-2024-27351 at SUSECVE-2024-27351 at NVDcpe:/o:opensuse:leap:15.5Security update for python-rpyc (Important)openSUSE Leap 15.5
This update for python-rpyc fixes the following issues:
- CVE-2024-27758: Fixed remote code execution via exposed methods (boo#1221331).
ImportantSUSE bug 1221331CVE-2024-27758 at SUSECVE-2024-27758 at NVDcpe:/o:opensuse:leap:15.5Security update for chromium (Important)openSUSE Leap 15.5
This update for chromium fixes the following issue:
Chromium 122.0.6261.128 (boo#1221335)
* CVE-2024-2400: Use after free in Performance Manager
Chromium 122.0.6261.111 (boo#1220131,boo#1220604,boo#1221105)
* New upstream security release.
* CVE-2024-2173: Out of bounds memory access in V8.
* CVE-2024-2174: Inappropriate implementation in V8.
* CVE-2024-2176: Use after free in FedCM.
Chromium 122.0.6261.94
* CVE-2024-1669: Out of bounds memory access in Blink.
* CVE-2024-1670: Use after free in Mojo.
* CVE-2024-1671: Inappropriate implementation in Site Isolation.
* CVE-2024-1672: Inappropriate implementation in Content Security Policy.
* CVE-2024-1673: Use after free in Accessibility.
* CVE-2024-1674: Inappropriate implementation in Navigation.
* CVE-2024-1675: Insufficient policy enforcement in Download.
* CVE-2024-1676: Inappropriate implementation in Navigation.
* Type Confusion in V8
ImportantSUSE bug 1220131SUSE bug 1220604SUSE bug 1221105SUSE bug 1221335CVE-2024-1669 at SUSECVE-2024-1669 at NVDCVE-2024-1670 at SUSECVE-2024-1670 at NVDCVE-2024-1671 at SUSECVE-2024-1671 at NVDCVE-2024-1672 at SUSECVE-2024-1672 at NVDCVE-2024-1673 at SUSECVE-2024-1673 at NVDCVE-2024-1674 at SUSECVE-2024-1674 at NVDCVE-2024-1675 at SUSECVE-2024-1675 at NVDCVE-2024-1676 at SUSECVE-2024-1676 at NVDCVE-2024-2173 at SUSECVE-2024-2173 at NVDCVE-2024-2174 at SUSECVE-2024-2174 at NVDCVE-2024-2176 at SUSECVE-2024-2176 at NVDCVE-2024-2400 at SUSECVE-2024-2400 at NVDcpe:/o:opensuse:leap:15.5Security update for minidlna (Important)openSUSE Leap 15.5
This update for minidlna fixes the following issues:
Update to 1.3.3 (boo#1222007):
- Fixed HTTP chunk length parsing. (CVE-2023-33476)
- Improved Dutch and Swedish translations.
- Fixed directory symlink deletion handling.
ImportantSUSE bug 1222007CVE-2023-33476 at SUSECVE-2023-33476 at NVDcpe:/o:opensuse:leap:15.5Security update for kanidm (Moderate)openSUSE Leap 15.5
This update for kanidm fixes the following issues:
Update to version 1.1.0~rc16~git6.e51d0de:
* [SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686)
* return consent map to service account (#2604)
Moderatecpe:/o:opensuse:leap:15.5Security update for opera (Important)openSUSE Leap 15.5 NonFree
This update for opera fixes the following issues:
- Update to 108.0.5067.40
* CHR-9668 Update Chromium on desktop-stable-122-5067 to
122.0.6261.129
* DNA-115396 Bolded camera icon when camera access is allowed
- The update to chromium 122.0.6261.129 fixes following issues:
CVE-2024-2400
- Changes in 108.0.5067.24
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-115080 Crash at opera::component_based::
ComponentDragController::ResetDragging()
- Changes in 108.0.5067.20
* CHR-9642 Update Chromium on desktop-stable-122-5067 to
122.0.6261.70
* DNA-114217 [macOS] Services on the sidebar are not responding
when browser window is on external monitor
* DNA-114612 Crash at syncer::SyncEngineImpl::
OnInvalidationReceived(std::__Cr::basic_string const&)
* DNA-114816 Update removed search engines and reset flags
to default
* DNA-114848 Workspace can not be removed from sidebar setup
* DNA-114935 After an update extensions’ icons in the Sidebar
are black
* DNA-115087 Translations for O108
* DNA-115228 Adblocker is blocking ads when turned off
* DNA-115232 Promote 108 to stable
- Complete Opera 108 changelog at:
https://blogs.opera.com/desktop/changelog-for-108/
- Update to 107.0.5045.36
* CHR-9416 Updating Chromium on desktop-stable-* branches
* DNA-114562 Fraud warning page missed animation
* DNA-115103 Crash at opera::AdjustNavigationParamsWhen
IntroductionIsActive(NavigateParams*)
ImportantCVE-2024-2400 at SUSECVE-2024-2400 at NVDSecurity update for rubygem-json-jwt (Moderate)openSUSE Leap 15.5
This update for rubygem-json-jwt fixes the following issues:
- New upstream release 1.16.6, see bundled CHANGELOG.md
- Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109
- Fixes CVE-2023-51774 boo#1220727
- updated to version 1.11.0
- no changelog found
- Fixes CVE-2019-18848 boo#1156649
ModerateSUSE bug 1156649SUSE bug 1220727CVE-2019-18848 at SUSECVE-2019-18848 at NVDCVE-2023-51774 at SUSECVE-2023-51774 at NVDcpe:/o:opensuse:leap:15.5Security update for python-django-ckeditor (Moderate)openSUSE Leap 15.5
This update for python-django-ckeditor fixes the following issues:
- Update to 6.7.2
* Deprecated the package.
* Added a new ckeditor/fixups.js script which disables the version check again
(if something slips through by accident) and which disables the behavior
where CKEditor 4 would automatically attach itself to unrelated HTML elements
with a contenteditable attribute (see CKEDITOR.disableAutoInline in the
CKEditor 4 docs).
- CVE-2024-24815: Fixed bypass of Advanced Content Filtering mechanism (boo#1219720)
- update to 6.7.1:
* Add Python 3.12, Django 5.0
* Silence the CKEditor version check/nag but include a system check warning
- update to 6.7.0:
* Dark mode fixes.
* Added support for Pillow 10.
- update to 6.6.1:
* Required a newer version of django-js-asset which actually works
with Django 4.1.
* CKEditor 4.21.0
* Fixed the CKEditor styles when used with the dark Django admin theme.
- update to 6.5.1:
* Avoided calling ``static()`` if ``CKEDITOR_BASEPATH`` is defined.
* Fixed ``./manage.py generateckeditorthumbnails`` to work again after the
image uploader backend rework.
* CKEditor 4.19.1
* Stopped calling ``static()`` during application startup.
* Added Django 4.1
* Changed the context for the widget to deviate less from Django. Removed a
* few template variables which are not used in the bundled
* ``ckeditor/widget.html`` template. This only affects you if you are using a
* customized widget or widget template.
* Dropped support for Python < 3.8, Django < 3.2.
* Added a pre-commit configuration.
* Added a GitHub action for running tests.
* Made selenium tests require opt in using a ``SELENIUM=firefox`` or
``SELENIUM=chromium`` environment variable.
* Made it possible to override the CKEditor template in the widget class.
* Changed ``CKEDITOR_IMAGE_BACKEND`` to require dotted module paths (the old
identifiers are still supported for now).
ModerateSUSE bug 1219720CVE-2024-24815 at SUSECVE-2024-24815 at NVDcpe:/o:opensuse:leap:15.5Security update for net-snmp (Moderate)openSUSE Leap 15.5
This update for net-snmp fixes the following issues:
Updated to version 5.9.3 (bsc#1201103, jsc#SLE-11203):
- CVE-2022-24805: Fixed a buffer overflow in the handling of the INDEX of NET-SNMP-VACM-MIB that can cause an out-of-bounds memory access.
- CVE-2022-24809: Fixed a malformed OID in a GET-NEXT to the nsVacmAccessTable that can cause a NULL pointer dereference.
- CVE-2022-24806: Fixed an improper Input Validation when SETing malformed OIDs in master agent and subagent simultaneously.
- CVE-2022-24807: Fixed a malformed OID in a SET request to SNMP-VIEW-BASED-ACM-MIB::vacmAccessTable can cause an out-of-bounds memory access.
- CVE-2022-24808: Fixed a malformed OID in a SET request to NET-SNMP-AGENT-MIB::nsLogTable can cause a NULL pointer dereference.
- CVE-2022-24810: Fixed a malformed OID in a SET to the nsVacmAccessTable can cause a NULL pointer dereference.
ModerateSUSE bug 1201103CVE-2022-24805 at SUSECVE-2022-24805 at NVDCVE-2022-24806 at SUSECVE-2022-24806 at NVDCVE-2022-24807 at SUSECVE-2022-24807 at NVDCVE-2022-24808 at SUSECVE-2022-24808 at NVDCVE-2022-24809 at SUSECVE-2022-24809 at NVDCVE-2022-24810 at SUSECVE-2022-24810 at NVDcpe:/o:opensuse:leap:15.5Security update for netty, netty-tcnative (Important)openSUSE Leap 15.5
This update for netty, netty-tcnative fixes the following issues:
netty:
- Security fixes included in this version update from 4.1.75 to 4.1.90:
* CVE-2022-24823: Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files for
Java 6 and lower in io.netty:netty-codec-http (bsc#1199338)
* CVE-2022-41881: HAProxyMessageDecoder Stack Exhaustion DoS (bsc#1206360)
* CVE-2022-41915: HTTP Response splitting from assigning header value iterator (bsc#1206379)
- Other non-security bug fixes included in this version update from 4.1.75 to 4.1.90:
* Build with Java 11 on ix86 architecture in order to avoid build failures
* Fix `HttpHeaders.names` for non-String headers
* Fix `FlowControlHandler` behaviour to pass read events when auto-reading is turned off
* Fix brotli compression
* Fix a bug in FlowControlHandler that broke auto-read
* Fix a potential memory leak bug has been in the pooled allocator
* Fix a scalability issue caused by instanceof and check-cast checks that lead to false-sharing on the
`Klass::secondary_super_cache` field in the JVM
* Fix a bug in our `PEMParser` when PEM files have multiple objects, and `BouncyCastle` is on the classpath
* Fix several `NullPointerException` bugs
* Fix a regression `SslContext` private key loading
* Fix a bug in `SslContext` private key reading fall-back path
* Fix a buffer leak regression in `HttpClientCodec`
* Fix a bug where some `HttpMessage` implementations, that also implement `HttpContent`, were not handled correctly
* Fix epoll bug when receiving zero-sized datagrams
* Fix a bug in `SslHandler` so `handlerRemoved` works properly even if `handlerAdded` throws an exception
* Fix an issue that allowed the multicast methods on `EpollDatagramChannel` to be called outside of an event-loop
thread
* Fix a bug where an OPT record was added to DNS queries that already had such a record
* Fix a bug that caused an error when files uploaded with HTTP POST contained a backslash in their name
* Fix an issue in the `BlockHound` integration that could occasionally cause NetUtil to be reported as performing
blocking operation. A similar `BlockHound` issue was fixed for the `JdkSslContext`
* Fix a bug that prevented preface or settings frames from being flushed, when an HTTP2 connection was established
with prior-knowledge
* Fix a bug where Netty fails to load a shaded native library
* Fix and relax overly strict HTTP/2 header validation check that was rejecting requests from Chrome and Firefox
* Fix OpenSSL and BoringSSL implementations to respect the `jdk.tls.client.protocols` and `jdk.tls.server.protocols`
system properties, making them react to these in the same way the JDK SSL provider does
* Fix inconsitencies in how `epoll`, `kqueue`, and `NIO` handle RDHUP
* For a more detailed list of changes please consult the official release notes:
+ Changes from 4.1.90: https://netty.io/news/2023/03/14/4-1-90-Final.html
+ Changes from 4.1.89: https://netty.io/news/2023/02/13/4-1-89-Final.html
+ Changes from 4.1.88: https://netty.io/news/2023/02/12/4-1-88-Final.html
+ Changes from 4.1.87: https://netty.io/news/2023/01/12/4-1-87-Final.html
+ Changes from 4.1.86: https://netty.io/news/2022/12/12/4-1-86-Final.html
+ Changes from 4.1.85: https://netty.io/news/2022/11/09/4-1-85-Final.html
+ Changes from 4.1.84: https://netty.io/news/2022/10/11/4-1-84-Final.html
+ Changes from 4.1.82: https://netty.io/news/2022/09/13/4-1-82-Final.html
+ Changes from 4.1.81: https://netty.io/news/2022/09/08/4-1-81-Final.html
+ Changes from 4.1.80: https://netty.io/news/2022/08/26/4-1-80-Final.html
+ Changes from 4.1.79: https://netty.io/news/2022/07/11/4-1-79-Final.html
+ Changes from 4.1.78: https://netty.io/news/2022/06/14/4-1-78-Final.html
+ Changes from 4.1.77: https://netty.io/news/2022/05/06/2-1-77-Final.html
+ Changes from 4.1.76: https://netty.io/news/2022/04/12/4-1-76-Final.html
netty-tcnative:
- New artifact named `netty-tcnative-classes`, provided by this update is required by netty 4.1.90 which contains
important security updates
- No formal changelog present. This artifact is closely bound to the netty releases
ImportantSUSE bug 1199338SUSE bug 1206360SUSE bug 1206379CVE-2022-24823 at SUSECVE-2022-24823 at NVDCVE-2022-41881 at SUSECVE-2022-41881 at NVDCVE-2022-41915 at SUSECVE-2022-41915 at NVDcpe:/o:opensuse:leap:15.5Security update for libheif (Moderate)openSUSE Leap 15.5
This update for libheif fixes the following issues:
- CVE-2023-29659: Fixed segfault caused by divide-by-zero (bsc#1211174).
ModerateSUSE bug 1211174CVE-2023-29659 at SUSECVE-2023-29659 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Important)openSUSE Leap 15.5
This update for curl adds the following feature:
Update to version 8.0.1 (jsc#PED-2580)
- CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230).
- CVE-2023-28320: siglongjmp race condition (bsc#1211231).
- CVE-2023-28321: IDN wildcard matching (bsc#1211232).
- CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).
ImportantSUSE bug 1211230SUSE bug 1211231SUSE bug 1211232SUSE bug 1211233CVE-2023-28319 at SUSECVE-2023-28319 at NVDCVE-2023-28320 at SUSECVE-2023-28320 at NVDCVE-2023-28321 at SUSECVE-2023-28321 at NVDCVE-2023-28322 at SUSECVE-2023-28322 at NVDcpe:/o:opensuse:leap:15.5Security update for cups-filters (Important)openSUSE Leap 15.5
This update for cups-filters fixes the following issues:
- CVE-2023-24805: Fixed a remote code execution in the beh backend (bsc#1211340).
ImportantSUSE bug 1211340CVE-2023-24805 at SUSECVE-2023-24805 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Important)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
- Updated to version jdk8u372 (icedtea-3.27.0):
- CVE-2023-21930: Fixed an issue in the JSSE component that could
allow an attacker to access critical data without authorization
(bsc#1210628).
- CVE-2023-21937: Fixed an issue in the Networking component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210631).
- CVE-2023-21938: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210632).
- CVE-2023-21939: Fixed an issue in the Swing component that could
allow an attacker to update, insert or delete some data without
authorization (bsc#1210634).
- CVE-2023-21954: Fixed an issue in the Hotspot component that
could allow an attacker to access critical data without
authorization (bsc#1210635).
- CVE-2023-21967: Fixed an issue in the JSSE component that could
allow an attacker to cause a hang or frequently repeatable
crash without authorization (bsc#1210636).
- CVE-2023-21968: Fixed an issue in the Libraries component that
could allow an attacker to update, insert or delete some data
without authorization (bsc#1210637).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230512 release. (bsc#1211382).
- New platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL-N | A0 | 06-be-00/01 | | 00000010 | Core i3-N305/N300, N50/N97/N100/N200, Atom x7211E/x7213E/x7425E
| AZB | A0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
| AZB | R0 | 06-9a-04/40 | | 00000004 | Intel(R) Atom(R) C1100
- Updated Platforms
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | L0 | 06-9a-03/80 | 00000429 | 0000042a | Core Gen12
| ADL | L0 | 06-9a-04/80 | 00000429 | 0000042a | Core Gen12
| AML-Y22 | H0 | 06-8e-09/10 | | 000000f2 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000f4 | 000000f8 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f0 | 000000f2 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f0 | 000000f2 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f0 | 000000f2 | Core Gen8
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f0 | 000000f2 | Core Gen8 Mobile
| CLX-SP | B0 | 06-55-06/bf | 04003303 | 04003501 | Xeon Scalable Gen2
| CLX-SP | B1 | 06-55-07/bf | 05003303 | 05003501 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000f4 | 000000f6 | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000f4 | 000000f6 | Core Gen10
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002503 | 07002601 | Xeon Scalable Gen3
| ICL-D | B0 | 06-6c-01/10 | 01000211 | 01000230 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000b8 | 000000ba | Core Gen10 Mobile
| ICX-SP | D0 | 06-6a-06/87 | 0d000389 | 0d000390 | Xeon Scalable Gen3
| KBL-G/H/S/E3 | B0 | 06-9e-09/2a | 000000f0 | 000000f2 | Core Gen7; Xeon E3 v6
| KBL-U/Y | H0 | 06-8e-09/c0 | | 000000f2 | Core Gen7 Mobile
| LKF | B2/B3 | 06-8a-01/10 | 00000032 | 00000033 | Core w/Hybrid Technology
| RKL-S | B0 | 06-a7-01/02 | 00000057 | 00000058 | Core Gen11
| RPL-H 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-P 6+8 | J0 | 06-ba-02/07 | 0000410e | 00004112 | Core Gen13
| RPL-S | S0 | 06-b7-01/32 | 00000112 | 00000113 | Core Gen13
| RPL-U 2+8 | Q0 | 06-ba-03/07 | 0000410e | 00004112 | Core Gen13
| SKX-D | H0 | 06-55-04/b7 | | 02006f05 | Xeon D-21xx
| SKX-SP | B1 | 06-55-03/97 | 01000161 | 01000171 | Xeon Scalable
| SKX-SP | H0/M0/U0 | 06-55-04/b7 | | 02006f05 | Xeon Scalable
| SPR-HBM | B3 | 06-8f-08/10 | 2c000170 | 2c0001d1 | Xeon Max
| SPR-SP | E0 | 06-8f-04/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E2 | 06-8f-05/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E3 | 06-8f-06/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E4 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | E5 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S2 | 06-8f-07/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| SPR-SP | S3 | 06-8f-08/87 | 2b000181 | 2b000461 | Xeon Scalable Gen4
| TGL | B1 | 06-8c-01/80 | 000000a6 | 000000aa | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000042 | 00000044 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000028 | 0000002a | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000f4 | 000000f6 | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | | 000000f2 | Core Gen8 Mobile
ImportantSUSE bug 1208479SUSE bug 1211382CVE-2022-33972 at SUSECVE-2022-33972 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch (Important)openSUSE Leap 15.5
This update for openvswitch fixes the following issues:
- CVE-2022-4338: Fixed Integer Underflow in Organization Specific TLV (bsc#1206580).
- CVE-2022-4337: Fixed Out-of-Bounds Read in Organization Specific TLV (bsc#1206581).
ImportantSUSE bug 1206580SUSE bug 1206581CVE-2022-4337 at SUSECVE-2022-4337 at NVDCVE-2022-4338 at SUSECVE-2022-4338 at NVDcpe:/o:opensuse:leap:15.5Security update for terraform-provider-aws (Important)openSUSE Leap 15.5
This update of terraform-provider-aws fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658).
ImportantSUSE bug 1200441SUSE bug 1209658cpe:/o:opensuse:leap:15.5Security update for terraform-provider-null (Important)openSUSE Leap 15.5
This update of terraform-provider-null fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658).
ImportantSUSE bug 1200441SUSE bug 1209658cpe:/o:opensuse:leap:15.5Security update for python-Flask (Important)openSUSE Leap 15.5
This update for python-Flask fixes the following issues:
- CVE-2023-30861: Fixed a potential cookie confusion due to incorrect
caching (bsc#1211246).
ImportantSUSE bug 1211246CVE-2023-30861 at SUSECVE-2023-30861 at NVDcpe:/o:opensuse:leap:15.5Security update for geoipupdate (Important)openSUSE Leap 15.5
This update of geoipupdate fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658).
ImportantSUSE bug 1200441SUSE bug 1209658cpe:/o:opensuse:leap:15.5Security update for texlive (Important)openSUSE Leap 15.5
This update for texlive fixes the following issues:
- CVE-2023-32700: Fixed arbitrary code execution in LuaTeX (bsc#1211389).
ImportantSUSE bug 1211389CVE-2023-32700 at SUSECVE-2023-32700 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch (Important)openSUSE Leap 15.5
This update for openvswitch fixes the following issues:
- CVE-2023-1668: Fixed remote traffic denial of service via crafted packets with IP proto 0 (bsc#1210054).
ImportantSUSE bug 1210054CVE-2023-1668 at SUSECVE-2023-1668 at NVDcpe:/o:opensuse:leap:15.5Security update for golang-github-vpenso-prometheus_slurm_exporter (Important)openSUSE Leap 15.5
This update of golang-github-vpenso-prometheus_slurm_exporter fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441 bsc#1209658).
ImportantSUSE bug 1200441SUSE bug 1209658cpe:/o:opensuse:leap:15.5Security update for distribution (Important)openSUSE Leap 15.5
This update for distribution fixes the following issues:
Update to verison 2.8.2:
- Revert registry/client: set `Accept: identity` header when getting layers
- Parse `http` forbidden as denied
- Fix CVE-2023-2253 runaway allocation on /v2/_catalog (bsc#1207705)
- Fix panic in inmemory driver
- update to go1.19.9
- Add code to handle pagination of parts. Fixes max layer size of 10GB bug
- Dockerfile: fix filenames of artifacts
ImportantSUSE bug 1207705SUSE bug 1210428CVE-2023-2253 at SUSECVE-2023-2253 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.18-openssl (Important)openSUSE Leap 15.5
This update for go1.18-openssl fixes the following issues:
- Add subpackage go1.x-libstd compiled shared object libstd.so (jsc#PED-1962)
* Main go1.x package included libstd.so in previous versions
* Split libstd.so into subpackage that can be installed standalone
* Continues the slimming down of main go1.x package by 40 Mb
* Experimental and not recommended for general use, Go currently has no ABI
* Upstream Go has not committed to support buildmode=shared long-term
* Do not use in packaging, build static single binaries (the default)
* Upstream Go go1.x binary releases do not include libstd.so
* go1.x Suggests go1.x-libstd so not installed by default Recommends
* go1.x-libstd does not Require: go1.x so can install standalone
* Provides go-libstd unversioned package name
* Fix build step -buildmode=shared std to omit -linkshared
- Packaging improvements:
* go1.x Suggests go1.x-doc so not installed by default Recommends
* Use Group: Development/Languages/Go instead of Other
- Improvements to go1.x packaging spec:
* On Tumbleweed bootstrap with current default gcc13 and gccgo118
* On SLE-12 aarch64 ppc64le ppc64 remove overrides to bootstrap
using go1.x package (%bcond_without gccgo). This is no longer
needed on current SLE-12:Update and removing will consolidate
the build configurations used.
* Change source URLs to go.dev as per Go upstream
* On x86_64 export GOAMD64=v1 as per the current baseline.
At this time forgo GOAMD64=v3 option for x86_64_v3 support.
* On x86_64 %define go_amd64=v1 as current instruction baseline
- Update to version 1.18.10.1 cut from the go1.18-openssl-fips
branch at the revision tagged go1.18.10-1-openssl-fips.
* Merge branch dev.boringcrypto.go1.18 into go1.18-openssl-fips
* Merge go1.18.10 into dev.boringcrypto.go1.18
- go1.18.10 (released 2023-01-10) includes fixes to cgo, the
compiler, the linker, and the crypto/x509, net/http, and syscall
packages.
Refs bsc#1193742 go1.18 release tracking
* go#57705 misc/cgo: backport needed for dlltool fix
* go#57426 crypto/x509: Verify on macOS does not return typed errors
* go#57344 cmd/compile: the loong64 intrinsic for CompareAndSwapUint32 function needs to sign extend its 'old' argument.
* go#57338 syscall, internal/poll: accept4-to-accept fallback removal broke Go code on Synology DSM 6.2 ARM devices
* go#57213 os: TestLstat failure on Linux Aarch64
* go#57211 reflect: sort.SliceStable sorts incorrectly on arm64 with less function created with reflect.MakeFunc and slice of sufficient length
* go#57057 cmd/go: remove test dependency on gopkg.in service
* go#57054 cmd/go: TestScript/version_buildvcs_git_gpg (if enabled) fails on linux longtest builders
* go#57044 cgo: malformed DWARF TagVariable entry
* go#57028 cmd/cgo: Wrong types in compiler errors with clang 14
* go#56833 cmd/link/internal/ppc64: too-far trampoline is reused
* go#56711 net: reenable TestLookupDotsWithRemoteSource and TestLookupGoogleSRV with a different target
* go#56323 net/http: bad handling of HEAD requests with a body
ImportantSUSE bug 1183043SUSE bug 1193742SUSE bug 1198423SUSE bug 1198424SUSE bug 1198427SUSE bug 1199413SUSE bug 1200134SUSE bug 1200135SUSE bug 1200136SUSE bug 1200137SUSE bug 1201434SUSE bug 1201436SUSE bug 1201437SUSE bug 1201440SUSE bug 1201443SUSE bug 1201444SUSE bug 1201445SUSE bug 1201447SUSE bug 1201448SUSE bug 1202035SUSE bug 1203185SUSE bug 1204023SUSE bug 1204024SUSE bug 1204025SUSE bug 1204941SUSE bug 1206134SUSE bug 1206135SUSE bug 1208270SUSE bug 1208271SUSE bug 1208272SUSE bug 1208491CVE-2022-1705 at SUSECVE-2022-1705 at NVDCVE-2022-1962 at SUSECVE-2022-1962 at NVDCVE-2022-24675 at SUSECVE-2022-24675 at NVDCVE-2022-27536 at SUSECVE-2022-27536 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-28131 at SUSECVE-2022-28131 at NVDCVE-2022-28327 at SUSECVE-2022-28327 at NVDCVE-2022-2879 at SUSECVE-2022-2879 at NVDCVE-2022-2880 at SUSECVE-2022-2880 at NVDCVE-2022-29526 at SUSECVE-2022-29526 at NVDCVE-2022-29804 at SUSECVE-2022-29804 at NVDCVE-2022-30580 at SUSECVE-2022-30580 at NVDCVE-2022-30629 at SUSECVE-2022-30629 at NVDCVE-2022-30630 at SUSECVE-2022-30630 at NVDCVE-2022-30631 at SUSECVE-2022-30631 at NVDCVE-2022-30632 at SUSECVE-2022-30632 at NVDCVE-2022-30633 at SUSECVE-2022-30633 at NVDCVE-2022-30634 at SUSECVE-2022-30634 at NVDCVE-2022-30635 at SUSECVE-2022-30635 at NVDCVE-2022-32148 at SUSECVE-2022-32148 at NVDCVE-2022-32189 at SUSECVE-2022-32189 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-41716 at SUSECVE-2022-41716 at NVDCVE-2022-41717 at SUSECVE-2022-41717 at NVDCVE-2022-41720 at SUSECVE-2022-41720 at NVDCVE-2022-41723 at SUSECVE-2022-41723 at NVDCVE-2022-41724 at SUSECVE-2022-41724 at NVDCVE-2022-41725 at SUSECVE-2022-41725 at NVDcpe:/o:opensuse:leap:15.5Security update for c-ares (Important)openSUSE Leap 15.5
This update for c-ares fixes the following issues:
Update to version 1.19.1:
- CVE-2023-32067: 0-byte UDP payload causes Denial of Service (bsc#1211604)
- CVE-2023-31147: Insufficient randomness in generation of DNS query IDs (bsc#1211605)
- CVE-2023-31130: Buffer Underwrite in ares_inet_net_pton() (bsc#1211606)
- CVE-2023-31124: AutoTools does not set CARES_RANDOM_FILE during cross compilation (bsc#1211607)
- Fix uninitialized memory warning in test
- ares_getaddrinfo() should allow a port of 0
- Fix memory leak in ares_send() on error
- Fix comment style in ares_data.h
- Fix typo in ares_init_options.3
- Sync ax_pthread.m4 with upstream
- Sync ax_cxx_compile_stdcxx_11.m4 with upstream to fix uclibc support
ImportantSUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607CVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Moderate)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
Updated to version 3.6.14:
- CVE-2023-2855: Fixed a crash in the Candump log file parser
(boo#1211703).
- CVE-2023-2856: Fixed a crash in the VMS TCPIPtrace file parser
(boo#1211707).
- CVE-2023-2857: Fixed a crash in the BLF file parser (boo#1211705).
- CVE-2023-2858: Fixed a crash in the NetScaler file parser
(boo#1211706).
- CVE-2023-0668: Fixed a crash in the IEEE C37.118 Synchrophasor
dissector (boo#1211710).
- CVE-2023-2879: GDSDB dissector infinite loop (boo#1211793).
Further features, bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-3.6.14.html
ModerateSUSE bug 1211703SUSE bug 1211705SUSE bug 1211706SUSE bug 1211707SUSE bug 1211710SUSE bug 1211793CVE-2023-0668 at SUSECVE-2023-0668 at NVDCVE-2023-2855 at SUSECVE-2023-2855 at NVDCVE-2023-2856 at SUSECVE-2023-2856 at NVDCVE-2023-2857 at SUSECVE-2023-2857 at NVDCVE-2023-2858 at SUSECVE-2023-2858 at NVDCVE-2023-2859 at SUSECVE-2023-2859 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Important)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
ImportantSUSE bug 1211430CVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Moderate)openSUSE Leap 15.5
This update for tiff fixes the following issues:
Fixed multiple out of bounds read/write security issues:
CVE-2023-0795 (bsc#1208226), CVE-2023-0796 (bsc#1208227), CVE-2023-0797 (bsc#1208228),
CVE-2023-0798 (bsc#1208229), CVE-2023-0799 (bsc#1208230), CVE-2023-0800 (bsc#1208231),
CVE-2023-0801 (bsc#1208232), CVE-2023-0802 (bsc#1208233), CVE-2023-0803 (bsc#1208234),
CVE-2023-0804 (bsc#1208236).
ModerateSUSE bug 1208226SUSE bug 1208227SUSE bug 1208228SUSE bug 1208229SUSE bug 1208230SUSE bug 1208231SUSE bug 1208232SUSE bug 1208233SUSE bug 1208234SUSE bug 1208236CVE-2023-0795 at SUSECVE-2023-0795 at NVDCVE-2023-0796 at SUSECVE-2023-0796 at NVDCVE-2023-0797 at SUSECVE-2023-0797 at NVDCVE-2023-0798 at SUSECVE-2023-0798 at NVDCVE-2023-0799 at SUSECVE-2023-0799 at NVDCVE-2023-0800 at SUSECVE-2023-0800 at NVDCVE-2023-0801 at SUSECVE-2023-0801 at NVDCVE-2023-0802 at SUSECVE-2023-0802 at NVDCVE-2023-0803 at SUSECVE-2023-0803 at NVDCVE-2023-0804 at SUSECVE-2023-0804 at NVDcpe:/o:opensuse:leap:15.5Security update for ImageMagick (Important)openSUSE Leap 15.5
This update for ImageMagick fixes the following issues:
- CVE-2023-34151: Fixed an undefined behavior issue due to floating
point truncation (bsc#1211791).
- CVE-2023-34153: Fixed a command injection issue when encoding or
decoding VIDEO files (bsc#1211792).
ImportantSUSE bug 1211791SUSE bug 1211792CVE-2023-34151 at SUSECVE-2023-34151 at NVDCVE-2023-34153 at SUSECVE-2023-34153 at NVDcpe:/o:opensuse:leap:15.5Security update for cups (Important)openSUSE Leap 15.5
This update for cups fixes the following issues:
- CVE-2023-32324: Fixed a buffer overflow in format_log_line() which could cause a denial-of-service (bsc#1211643).
ImportantSUSE bug 1211643CVE-2023-32324 at SUSECVE-2023-32324 at NVDcpe:/o:opensuse:leap:15.5Security update for apache-commons-fileupload (Important)openSUSE Leap 15.5
This update for apache-commons-fileupload fixes the following issues:
Updated to version 1.5:
- CVE-2023-24998: Added a configurable maximum number of files to
upload per request (bsc#1208513).
ImportantSUSE bug 1208513CVE-2023-24998 at SUSECVE-2023-24998 at NVDcpe:/o:opensuse:leap:15.5Security update for google-cloud-sap-agent (Important)openSUSE Leap 15.5
This update of google-cloud-sap-agent fixes the following issues:
- rebuild the package with the go 1.19 security release (bsc#1200441).
- Update to version 1.5.1 (bsc#1210464)
- Raise golang API version to 1.20
ImportantSUSE bug 1200441SUSE bug 1210464cpe:/o:opensuse:leap:15.5Security update for python310 (Moderate)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
ModerateSUSE bug 1203750CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:opensuse:leap:15.5Security update for libwebp (Important)openSUSE Leap 15.5
This update for libwebp fixes the following issues:
- CVE-2023-1999: Fixed a double free (bsc#1210212).
ImportantSUSE bug 1210212CVE-2023-1999 at SUSECVE-2023-1999 at NVDcpe:/o:opensuse:leap:15.5Security update for mariadb (Low)openSUSE Leap 15.5
This update for mariadb fixes the following issues:
Updated to version 10.6.13:
- CVE-2022-47015: Fixed a denial of service that could be triggered by
a crafted SQL query (bsc#1207404).
LowSUSE bug 1207404CVE-2022-47015 at SUSECVE-2022-47015 at NVDcpe:/o:opensuse:leap:15.5Security update for openldap2 (Moderate)openSUSE Leap 15.5
This update for openldap2 fixes the following issues:
- CVE-2023-2953: Fixed null pointer deref in ber_memalloc_x (bsc#1211795).
ModerateSUSE bug 1211795CVE-2023-2953 at SUSECVE-2023-2953 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Extended Support Release 102.12.0 ESR (bsc#1211922):
- CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
- CVE-2023-34416: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
ImportantSUSE bug 1211922CVE-2023-34414 at SUSECVE-2023-34414 at NVDCVE-2023-34416 at SUSECVE-2023-34416 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
- CVE-2023-21930: Fixed possible compromise from unauthenticated attacker with network access via TLS (bsc#1210628).
- CVE-2023-21937: Fixed vulnerability inside the networking component (bsc#1210631).
- CVE-2023-21938: Fixed vulnerability inside the library component (bsc#1210632).
- CVE-2023-21939: Fixed vulnerability inside the swing component (bsc#1210634).
- CVE-2023-21968: Fixed vulnerability inside the library component (bsc#1210637).
- CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
- CVE-2023-21967: Fixed vulnerability inside the JSSE component (bsc#1210636).
- CVE-2023-21954: Fixed vulnerability inside the hotspot component (bsc#1210635).
Additional reference fixed already in 8.0.7.15:
- CVE-2023-30441: Fixed components that could have exposed sensitive information using a combination of flaws and configurations (bsc#1210711).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637SUSE bug 1210711SUSE bug 1210826SUSE bug 1211615CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDCVE-2023-2597 at SUSECVE-2023-2597 at NVDCVE-2023-30441 at SUSECVE-2023-30441 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat (Important)openSUSE Leap 15.5
This update for tomcat fixes the following issues:
Updated to version 9.0.75:
- CVE-2023-28709: Mended an incomplete fix for CVE-2023-24998 (bsc#1208513, bsc#1211608).
ImportantSUSE bug 1208513SUSE bug 1211608CVE-2023-24998 at SUSECVE-2023-24998 at NVDCVE-2023-28709 at SUSECVE-2023-28709 at NVDcpe:/o:opensuse:leap:15.5Security update for rekor (Moderate)openSUSE Leap 15.5
This update for rekor fixes the following issues:
- updated to rekor 1.2.1 (jsc#SLE-23476):
- CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790).
ModerateSUSE bug 1211790CVE-2023-33199 at SUSECVE-2023-33199 at NVDcpe:/o:opensuse:leap:15.5Security update for opensc (Moderate)openSUSE Leap 15.5
This update for opensc fixes the following issues:
- CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).
ModerateSUSE bug 1211894CVE-2023-2977 at SUSECVE-2023-2977 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Moderate)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2023-31489: Fixed a remote denial of service via a malformed BGP packet (bsc#1211248).
- CVE-2023-31490: Fixed a remote denial of service via a malformed BGP packet (bsc#1211249).
ImportantSUSE bug 1211248SUSE bug 1211249CVE-2023-31489 at SUSECVE-2023-31489 at NVDCVE-2023-31490 at SUSECVE-2023-31490 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.19 (Moderate)openSUSE Leap 15.5
This update for go1.19 fixes the following issues:
Update to go1.19.10 (bsc#1200441):
- CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073).
- CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074).
- CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075).
- CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076).
ModerateSUSE bug 1200441SUSE bug 1212073SUSE bug 1212074SUSE bug 1212075SUSE bug 1212076CVE-2023-29402 at SUSECVE-2023-29402 at NVDCVE-2023-29403 at SUSECVE-2023-29403 at NVDCVE-2023-29404 at SUSECVE-2023-29404 at NVDCVE-2023-29405 at SUSECVE-2023-29405 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Moderate)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
Update to go1.20.5 (bsc#1206346):
- CVE-2023-29402: cmd/go: Fixed cgo code injection (bsc#1212073).
- CVE-2023-29403: runtime: Fixed unexpected behavior of setuid/setgid binaries (bsc#1212074).
- CVE-2023-29404: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212075).
- CVE-2023-29405: cmd/go: Fixed improper sanitization of LDFLAGS (bsc#1212076).
ModerateSUSE bug 1206346SUSE bug 1212073SUSE bug 1212074SUSE bug 1212075SUSE bug 1212076CVE-2023-29402 at SUSECVE-2023-29402 at NVDCVE-2023-29403 at SUSECVE-2023-29403 at NVDCVE-2023-29404 at SUSECVE-2023-29404 at NVDCVE-2023-29405 at SUSECVE-2023-29405 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715).
- CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186).
- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1209366).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
The following non-security bugs were fixed:
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- google/gve:fix repeated words in comments (bsc#1211519).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (bsc#1211519).
- gve: Fix GFP flags when allocing pages (bsc#1211519).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (bsc#1211519).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519).
- gve: enhance no queue page list detection (bsc#1211519).
- hv: vmbus: Optimize vmbus_on_event (bsc#1211622).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- scsi: storvsc: Parameterize number hardware queues (bsc#1211622).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
ImportantSUSE bug 1172073SUSE bug 1191731SUSE bug 1199046SUSE bug 1204405SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1206878SUSE bug 1208600SUSE bug 1209287SUSE bug 1209366SUSE bug 1210629SUSE bug 1210715SUSE bug 1210783SUSE bug 1210791SUSE bug 1210940SUSE bug 1211037SUSE bug 1211089SUSE bug 1211105SUSE bug 1211186SUSE bug 1211519SUSE bug 1211592SUSE bug 1211622SUSE bug 1211796CVE-2022-3566 at SUSECVE-2022-3566 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2194 at SUSECVE-2023-2194 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-32269 at SUSECVE-2023-32269 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
Security fixes:
- CVE-2022-42336: Fix an issue where guests configuring AMD
Speculative Store Bypass Disable would have no effect (XSA-431)
(bsc#1211433).
- CVE-2022-42335: Fixed an issue where guests running under shadow
mode with a PCI devices passed through could force the hypervisor
to dereference arbitrary memory, leading to a denial of service
(XSA-430) (bsc#1210315).
Non-security fixes:
- Fixed a build warning false positive (bsc#1210570).
- Added missing debug-info to xen-syms (bsc#1209237).
- Updated to version 4.17.1 (bsc#1027519).
- Fixed a failure during VM destruction when using host-assisted kexec
and kdump (bsc#1209245).
- Other upstream fixes (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1208736SUSE bug 1209237SUSE bug 1209245SUSE bug 1210315SUSE bug 1210570SUSE bug 1211433CVE-2022-42335 at SUSECVE-2022-42335 at NVDCVE-2022-42336 at SUSECVE-2022-42336 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch3 (Important)openSUSE Leap 15.5
This update for openvswitch3 fixes the following issues:
- CVE-2023-1668: Fixed a remote denial of service that could be
triggered via malformed IP packets (bsc#1210054).
ImportantSUSE bug 1210054CVE-2023-1668 at SUSECVE-2023-1668 at NVDcpe:/o:opensuse:leap:15.5Security update for jetty-minimal (Moderate)openSUSE Leap 15.5
This update for jetty-minimal fixes the following issues:
Updated to version 9.4.51.v20230217:
- CVE-2023-26048: Fixed an excessive memory consumption when
processing a large multipart request (bsc#1210620)
- CVE-2023-26049: Fixed a cookie exfiltration issue due to improper
parsing (bsc#1210621).
ModerateSUSE bug 1210620SUSE bug 1210621CVE-2023-26048 at SUSECVE-2023-26048 at NVDCVE-2023-26049 at SUSECVE-2023-26049 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.18 (Important)openSUSE Leap 15.5
This update for kubernetes1.18 fixes the following issues:
- CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630).
- CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631).
ImportantSUSE bug 1211630SUSE bug 1211631CVE-2023-2727 at SUSECVE-2023-2727 at NVDCVE-2023-2728 at SUSECVE-2023-2728 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Important)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630).
- CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631).
ImportantSUSE bug 1211630SUSE bug 1211631CVE-2023-2727 at SUSECVE-2023-2727 at NVDCVE-2023-2728 at SUSECVE-2023-2728 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.24 (Important)openSUSE Leap 15.5
This update for kubernetes1.24 fixes the following issues:
- CVE-2023-2727: Fixed bypassing policies imposed by the ImagePolicyWebhook admission plugin (bsc#1211630).
- CVE-2023-2728: Fixed bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1211631).
ImportantSUSE bug 1211630SUSE bug 1211631CVE-2023-2727 at SUSECVE-2023-2727 at NVDCVE-2023-2728 at SUSECVE-2023-2728 at NVDcpe:/o:opensuse:leap:15.5Security update for bluez (Important)openSUSE Leap 15.5
This update for bluez fixes the following issues:
- CVE-2023-27349: Fixed crash while handling unsupported events (bsc#1210398).
ImportantSUSE bug 1210398CVE-2023-27349 at SUSECVE-2023-27349 at NVDcpe:/o:opensuse:leap:15.5Security update for python-reportlab (Critical)openSUSE Leap 15.5
This update for python-reportlab fixes the following issues:
- CVE-2023-33733: Fixed arbitrary code execution via supplying a crafted PDF file (bsc#1212065).
CriticalSUSE bug 1212065CVE-2023-33733 at SUSECVE-2023-33733 at NVDcpe:/o:opensuse:leap:15.5Security update for Salt (Moderate)openSUSE Leap 15.5
This update for salt fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-jmespath:
- Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt
(no source changes)
python-ply:
- Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath
(no source changes)
ModerateSUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Important)openSUSE Leap 15.5
This update fixes the following issues:
grafana:
- Version update from 8.5.22 to 9.5.1 (jsc#PED-3694):
* Security fixes:
- CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)
- CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests
(bnc#1210907)
- CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596)
- CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597)
- CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501)
- CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539)
- CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535)
- CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185)
- CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480)
- CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes
('Prototype Pollution') (bsc#1192696)
- CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154)
- CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function
* Important changes:
- Default named retention policies won't be used to query.
Users who have a default named retention policy in their influxdb database, have to rename it to something else.
To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy
from dropdown and save the panel/dashboard.
- Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration.
- Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role
manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes
to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it
will default to false.
- The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version
as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all
InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior.
In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4
and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either:
Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json`
or `dashboard.json`
- The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it
caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function
in your tests please update your code accordingly.
- Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this
value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3.
- Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and
`getMappedValue` function from grafana-data. See the documentation for the migration.
This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the
database, or error in querying the database would cause all alert rules to be unscheduled in Grafana.
Following this change scheduled alert rules are not updated unless the query is successful.
- The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`
- Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0
won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the
database has changed. Although secrets created or modified with previous versions will still be decryptable by
Grafana v9.0.
- If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to
keep envelope encryption disabled once updating to Grafana
- In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being
created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled
to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).
- As a final attempt to deal with issues related with the aforementioned situations, the
`grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets
encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to
disable envelope encryption and/or roll back to a previous version of Grafana.
Alternatively or complementarily to all the points above, backing up the Grafana database before updating could
be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those
updates/created with after updating to Grafana v9.0).
- In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode
please switch to server access mode on the datasource configuration page.
- Environment variables passed from Grafana to external Azure plugins have been renamed:
`AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`,
`AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`,
`AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`.
There are no known plugins which were relying on these variables. Moving forward plugins should read Azure
settings only via Grafana Azure SDK which properly handles old and new environment variables.
- Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0.
To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.
- Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally
removed in 9.0. Deprecated queries will no longer be executed.
- grafana/ui: Button now specifies a default type='button'.
The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided.
In previous versions, if the attribute was not specified for buttons associated with a `<form>` the
default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the
type attribute: `<Button type='submit' />`
- The `Rename by regex` transformation has been improved to allow global patterns of the form
`/<stringToReplace>/g`.
Depending on the regex match used, this may cause some transformations to behave slightly differently. You can
guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would
become `/(.*)/`
- `<Select />` menus will now portal to the document body by default. This is to give more consistent
behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely
remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no
visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}`
this will continue to prevent the menu from portalling.
- Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now
expects the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now
expect the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect
the data source UID as a path parameter instead of the data
- Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect
the data source UID as a path parameter instead of the data source numeric identifier.
- The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with
`error` and `debug`. The precision of timestamps has been increased.
To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle
`oldlog`.
This option will be removed in a future minor release.
- In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more
efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the
separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the
dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or
Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields'
transformation with the logs data, please switch to the 'extract fields' transformation.
* Deprecations:
- The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use
the `go_sql_stats_*` metrics instead.
- Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when
navigating to Explore using the deprecated format the URLs are automatically converted. If you have
existing links pointing to Explore update them using the format generated by Explore upon navigation.
You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as
an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value
pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any
hardcoded links to Explore and update them to the standard URL pattern.
- Chore: Remove deprecated DataSourceAPI methods.
- Data: Remove deprecated types and functions from valueMappings.
- Elasticsearch: Remove browser access mode.
- Elasticsearch: Remove support for versions after their end of the life (<7.10.0).
- Explore: Remove support for legacy, compact format URLs.
- Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels.
- `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will
be removed in a future release. If you need to set a different query editor for Explore, conditionally render
based on `props.app` in your regular query editor.
* Changes:
- User: Fix externalUserId not being populated.
If you used any of these components please use them from grafana/experimental from now on:
- AccessoryButton
- EditorFieldGroup
- EditorHeader
- EditorField
- EditorRow
- EditorList
- EditorRows
- EditorSwitch
- FlexItem
- Stack
- InlineSelect
- InputGroup
- Space
- Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by
setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding
`?__feature.useLegacyHeatmapPanel=true` to any dashboard URL.
- Logger: Enable new logging format by default.
- Loki: Enable new visual query builder by default.
- Plugins: Remove plugin list panel.
- Install wrapper scripts under /usr/sbin
- Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink
for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin)
- Chore: Upgrade typescript to 4.6.4.
ImportantSUSE bug 1192154SUSE bug 1192696SUSE bug 1200480SUSE bug 1201535SUSE bug 1201539SUSE bug 1203185SUSE bug 1203596SUSE bug 1203597SUSE bug 1204501SUSE bug 1209645SUSE bug 1210907CVE-2020-7753 at SUSECVE-2020-7753 at NVDCVE-2021-3807 at SUSECVE-2021-3807 at NVDCVE-2021-3918 at SUSECVE-2021-3918 at NVDCVE-2021-43138 at SUSECVE-2021-43138 at NVDCVE-2022-0155 at SUSECVE-2022-0155 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-31097 at SUSECVE-2022-31097 at NVDCVE-2022-31107 at SUSECVE-2022-31107 at NVDCVE-2022-32149 at SUSECVE-2022-32149 at NVDCVE-2022-35957 at SUSECVE-2022-35957 at NVDCVE-2022-36062 at SUSECVE-2022-36062 at NVDCVE-2023-1387 at SUSECVE-2023-1387 at NVDCVE-2023-1410 at SUSECVE-2023-1410 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Important)openSUSE Leap 15.5
This update fixes the following issues:
bind:
- Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro
- There are no source changes
dracut-saltboot:
- Update to version 0.1.1681904360.84ef141
* Load network configuration even when missing protocol version (bsc#1210640)
grafana:
- Version update from 8.5.22 to 9.5.1 (jsc#PED-3694):
* Security fixes:
- CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)
- CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests
(bnc#1210907)
- CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596)
- CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597)
- CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501)
- CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539)
- CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535)
- CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185)
- CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor
- CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480)
- CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes
('Prototype Pollution') (bsc#1192696)
- CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154)
- CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function
* Important changes:
- Default named retention policies won't be used to query.
Users who have a default named retention policy in their influxdb database, have to rename it to something else.
To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy
from dropdown and save the panel/dashboard.
- Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration.
- Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role
manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes
to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it
will default to false.
- The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version
as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all
InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior.
In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4
and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either:
Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json`
or `dashboard.json`
- The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it
caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function
in your tests please update your code accordingly.
- Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this
value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3.
- Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and
`getMappedValue` function from grafana-data. See the documentation for the migration.
This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the
database, or error in querying the database would cause all alert rules to be unscheduled in Grafana.
Following this change scheduled alert rules are not updated unless the query is successful.
- The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds`
- Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0
won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the
database has changed. Although secrets created or modified with previous versions will still be decryptable by
Grafana v9.0.
- If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to
keep envelope encryption disabled once updating to Grafana
- In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being
created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled
to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable).
- As a final attempt to deal with issues related with the aforementioned situations, the
`grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets
encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to
disable envelope encryption and/or roll back to a previous version of Grafana.
Alternatively or complementarily to all the points above, backing up the Grafana database before updating could
be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those
updates/created with after updating to Grafana v9.0).
- In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode
please switch to server access mode on the datasource configuration page.
- Environment variables passed from Grafana to external Azure plugins have been renamed:
`AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`,
`AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`,
`AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`.
There are no known plugins which were relying on these variables. Moving forward plugins should read Azure
settings only via Grafana Azure SDK which properly handles old and new environment variables.
- Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0.
To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+.
- Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally
removed in 9.0. Deprecated queries will no longer be executed.
- grafana/ui: Button now specifies a default type='button'.
The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided.
In previous versions, if the attribute was not specified for buttons associated with a `<form>` the
default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the
type attribute: `<Button type='submit' />`
- The `Rename by regex` transformation has been improved to allow global patterns of the form
`/<stringToReplace>/g`.
Depending on the regex match used, this may cause some transformations to behave slightly differently. You can
guarantee the same behaviour as before by wrapping the `match` string in forward slashes (`/`), e.g. `(.*)` would
become `/(.*)/`
- `<Select />` menus will now portal to the document body by default. This is to give more consistent
behaviour when positioning and overlaying. If you were setting`menuShouldPortal={true}` before you can safely
remove that prop and behaviour will be the same. If you weren't explicitly setting that prop, there should be no
visible changes in behaviour but your tests may need updating. If you were setting `menuShouldPortal={false}`
this will continue to prevent the menu from portalling.
- Grafana alerting endpoint prefixed with `api/v1/rule/test` that tests a rule against a Corte/Loki data source now
expects the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/prometheus/` that proxy requests to a Cortex/Loki data source now
expect the data source UID as a path parameter instead of the data source numeric identifier.
- Grafana alerting endpoints prefixed with `api/ruler/` that proxy requests to a Cortex/Loki data source now expect
the data source UID as a path parameter instead of the data
- Grafana alerting endpoints prefixed with `api/alertmanager/` that proxy requests to an Alertmanager now expect
the data source UID as a path parameter instead of the data source numeric identifier.
- The format of log messages have been updated, `lvl` is now `level` and `eror`and `dbug` has been replaced with
`error` and `debug`. The precision of timestamps has been increased.
To smooth the transition, it is possible to opt-out of the new log format by enabling the feature toggle
`oldlog`.
This option will be removed in a future minor release.
- In the Loki data source, the dataframe format used to represent Loki logs-data has been changed to a more
efficient format. The query-result is represented by a single dataframe with a 'labels' column, instead of the
separate dataframes for every labels-value. When displaying such data in explore, or in a logs-panel in the
dashboard will continue to work without changes, but if the data was loaded into a different dashboard-panel, or
Transforms were used, adjustments may be necessary. For example, if you used the 'labels to fields'
transformation with the logs data, please switch to the 'extract fields' transformation.
* Deprecations:
- The `grafana_database_conn_*` metrics are deprecated, and will be removed in a future version of Grafana. Use
the `go_sql_stats_*` metrics instead.
- Support for compact Explore URLs is deprecated and will be removed in a future release. Until then, when
navigating to Explore using the deprecated format the URLs are automatically converted. If you have
existing links pointing to Explore update them using the format generated by Explore upon navigation.
You can identify a compact URL by its format. Compact URLs have the left (and optionally right) url parameter as
an array of strings, for example `&left=['now-1h','now'...]`. The standard explore URLs follow a key/value
pattern, for example `&left={'datasource':'test'...}`. Please be sure to check your dashboards for any
hardcoded links to Explore and update them to the standard URL pattern.
- Chore: Remove deprecated DataSourceAPI methods.
- Data: Remove deprecated types and functions from valueMappings.
- Elasticsearch: Remove browser access mode.
- Elasticsearch: Remove support for versions after their end of the life (<7.10.0).
- Explore: Remove support for legacy, compact format URLs.
- Graph: Deprecate Graph (old) and make it no longer a visualization option for new panels.
- `setExploreQueryField`, `setExploreMetricsQueryField` and `setExploreLogsQueryField` are now deprecated and will
be removed in a future release. If you need to set a different query editor for Explore, conditionally render
based on `props.app` in your regular query editor.
* Changes:
- User: Fix externalUserId not being populated.
If you used any of these components please use them from grafana/experimental from now on:
- AccessoryButton
- EditorFieldGroup
- EditorHeader
- EditorField
- EditorRow
- EditorList
- EditorRows
- EditorSwitch
- FlexItem
- Stack
- InlineSelect
- InputGroup
- Space
- Starting with 9.1.0, existing heatmap panels will start using a new implementation. This can be disabled by
setting the `useLegacyHeatmapPanel` feature flag to true. It can be tested on a single dashbobard by adding
`?__feature.useLegacyHeatmapPanel=true` to any dashboard URL.
- Logger: Enable new logging format by default.
- Loki: Enable new visual query builder by default.
- Plugins: Remove plugin list panel.
- Install wrapper scripts under /usr/sbin
- Install actual binaries under /usr/libexec/grafana (or /usr/lib under older distributions) and create a simlink
for wrapper scripts and the service (which expect the binary to be under /usr/share/grafana/bin)
- Chore: Upgrade typescript to 4.6.4.
mgr-daemon:
- Version 4.3.7-1
* Update translation strings
spacecmd:
- Version 4.3.21-1
* fix argument parsing of distribution_update (bsc#1210458)
- Version 4.3.20-1
* Display activation key details after executing the corresponding command (bsc#1208719)
* Show targetted packages before actually removing them (bsc#1207830)
uyuni-common-libs:
- Version 4.3.8-1
* Allow default component for context manager
zypp-plugin-spacewalk:
- 1.0.14
* SPEC cleanup
ImportantSUSE bug 1192154SUSE bug 1192696SUSE bug 1200480SUSE bug 1201535SUSE bug 1201539SUSE bug 1203185SUSE bug 1203596SUSE bug 1203597SUSE bug 1203599SUSE bug 1204501SUSE bug 1207830SUSE bug 1208719SUSE bug 1209645SUSE bug 1210458SUSE bug 1210640SUSE bug 1210907CVE-2020-7753 at SUSECVE-2020-7753 at NVDCVE-2021-3807 at SUSECVE-2021-3807 at NVDCVE-2021-3918 at SUSECVE-2021-3918 at NVDCVE-2021-43138 at SUSECVE-2021-43138 at NVDCVE-2022-0155 at SUSECVE-2022-0155 at NVDCVE-2022-27664 at SUSECVE-2022-27664 at NVDCVE-2022-31097 at SUSECVE-2022-31097 at NVDCVE-2022-31107 at SUSECVE-2022-31107 at NVDCVE-2022-32149 at SUSECVE-2022-32149 at NVDCVE-2022-35957 at SUSECVE-2022-35957 at NVDCVE-2022-36062 at SUSECVE-2022-36062 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDCVE-2023-1387 at SUSECVE-2023-1387 at NVDCVE-2023-1410 at SUSECVE-2023-1410 at NVDcpe:/o:opensuse:leap:15.5Security update for salt and python-pyzmq (Moderate)openSUSE Leap 15.5
This update for salt and python-pyzmq fixes the following issues:
salt:
- Update to Salt release version 3006.0 (jsc#PED-4361)
* See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html
- Add missing patch after rebase to fix collections Mapping issues
- Add python3-looseversion as new dependency for salt
- Add python3-packaging as new dependency for salt
- Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071)
- Avoid conflicts with Salt dependencies versions (bsc#1211612)
- Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754)
- Create new salt-tests subpackage containing Salt tests
- Drop conflictive patch dicarded from upstream
- Fix package build with old setuptools versions
- Fix SLS rendering error when Jinja macros are used
- Fix version detection and avoid building and testing failures
- Prevent deadlocks in salt-ssh executions
- Require python3-jmespath runtime dependency (bsc#1209233)
- Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517)
python-pyzmq:
- Update python-pyzmq to version 17.1.2 in LTSS products (bsc#1186945)
ModerateSUSE bug 1186945SUSE bug 1207071SUSE bug 1209233SUSE bug 1211612SUSE bug 1211754SUSE bug 1212516SUSE bug 1212517cpe:/o:opensuse:leap:15.5Security update for golang-github-prometheus-prometheus (Important)openSUSE Leap 15.5
This update for golang-github-prometheus-prometheus fixes the following issues:
golang-github-prometheus-prometheus:
- Security issues fixed in this version update to 2.37.6:
* CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
* CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
* CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208298)
- Other non-security bugs fixed and changes in this version update to 2.37.6:
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
* [BUGFIX] Properly close file descriptor when logging unfinished queries.
* [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
* [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
* [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
* [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
* [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
* [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
* [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
* [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration
values.
* [BUGFIX] Fix serving of static assets like fonts and favicon.
* [BUGFIX] promtool: Add --lint-fatal option.
* [BUGFIX] Changing TotalQueryableSamples from int to int64.
* [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
* [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
* [BUGFIX] Stop rule manager before TSDB is stopped.
* [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
* [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
* [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page.
* [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
* [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
* [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
* [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset.
* [BUGFIX] UI: Fix bug that sets the range input to the resolution.
* [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled.
* [BUGFIX] Parser: Specify type in metadata parser errors.
* [BUGFIX] Scrape: Fix label limit changes not applying.
* [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch.
* [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
* [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
* [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
* [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
* [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s.
* [BUGFIX] Promtool: Make exit codes more consistent.
* [BUGFIX] Promtool: Fix flakiness of rule testing.
* [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write
irrecoverably fails.
* [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
* [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks.
* [BUGFIX] TSDB: Fix logging of exemplar storage size.
* [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
* [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets.
* [BUGFIX] UI: Fix autocompletion when expression is empty.
* [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
* [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
* [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting
in a new exit code (3) for linter errors.
* [CHANGE] UI: Classic UI removed.
* [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
* [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
* [CHANGE] Web: Promote remote-write-receiver to stable.
* [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery.
* [FEATURE] Add lowercase and uppercase relabel action.
* [FEATURE] SD: Add IONOS Cloud integration.
* [FEATURE] SD: Add Vultr integration.
* [FEATURE] SD: Add Linode SD failure count metric.
* [FEATURE] Add prometheus_ready metric.
* [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit.
Enable with the flag `--enable-feature=auto-gomaxprocs`.
* [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query.
Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using
stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`.
* [FEATURE] Config: Add stripPort template function.
* [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended.
* [FEATURE] SD: Enable target discovery in own K8s namespace.
* [FEATURE] SD: Add provider ID label in K8s SD.
* [FEATURE] Web: Add limit field to the rules API.
* [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
* [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
* [ENHANCEMENT] TSDB: Memory optimizations.
* [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
* [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
* [ENHANCEMENT] Add stripDomain to template function.
* [ENHANCEMENT] UI: Enable active search through dropped targets.
* [ENHANCEMENT] promtool: support matchers when querying label
* [ENHANCEMENT] Add agent mode identifier.
* [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup.
* [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
* [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
* [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1
EndpointSlice (previously only discovery.k8s.io/v1beta1
EndpointSlice was supported).
* [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods.
* [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
* [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
* [ENHANCEMENT] Config: Support overriding minimum TLS version.
* [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag
`--storage.tsdb.head-chunks-write-queue-size`.
* [ENHANCEMENT] HTTP SD: Add a failure counter.
* [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
* [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
* [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape.
* [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1.
* [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read.
* [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
* [ENHANCEMENT] UI: Improve graph colors that were hard to see.
* [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels.
* [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces.
* [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver.
* [ENHANCEMENT] Remote-write: Shard up more when backlogged.
* [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance.
* [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap.
* [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write.
* [ENHANCEMENT] TSDB: Improve label matching performance.
* [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
* [ENHANCEMENT] UI: Optimize the target page and add a search bar.
ImportantSUSE bug 1204023SUSE bug 1208049SUSE bug 1208298CVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-41723 at SUSECVE-2022-41723 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDcpe:/o:opensuse:leap:15.5Security update for rustup (Moderate)openSUSE Leap 15.5
This update for rustup fixes the following issues:
- CVE-2022-31394: Fixed possible HTTP2 attacks by specifying the HTTP/2 SETTINGS_MAX_HEADER_LIST_SIZE (bsc#1208552).
- CVE-2023-26964: Fixed high memory and CPU usage when stream stacking occurs when H2 processes HTTP2 RST_STREAM frames (bsc#1210345).
ModerateSUSE bug 1208552SUSE bug 1210345CVE-2022-31394 at SUSECVE-2022-31394 at NVDCVE-2023-26964 at SUSECVE-2023-26964 at NVDcpe:/o:opensuse:leap:15.5Security update for open-vm-tools (Moderate)openSUSE Leap 15.5
This update for open-vm-tools fixes the following issues:
- CVE-2023-20867: Fixed authentication bypass vulnerability in the vgauth module (bsc#1212143).
Bug fixes:
- Fixed build problem with grpc 1.54 (bsc#1210695).
ModerateSUSE bug 1210695SUSE bug 1212143CVE-2023-20867 at SUSECVE-2023-20867 at NVDcpe:/o:opensuse:leap:15.5Security update for ntp (Moderate)openSUSE Leap 15.5
This update for ntp fixes the following issues:
- CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390).
ModerateSUSE bug 1210390CVE-2023-26555 at SUSECVE-2023-26555 at NVDcpe:/o:opensuse:leap:15.5Security update for php8 (Moderate)openSUSE Leap 15.5
This update for php8 fixes the following issues:
- CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349).
ModerateSUSE bug 1212349CVE-2023-3247 at SUSECVE-2023-3247 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 102.12 MFSA 2023-21 (bsc#1211922):
- CVE-2023-34414: Click-jacking certificate exceptions through rendering lag
- CVE-2023-34416: Memory safety bugs fixed in Thunderbird 102.12
ImportantSUSE bug 1211922CVE-2023-34414 at SUSECVE-2023-34414 at NVDCVE-2023-34416 at SUSECVE-2023-34416 at NVDcpe:/o:opensuse:leap:15.5Security update for libX11 (Important)openSUSE Leap 15.5
This update for libX11 fixes the following issues:
- CVE-2023-3138: Fixed buffer overflows in InitExt.c (bsc#1212102).
ImportantSUSE bug 1212102CVE-2023-3138 at SUSECVE-2023-3138 at NVDcpe:/o:opensuse:leap:15.5Security update for cups (Important)openSUSE Leap 15.5
This update for cups fixes the following issues:
- CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230).
ImportantSUSE bug 1212230CVE-2023-34241 at SUSECVE-2023-34241 at NVDcpe:/o:opensuse:leap:15.5Security update for google-cloud-sap-agent (Important)openSUSE Leap 15.5
This update of google-cloud-sap-agent fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for dav1d (Moderate)openSUSE Leap 15.5
This update for dav1d fixes the following issues:
- CVE-2023-32570: Fixed possible crash when decoding a frame (bsc#1211262).
ModerateSUSE bug 1211262CVE-2023-32570 at SUSECVE-2023-32570 at NVDcpe:/o:opensuse:leap:15.5Security update for python-sqlparse (Moderate)openSUSE Leap 15.5
This update for python-sqlparse fixes the following issues:
- CVE-2023-30608: Fixed a Regular Expression Denial of Service (ReDOS) vulnerability (bsc#1210617).
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-1255: Fixed input buffer over-read in AES-XTS implementation on 64 bit ARM (bsc#1210714).
- CVE-2023-2650: Fixed possible DoS translating ASN.1 object identifiers (bsc#1211430).
ModerateSUSE bug 1210714SUSE bug 1211430CVE-2023-1255 at SUSECVE-2023-1255 at NVDCVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:opensuse:leap:15.5Security update for cloud-init (Important)openSUSE Leap 15.5
This update for cloud-init fixes the following issues:
- CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)
- CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652)
- Update to version 23.1
+ Support transactional-updates for SUSE based distros
+ Set ownership for new folders in Write Files Module
+ add OpenCloudOS and TencentOS support
+ lxd: Retry if the server isn't ready
+ test: switch pycloudlib source to pypi
+ test: Fix integration test deprecation message
+ Recognize opensuse-microos, dev tooling fixes
+ sources/azure: refactor imds handler into own module
+ docs: deprecation generation support
+ add function is_virtual to distro/FreeBSD
+ cc_ssh: support multiple hostcertificates
+ Fix minor schema validation regression and fixup typing
+ doc: Reword user data debug section
+ cli: schema also validate vendordata*.
+ ci: sort and add checks for cla signers file
+ Add 'ederst' as contributor
+ readme: add reference to packages dir
+ docs: update downstream package list
+ docs: add google search verification
+ docs: fix 404 render use default notfound_urls_prefix in RTD conf
+ Fix OpenStack datasource detection on bare metal
+ docs: add themed RTD 404 page and pointer to readthedocs-hosted
+ schema: fix gpt labels, use type string for GUID
+ cc_disk_setup: code cleanup
+ netplan: keep custom strict perms when 50-cloud-init.yaml exists
+ cloud-id: better handling of change in datasource files
+ Warn on empty network key
+ Fix Vultr cloud_interfaces usage
+ cc_puppet: Update puppet service name
+ docs: Clarify networking docs
+ lint: remove httpretty
+ cc_set_passwords: Prevent traceback when restarting ssh
+ tests: fix lp1912844
+ tests: Skip ansible test on bionic
+ Wait for NetworkManager
+ docs: minor polishing
+ CI: migrate integration-test to GH actions
+ Fix permission of SSH host keys
+ Fix default route rendering on v2 ipv6
+ doc: fix path in net_convert command
+ docs: update net_convert docs
+ doc: fix dead link
+ cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty
+ distros/rhel.py: _read_hostname() missing strip on 'hostname'
+ integration tests: add IBM VPC support
+ machine-id: set to uninitialized to trigger regeneration on clones
+ sources/azure: retry on connection error when fetching metdata
+ Ensure ssh state accurately obtained
+ bddeb: drop dh-systemd dependency on newer deb-based releases
+ doc: fix `config formats` link in cloudsigma.rst
+ Fix wrong subp syntax in cc_set_passwords.py
+ docs: update the PR template link to readthedocs
+ ci: switch unittests to gh actions
+ Add mount_default_fields for PhotonOS.
+ sources/azure: minor refactor for metadata source detection logic
+ add 'CalvoM' as contributor
+ ci: doc to gh actions
+ lxd: handle 404 from missing devices route for LXD 4.0
+ docs: Diataxis overhaul
+ vultr: Fix issue regarding cache and region codes
+ cc_set_passwords: Move ssh status checking later
+ Improve Wireguard module idempotency
+ network/netplan: add gateways as on-link when necessary
+ tests: test_lxd assert features.networks.zones when present
+ Use btrfs enquque when available (#1926) [Robert Schweikert]
+ sources/azure: fix device driver matching for net config (#1914)
+ BSD: fix duplicate macs in Ifconfig parser
+ pycloudlib: add lunar support for integration tests
+ nocloud: add support for dmi variable expansion for seedfrom URL
+ tools: read-version drop extra call to git describe --long
+ doc: improve cc_write_files doc
+ read-version: When insufficient tags, use cloudinit.version.get_version
+ mounts: document weird prefix in schema
+ Ensure network ready before cloud-init service runs on RHEL
+ docs: add copy button to code blocks
+ netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag
+ azure: fix support for systems without az command installed
+ Fix the distro.osfamily output problem in the openEuler system.
+ pycloudlib: bump commit dropping azure api smoke test
+ net: netplan config root read-only as wifi config can contain creds
+ autoinstall: clarify docs for users
+ sources/azure: encode health report as utf-8
+ Add back gateway4/6 deprecation to docs
+ networkd: Add support for multiple [Route] sections
+ doc: add qemu tutorial
+ lint: fix tip-flake8 and tip-mypy
+ Add support for setting uid when creating users on FreeBSD
+ Fix exception in BSD networking code-path
+ Append derivatives to is_rhel list in cloud.cfg.tmpl
+ FreeBSD init: use cloudinit_enable as only rcvar
+ feat: add support aliyun metadata security harden mode
+ docs: uprate analyze to performance page
+ test: fix lxd preseed managed network config
+ Add support for static IPv6 addresses for FreeBSD
+ Make 3.12 failures not fail the build
+ Docs: adding relative links
+ Fix setup.py to align with PEP 440 versioning replacing trailing
+ Add 'nkukard' as contributor
+ doc: add how to render new module doc
+ doc: improve module creation explanation
+ Add Support for IPv6 metadata to OpenStack
+ add xiaoge1001 to .github-cla-signers
+ network: Deprecate gateway{4,6} keys in network config v2
+ VMware: Move Guest Customization transport from OVF to VMware
+ doc: home page links added
+ net: skip duplicate mac check for netvsc nic and its VF
This update for python-responses fixes the following issues:
- update to 0.21.0:
* Add `threading.Lock()` to allow `responses` working with `threading` module.
* Add `urllib3` `Retry` mechanism. See #135
* Removed internal `_cookies_from_headers` function
* Now `add`, `upsert`, `replace` methods return registered response.
`remove` method returns list of removed responses.
* Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument
* Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)`
to your function to validate that all requests were executed in the wrapped function. See #183
ImportantSUSE bug 1171511SUSE bug 1203393SUSE bug 1210277SUSE bug 1210652CVE-2022-2084 at SUSECVE-2022-2084 at NVDCVE-2023-1786 at SUSECVE-2023-1786 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Moderate)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
ModerateSUSE bug 1207534CVE-2022-4304 at SUSECVE-2022-4304 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Moderate)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
- Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158).
ModerateSUSE bug 1203750SUSE bug 1211158CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 AZURE kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050).
- CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- ACPI / x86: Add support for LPS0 callback handler (git-fixes).
- ACPI: CPPC: Disable FIE if registers in PCC regions (bsc#1210953).
- ACPI: Do not build ACPICA with '-Os' (git-fixes).
- ACPI: EC: Fix EC address space handler unregistration (bsc#1207149).
- ACPI: EC: Fix ECDT probe ordering issues (bsc#1207149).
- ACPI: EC: Fix oops when removing custom query handlers (git-fixes).
- ACPI: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- ACPI: PM: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes).
- ACPI: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- ACPI: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- ACPI: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes).
- ACPI: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- ACPI: battery: Fix missing NUL-termination with large strings (git-fixes).
- ACPI: bus: Ensure that notify handlers are not running after removal (git-fixes).
- ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- ACPI: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes).
- ACPI: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git-fixes).
- ACPI: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- ACPI: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- ACPI: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes).
- ACPI: tables: Add support for NBFT (bsc#1195921).
- ACPI: tables: Add support for NBFT (bsc#1206340).
- ACPI: video: Add acpi_video_backlight_use_native() helper (bsc#1206843).
- ACPI: video: Allow GPU drivers to report no panels (bsc#1206843).
- ACPI: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- ACPI: video: Fix missing native backlight on Chromebooks (bsc#1206843).
- ACPI: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693).
- ACPI: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- ACPI: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- ACPI: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- ACPI: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- ACPI: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- ACPI: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- ACPI: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- ACPI: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- ACPI: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- ACPI: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- ACPICA: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
- ACPICA: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- ACPICA: Drop port I/O validation for some regions (git-fixes).
- ACPICA: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- ACPICA: nsrepair: handle cases without a return value correctly (git-fixes).
- ALSA: asihpi: check pao in control_message() (git-fixes).
- ALSA: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- ALSA: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- ALSA: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- ALSA: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- ALSA: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- ALSA: firewire-digi00x: prevent potential use after free (git-fixes).
- ALSA: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- ALSA: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- ALSA: hda/ca0132: minor fix for allocation size (git-fixes).
- ALSA: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- ALSA: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- ALSA: hda/conexant: add a new hda codec SN6180 (git-fixes).
- ALSA: hda/hdmi: Preserve the previous PCM device upon re-enablement (git-fixes).
- ALSA: hda/hdmi: disable KAE for Intel DG2 (git-fixes).
- ALSA: hda/realtek - fixed wrong gpio assigned (git-fixes).
- ALSA: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- ALSA: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- ALSA: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- ALSA: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- ALSA: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- ALSA: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- ALSA: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- ALSA: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- ALSA: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- ALSA: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- ALSA: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- ALSA: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- ALSA: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- ALSA: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- ALSA: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
- ALSA: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- ALSA: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- ALSA: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- ALSA: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
- ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- ALSA: hda: Do not unset preset when cleaning up codec (git-fixes).
- ALSA: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- ALSA: hda: Fix unhandled register update during auto-suspend period (git-fixes).
- ALSA: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- ALSA: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- ALSA: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- ALSA: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- ALSA: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- ALSA: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- ALSA: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- ALSA: memalloc: Workaround for Xen PV (git-fixes).
- ALSA: oss: avoid missing-prototype warnings (git-fixes).
- ALSA: pci: lx6464es: fix a debug loop (git-fixes).
- ALSA: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- ALSA: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- ALSA: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- ALSA: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- ALSA: ymfpci: Fix BUG_ON in probe function (git-fixes).
- ARM64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- ARM: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- ARM: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- ARM: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- ARM: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- ARM: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- ARM: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes).
- ARM: dts: am5748: keep usb4_tm disabled (git-fixes)
- ARM: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- ARM: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- ARM: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- ARM: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- ARM: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- ARM: dts: gta04: fix excess dma channel usage (git-fixes).
- ARM: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- ARM: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- ARM: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- ARM: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- ARM: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- ARM: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- ARM: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- ARM: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- ARM: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- ARM: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- ARM: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- ARM: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- ARM: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- ARM: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- ARM: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- ARM: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- ARM: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- ARM: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- ARM: omap: remove debug-leds driver (git-fixes)
- ARM: remove some dead code (git-fixes)
- ARM: renumber bits related to _TIF_WORK_MASK (git-fixes)
- ARM: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- ARM: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- ARM: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- ASN.1: Fix check for strdup() success (git-fixes).
- ASOC: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- ASoC: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- ASoC: Intel: Skylake: Fix driver hang during shutdown (git-fixes).
- ASoC: Intel: avs: Access path components under lock (git-fixes).
- ASoC: Intel: avs: Fix declaration of enum avs_channel_config (git-fixes).
- ASoC: Intel: avs: Implement PCI shutdown (git-fixes).
- ASoC: Intel: avs: Use min_t instead of min with cast (git-fixes).
- ASoC: Intel: boards: fix spelling in comments (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- ASoC: Intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: soc-acpi-byt: Fix 'WM510205' match no longer working (git-fixes).
- ASoC: Intel: soc-acpi: fix copy-paste issue in topology names (git-fixes).
- ASoC: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- ASoC: Intel: sof_es8336: Drop reference count of ACPI device after use (git-fixes).
- ASoC: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- ASoC: SOF: Intel: MTL: Fix the device description (git-fixes).
- ASoC: SOF: ipc4-topology: set dmic dai index from copier (git-fixes).
- ASoC: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git-fixes).
- ASoC: adau7118: do not disable regulators on device unbind (git-fixes).
- ASoC: amd: acp-es8336: Drop reference count of ACPI device after use (git-fixes).
- ASoC: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- ASoC: codecs: lpass: fix incorrect mclk rate (git-fixes).
- ASoC: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- ASoC: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- ASoC: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- ASoC: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- ASoC: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- ASoC: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- ASoC: cs35l41: Only disable internal boost (git-fixes).
- ASoC: cs42l56: fix DT probe (git-fixes).
- ASoC: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- ASoC: dwc: limit the number of overrun messages (git-fixes).
- ASoC: es8316: Handle optional IRQ assignment (git-fixes).
- ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
- ASoC: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- ASoC: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
- ASoC: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- ASoC: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- ASoC: fsl_sai: Update to modern clocking terminology (git-fixes).
- ASoC: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
- ASoC: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes).
- ASoC: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- ASoC: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- ASoC: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- ASoC: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- ASoC: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- ASoC: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- ASoC: rsnd: fixup #endif position (git-fixes).
- ASoC: rt1308-sdw: add the default value of some registers (git-fixes).
- ASoC: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- ASoC: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- ASoC: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- ASoC: soc-compress: Inherit atomicity from DAI link for Compress FE (git-fixes).
- ASoC: soc-compress: Reposition and add pcm_mutex (git-fixes).
- ASoC: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- ASoC: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- ASoC: ssm2602: Add workaround for playback distortions (git-fixes).
- ASoC: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- ASoC: topology: Properly access value coming from topology file (git-fixes).
- ASoC: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- ASoC: zl38060 add gpiolib dependency (git-fixes).
- ASoC: zl38060: Remove spurious gpiolib select (git-fixes).
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- Bluetooth: Fix crash when replugging CSR fake controllers (git-fixes).
- Bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- Bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes).
- Bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- Bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes).
- Bluetooth: HCI: Fix global-out-of-bounds (git-fixes).
- Bluetooth: ISO: Avoid circular locking dependency (git-fixes).
- Bluetooth: ISO: Fix possible circular locking dependency (git-fixes).
- Bluetooth: ISO: Fix possible circular locking dependency (git-fixes).
- Bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git-fixes).
- Bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes).
- Bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- Bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- Bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- Bluetooth: Remove codec id field in vendor codec definition (git-fixes).
- Bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes).
- Bluetooth: Set ISO Data Path on broadcast sink (git-fixes).
- Bluetooth: btintel: Add LE States quirk support (git-fixes).
- Bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- Bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- Bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes).
- Bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- Bluetooth: hci_conn: Fix memory leaks (git-fixes).
- Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git-fixes).
- Bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git-fixes).
- Bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes).
- Bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git-fixes).
- Bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes).
- Bluetooth: hci_event: Fix Invalid wait context (git-fixes).
- Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- Bluetooth: hci_qca: fix debugfs registration (git-fixes).
- Bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- Bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- Bluetooth: hci_sync: Fix not indicating power state (git-fixes).
- Bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes).
- Bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes).
- Documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes).
- Documentation/filesystems: sharedsubtree: add section headings (git-fixes).
- Documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- Documentation: simplify and clarify DCO contribution example language (git-fixes).
- Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- EDAC/i10nm: Add Intel Emerald Rapids server support (PED-4400).
- HID: Add Mapping for System Microphone Mute (git-fixes).
- HID: asus: use spinlock to protect concurrent accesses (git-fixes).
- HID: asus: use spinlock to safely schedule workers (git-fixes).
- HID: bigben: use spinlock to protect concurrent accesses (git-fixes).
- HID: bigben: use spinlock to safely schedule workers (git-fixes).
- HID: bigben_worker() remove unneeded check on report_field (git-fixes).
- HID: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- HID: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- HID: elecom: add support for TrackBall 056E:011C (git-fixes).
- HID: google: add jewel USB id (git-fixes).
- HID: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- HID: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- HID: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- HID: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- HID: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- HID: multitouch: Add quirks for flipped axes (git-fixes).
- HID: playstation: sanity check DualSense calibration data (git-fixes).
- HID: retain initial quirks set up when creating HID devices (git-fixes).
- HID: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- HID: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- HID: wacom: Set a default resolution for older tablets (git-fixes).
- HID: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- HID: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- HID: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- HV: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes).
- IB/IPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- IB/hfi1: Assign npages earlier (git-fixes)
- IB/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- IB/hfi1: Fix expected receive setup error exit issues (git-fixes)
- IB/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- IB/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- IB/hfi1: Reject a zero-length user expected buffer (git-fixes)
- IB/hfi1: Remove user expected buffer invalidate race (git-fixes)
- IB/hfi1: Reserve user expected TIDs (git-fixes)
- IB/hfi1: Restore allocated resources on failed copyout (git-fixes)
- IB/hfi1: Update RMT size calculation (git-fixes)
- IB/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- IB/mad: Do not call to function that might sleep while in atomic context (git-fixes).
- IB/mlx5: Add support for 400G_8X lane speed (git-fixes)
- IB/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- Input: ads7846 - always set last command to PWRDOWN (git-fixes).
- Input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- Input: ads7846 - do not report pressure for ads7845 (git-fixes).
- Input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- Input: fix open count when closing inhibited device (git-fixes).
- Input: focaltech - use explicitly signed char type (git-fixes).
- Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- Input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- Input: iqs269a - configure device with a single block write (git-fixes).
- Input: iqs269a - drop unused device node references (git-fixes).
- Input: iqs269a - increase interrupt handler return delay (git-fixes).
- Input: iqs626a - drop unused device node references (git-fixes).
- Input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- Input: xpad - add constants for GIP interface numbers (git-fixes).
- KABI FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- KABI FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes).
- KABI FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- KABI FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi).
- KABI FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- KABI fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- KEYS: Add missing function documentation (git-fixes).
- KEYS: Create static version of public_key_verify_signature (git-fixes).
- KEYS: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- KEYS: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- KMP: Remove obsolete KMP obsoletes (bsc#1210469).
- KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- KVM: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- KVM: Do not create VM debugfs files outside of the VM directory (git-fixes)
- KVM: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- KVM: Prevent module exit until all VMs are freed (git-fixes)
- KVM: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- KVM: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- KVM: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
- KVM: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- KVM: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- KVM: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- KVM: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- KVM: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- KVM: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- KVM: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- KVM: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- KVM: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- KVM: arm64: Do not return from void function (git-fixes)
- KVM: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- KVM: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- KVM: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- KVM: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- KVM: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- KVM: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- KVM: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- KVM: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- KVM: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- KVM: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- KVM: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- KVM: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- KVM: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- KVM: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- KVM: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- KVM: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- KVM: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- KVM: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- KVM: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- KVM: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- KVM: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- KVM: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- KVM: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- KVM: s390: selftest: memop: Fix integer literal (git-fixes).
- KVM: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- KVM: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- KVM: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- KVM: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- KVM: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- KVM: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- KVM: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- KVM: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- KVM: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- KVM: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- KVM: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- KVM: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- KVM: x86: do not set st->preempted when going back to user space (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- KVM: x86: fix sending PV IPI (git-fixes).
- KVM: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- KVM: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- NFS: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- NFS: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- NFS: Cleanup unused rpc_clnt variable (git-fixes).
- NFS: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- NFS: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- NFS: Fix an Oops in nfs_d_automount() (git-fixes).
- NFS: Fix careless typo (bsc#1209457)
- NFS: Further optimisations for 'ls -l' (git-fixes).
- NFS: Pass i_size to fscache_unuse_cookie() when a file is released (git-fixes).
- NFS: fix NFS Null pointer (bsc#1210725).
- NFS: fix disabling of swap (git-fixes).
- NFS: nfsiod should not block forever in mempool_alloc() (git-fixes).
- NFS: nfsiod should not block forever in mempool_alloc() (git-fixes).
- NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- NFSD: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- NFSD: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- NFSD: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- NFSD: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- NFSD: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- NFSD: Protect against filesystem freezing (git-fixes).
- NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- NFSD: callback request does not use correct credential for AUTH_SYS (git-fixes).
- NFSD: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- NFSD: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- NFSD: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- NFSD: fix use-after-free on source server when doing inter-server copy (git-fixes).
- NFSD: pass range end to vfs_fsync_range() instead of count (git-fixes).
- NFSv3: handle out-of-order write replies (bsc#1205544).
- NFSv4 expose nfs_parse_server_name function (git-fixes).
- NFSv4 handle port presence in fs_location server string (git-fixes).
- NFSv4 only print the label when its queried (git-fixes).
- NFSv4 remove zero number of fs_locations entries error check (git-fixes).
- NFSv4 store server support for fs_location attribute (git-fixes).
- NFSv4.1 provide mount option to toggle trunking discovery (git-fixes).
- NFSv4.1 query for fs_location attr on a new file system (git-fixes).
- NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes).
- NFSv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- NFSv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- NFSv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- NFSv4: Fix a potential state reclaim deadlock (git-fixes).
- NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- NFSv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- NFSv4: Protect the state recovery thread against direct reclaim (git-fixes).
- NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- NFSv4: keep state manager thread active if swap is enabled (git-fixes).
- PCI/ASPM: Remove pcie_aspm_pm_state_change() (git-fixes).
- PCI/DPC: Await readiness of secondary bus after reset (git-fixes).
- PCI/EDR: Clear Device Status after EDR error recovery (git-fixes).
- PCI/IOV: Enlarge virtfn sysfs name buffer (git-fixes).
- PCI/PM: Always disable PTM for all devices during suspend (git-fixes).
- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- PCI/PM: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- PCI/PM: Observe reset delay irrespective of bridge_d3 (git-fixes).
- PCI/PTM: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- PCI: Add ACS quirk for Wangxun NICs (git-fixes).
- PCI: Add SolidRun vendor ID (git-fixes).
- PCI: Align extra resources for hotplug bridges properly (git-fixes).
- PCI: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- PCI: Fix dropping valid root bus resources with .end = zero (git-fixes).
- PCI: Reduce warnings on possible RW1C corruption (git-fixes).
- PCI: Take other bus devices into account when distributing resources (git-fixes).
- PCI: Unify delay handling for reset and resume (git-fixes).
- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- PCI: aardvark: Fix link training (git-fixes).
- PCI: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- PCI: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- PCI: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- PCI: hv: Add a per-bus mutex state_lock (bsc#1207185).
- PCI: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- PCI: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- PCI: hv: Use async probing to reduce boot time (bsc#1207185).
- PCI: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- PCI: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes).
- PCI: imx6: Install the fault handler only on compatible match (git-fixes).
- PCI: loongson: Add more devices that need MRRS quirk (git-fixes).
- PCI: loongson: Prevent LS7A MRRS increases (git-fixes).
- PCI: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- PCI: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- PCI: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- PCI: qcom: Fix host-init error handling (git-fixes).
- PCI: qcom: Fix pipe clock imbalance (git-fixes).
- PCI: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- PCI: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- PCI: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- PM: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- PM: hibernate: Turn snapshot_test into global variable (git-fixes).
- PM: hibernate: fix load_image_and_restore() error path (git-fixes).
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- RDMA/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- RDMA/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- RDMA/cma: Allow UD qp_type to join multicast only (git-fixes)
- RDMA/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- RDMA/core: Fix ib block iterator counter overflow (bsc#1207878).
- RDMA/core: Fix ib block iterator counter overflow (git-fixes)
- RDMA/core: Fix multiple -Warray-bounds warnings (git-fixes)
- RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- RDMA/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- RDMA/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- RDMA/efa: Fix unsupported page sizes in device (git-fixes)
- RDMA/hns: Fix base address table allocation (git-fixes)
- RDMA/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- RDMA/hns: Modify the value of long message loopback slice (git-fixes)
- RDMA/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- RDMA/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- RDMA/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- RDMA/irdma: Do not generate SW completions for NOPs (git-fixes)
- RDMA/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- RDMA/irdma: Fix Local Invalidate fencing (git-fixes)
- RDMA/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- RDMA/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- RDMA/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- RDMA/irdma: Fix memory leak of PBLE objects (git-fixes)
- RDMA/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- RDMA/irdma: Increase iWARP CM default rexmit count (git-fixes)
- RDMA/irdma: Prevent QP use after free (git-fixes)
- RDMA/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- RDMA/irdma: Remove excess error variables (jsc#SLE-18383).
- RDMA/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- RDMA/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022).
- RDMA/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- RDMA/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- RDMA/mlx5: Fix flow counter query via DEVX (git-fixes)
- RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- RDMA/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- RDMA/mlx5: Use correct device num_ports when modify DC (git-fixes)
- RDMA/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes)
- RDMA/rdmavt: Delete unnecessary NULL check (git-fixes)
- RDMA/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- RDMA/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- RDMA/rxe: Fix inaccurate constants in rxe_type_info (git-fixes)
- RDMA/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- RDMA/rxe: Fix mr->map double free (git-fixes)
- RDMA/rxe: Fix oops with zero length reads (git-fixes)
- RDMA/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- RDMA/rxe: Make responder handle RDMA Read failures (git-fixes)
- RDMA/rxe: Prevent faulty rkey generation (git-fixes)
- RDMA/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- RDMA/siw: Fix potential page_array out of range access (git-fixes)
- RDMA/siw: Fix user page pinning accounting (git-fixes)
- RDMA/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- RDMA/srp: Move large values to a new enum for gcc13 (git-fixes)
- RDMA/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- RDMA/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- RDMA: Handle the return code from dma_resv_wait_timeout() properly (git-fixes)
- SMB3.1.1: add new tree connect ShareFlags (bsc#1193629).
- SMB3: Add missing locks to protect deferred close file list (git-fixes).
- SMB3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- SMB3: Close deferred file handles in case of handle lease break (bsc#1193629).
- SMB3: drop reference to cfile before sending oplock break (bsc#1193629).
- SMB3: force unmount was failing to close deferred close files (bsc#1193629).
- SUNRPC allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- SUNRPC: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- SUNRPC: Fix a server shutdown leak (git-fixes).
- SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes).
- SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- SUNRPC: Fix socket waits for write buffer space (git-fixes).
- SUNRPC: Return true/false (not 1/0) from bool functions (git-fixes).
- SUNRPC: Update trace flags (git-fixes).
- SUNRPC: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- SUNRPC: ensure the matching upcall is in-flight upon downcall (git-fixes).
- SUNRPC: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- Squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- USB / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- USB: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- USB: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: core: Add routines for endpoint checks in old drivers (git-fixes).
- USB: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- USB: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- USB: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- USB: ene_usb6250: Allocate enough memory for full object (git-fixes).
- USB: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- USB: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- USB: serial: option: add Quectel EC200U modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- USB: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- USB: serial: option: add Quectel EM05CN modem (git-fixes).
- USB: serial: option: add Quectel RM500U-CN modem (git-fixes).
- USB: serial: option: add Telit FE990 compositions (git-fixes).
- USB: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- USB: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- USB: sisusbvga: Add endpoint checks (git-fixes).
- USB: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- USB: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- VFS: filename_create(): fix incorrect intent (bsc#1197534).
- VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- amdgpu/nv.c: Corrected typo in the video capabilities resolution (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- amdgpu: fix build on non-DCN platforms (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes).
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
- ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes).
- ata: libata: fix NCQ autosense logic (git-fixes).
- ata: pata_macio: Fix compilation warning (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes).
- ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- bcache: Revert 'bcache: use bvec_virt' (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes).
- bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- blacklist.conf: s390/boot: allocate amode31 section in decompressor
- blacklist.conf: the commit might cause regression (bsc#1210947)
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105).
- blk-lib: fix blkdev_issue_secure_erase (git-fixes).
- blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- blk-mq: run queue no matter whether the request is the last request (git-fixes).
- blk-throttle: fix that io throttle can only work for single bio (git-fixes).
- blk-throttle: prevent overflow while calculating wait time (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- block, bfq: do not move oom_bfqq (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: check minor range in device_add_disk() (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: do not allow the same type rq_qos add more than once (git-fixes).
- block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128).
- block: ensure iov_iter advances for added pages (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: fix default IO priority handling again (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: fix leaking minors of hidden disks (git-fixes).
- block: fix memory leak for elevator on add_disk failure (git-fixes).
- block: fix missing blkcg_bio_issue_init (bsc#1208107).
- block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- block: null_blk: Fix null_zone_write() (git-fixes).
- block: pop cached rq before potentially blocking rq_qos_throttle() (git-fixes).
- block: use bdev_get_queue() in bio.c (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- btrfs: backport recent fixes for send/receive into SLE15 SP4/SP5 (bsc#1206036 bsc#1206057 bsc#1206056 bsc#1207500 bsc#1207506 bsc#1207507).
- btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
- btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
- btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- bus: mhi: host: Fix race between channel preparation and M0 event (git-fixes).
- bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes).
- bus: mhi: host: Remove duplicate ee check for syserr (git-fixes).
- bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git-fixes).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880).
- ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: flush cap releases when the session is flushed (jsc#SES-1880).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- ceph: move mount state enum to super.h (jsc#SES-1880).
- ceph: remove useless session parameter for check_caps() (jsc#SES-1880).
- ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880).
- ceph: try to check caps immediately after async creating finishes (jsc#SES-1880).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- ceph: use locks_inode_context helper (jsc#SES-1880).
- cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980).
- cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980).
- cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980).
- cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980).
- cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980).
- cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not include page data when checking signature (git-fixes).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: do not take exclusive lock for updating target hints (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential deadlock in cache_refresh_path() (git-fixes).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: remove unused function (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes).
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (git-fixes).
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- devlink: hold region lock when flushing snapshots (git-fixes).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes).
- dma-buf: cleanup kerneldoc of removed component (git-fixes).
- dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259).
- dma-mapping: reformat comment to suppress htmldoc warning (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- drm/amd/amdgpu: fix warning during suspend (bsc#1206843).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Add DCN314 display SG Support (bsc#1206843).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: Add NULL plane_state check for cursor disable logic (git-fixes).
- drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843).
- drm/amd/display: Add missing brackets in calculation (bsc#1206843).
- drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843).
- drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60 (bsc#1206843).
- drm/amd/display: Clear MST topology if it fails to resume (git-fixes).
- drm/amd/display: Conversion to bool not necessary (git-fixes).
- drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843).
- drm/amd/display: Disable DRR actions during state commit (bsc#1206843).
- drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843).
- drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes).
- drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843).
- drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843).
- drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix DP MST sinks removal issue (git-fixes).
- drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843).
- drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes).
- drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843).
- drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843).
- drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: Properly reuse completion structure (bsc#1206843).
- drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843).
- drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843).
- drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843).
- drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843).
- drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes).
- drm/amd/display: Return error code on DSC atomic check failure (git-fixes).
- drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes).
- drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843).
- drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843).
- drm/amd/display: Simplify same effect if/else blocks (git-fixes).
- drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843).
- drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
- drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843).
- drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843).
- drm/amd/display: Update bounding box values for DCN321 (git-fixes).
- drm/amd/display: Update clock table to include highest clock setting (bsc#1206843).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843).
- drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843).
- drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843).
- drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843).
- drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843).
- drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843).
- drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git-fixes).
- drm/amd/display: fix FCLK pstate change underflow (bsc#1206843).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- drm/amd/display: fix duplicate assignments (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd/display: fix issues with driver unload (git-fixes).
- drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843).
- drm/amd/display: fix mapping to non-allocated address (bsc#1206843).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843).
- drm/amd/display: move remaining FPU code to dml folder (bsc#1206843).
- drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843).
- drm/amd/display: skip commit minimal transition state (bsc#1206843).
- drm/amd/display: wait for vblank during pipe programming (git-fixes).
- drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843).
- drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843).
- drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes).
- drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843).
- drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843).
- drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843).
- drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843).
- drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843).
- drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843).
- drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843).
- drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843).
- drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843).
- drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843).
- drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843).
- drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843).
- drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843).
- drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843).
- drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843).
- drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843).
- drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes).
- drm/amd/pm: remove unused num_of_active_display variable (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843).
- drm/amd: Avoid ASSERT for some message failures (bsc#1206843).
- drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843).
- drm/amd: Delay removal of the firmware framebuffer (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843).
- drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843).
- drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843).
- drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843).
- drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843).
- drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843).
- drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843).
- drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843).
- drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843).
- drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843).
- drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843).
- drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843).
- drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843).
- drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843).
- drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843).
- drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843).
- drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843).
- drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843).
- drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes).
- drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843).
- drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843).
- drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843).
- drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843).
- drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843).
- drm/amdgpu: Fix potential NULL dereference (bsc#1206843).
- drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843).
- drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843).
- drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843).
- drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843).
- drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843).
- drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843).
- drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
- drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843).
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843).
- drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843).
- drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843).
- drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes).
- drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843).
- drm/amdgpu: fix mmhub register base coding error (git-fixes).
- drm/amdgpu: fix return value check in kfd (git-fixes).
- drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843).
- drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843).
- drm/amdgpu: set GC 11.0.4 family (bsc#1206843).
- drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843).
- drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843).
- drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes).
- drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843).
- drm/amdkfd: Add sync after creating vram bo (bsc#1206843).
- drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes).
- drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/amdkfd: Fix double release compute pasid (bsc#1206843).
- drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843).
- drm/amdkfd: Fix the memory overrun (bsc#1206843).
- drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843).
- drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes).
- drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes).
- drm/amdkfd: Page aligned memory reserve size (bsc#1206843).
- drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843).
- drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes).
- drm/amdkfd: fix potential kgd_mem UAFs (git-fixes).
- drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bochs: fix blanking (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git-fixes).
- drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843).
- drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843).
- drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843).
- drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843).
- drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843).
- drm/display/dp_mst: Correct the kref of port (bsc#1206843).
- drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843).
- drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843).
- drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843).
- drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes).
- drm/display/dp_mst: Fix down/up message handling after sink disconnect (git-fixes).
- drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes).
- drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843).
- drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843).
- drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843).
- drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843).
- drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/dp: Do not rewrite link config when setting phy test pattern (git-fixes).
- drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843).
- drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915/color: Fix typo for Plane CSC indexes (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Drop one PCI ID (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843).
- drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843).
- drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes).
- drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915/gem: Flush lmem contents after construction (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes).
- drm/i915/huc: always init the delayed load fence (git-fixes).
- drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git-fixes).
- drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes).
- drm/i915/migrate: Account for the reserved_space (git-fixes).
- drm/i915/migrate: fix corner case in CCS aux copying (git-fixes).
- drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/pxp: use <> instead of '' for headers in include/ (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/i915: Allow switching away via vga-switcheroo if uninitialized (git-fixes).
- drm/i915: Avoid potential vm use-after-free (git-fixes).
- drm/i915: Disable DC states for all commits (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Fix context runtime accounting (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/i915: Fix potential context UAFs (git-fixes).
- drm/i915: Fix request ref counting during error capture & debugfs dump (git-fixes).
- drm/i915: Fix up locking around dumping requests lists (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes).
- drm/i915: Move fd_install after last use of fence (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove __maybe_unused from mtl_info (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915: Remove unused variable (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/i915: move a Kconfig symbol to unbreak the menu presentation (git-fixes).
- drm/i915: stop abusing swiotlb_max_segment (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/meson: fix missing component unbind on bind errors (git-fixes).
- drm/meson: reorder driver deinit sequence to fix use-after-free bug (git-fixes).
- drm/mgag200: Fix gamma lut not initialized (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes).
- drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Reject topologies for which no DSC blocks are available (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git-fixes).
- drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes).
- drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes).
- drm/msm/dpu: clear DSPP reservations in rm release (git-fixes).
- drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes).
- drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: fix NULL-deref on irq uninstall (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/msm: fix drm device leak on bind errors (git-fixes).
- drm/msm: fix missing wq allocation error handling (git-fixes).
- drm/msm: fix vram leak on bind errors (git-fixes).
- drm/msm: fix workqueue leak on bind errors (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843).
- drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panel: novatek-nt35950: Improve error handling (git-fixes).
- drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/radeon: Drop legacy MST support (bsc#1206843).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/radeon: reintroduce radeon_dp_work_func content (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/shmem-helper: Revert accidental non-GPL export (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: Fix a NULL pointer dereference (git-fixes).
- drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: drv: Call component_unbind_all() (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes).
- drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes).
- drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes).
- drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: bridge: adv7511: unregister cec i2c device after cec adapter (git-fixes).
- drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- eeprom: at24: also select REGMAP (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes).
- efi: efivars: Fix variable writes without query_variable_store() (git-fixes).
- efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
- efi: rt-wrapper: Add missing include (git-fixes).
- efi: ssdt: Do not free memory if ACPI table was loaded successfully (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- elevator: update the document of elevator_switch (git-fixes).
- ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376).
- ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- fbcon: Fix error paths in set_con2fb_map (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- filelock: new helper: vfs_inode_has_locks (jsc#SES-1880).
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fotg210-udc: Add missing completion handler (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- fpga: bridge: properly initialize bridge device before populating children (git-fixes).
- fpga: m10bmc-sec: Fix probe rollback (git-fixes).
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
- fprobe: Check rethook_alloc() return in rethook initialization (git-fixes).
- fprobe: Fix smatch type mismatch warning (git-fixes).
- fprobe: add recursion detection in fprobe_exit_handler (git-fixes).
- fprobe: make fprobe_kprobe_handler recursion free (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: account for filesystem mappings (bsc#1205191).
- fs: account for group membership (bsc#1205191).
- fs: add i_user_ns() helper (bsc#1205191).
- fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130).
- fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: move mapping helpers (bsc#1205191). Refresh patches.suse/nfs-set-acl-perm.patch.
- fs: remove __sync_filesystem (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- fs: tweak fsuidgid_has_mapping() (bsc#1205191).
- fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- git-sort: Add io_uring 6.3 fixes remote
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: host1x: Fix mask for syncpoint increment register (git-fixes).
- gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- i825xx: sni_82596: use eth_hw_addr_set() (git-fixes).
- i915 kABI workaround (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: do not track VLAN 0 filters (jsc#PED-835).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835).
- iavf: refactor VLAN filter states (jsc#PED-835).
- iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835).
- iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835).
- ice: Add check for kzalloc (jsc#PED-376).
- ice: Call Trace after rmmod ice (bsc#1208628).
- ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- ice: move devlink port creation/deletion (jsc#PED-376).
- ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376).
- ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376).
- ieee80211: add TWT element definitions (bsc#1209980).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
- ima: Fix memory leak in __ima_inode_hash() (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- intel_idle: add Emerald Rapids Xeon support (PED-3849).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes).
- io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes).
- io_uring: ensure that cached task references are always put on exit (git-fixes).
- io_uring: fix CQ waiting timeout handling (git-fixes).
- io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205).
- io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes).
- io_uring: recycle kbuf recycle on tw requeue (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219).
- iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948).
- iommu/vt-d: Fix buggy QAT device mask (bsc#1208219).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Add send_retries increment (git-fixes).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: use the correct print format (git-fixes).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- jfs: Fix fortify moan in symlink (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI compatibility workaround for efivars (git-fixes).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for drm_dp_mst helper updates (bsc#1206843).
- kABI workaround for hid quirks (git-fixes).
- kABI workaround for ieee80211 and co (bsc#1209980).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI workaround for struct acpi_ec (bsc#1207149).
- kABI workaround for xhci (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kABI: Fixed broken 3rd party dirvers issue (bsc#1208050 bsc#1211414).
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259).
- kABI: fix kabi breakage (bsc#1210206).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kabi/severities: add mlx5 internal symbols
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kabi/severities: ignore KABI for NVMe target (bsc#1174777)
- kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980)
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kconfig: Update config changed flag before calling callback (git-fixes).
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-docs: Add missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731).
- kernel: Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- kernel: Do not sign the vanilla kernel (bsc#1209008).
- kernel: Fix page corruption caused by racy check in __free_pages (bsc#1208149).
- kernel: fix panic loop (bsc#1208290).
- kernel: secureboot: fix kernel lock issue (bsc#1198101, bsc#1208976).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes).
- kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes)
- kvm/vfio: Fix potential deadlock problem in vfio (git-fixes)
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998, bsc#1206552).
- locking/rwbase: Mitigate indefinite writer starvation. Move out of sorted as the patch has moved within the tip tree.
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
- loop: fix ioctl calls using compat_loop_info (git-fixes).
- mac80211: introduce individual TWT support in AP mode (bsc#1209980).
- mac80211: introduce set_radar_offchan callback (bsc#1209980).
- mac80211: twt: do not use potentially unaligned pointer (bsc#1209980).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md/raid5: Improve performance for sequential IO (bsc#1208081).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mei: bus: fix unlink on bus in error path (git-fixes).
- mei: me: add meteor lake point M DID (git-fixes).
- mei: pxp: Use correct macros to initialize uuid_le (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mkinitrd: fix dependency with dracut (bsc#1202353).
- mlxsw: minimal: Fix deadlock in ports creation (git-fixes).
- mlxsw: spectrum: Allow driver to load with old firmware versions (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mmc: block: Remove error check of hw_reset on reset (git-fixes).
- mmc: block: ensure error propagation for non-blk (git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- mt76: Make use of the helper macro kthread_run() (bsc#1209980).
- mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980).
- mt76: add 6GHz support (bsc#1209980).
- mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980).
- mt76: add support for setting mcast rate (bsc#1209980).
- mt76: allow drivers to drop rx packets early (bsc#1209980).
- mt76: clear sta powersave flag after notifying driver (bsc#1209980).
- mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980).
- mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980).
- mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980).
- mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980).
- mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980).
- mt76: connac: enable 6GHz band for hw scan (bsc#1209980).
- mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980).
- mt76: connac: extend mcu_get_nic_capability (bsc#1209980).
- mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980).
- mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980).
- mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980).
- mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980).
- mt76: connac: introduce MCU_EXT macros (bsc#1209980).
- mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980).
- mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980).
- mt76: connac: make read-only array ba_range static const (bsc#1209980).
- mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980).
- mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980).
- mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980).
- mt76: connac: rely on MCU_CMD macro (bsc#1209980).
- mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980).
- mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980).
- mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980).
- mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980).
- mt76: connac: set 6G phymode in single-sku support (bsc#1209980).
- mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980).
- mt76: debugfs: improve queue node readability (bsc#1209980).
- mt76: disable BH around napi_schedule() calls (bsc#1209980).
- mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980).
- mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980).
- mt76: do not reset MIB counters in get_stats callback (bsc#1209980).
- mt76: eeprom: tolerate corrected bit-flips (bsc#1209980).
- mt76: fill boottime_ns in Rx path (bsc#1209980).
- mt76: fix antenna config missing in 6G cap (bsc#1209980).
- mt76: fix boolreturn.cocci warnings (bsc#1209980).
- mt76: fix dfs state issue with 160 MHz channels (bsc#1209980).
- mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980).
- mt76: fix invalid rssi report (bsc#1209980).
- mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980).
- mt76: fix monitor rx FCS error in DFS channel (bsc#1209980).
- mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980).
- mt76: fix possible pktid leak (bsc#1209980).
- mt76: fix the wiphy's available antennas to the correct value (bsc#1209980).
- mt76: fix timestamp check in tx_status (bsc#1209980).
- mt76: fix tx status related use-after-free race on station removal (bsc#1209980).
- mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
- mt76: fix wrong HE data rate in sniffer tool (bsc#1209980).
- mt76: improve signal strength reporting (bsc#1209980).
- mt76: introduce packet_id idr (bsc#1209980).
- mt76: make mt76_sar_capa static (bsc#1209980).
- mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980).
- mt76: move mt76_sta_stats in mt76.h (bsc#1209980).
- mt76: move sar utilities to mt76-core module (bsc#1209980).
- mt76: move sar_capa configuration in common code (bsc#1209980).
- mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980).
- mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980).
- mt76: mt7603: introduce SAR support (bsc#1209980).
- mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980).
- mt76: mt7615: apply cached RF data for DBDC (bsc#1209980).
- mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980).
- mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980).
- mt76: mt7615: fix compiler warning on frame size (bsc#1209980).
- mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980).
- mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980).
- mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980).
- mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980).
- mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980).
- mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980).
- mt76: mt7615: introduce SAR support (bsc#1209980).
- mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980).
- mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980).
- mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980).
- mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7663: disable 4addr capability (bsc#1209980).
- mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980).
- mt76: mt7663s: rely on mcu reg access utility (bsc#1209980).
- mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980).
- mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980).
- mt76: mt76x02: improve tx hang detection (bsc#1209980).
- mt76: mt76x02: introduce SAR support (bsc#1209980).
- mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980).
- mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980).
- mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980).
- mt76: mt7915: Fix channel state update error issue (bsc#1209980).
- mt76: mt7915: add 6 GHz support (bsc#1209980).
- mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980).
- mt76: mt7915: add LED support (bsc#1209980).
- mt76: mt7915: add WA firmware log support (bsc#1209980).
- mt76: mt7915: add control knobs for thermal throttling (bsc#1209980).
- mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980).
- mt76: mt7915: add default calibrated data support (bsc#1209980).
- mt76: mt7915: add device id for mt7916 (bsc#1209980).
- mt76: mt7915: add ethtool stats support (bsc#1209980).
- mt76: mt7915: add firmware support for mt7916 (bsc#1209980).
- mt76: mt7915: add mib counters to ethtool stats (bsc#1209980).
- mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980).
- mt76: mt7915: add more MIB registers (bsc#1209980).
- mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980).
- mt76: mt7915: add mt7916 calibrated data support (bsc#1209980).
- mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980).
- mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980).
- mt76: mt7915: add support for MT7986 (bsc#1209980).
- mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980).
- mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980).
- mt76: mt7915: add tx mu/su counters to mib (bsc#1209980).
- mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980).
- mt76: mt7915: add txfree event v3 (bsc#1209980).
- mt76: mt7915: add txpower init for 6GHz (bsc#1209980).
- mt76: mt7915: allow beaconing on all chains (bsc#1209980).
- mt76: mt7915: change max rx len limit of hw modules (bsc#1209980).
- mt76: mt7915: check band idx for bcc event (bsc#1209980).
- mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980).
- mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980).
- mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980).
- mt76: mt7915: enable configured beacon tx rate (bsc#1209980).
- mt76: mt7915: enable radar background detection (bsc#1209980).
- mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980).
- mt76: mt7915: enable twt responder capability (bsc#1209980).
- mt76: mt7915: enlarge wcid size to 544 (bsc#1209980).
- mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980).
- mt76: mt7915: fix DFS no radar detection event (bsc#1209980).
- mt76: mt7915: fix SMPS operation fail (bsc#1209980).
- mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980).
- mt76: mt7915: fix beamforming mib stats (bsc#1209980).
- mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980).
- mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980).
- mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980).
- mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980).
- mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980).
- mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980).
- mt76: mt7915: fix missing HE phy cap (bsc#1209980).
- mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes).
- mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980).
- mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980).
- mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980).
- mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980).
- mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980).
- mt76: mt7915: fix the muru tlv issue (bsc#1209980).
- mt76: mt7915: fix the nss setting in bitrates (bsc#1209980).
- mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980).
- mt76: mt7915: fix txbf starec TLV issues (bsc#1209980).
- mt76: mt7915: fix typos in comments (bsc#1209980).
- mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980).
- mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980).
- mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980).
- mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980).
- mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980).
- mt76: mt7915: improve starec readability of txbf (bsc#1209980).
- mt76: mt7915: improve wmm index allocation (bsc#1209980).
- mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980).
- mt76: mt7915: introduce SAR support (bsc#1209980).
- mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980).
- mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980).
- mt76: mt7915: introduce bss coloring support (bsc#1209980).
- mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980).
- mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980).
- mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980).
- mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980).
- mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980).
- mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980).
- mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980).
- mt76: mt7915: move pci specific code back to pci.c (bsc#1209980).
- mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980).
- mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7915: refine register definition (bsc#1209980).
- mt76: mt7915: rely on mt76_connac definitions (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980).
- mt76: mt7915: remove dead code in debugfs code (bsc#1209980).
- mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980).
- mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980).
- mt76: mt7915: rename debugfs tx-queues (bsc#1209980).
- mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980).
- mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980).
- mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980).
- mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980).
- mt76: mt7915: rework debugfs queue info (bsc#1209980).
- mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980).
- mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980).
- mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980).
- mt76: mt7915: rework starec TLV tags (bsc#1209980).
- mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980).
- mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980).
- mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980).
- mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980).
- mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980).
- mt76: mt7915: set muru platform type (bsc#1209980).
- mt76: mt7915: simplify conditional (bsc#1209980).
- mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980).
- mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980).
- mt76: mt7915: update mac timing settings (bsc#1209980).
- mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980).
- mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980).
- mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980).
- mt76: mt7915: use min_t() to make code cleaner (bsc#1209980).
- mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980).
- mt76: mt7915e: Enable thermal management by default (bsc#1209980).
- mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980).
- mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes).
- mt76: mt7921: add 6GHz support (bsc#1209980).
- mt76: mt7921: add MT7921_COMMON module (bsc#1209980).
- mt76: mt7921: add MU EDCA cmd support (bsc#1209980).
- mt76: mt7921: add delay config for sched scan (bsc#1209980).
- mt76: mt7921: add mt7921u driver (bsc#1209980).
- mt76: mt7921: add per-vif counters in ethtool (bsc#1209980).
- mt76: mt7921: add some more MIB counters (bsc#1209980).
- mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980).
- mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980).
- mt76: mt7921: add support for tx status reporting (bsc#1209980).
- mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980).
- mt76: mt7921: disable 4addr capability (bsc#1209980).
- mt76: mt7921: disable runtime pm for usb (bsc#1209980).
- mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980).
- mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980).
- mt76: mt7921: do not update pm states in case of error (git-fixes).
- mt76: mt7921: fix MT7921E reset failure (bsc#1209980).
- mt76: mt7921: fix Wformat build warning (bsc#1209980).
- mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980).
- mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980).
- mt76: mt7921: fix build regression (bsc#1209980).
- mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980).
- mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980).
- mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980).
- mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980).
- mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes).
- mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git-fixes).
- mt76: mt7921: fix mt7921s Kconfig (bsc#1209980).
- mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980).
- mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980).
- mt76: mt7921: fix up the monitor mode (bsc#1209980).
- mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980).
- mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980).
- mt76: mt7921: get rid of monitor_vif (bsc#1209980).
- mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980).
- mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980).
- mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980).
- mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980).
- mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980).
- mt76: mt7921: introduce mt7921s support (bsc#1209980).
- mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980).
- mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980).
- mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980).
- mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980).
- mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980).
- mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980).
- mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980).
- mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980).
- mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980).
- mt76: mt7921: refactor init.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980).
- mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980).
- mt76: mt7921: remove dead definitions (bsc#1209980).
- mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980).
- mt76: mt7921: remove mcu rate reporting code (bsc#1209980).
- mt76: mt7921: remove mt7921_sta_stats (bsc#1209980).
- mt76: mt7921: report tx rate directly from tx status (bsc#1209980).
- mt76: mt7921: robustify hardware initialization flow (bsc#1209980).
- mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980).
- mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980).
- mt76: mt7921: start reworking tx rate reporting (bsc#1209980).
- mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980).
- mt76: mt7921: update mib counters dumping phy stats (bsc#1209980).
- mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980).
- mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980).
- mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980).
- mt76: mt7921: use physical addr to unify register access (bsc#1209980).
- mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835).
- mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980).
- mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7921s: add reset support (bsc#1209980).
- mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980).
- mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980).
- mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980).
- mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980).
- mt76: mt7921s: fix firmware download random fail (bsc#1209980).
- mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980).
- mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980).
- mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980).
- mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980).
- mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980).
- mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980).
- mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980).
- mt76: mt7921s: run sleep mode by default (bsc#1209980).
- mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980).
- mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980).
- mt76: only set rx radiotap flag from within decoder functions (bsc#1209980).
- mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980).
- mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980).
- mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980).
- mt76: remove variable set but not used (bsc#1209980).
- mt76: reverse the first fragmented frame to 802.11 (bsc#1209980).
- mt76: schedule status timeout at dma completion (bsc#1209980).
- mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980).
- mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980).
- mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980).
- mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980).
- mt76: sdio: introduce parse_irq callback (bsc#1209980).
- mt76: sdio: lock sdio when it is needed (bsc#1209980).
- mt76: sdio: move common code in mt76_sdio module (bsc#1209980).
- mt76: set wlan_idx_hi on mt7916 (bsc#1209980).
- mt76: split single ldpc cap bit into bits (bsc#1209980).
- mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980).
- mt76: support reading EEPROM data embedded in fdt (bsc#1209980).
- mt76: switch from 'pci_' to 'dma_' API (bsc#1209980).
- mt76: testmode: add support to set MAC (bsc#1209980).
- mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980).
- mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980).
- mt76: usb: introduce __mt76u_init utility routine (bsc#1209980).
- mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980).
- mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980).
- mt76: use le32/16_get_bits() whenever possible (bsc#1209980).
- mt76x02: improve mac error check/reset reliability (bsc#1209980).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix hungtask when nbd_config_put (git-fixes).
- nbd: add missing definition of pr_fmt (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: add missing include in include/net/gro.h (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: bridge: command/utility delivers no return output(bsc#1208368).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: devlink: Fix missing mutex_unlock() call (git-fixes).
- net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes).
- net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- net: phy: mxl-gpy: add MDINT workaround (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git-fixes).
- nfp: flower: fix ingress police using matchall filter (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs4trace: fix state manager flag printing (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- nfsd: fix race to check ls_layouts (git-fixes).
- nfsd: shut down the NFSv4 state objects before the filecache (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nilfs2: fix underflow in second superblock position calculations (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the name of Zone Append for verbose logging (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: fix non-auto defrag path not working issue (bsc#1199304).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- octeon: constify netdev->dev_addr (git-fixes).
- of/address: Return an error when no valid dma-ranges are found (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644).
- platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644).
- platform/x86/amd/pmc: Add new platform support (bsc#1210644).
- platform/x86/amd/pmc: Add new platform support (bsc#1210644).
- platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644).
- platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644).
- platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644).
- platform/x86/amd: pmc: Add defines for STB events (bsc#1210644).
- platform/x86/amd: pmc: Add line break for readability (bsc#1210644).
- platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644).
- platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644).
- platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644).
- platform/x86/amd: pmc: Always write to the STB (bsc#1210644).
- platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644).
- platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes).
- platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git-fixes).
- platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644).
- platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644).
- platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes).
- platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes).
- platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes).
- platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644).
- platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644).
- platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes).
- platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644).
- platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes).
- platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644).
- platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644).
- platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: ISST: Remove 8 socket limit (bsc#1211836).
- platform/x86: Move AMD platform drivers to separate directory (bsc#1210644).
- platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644).
- platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644).
- platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644).
- platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644).
- platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644).
- platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644).
- platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644).
- platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644).
- platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644).
- platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644).
- platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644).
- platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644).
- platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644).
- platform/x86: amd-pmc: Output error codes in messages (bsc#1210644).
- platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644).
- platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644).
- platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644).
- platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644).
- platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644).
- platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644).
- platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644).
- platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644).
- platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644).
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powercap: intel_rapl: add support for Emerald Rapids (PED-4398).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/mm: Fix false detection of read faults (bsc#1208864).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- powerpc: declare unmodified attribute_group usages const (bsc#1207935).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- ref_tracker: use __GFP_NOFAIL more carefully (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185).
- rethook: Reject getting a rethook if RCU is not watching (git-fixes).
- rethook: fix a potential memleak in rethook_alloc() (git-fixes).
- rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix crash on older machines based on QCI info missing (git-fixes bsc#1210947).
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- s390x: Fixed hard lockups while running stress-ng and LPAR hangs (bsc#1195655 ltc#195733).
- sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- sched/core: Avoid obvious double update_rq_clock warning (git-fixes)
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- sched/fair: Fix imbalance overflow (bsc#1155798).
- sched/fair: Limit sched slice duration (bsc#1189999).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798).
- scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
- scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes).
- scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes).
- scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes).
- scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes).
- scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_ioctl: Validate command size (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: sd: Revert 'Rework asynchronous resume support' (bsc#1209092).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315).
- scsi: smartpqi: Add new controller PCI IDs (bsc#1207315).
- scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315).
- scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315).
- scsi: smartpqi: Convert to host_tagset (bsc#1207315).
- scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315).
- scsi: smartpqi: Correct max LUN number (bsc#1207315).
- scsi: smartpqi: Initialize feature section info (bsc#1207315).
- scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- scsi_disk kABI: add back members (bsc#1209092).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- signal: Implement force_fatal_sig (git-fixes).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git-fixes).
- staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- struct dwc3: mask new member (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- swim3: add missing major.h include (git-fixes).
- swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259).
- swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259).
- swiotlb: avoid potential left shift overflow (PED-3259).
- swiotlb: clean up some coding style and minor issues (PED-3259).
- swiotlb: consolidate rounding up default_nslabs (PED-3259).
- swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259).
- swiotlb: ensure a segment does not cross the area boundary (PED-3259).
- swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259).
- swiotlb: fix a typo (PED-3259).
- swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259).
- swiotlb: fix setting ->force_bounce (PED-3259).
- swiotlb: fix use after free on error handling path (PED-3259).
- swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259).
- swiotlb: make the swiotlb_init interface more useful (PED-3259).
- swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259).
- swiotlb: panic if nslabs is too small (PED-3259).
- swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259).
- swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259).
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- swiotlb: remove a useless return in swiotlb_init (PED-3259).
- swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259).
- swiotlb: remove unused fields in io_tlb_mem (PED-3259).
- swiotlb: rename swiotlb_late_init_with_default_size (PED-3259).
- swiotlb: simplify debugfs setup (jsc#PED-3259).
- swiotlb: simplify swiotlb_max_segment (PED-3259).
- swiotlb: split up the global swiotlb lock (PED-3259).
- swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259).
- swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259).
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- thermal/core: Remove duplicate information when an error occurs (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing/fprobe: Fix to check whether fprobe is registered correctly (git-fixes).
- tracing/hist: Fix issue of losting command info in error_log (git-fixes).
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
- tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing/probes: Handle system names with hyphens (git-fixes).
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
- tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing: Avoid adding tracer option before update_tracer_options (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Do not use out-of-sync va_list in event printing (git-fixes).
- tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
- tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
- tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
- tracing: Fix issue of missing one synthetic field (git-fixes).
- tracing: Fix mismatched comment in __string_len (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
- tracing: Fix race where histograms can be called before the event (git-fixes).
- tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
- tracing: Fix warning on variable 'struct trace_array' (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
- tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Have type enum modifications copy the strings (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- tun: annotate access to queue->trans_start (jsc#PED-370).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- update internal module version number for cifs.ko (bsc#1193629).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
- usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix a typo in field name (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: gadget: udc: do not clear gadget driver.bus (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git-fixes).
- usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes).
- usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- usb: typec: ucsi: Do not attempt to resume the ports before they exist (git-fixes).
- usb: typec: ucsi: Do not warn on probe deferral (git-fixes).
- usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- usb: ucsi: Fix ucsi->connector race (git-fixes).
- usb: ucsi_acpi: Increase the command completion timeout (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- usb: xhci: tegra: fix sleep in atomic call (git-fixes).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- usrmerge: Remove usrmerge compatibility symlink in buildroot (boo#1211796).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog-diag288_wdt-fix-__diag288-inline-assembly.patch
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration.
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: ixp4xx: Implement restart (bsc#1208619).
- watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619).
- watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath11k: fix SAC bug on peer addition with sta band migration (git-fixes).
- wifi: ath11k: fix deinitialization of firmware resources (git-fixes).
- wifi: ath11k: fix writing to unintended memory region (git-fixes).
- wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980).
- wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980).
- wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980).
- wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980).
- wifi: mt76: mt7915: expose device tree match table (git-fixes).
- wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980).
- wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes).
- wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980).
- wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980).
- wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes).
- wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980).
- wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes).
- wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: fix random fw download fail (git-fixes).
- wifi: mt76: mt7921e: fix random fw download fail (git-fixes).
- wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes).
- wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980).
- wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/ACPI/boot: Use FADT version to check support for online capable (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes).
- x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/cpufeatures: Add macros for Intel's new fast rep string features (bsc#1211140).
- x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
- x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619).
- x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259).
- x86: do not use REP_GOOD or ERMS for small memory clearing (bsc#1211140).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86: remove cruft from <asm/dma-mapping.h> (PED-3259).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get root inode correctly at bulkstat (bsc#1207501).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: hoist refcount record merge predicates (bsc#1208183).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes).
- zram: do not lookup algorithm in backends table (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1142685SUSE bug 1152472SUSE bug 1152489SUSE bug 1155798SUSE bug 1160435SUSE bug 1166486SUSE bug 1172073SUSE bug 1174777SUSE bug 1177529SUSE bug 1186449SUSE bug 1189998SUSE bug 1189999SUSE bug 1191731SUSE bug 1193629SUSE bug 1194869SUSE bug 1195175SUSE bug 1195655SUSE bug 1195921SUSE bug 1196058SUSE bug 1197534SUSE bug 1197617SUSE bug 1198101SUSE bug 1198438SUSE bug 1198835SUSE bug 1199304SUSE bug 1200054SUSE bug 1202353SUSE bug 1202633SUSE bug 1203039SUSE bug 1203200SUSE bug 1203325SUSE bug 1203331SUSE bug 1203332SUSE bug 1203693SUSE bug 1203906SUSE bug 1204356SUSE bug 1204662SUSE bug 1204993SUSE bug 1205191SUSE bug 1205205SUSE bug 1205544SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1205846SUSE bug 1206024SUSE bug 1206036SUSE bug 1206056SUSE bug 1206057SUSE bug 1206103SUSE bug 1206224SUSE bug 1206232SUSE bug 1206340SUSE bug 1206459SUSE bug 1206492SUSE bug 1206493SUSE bug 1206552SUSE bug 1206578SUSE bug 1206640SUSE bug 1206649SUSE bug 1206677SUSE bug 1206824SUSE bug 1206843SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206894SUSE bug 1206935SUSE bug 1206992SUSE bug 1207034SUSE bug 1207050SUSE bug 1207088SUSE bug 1207149SUSE bug 1207158SUSE bug 1207168SUSE bug 1207185SUSE bug 1207270SUSE bug 1207315SUSE bug 1207328SUSE bug 1207497SUSE bug 1207500SUSE bug 1207501SUSE bug 1207506SUSE bug 1207507SUSE bug 1207521SUSE bug 1207553SUSE bug 1207560SUSE bug 1207574SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207602SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207611SUSE bug 1207612SUSE bug 1207613SUSE bug 1207614SUSE bug 1207615SUSE bug 1207616SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207622SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207627SUSE bug 1207628SUSE bug 1207629SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207633SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207637SUSE bug 1207638SUSE bug 1207639SUSE bug 1207640SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207649SUSE bug 1207650SUSE bug 1207651SUSE bug 1207652SUSE bug 1207653SUSE bug 1207734SUSE bug 1207768SUSE bug 1207769SUSE bug 1207770SUSE bug 1207771SUSE bug 1207773SUSE bug 1207795SUSE bug 1207827SUSE bug 1207842SUSE bug 1207845SUSE bug 1207875SUSE bug 1207878SUSE bug 1207935SUSE bug 1207948SUSE bug 1208050SUSE bug 1208076SUSE bug 1208081SUSE bug 1208105SUSE bug 1208107SUSE bug 1208128SUSE bug 1208130SUSE bug 1208149SUSE bug 1208153SUSE bug 1208183SUSE bug 1208212SUSE bug 1208219SUSE bug 1208290SUSE bug 1208368SUSE bug 1208420SUSE bug 1208428SUSE bug 1208429SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208542SUSE bug 1208570SUSE bug 1208588SUSE bug 1208598SUSE bug 1208599SUSE bug 1208600SUSE bug 1208602SUSE bug 1208604SUSE bug 1208605SUSE bug 1208607SUSE bug 1208619SUSE bug 1208628SUSE bug 1208700SUSE bug 1208758SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208815SUSE bug 1208816SUSE bug 1208829SUSE bug 1208837SUSE bug 1208843SUSE bug 1208845SUSE bug 1208848SUSE bug 1208864SUSE bug 1208902SUSE bug 1208948SUSE bug 1208976SUSE bug 1209008SUSE bug 1209052SUSE bug 1209092SUSE bug 1209159SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209287SUSE bug 1209288SUSE bug 1209290SUSE bug 1209292SUSE bug 1209367SUSE bug 1209457SUSE bug 1209504SUSE bug 1209532SUSE bug 1209556SUSE bug 1209600SUSE bug 1209635SUSE bug 1209636SUSE bug 1209637SUSE bug 1209684SUSE bug 1209687SUSE bug 1209693SUSE bug 1209739SUSE bug 1209779SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1209856SUSE bug 1209871SUSE bug 1209927SUSE bug 1209980SUSE bug 1209982SUSE bug 1209999SUSE bug 1210034SUSE bug 1210050SUSE bug 1210158SUSE bug 1210165SUSE bug 1210202SUSE bug 1210203SUSE bug 1210206SUSE bug 1210216SUSE bug 1210230SUSE bug 1210294SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210409SUSE bug 1210439SUSE bug 1210449SUSE bug 1210450SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210533SUSE bug 1210551SUSE bug 1210629SUSE bug 1210644SUSE bug 1210647SUSE bug 1210725SUSE bug 1210741SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210793SUSE bug 1210806SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210940SUSE bug 1210943SUSE bug 1210947SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211140SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211299SUSE bug 1211387SUSE bug 1211414SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211593SUSE bug 1211595SUSE bug 1211654SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211820SUSE bug 1211836SUSE bug 1211847SUSE bug 1211855SUSE bug 1211960SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158CVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0469 at SUSECVE-2023-0469 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1380 at SUSECVE-2023-1380 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1583 at SUSECVE-2023-1583 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-21106 at SUSECVE-2023-21106 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Add security patches (bsc#1211846):
- CVE-2023-28204: Fixed processing of web content that may disclose sensitive information (bsc#1211659).
- CVE-2023-32373: Fixed processing of maliciously crafted web content that may lead to arbitrary code execution (bsc#1211658).
ImportantSUSE bug 1211658SUSE bug 1211659SUSE bug 1211846CVE-2023-28204 at SUSECVE-2023-28204 at NVDCVE-2023-32373 at SUSECVE-2023-32373 at NVDcpe:/o:opensuse:leap:15.5Security update for amazon-ssm-agent (Important)openSUSE Leap 15.5
This update of amazon-ssm-agent fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for libvirt (Moderate)openSUSE Leap 15.5
This update for libvirt fixes the following issues:
- CVE-2023-2700: virpci: Resolve leak in virPCIVirtualFunctionList (bsc#1211390)
- apparmor: Add support for local profile customizations (bsc#1211472)
- qemu: Fix cdrom media change (bsc#1210666)
- qemu: Fix potential crash during driver cleanup (bsc#1209861)
ModerateSUSE bug 1209861SUSE bug 1210666SUSE bug 1211390SUSE bug 1211472CVE-2023-2700 at SUSECVE-2023-2700 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.24 (Important)openSUSE Leap 15.5
This update of kubernetes1.24 fixes the following issues:
- Update to version 1.24.15.
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for cosign (Important)openSUSE Leap 15.5
This update of cosign fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for nodejs18 (Important)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
Update to version 18.16.1:
- CVE-2023-30581: Fixed mainModule.__proto__ Bypass Experimental Policy Mechanism (bsc#1212574).
- CVE-2023-30585: Fixed privilege escalation via Malicious Registry Key manipulation during Node.js installer repair process (bsc#1212579).
- CVE-2023-30588: Fixed process interuption due to invalid Public Key information in x509 certificates (bsc#1212581).
- CVE-2023-30589: Fixed HTTP Request Smuggling via empty headers separated by CR (bsc#1212582).
- CVE-2023-30590: Fixed DiffieHellman key generation after setting a private key (bsc#1212583).
- CVE-2023-31124: Fixed cross compilation issue with AutoTools that does not set CARES_RANDOM_FILE (bsc#1211607).
- CVE-2023-31130: Fixed buffer underwrite problem in ares_inet_net_pton() (bsc#1211606).
- CVE-2023-31147: Fixed insufficient randomness in generation of DNS query IDs (bsc#1211605).
- CVE-2023-32067: Fixed denial-of-service via 0-byte UDP payload (bsc#1211604).
- CVE-2022-25881: Fixed a Regular Expression Denial of Service (bsc#1208744).
Bug fixes:
- Increased the default timeout on unit tests from 2 to 20 minutes. This seems to have lead to build failures on some platforms, like s390x in Factory. (bsc#1211407)
ImportantSUSE bug 1208744SUSE bug 1211407SUSE bug 1211604SUSE bug 1211605SUSE bug 1211606SUSE bug 1211607SUSE bug 1212574SUSE bug 1212579SUSE bug 1212581SUSE bug 1212582SUSE bug 1212583CVE-2022-25881 at SUSECVE-2022-25881 at NVDCVE-2023-30581 at SUSECVE-2023-30581 at NVDCVE-2023-30585 at SUSECVE-2023-30585 at NVDCVE-2023-30588 at SUSECVE-2023-30588 at NVDCVE-2023-30589 at SUSECVE-2023-30589 at NVDCVE-2023-30590 at SUSECVE-2023-30590 at NVDCVE-2023-31124 at SUSECVE-2023-31124 at NVDCVE-2023-31130 at SUSECVE-2023-31130 at NVDCVE-2023-31147 at SUSECVE-2023-31147 at NVDCVE-2023-32067 at SUSECVE-2023-32067 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Low)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- CVE-2023-2431: Fixed a bypass issue of seccomp profile enforcement (bsc#1212493).
LowSUSE bug 1212493CVE-2023-2431 at SUSECVE-2023-2431 at NVDcpe:/o:opensuse:leap:15.5Security update for rekor (Important)openSUSE Leap 15.5
This update of rekor fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for iniparser (Moderate)openSUSE Leap 15.5
This update for iniparser fixes the following issues:
- CVE-2023-33461: Fixed NULL pointer dereference in iniparser_getboolean() (bsc#1211889).
ModerateSUSE bug 1211889CVE-2023-33461 at SUSECVE-2023-33461 at NVDcpe:/o:opensuse:leap:15.5Security update for terraform-provider-aws (Important)openSUSE Leap 15.5
This update of terraform-provider-aws fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for terraform-provider-helm (Important)openSUSE Leap 15.5
This update of terraform-provider-helm fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for terraform-provider-null (Important)openSUSE Leap 15.5
This update of terraform-provider-null fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for dnsdist (Moderate)openSUSE Leap 15.5
This update for dnsdist fixes the following issues:
- update to 1.8.0
- Implements dnsdist in SLE15 (jsc#PED-3402)
- Security fix: fixes a possible record smugging with a crafted DNS query with trailing data (CVE-2018-14663, bsc#1114511)
- update to 1.2.0 (bsc#1054799, bsc#1054802)
This release also addresses two security issues of low severity, CVE-2016-7069 and CVE-2017-7557. The first issue can lead to a
denial of service on 32-bit if a backend sends crafted answers,
and the second to an alteration of dnsdist’s ACL if the API is
enabled, writable and an authenticated user is tricked into
visiting a crafted website.
ModerateSUSE bug 1054799SUSE bug 1054802SUSE bug 1114511CVE-2016-7069 at SUSECVE-2016-7069 at NVDCVE-2017-7557 at SUSECVE-2017-7557 at NVDCVE-2018-14663 at SUSECVE-2018-14663 at NVDcpe:/o:opensuse:leap:15.5Security update for amazon-ecs-init (Important)openSUSE Leap 15.5
This update of amazon-ecs-init fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for libcap (Moderate)openSUSE Leap 15.5
This update for libcap fixes the following issues:
- CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418).
- CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).
ModerateSUSE bug 1211418SUSE bug 1211419CVE-2023-2602 at SUSECVE-2023-2602 at NVDCVE-2023-2603 at SUSECVE-2023-2603 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.18 (Important)openSUSE Leap 15.5
This update of kubernetes1.18 fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for python311 (Moderate)openSUSE Leap 15.5
This update for python311 fixes the following issues:
- CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750).
ModerateSUSE bug 1203750CVE-2007-4559 at SUSECVE-2007-4559 at NVDcpe:/o:opensuse:leap:15.5Security update for qt6-base (Important)openSUSE Leap 15.5
This update for qt6-base fixes the following issues:
- CVE-2023-32763: Fixed an overflow in QTextLayout (bsc#1211798).
ImportantSUSE bug 1211798CVE-2023-32763 at SUSECVE-2023-32763 at NVDcpe:/o:opensuse:leap:15.5Security update for rmt-server (Important)openSUSE Leap 15.5
This update for rmt-server fixes the following issues:
Update to version 2.13:
- CVE-2023-28120: Fixed a possible XSS Security Vulnerability in bytesliced strings for html_safe (bsc#1209507).
- CVE-2023-27530: Fixed a DoS in multipart mime parsing (bsc#1209096).
- CVE-2022-31254: Fixed escalation vector bug from user _rmt to root in the packaging file (bsc#1204285).
Bug fixes:
- Handle X-Original-URI header, partial fix for (bsc#1211398)
- Force rmt-client-setup-res script to use https (bsc#1209825)
- Mark secrets.yml.key file as part of the rpm to allow seamless downgrades (bsc#1207670)
- Adding -f to the file move command when moving the mirrored directory to its final location (bsc#1203171)
- Fix %post install of pubcloud subpackage reload of nginx (bsc#1206593)
- Skip warnings regarding nokogiri libxml version mismatch (bsc#1202053)
- Add option to turn off system token support (bsc#1205089)
- Do not retry to import non-existing files in air-gapped mode (bsc#1204769)
ImportantSUSE bug 1202053SUSE bug 1203171SUSE bug 1204285SUSE bug 1204769SUSE bug 1205089SUSE bug 1206593SUSE bug 1207670SUSE bug 1209096SUSE bug 1209507SUSE bug 1209825SUSE bug 1211398CVE-2022-31254 at SUSECVE-2022-31254 at NVDCVE-2023-27530 at SUSECVE-2023-27530 at NVDCVE-2023-28120 at SUSECVE-2023-28120 at NVDcpe:/o:opensuse:leap:15.5Security update for libdwarf (Moderate)openSUSE Leap 15.5
This update for libdwarf fixes the following issues:
- CVE-2020-27545: Fixed corrupted line table being able to crash calling app (bsc#1193102).
ModerateSUSE bug 1193102CVE-2020-27545 at SUSECVE-2020-27545 at NVDcpe:/o:opensuse:leap:15.5Security update for prometheus-sap_host_exporter (Important)openSUSE Leap 15.5
This update for prometheus-sap_host_exporter fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1208270).
- fixed exporter package description (bsc#1211311).
ImportantSUSE bug 1208270SUSE bug 1211311cpe:/o:opensuse:leap:15.5Security update for prometheus-ha_cluster_exporter (Important)openSUSE Leap 15.5
This update for prometheus-ha_cluster_exporter fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1208296).
ImportantSUSE bug 1208296cpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-24588: Fixed a bug that could allow an adversary to abuse devices that support receiving non-SSP A-MSDU frames to inject arbitrary network packets (bsc#1185861).
- CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992).
- CVE-2022-3523: Fixed a use after free related to device private page handling (bsc#1204363).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2023-0386: A flaw was found where unauthorized access to the execution of the setuid file with capabilities was found in the OverlayFS subsystem, when a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allowed a local user to escalate their privileges on the system (bsc#1209615).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1078: Fixed a heap out-of-bounds write in rds_rm_zerocopy_callback (bsc#1208601).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779, bsc#1198400).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
- CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23454: Fixed a type confusion bug in the CBQ network scheduler which could lead to a use-after-free (bsc#1207036).
- CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855, bsc#1205153).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
The following non-security bugs were fixed:
- Add 42a11bf5c543 cgroup/cpuset: Make cpuset_fork() handle CLONE_INTO_CGROUP properly
- Add Intel QAT GEN 4 inflate and deflate feature (jsc#PED-3692).
- Add a bug reference to two existing drm-hyperv changes (bsc#1211281).
- Add cherry-picked IDs and resort DRM patches (bsc#1206843)
- Add eee878537941 cgroup/cpuset: Add cpuset_can_fork() and cpuset_cancel_fork() methods
- Add missing IP_VERSION checks for psr for DCN314/315 (bsc#1206843)
- Add the kABI workaround for drm_dp_remove_payload() (bsc#1206843)
- Also include kernel-docs build requirements for ALP
- Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- Avoid unsuported tar parameter on SLE12
- Backport MANA features and support for InfiniBand (jsc#PED-4022).
- Correct the bq24190 fix patch to apply at the right place (CVE-2023-33288 bsc#1211590)
- Delete for regression addressed (bsc#1207933)
- Fixed broken kABI (bsc#1208050 bsc#1211414).
- Fixed an Oops / hang at boot (bsc#1209436).
- Delete patches causing bsc#1209798, which were restored by accident.
- Do not sign the vanilla kernel (bsc#1209008).
- Drop a buggy dvb-core fix patch (bsc#1205758)
- Drop build fix patch causing a regression on aarch64 (bsc#1209798)
- Drop doubly-applied AMDGPU S3 workaround patch (bsc#1206843)
- Enable USB NCM drivers (jsc#PED-3759, jsc#PED-3750).
- Enable kernel modules bttv bt878 and snd-bt878 (jsc#PED-3931).
- Fix bug introduced by broken backport (bsc#1208628).
- Fix error path in pci-hyperv to unlock the mutex state_lock
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix page corruption caused by racy check in __free_pages (bsc#1208149).
- Fix usrmerge error (boo#1211796)
- Include Performance Fix ' swiotlb: split up the global swiotlb lock' (jsc#PED-3259).
- Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- Makefile: link with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- Recover the dropped aspm check in AMDGPU driver (bsc#1206843)
- Remove obsolete KMP obsoletes (bsc#1210469).
- Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Remove usrmerge compatibility symlink in buildroot (boo#1211796) Besides Makefile depmod.sh needs to be patched to prefix /lib/modules. Requires corresponding patch to kmod.
- Replace mkinitrd dependency with dracut (bsc#1202353). Also update mkinitrd refrences in documentation and comments.
- Require suse-kernel-rpm-scriptlets at all times. The kernel packages call scriptlets for each stage, add the dependency to make it clear to libzypp that the scriptlets are required. There is no special dependency for posttrans, these scriptlets run when transactions are resolved. The plain dependency has to be used to support posttrans.
- Revert 'Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work' (git-fixes).
- Revert 'HID: logitech-hidpp: add a module parameter to keep firmware gestures' (git-fixes).
- Revert 'Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode' (git-fixes).
- Revert 'KVM: set owner of cpu and vm file operations' (git-fixes)
- Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (bsc#1209798) This reverts commit 34f9acb95470d2d2543e314cadd40a0e1c0ee6e1. It causes problems on aarch64: ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- Revert 'PCI: hv: Fix a timing issue which causes kdump to fail occasionally' (bsc#1207185).
- Revert 'Revert 'Makefile: link with -z noexecstack --no-warn-rwx-segments' (bsc#1209798)' This reverts commit 7db37fcbd312a083337d722b2c5543e6bf3a5c70.
- Revert 'Revert 'block, bfq: honor already-setup queue merges'' (git-fixes).
- Revert 'Revert 'x86: link vdso and boot with -z noexecstack' (bsc#1209798)' This reverts commit 26c6d5069004c3a470d53c3a53228ad5d44aa2a5.
- Revert 'Update config files. (bsc#1198101)' This reverts commit 924d3f9978137dc25cb49a295c832a32144bc64e. (bsc#1198101, bsc#1208976) Joey Lee:
- Revert 'block: freeze the queue earlier in del_gendisk' (git-fixes).
- Revert 'bpf: Add support to inline bpf_get_func_ip helper on x86' (git-fixes).
- Revert 'char: pcmcia: cm4000_cs: Replace mdelay with usleep_range in set_protocol' (git-fixes).
- Revert 'crypto: rsa-pkcs1pad - Replace GFP_ATOMIC with GFP_KERNEL in pkcs1pad_encrypt_sign_complete' (git-fixes).
- Revert 'drm/amdgpu: TA unload messages are not actually sent to psp when amdgpu is uninstalled' (bsc#1206843).
- Revert 'pinctrl: amd: Disable and mask interrupts on resume' (git-fixes).
- Revert 'supported.conf: Add a guard for unsupported DVB modules' The fix has been merged to the upstream and will be backported
- Revert 'usb: dwc3: qcom: Keep power domain on to retain controller status' (git-fixes).
- Revert 'x86: link vdso and boot with -z noexecstack' (bsc#1209798) This reverts commit dc30142edffcbb9537e3cc47b176cb97109792c7. It causes problems on aarch64: ... BuildID Mismatch vmlinux= vmlinux_debuginfo=
- Set references for 'drm/vmwgfx: Validate the box size for the snooped cursor' (bsc#1203332 CVE-2022-36280)
- Set references for 'drm/vmwgfx: Validate the box size for the snooped cursor' (bsc#1203332 CVE-2022-36280)
- Update commit 52b1b46c39ae ('of: Create platform devices for OF framebuffers') (bsc#1212405) Add missing changes to drivers/of/platform.c.
- Update config and supported.conf for MT7921 updates (bsc#1209980)
- Update config and supported.conf for mt76 updates (bsc#1209980)
- Update config files. (bsc#1198101) Using CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY instead of CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE because Microsoft signed shim be used to load vanilla kernel.
- Update reference for BT fix (CVE-2023-1989 bsc#1210336)
- Update the thunderbolt fix to the latest upstream version (bsc#1210165)
- Update to the latest version of HPWDT for aarch64 environments (jsc#PED-3210).
- [infiniband] READ is 'data destination', not source... (git-fixes)
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- acpi / x86: Add support for LPS0 callback handler (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: bus: Ensure that notify handlers are not running after removal (git-fixes).
- acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445).
- acpi: cppc: Add auto select register read/write support (bsc#1212445).
- acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953).
- acpi: ec: Fix EC address space handler unregistration (bsc#1207149).
- acpi: ec: Fix ECDT probe ordering issues (bsc#1207149).
- acpi: ec: Fix oops when removing custom query handlers (git-fixes).
- acpi: nfit: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: pm: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes).
- acpi: pm: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- acpi: pm: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- acpi: pptt: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes).
- acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes).
- acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git-fixes).
- acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- acpi: tables: Add support for NBFT (bsc#1195921).
- acpi: tables: Add support for NBFT (bsc#1206340).
- acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843).
- acpi: video: Allow GPU drivers to report no panels (bsc#1206843).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843).
- acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693).
- acpi: viot: Initialize the correct IOMMU fwspec (git-fixes).
- acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
- acpica: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- act_mirred: use the backlog for nested calls to mirred ingress (CVE-2022-4269 bsc#1206024).
- af_unix: Get user_ns from in_skb in unix_diag_get_exact() (bsc#1209290 CVE-2023-28327).
- af_unix: Get user_ns from in_skb in unix_diag_get_exact() (bsc#1209290 CVE-2023-28327).
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- alsa: asihpi: check pao in control_message() (git-fixes).
- alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- alsa: firewire-digi00x: prevent potential use after free (git-fixes).
- alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git-fixes).
- alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
- alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- alsa: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
- alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- alsa: hda: Fix unhandled register update during auto-suspend period (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- alsa: memalloc: Workaround for Xen PV (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: pci: lx6464es: fix a debug loop (git-fixes).
- alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- alsa: ymfpci: Fix BUG_ON in probe function (git-fixes).
- amdgpu/nv.c: Corrected typo in the video capabilities resolution (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- amdgpu: fix build on non-DCN platforms (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- arm: OMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: OMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- arm: dts: gta04: fix excess dma channel usage (git-fixes).
- arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- asn.1: Fix check for strdup() success (git-fixes).
- asoc: Intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- asoc: Intel: Skylake: Fix driver hang during shutdown (git-fixes).
- asoc: Intel: avs: Access path components under lock (git-fixes).
- asoc: Intel: avs: Fix declaration of enum avs_channel_config (git-fixes).
- asoc: Intel: avs: Implement PCI shutdown (git-fixes).
- asoc: Intel: avs: Use min_t instead of min with cast (git-fixes).
- asoc: Intel: boards: fix spelling in comments (git-fixes).
- asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcht_es8316: move comment to the right place (git-fixes).
- asoc: Intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- asoc: Intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: soc-acpi-byt: Fix 'WM510205' match no longer working (git-fixes).
- asoc: Intel: soc-acpi: fix copy-paste issue in topology names (git-fixes).
- asoc: Intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_es8336: Drop reference count of ACPI device after use (git-fixes).
- asoc: Intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: Intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- asoc: SOF: Intel: MTL: Fix the device description (git-fixes).
- asoc: SOF: ipc4-topology: set dmic dai index from copier (git-fixes).
- asoc: SOF: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: cs35l41: Only disable internal boost (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Handle optional IRQ assignment (git-fixes).
- asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
- asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
- asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
- asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt1308-sdw: add the default value of some registers (git-fixes).
- asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: topology: Properly access value coming from topology file (git-fixes).
- asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
- ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes).
- ata: libata: fix NCQ autosense logic (git-fixes).
- ata: pata_macio: Fix compilation warning (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes).
- ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
- ath11k_hw_params unremane cal_size (bsc#1199701 CVE-2020-24588).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- bcache: Revert 'bcache: use bvec_virt' (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes).
- bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249).
- blacklist.conf: the commit might cause regression (bsc#1210947)
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105).
- blk-lib: fix blkdev_issue_secure_erase (git-fixes).
- blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- blk-mq: run queue no matter whether the request is the last request (git-fixes).
- blk-throttle: fix that io throttle can only work for single bio (git-fixes).
- blk-throttle: prevent overflow while calculating wait time (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- block, bfq: do not move oom_bfqq (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: check minor range in device_add_disk() (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: do not allow the same type rq_qos add more than once (git-fixes).
- block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128).
- block: ensure iov_iter advances for added pages (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: fix default IO priority handling again (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: fix leaking minors of hidden disks (git-fixes).
- block: fix memory leak for elevator on add_disk failure (git-fixes).
- block: fix missing blkcg_bio_issue_init (bsc#1208107).
- block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- block: null_blk: Fix null_zone_write() (git-fixes).
- block: pop cached rq before potentially blocking rq_qos_throttle() (git-fixes).
- block: use bdev_get_queue() in bio.c (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bluetooth: Fix crash when replugging CSR fake controllers (git-fixes).
- bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464).
- bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes).
- bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: HCI: Fix global-out-of-bounds (git-fixes).
- bluetooth: ISO: Avoid circular locking dependency (git-fixes).
- bluetooth: ISO: Fix possible circular locking dependency (git-fixes).
- bluetooth: ISO: Fix possible circular locking dependency (git-fixes).
- bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git-fixes).
- bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- bluetooth: Remove codec id field in vendor codec definition (git-fixes).
- bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes).
- bluetooth: Set ISO Data Path on broadcast sink (git-fixes).
- bluetooth: btintel: Add LE States quirk support (git-fixes).
- bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes).
- bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- bluetooth: hci_conn: Fix memory leaks (git-fixes).
- bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git-fixes).
- bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git-fixes).
- bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes).
- bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git-fixes).
- bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes).
- bluetooth: hci_event: Fix Invalid wait context (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bluetooth: hci_sync: Fix not indicating power state (git-fixes).
- bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes).
- bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687).
- btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
- btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
- btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- bus: mhi: host: Fix race between channel preparation and M0 event (git-fixes).
- bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes).
- bus: mhi: host: Remove duplicate ee check for syserr (git-fixes).
- bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git-fixes).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880).
- ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: flush cap releases when the session is flushed (jsc#SES-1880).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- ceph: move mount state enum to super.h (jsc#SES-1880).
- ceph: remove useless session parameter for check_caps() (jsc#SES-1880).
- ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880).
- ceph: try to check caps immediately after async creating finishes (jsc#SES-1880).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- ceph: use locks_inode_context helper (jsc#SES-1880).
- cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980).
- cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980).
- cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980).
- cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980).
- cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980).
- cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not include page data when checking signature (git-fixes).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: do not take exclusive lock for updating target hints (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential deadlock in cache_refresh_path() (git-fixes).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: remove unused function (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes).
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (git-fixes).
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- device-dax: Fix duplicate 'hmem' device registration (bsc#1211400).
- devlink: hold region lock when flushing snapshots (git-fixes).
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (bsc#1210806, CVE-2023-2269).
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (bsc#1210806, CVE-2023-2269).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes).
- dma-buf: cleanup kerneldoc of removed component (git-fixes).
- dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259).
- dma-mapping: reformat comment to suppress htmldoc warning (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- documentation/filesystems: ramfs-rootfs-initramfs: use :Author: (git-fixes).
- documentation/filesystems: sharedsubtree: add section headings (git-fixes).
- documentation/hw-vuln: Document the interaction between IBRS and STIBP (git-fixes).
- documentation: devlink: add add devlink-selftests to the table of contents (git-fixes).
- documentation: devlink: mlx5.rst: Fix htmldoc build warning (git-fixes).
- documentation: simplify and clarify DCO contribution example language (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- drm/amd/amdgpu: fix warning during suspend (bsc#1206843).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Add DCN314 display SG Support (bsc#1206843).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: Add NULL plane_state check for cursor disable logic (git-fixes).
- drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843).
- drm/amd/display: Add missing brackets in calculation (bsc#1206843).
- drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843).
- drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60 (bsc#1206843).
- drm/amd/display: Clear MST topology if it fails to resume (git-fixes).
- drm/amd/display: Conversion to bool not necessary (git-fixes).
- drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843).
- drm/amd/display: Disable DRR actions during state commit (bsc#1206843).
- drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843).
- drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes).
- drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843).
- drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843).
- drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix DP MST sinks removal issue (git-fixes).
- drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843).
- drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes).
- drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843).
- drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843).
- drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: Properly reuse completion structure (bsc#1206843).
- drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843).
- drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843).
- drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843).
- drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843).
- drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes).
- drm/amd/display: Return error code on DSC atomic check failure (git-fixes).
- drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes).
- drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843).
- drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843).
- drm/amd/display: Simplify same effect if/else blocks (git-fixes).
- drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843).
- drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
- drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843).
- drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843).
- drm/amd/display: Update bounding box values for DCN321 (git-fixes).
- drm/amd/display: Update clock table to include highest clock setting (bsc#1206843).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843).
- drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843).
- drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843).
- drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843).
- drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843).
- drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843).
- drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix FCLK pstate change underflow (bsc#1206843).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- drm/amd/display: fix duplicate assignments (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd/display: fix issues with driver unload (git-fixes).
- drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843).
- drm/amd/display: fix mapping to non-allocated address (bsc#1206843).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843).
- drm/amd/display: move remaining FPU code to dml folder (bsc#1206843).
- drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843).
- drm/amd/display: skip commit minimal transition state (bsc#1206843).
- drm/amd/display: wait for vblank during pipe programming (git-fixes).
- drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843).
- drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843).
- drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843).
- drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843).
- drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843).
- drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843).
- drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843).
- drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843).
- drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843).
- drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843).
- drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843).
- drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843).
- drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843).
- drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843).
- drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843).
- drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843).
- drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843).
- drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843).
- drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes).
- drm/amd/pm: remove unused num_of_active_display variable (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843).
- drm/amd: Avoid ASSERT for some message failures (bsc#1206843).
- drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843).
- drm/amd: Delay removal of the firmware framebuffer (git-fixes).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843).
- drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843).
- drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843).
- drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes).
- drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes).
- drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843).
- drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843).
- drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843).
- drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843).
- drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843).
- drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843).
- drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843).
- drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843).
- drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843).
- drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843).
- drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843).
- drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843).
- drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843).
- drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843).
- drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843).
- drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes).
- drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843).
- drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843).
- drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843).
- drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843).
- drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843).
- drm/amdgpu: Fix potential NULL dereference (bsc#1206843).
- drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843).
- drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843).
- drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add missing radeon secondary PCI ID (git-fixes).
- drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843).
- drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843).
- drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843).
- drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843).
- drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
- drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843).
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843).
- drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843).
- drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843).
- drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes).
- drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843).
- drm/amdgpu: fix mmhub register base coding error (git-fixes).
- drm/amdgpu: fix return value check in kfd (git-fixes).
- drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843).
- drm/amdgpu: set GC 11.0.4 family (bsc#1206843).
- drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843).
- drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843).
- drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes).
- drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843).
- drm/amdkfd: Add sync after creating vram bo (bsc#1206843).
- drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes).
- drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/amdkfd: Fix double release compute pasid (bsc#1206843).
- drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843).
- drm/amdkfd: Fix the memory overrun (bsc#1206843).
- drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843).
- drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes).
- drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes).
- drm/amdkfd: Page aligned memory reserve size (bsc#1206843).
- drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843).
- drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes).
- drm/amdkfd: fix potential kgd_mem UAFs (git-fixes).
- drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bochs: fix blanking (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git-fixes).
- drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes).
- drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843).
- drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843).
- drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843).
- drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843).
- drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843).
- drm/display/dp_mst: Correct the kref of port (bsc#1206843).
- drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843).
- drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843).
- drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843).
- drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes).
- drm/display/dp_mst: Fix down/up message handling after sink disconnect (git-fixes).
- drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes).
- drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843).
- drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843).
- drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843).
- drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843).
- drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/dp: Do not rewrite link config when setting phy test pattern (git-fixes).
- drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843).
- drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915/color: Fix typo for Plane CSC indexes (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Drop one PCI ID (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843).
- drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843).
- drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes).
- drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915/gem: Flush lmem contents after construction (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes).
- drm/i915/huc: always init the delayed load fence (git-fixes).
- drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git-fixes).
- drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes).
- drm/i915/migrate: Account for the reserved_space (git-fixes).
- drm/i915/migrate: fix corner case in CCS aux copying (git-fixes).
- drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/pxp: use <> instead of '' for headers in include/ (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/i915: Allow switching away via vga-switcheroo if uninitialized (git-fixes).
- drm/i915: Avoid potential vm use-after-free (git-fixes).
- drm/i915: Disable DC states for all commits (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Fix context runtime accounting (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/i915: Fix potential context UAFs (git-fixes).
- drm/i915: Fix request ref counting during error capture & debugfs dump (git-fixes).
- drm/i915: Fix up locking around dumping requests lists (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes).
- drm/i915: Move fd_install after last use of fence (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove __maybe_unused from mtl_info (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915: Remove unused variable (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/i915: move a Kconfig symbol to unbreak the menu presentation (git-fixes).
- drm/i915: stop abusing swiotlb_max_segment (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/meson: fix missing component unbind on bind errors (git-fixes).
- drm/meson: reorder driver deinit sequence to fix use-after-free bug (git-fixes).
- drm/mgag200: Fix gamma lut not initialized (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes).
- drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Reject topologies for which no DSC blocks are available (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git-fixes).
- drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes).
- drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes).
- drm/msm/dpu: clear DSPP reservations in rm release (git-fixes).
- drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes).
- drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: fix NULL-deref on irq uninstall (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/msm: fix drm device leak on bind errors (git-fixes).
- drm/msm: fix missing wq allocation error handling (git-fixes).
- drm/msm: fix vram leak on bind errors (git-fixes).
- drm/msm: fix workqueue leak on bind errors (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843).
- drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panel: novatek-nt35950: Improve error handling (git-fixes).
- drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/radeon: Drop legacy MST support (bsc#1206843).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/radeon: reintroduce radeon_dp_work_func content (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/shmem-helper: Revert accidental non-GPL export (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: Fix a NULL pointer dereference (git-fixes).
- drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: drv: Call component_unbind_all() (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776 CVE-2023-22998).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vmwgfx: Avoid NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331 CVE-2022-38096)
- drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes).
- drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes).
- drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes).
- drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: bridge: adv7511: unregister cec i2c device after cec adapter (git-fixes).
- drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- edac/i10nm: Add Intel Emerald Rapids server support (PED-4400).
- eeprom: at24: also select REGMAP (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes).
- efi: efivars: Fix variable writes without query_variable_store() (git-fixes).
- efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
- efi: rt-wrapper: Add missing include (git-fixes).
- efi: ssdt: Do not free memory if ACPI table was loaded successfully (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- elevator: update the document of elevator_switch (git-fixes).
- ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376).
- ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- fbcon: Fix error paths in set_con2fb_map (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472) Backporting changes: * replace refcount_read() with atomic_read()
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- filelock: new helper: vfs_inode_has_locks (jsc#SES-1880).
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fotg210-udc: Add missing completion handler (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- fpga: bridge: properly initialize bridge device before populating children (git-fixes).
- fpga: m10bmc-sec: Fix probe rollback (git-fixes).
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
- fprobe: Check rethook_alloc() return in rethook initialization (git-fixes).
- fprobe: Fix smatch type mismatch warning (git-fixes).
- fprobe: add recursion detection in fprobe_exit_handler (git-fixes).
- fprobe: make fprobe_kprobe_handler recursion free (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs/proc: task_mmu.c: do not read mapcount for migration entry (CVE-2023-1582, bsc#1209636).
- fs: account for filesystem mappings (bsc#1205191).
- fs: account for group membership (bsc#1205191).
- fs: add i_user_ns() helper (bsc#1205191).
- fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130).
- fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: move mapping helpers (bsc#1205191).
- fs: remove __sync_filesystem (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- fs: tweak fsuidgid_has_mapping() (bsc#1205191).
- fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- git-sort: Add io_uring 6.3 fixes remote
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: host1x: Fix mask for syncpoint increment register (git-fixes).
- gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: amd_sfh: Add missing check for dma_alloc_coherent (bsc#1212605 CVE-2023-3357).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: google: add jewel USB id (git-fixes).
- hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: playstation: sanity check DualSense calibration data (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- hid: wacom: Set a default resolution for older tablets (git-fixes).
- hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- hid: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- i825xx: sni_82596: use eth_hw_addr_set() (git-fixes).
- i915 kABI workaround (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: do not track VLAN 0 filters (jsc#PED-835).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835).
- iavf: refactor VLAN filter states (jsc#PED-835).
- iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- ib/hfi1: Fix expected receive setup error exit issues (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- ib/hfi1: Reject a zero-length user expected buffer (git-fixes)
- ib/hfi1: Remove user expected buffer invalidate race (git-fixes)
- ib/hfi1: Reserve user expected TIDs (git-fixes)
- ib/hfi1: Restore allocated resources on failed copyout (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- ib/ipoib: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- ib/mad: Do not call to function that might sleep while in atomic context (git-fixes).
- ib/mlx5: Add support for 400G_8X lane speed (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Add check for kzalloc (jsc#PED-376).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix DSCP PFC TLV creation (jsc#PED-376).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376).
- ice: Fix ice VF reset during iavf initialization (jsc#PED-376).
- ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (jsc#PED-376).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: add profile conflict check for AVF FDIR (jsc#PED-376).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: block LAN in case of VF to VF offload (jsc#PED-376).
- ice: check if VF exists before mode check (jsc#PED-376).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376).
- ice: fix lost multicast packets in promisc mode (jsc#PED-376).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix wrong fallback logic for FDIR (jsc#PED-376).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: move devlink port creation/deletion (jsc#PED-376).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376).
- ice: xsk: disable txq irq before flushing hw (jsc#PED-376).
- ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee80211: add TWT element definitions (bsc#1209980).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370).
- igb: Fix extts capture value format for 82580/i354/i350 (git-fixes).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
- ima: Fix memory leak in __ima_inode_hash() (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: focaltech - use explicitly signed char type (git-fixes).
- input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- input: xpad - add constants for GIP interface numbers (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- intel_idle: add Emerald Rapids Xeon support (PED-3849).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes).
- io_uring/filetable: fix file reference underflow (git-fixes bsc#1207521 CVE-2023-0469).
- io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes).
- io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() (bsc#1209637 CVE-2023-1583).
- io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-fixes).
- io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes).
- io_uring: ensure that cached task references are always put on exit (git-fixes).
- io_uring: fix CQ waiting timeout handling (git-fixes).
- io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205).
- io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes).
- io_uring: fix return value when removing provided buffers (git-fixes).
- io_uring: fix size calculation when registering buf ring (git-fixes).
- io_uring: recycle kbuf recycle on tw requeue (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219).
- iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948).
- iommu/vt-d: Fix buggy QAT device mask (bsc#1208219).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Add send_retries increment (git-fixes).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394).
- ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168 CVE-2023-0394).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: use the correct print format (git-fixes).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- jfs: Fix fortify moan in symlink (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI compatibility workaround for efivars (git-fixes).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for cpp_acpi extensions for EPP (bsc#1212445).
- kABI workaround for drm_dp_mst helper updates (bsc#1206843).
- kABI workaround for hid quirks (git-fixes).
- kABI workaround for ieee80211 and co (bsc#1209980).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI workaround for struct acpi_ec (bsc#1207149).
- kABI workaround for xhci (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kabi/severities: add mlx5 internal symbols
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users.
- kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980)
- kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers
- kabi: FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi: FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes).
- kabi: FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi: FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi).
- kabi: FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- kabi: fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kconfig: Update config changed flag before calling callback (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- keys: Add missing function documentation (git-fixes).
- keys: Create static version of public_key_verify_signature (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too.
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes)
- kvm/vfio: Fix potential deadlock problem in vfio (git-fixes)
- kvm: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- kvm: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- kvm: Do not create VM debugfs files outside of the VM directory (git-fixes)
- kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- kvm: Prevent module exit until all VMs are freed (git-fixes)
- kvm: SVM: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- kvm: SVM: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- kvm: SVM: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
- kvm: SVM: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- kvm: SVM: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- kvm: SVM: hyper-v: placate modpost section mismatch error (git-fixes).
- kvm: VMX: Execute IBPB on emulated VM-exit when guest has IBRS (bsc#1206992 CVE-2022-2196).
- kvm: VMX: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- kvm: VMX: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- kvm: VMX: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- kvm: VMX: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- kvm: X86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Do not return from void function (git-fixes)
- kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- kvm: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513).
- kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513).
- kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- kvm: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- kvm: nVMX: add missing consistency checks for CR0 and CR4 (bsc#1210294 CVE-2023-30456).
- kvm: nVMX: add missing consistency checks for CR0 and CR4 (bsc#1210294 CVE-2023-30456).
- kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- kvm: s390: selftest: memop: Fix integer literal (git-fixes).
- kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- kvm: x86: do not set st->preempted when going back to user space (git-fixes).
- kvm: x86: fix sending PV IPI (git-fixes).
- kvm: x86: fix sending PV IPI (git-fixes).
- kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation. Move out of sorted as the patch has moved within the tip tree.
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
- loop: fix ioctl calls using compat_loop_info (git-fixes).
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- lpfc: update metadata
- mac80211: introduce individual TWT support in AP mode (bsc#1209980).
- mac80211: introduce set_radar_offchan callback (bsc#1209980).
- mac80211: twt: do not use potentially unaligned pointer (bsc#1209980).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- malidp: Fix NULL vs IS_ERR() checking (bsc#1208843 CVE-2023-23004).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md/raid5: Improve performance for sequential IO (bsc#1208081).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (CVE-2023-31084 bsc#1210783).
- media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760).
- media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756).
- media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803).
- media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758).
- media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mei: bus: fix unlink on bus in error path (git-fixes).
- mei: me: add meteor lake point M DID (git-fixes).
- mei: pxp: Use correct macros to initialize uuid_le (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549).
- mlx5: fix skb leak while fifo resync and push (jsc#PED-1549).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mlxsw: minimal: Fix deadlock in ports creation (git-fixes).
- mlxsw: spectrum: Allow driver to load with old firmware versions (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm/memory.c: fix race when faulting a device private page (CVE-2022-3523, bsc#1204363). nouveau: fix migrate_to_ram() for faulting page (CVE-2022-3523, bsc#1204363). mm/memory: return vm_fault_t result from migrate_to_ram() callback (CVE-2022-3523, bsc#1204363). kabi: workaround for migrate_vma.fault_page (CVE-2022-3523, bsc#1204363).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: block: Remove error check of hw_reset on reset (git-fixes).
- mmc: block: ensure error propagation for non-blk (git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- mt76: Make use of the helper macro kthread_run() (bsc#1209980).
- mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980).
- mt76: add 6GHz support (bsc#1209980).
- mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980).
- mt76: add support for setting mcast rate (bsc#1209980).
- mt76: allow drivers to drop rx packets early (bsc#1209980).
- mt76: clear sta powersave flag after notifying driver (bsc#1209980).
- mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980).
- mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980).
- mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980).
- mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980).
- mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980).
- mt76: connac: enable 6GHz band for hw scan (bsc#1209980).
- mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980).
- mt76: connac: extend mcu_get_nic_capability (bsc#1209980).
- mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980).
- mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980).
- mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980).
- mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980).
- mt76: connac: introduce MCU_EXT macros (bsc#1209980).
- mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980).
- mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980).
- mt76: connac: make read-only array ba_range static const (bsc#1209980).
- mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980).
- mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980).
- mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980).
- mt76: connac: rely on MCU_CMD macro (bsc#1209980).
- mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980).
- mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980).
- mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980).
- mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980).
- mt76: connac: set 6G phymode in single-sku support (bsc#1209980).
- mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980).
- mt76: debugfs: improve queue node readability (bsc#1209980).
- mt76: disable BH around napi_schedule() calls (bsc#1209980).
- mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980).
- mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980).
- mt76: do not reset MIB counters in get_stats callback (bsc#1209980).
- mt76: eeprom: tolerate corrected bit-flips (bsc#1209980).
- mt76: fill boottime_ns in Rx path (bsc#1209980).
- mt76: fix antenna config missing in 6G cap (bsc#1209980).
- mt76: fix boolreturn.cocci warnings (bsc#1209980).
- mt76: fix dfs state issue with 160 MHz channels (bsc#1209980).
- mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980).
- mt76: fix invalid rssi report (bsc#1209980).
- mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980).
- mt76: fix monitor rx FCS error in DFS channel (bsc#1209980).
- mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980).
- mt76: fix possible pktid leak (bsc#1209980).
- mt76: fix the wiphy's available antennas to the correct value (bsc#1209980).
- mt76: fix timestamp check in tx_status (bsc#1209980).
- mt76: fix tx status related use-after-free race on station removal (bsc#1209980).
- mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
- mt76: fix wrong HE data rate in sniffer tool (bsc#1209980).
- mt76: improve signal strength reporting (bsc#1209980).
- mt76: introduce packet_id idr (bsc#1209980).
- mt76: make mt76_sar_capa static (bsc#1209980).
- mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980).
- mt76: move mt76_sta_stats in mt76.h (bsc#1209980).
- mt76: move sar utilities to mt76-core module (bsc#1209980).
- mt76: move sar_capa configuration in common code (bsc#1209980).
- mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980).
- mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980).
- mt76: mt7603: introduce SAR support (bsc#1209980).
- mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980).
- mt76: mt7615: apply cached RF data for DBDC (bsc#1209980).
- mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980).
- mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980).
- mt76: mt7615: fix compiler warning on frame size (bsc#1209980).
- mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980).
- mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980).
- mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980).
- mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980).
- mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980).
- mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980).
- mt76: mt7615: introduce SAR support (bsc#1209980).
- mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980).
- mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980).
- mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980).
- mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7663: disable 4addr capability (bsc#1209980).
- mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980).
- mt76: mt7663s: rely on mcu reg access utility (bsc#1209980).
- mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980).
- mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980).
- mt76: mt76x02: improve tx hang detection (bsc#1209980).
- mt76: mt76x02: introduce SAR support (bsc#1209980).
- mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980).
- mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980).
- mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980).
- mt76: mt7915: Fix channel state update error issue (bsc#1209980).
- mt76: mt7915: add 6 GHz support (bsc#1209980).
- mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980).
- mt76: mt7915: add LED support (bsc#1209980).
- mt76: mt7915: add WA firmware log support (bsc#1209980).
- mt76: mt7915: add control knobs for thermal throttling (bsc#1209980).
- mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980).
- mt76: mt7915: add default calibrated data support (bsc#1209980).
- mt76: mt7915: add device id for mt7916 (bsc#1209980).
- mt76: mt7915: add ethtool stats support (bsc#1209980).
- mt76: mt7915: add firmware support for mt7916 (bsc#1209980).
- mt76: mt7915: add mib counters to ethtool stats (bsc#1209980).
- mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980).
- mt76: mt7915: add more MIB registers (bsc#1209980).
- mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980).
- mt76: mt7915: add mt7916 calibrated data support (bsc#1209980).
- mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980).
- mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980).
- mt76: mt7915: add support for MT7986 (bsc#1209980).
- mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980).
- mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980).
- mt76: mt7915: add tx mu/su counters to mib (bsc#1209980).
- mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980).
- mt76: mt7915: add txfree event v3 (bsc#1209980).
- mt76: mt7915: add txpower init for 6GHz (bsc#1209980).
- mt76: mt7915: allow beaconing on all chains (bsc#1209980).
- mt76: mt7915: change max rx len limit of hw modules (bsc#1209980).
- mt76: mt7915: check band idx for bcc event (bsc#1209980).
- mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980).
- mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980).
- mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980).
- mt76: mt7915: enable configured beacon tx rate (bsc#1209980).
- mt76: mt7915: enable radar background detection (bsc#1209980).
- mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980).
- mt76: mt7915: enable twt responder capability (bsc#1209980).
- mt76: mt7915: enlarge wcid size to 544 (bsc#1209980).
- mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980).
- mt76: mt7915: fix DFS no radar detection event (bsc#1209980).
- mt76: mt7915: fix SMPS operation fail (bsc#1209980).
- mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980).
- mt76: mt7915: fix beamforming mib stats (bsc#1209980).
- mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980).
- mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980).
- mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980).
- mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980).
- mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980).
- mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980).
- mt76: mt7915: fix missing HE phy cap (bsc#1209980).
- mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes).
- mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980).
- mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980).
- mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980).
- mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980).
- mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980).
- mt76: mt7915: fix the muru tlv issue (bsc#1209980).
- mt76: mt7915: fix the nss setting in bitrates (bsc#1209980).
- mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980).
- mt76: mt7915: fix txbf starec TLV issues (bsc#1209980).
- mt76: mt7915: fix typos in comments (bsc#1209980).
- mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980).
- mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980).
- mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980).
- mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980).
- mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980).
- mt76: mt7915: improve starec readability of txbf (bsc#1209980).
- mt76: mt7915: improve wmm index allocation (bsc#1209980).
- mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980).
- mt76: mt7915: introduce SAR support (bsc#1209980).
- mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980).
- mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980).
- mt76: mt7915: introduce bss coloring support (bsc#1209980).
- mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980).
- mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980).
- mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980).
- mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980).
- mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980).
- mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980).
- mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980).
- mt76: mt7915: move pci specific code back to pci.c (bsc#1209980).
- mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980).
- mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7915: refine register definition (bsc#1209980).
- mt76: mt7915: rely on mt76_connac definitions (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980).
- mt76: mt7915: remove dead code in debugfs code (bsc#1209980).
- mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980).
- mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980).
- mt76: mt7915: rename debugfs tx-queues (bsc#1209980).
- mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980).
- mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980).
- mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980).
- mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980).
- mt76: mt7915: rework debugfs queue info (bsc#1209980).
- mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980).
- mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980).
- mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980).
- mt76: mt7915: rework starec TLV tags (bsc#1209980).
- mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980).
- mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980).
- mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980).
- mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980).
- mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980).
- mt76: mt7915: set muru platform type (bsc#1209980).
- mt76: mt7915: simplify conditional (bsc#1209980).
- mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980).
- mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980).
- mt76: mt7915: update mac timing settings (bsc#1209980).
- mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980).
- mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980).
- mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980).
- mt76: mt7915: use min_t() to make code cleaner (bsc#1209980).
- mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980).
- mt76: mt7915e: Enable thermal management by default (bsc#1209980).
- mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980).
- mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes).
- mt76: mt7921: add 6GHz support (bsc#1209980).
- mt76: mt7921: add MT7921_COMMON module (bsc#1209980).
- mt76: mt7921: add MU EDCA cmd support (bsc#1209980).
- mt76: mt7921: add delay config for sched scan (bsc#1209980).
- mt76: mt7921: add mt7921u driver (bsc#1209980).
- mt76: mt7921: add per-vif counters in ethtool (bsc#1209980).
- mt76: mt7921: add some more MIB counters (bsc#1209980).
- mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980).
- mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980).
- mt76: mt7921: add support for tx status reporting (bsc#1209980).
- mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980).
- mt76: mt7921: disable 4addr capability (bsc#1209980).
- mt76: mt7921: disable runtime pm for usb (bsc#1209980).
- mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980).
- mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980).
- mt76: mt7921: do not update pm states in case of error (git-fixes).
- mt76: mt7921: fix MT7921E reset failure (bsc#1209980).
- mt76: mt7921: fix Wformat build warning (bsc#1209980).
- mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980).
- mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980).
- mt76: mt7921: fix build regression (bsc#1209980).
- mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980).
- mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980).
- mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980).
- mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980).
- mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes).
- mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git-fixes).
- mt76: mt7921: fix mt7921s Kconfig (bsc#1209980).
- mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980).
- mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980).
- mt76: mt7921: fix up the monitor mode (bsc#1209980).
- mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980).
- mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980).
- mt76: mt7921: get rid of monitor_vif (bsc#1209980).
- mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980).
- mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980).
- mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980).
- mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980).
- mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980).
- mt76: mt7921: introduce mt7921s support (bsc#1209980).
- mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980).
- mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980).
- mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980).
- mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980).
- mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980).
- mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980).
- mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980).
- mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980).
- mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980).
- mt76: mt7921: refactor init.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980).
- mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980).
- mt76: mt7921: remove dead definitions (bsc#1209980).
- mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980).
- mt76: mt7921: remove mcu rate reporting code (bsc#1209980).
- mt76: mt7921: remove mt7921_sta_stats (bsc#1209980).
- mt76: mt7921: report tx rate directly from tx status (bsc#1209980).
- mt76: mt7921: robustify hardware initialization flow (bsc#1209980).
- mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980).
- mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980).
- mt76: mt7921: start reworking tx rate reporting (bsc#1209980).
- mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980).
- mt76: mt7921: update mib counters dumping phy stats (bsc#1209980).
- mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980).
- mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980).
- mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980).
- mt76: mt7921: use physical addr to unify register access (bsc#1209980).
- mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835).
- mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980).
- mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7921s: add reset support (bsc#1209980).
- mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980).
- mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980).
- mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980).
- mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980).
- mt76: mt7921s: fix firmware download random fail (bsc#1209980).
- mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980).
- mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980).
- mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980).
- mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980).
- mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980).
- mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980).
- mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980).
- mt76: mt7921s: run sleep mode by default (bsc#1209980).
- mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980).
- mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980).
- mt76: only set rx radiotap flag from within decoder functions (bsc#1209980).
- mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980).
- mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980).
- mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980).
- mt76: remove variable set but not used (bsc#1209980).
- mt76: reverse the first fragmented frame to 802.11 (bsc#1209980).
- mt76: schedule status timeout at dma completion (bsc#1209980).
- mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980).
- mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980).
- mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980).
- mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980).
- mt76: sdio: introduce parse_irq callback (bsc#1209980).
- mt76: sdio: lock sdio when it is needed (bsc#1209980).
- mt76: sdio: move common code in mt76_sdio module (bsc#1209980).
- mt76: set wlan_idx_hi on mt7916 (bsc#1209980).
- mt76: split single ldpc cap bit into bits (bsc#1209980).
- mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980).
- mt76: support reading EEPROM data embedded in fdt (bsc#1209980).
- mt76: switch from 'pci_' to 'dma_' API (bsc#1209980).
- mt76: testmode: add support to set MAC (bsc#1209980).
- mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980).
- mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980).
- mt76: usb: introduce __mt76u_init utility routine (bsc#1209980).
- mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980).
- mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980).
- mt76: use le32/16_get_bits() whenever possible (bsc#1209980).
- mt76x02: improve mac error check/reset reliability (bsc#1209980).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix hungtask when nbd_config_put (git-fixes).
- nbd: add missing definition of pr_fmt (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: Collect command failures data only for known commands (jsc#PED-1549).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549).
- net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549).
- net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549).
- net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549).
- net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Expose SF firmware pages counter (jsc#PED-1549).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix command stats access after free (jsc#PED-1549).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549).
- net/mlx5: Fix steering rules cleanup (jsc#PED-1549).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#PED-1549).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549).
- net/mlx5: Store page counters in a single array (jsc#PED-1549).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549).
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549).
- net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549).
- net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549).
- net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549).
- net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549).
- net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549).
- net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Initialize link speed to zero (jsc#PED-1549).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549).
- net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549).
- net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549).
- net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549).
- net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549).
- net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sched: act_mirred: better wording on protection against excessive stack growth (CVE-2022-4269 bsc#1206024).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
- net/tls: tls_is_tx_ready() checked list_entry (CVE-2023-1075 bsc#1208598).
- net/ulp: prevent ULP without clone op from entering the LISTEN status (CVE-2023-0461 bsc#1208787).
- net/ulp: use consistent error code when blocking ULP (CVE-2023-0461 bsc#1208787).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: add missing include in include/net/gro.h (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: devlink: Fix missing mutex_unlock() call (git-fixes).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: mpls: fix stale pointer if allocation fails during device rename (bsc#1208700 CVE-2023-26545).
- net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes).
- net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- net: phy: mxl-gpy: add MDINT workaround (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: rpl: fix rpl header size calculation (CVE-2023-2156 bsc#1211131).
- net: sched: atm: dont intepret cls results when asked to drop (bsc#1207125 CVE-2023-23455).
- net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036 CVE-2023-23454).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: sched: fix race condition in qdisc_graft() (CVE-2023-0590 bsc#1207795).
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() (bsc#1209366 CVE-2023-28466).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- net_sched: add __rcu annotation to netdev->qdisc (CVE-2023-0590 bsc#1207795).
- netfilter: nf_tables: deactivate anonymous set from preparation phase (CVE-2023-32233 bsc#1211043).
- netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777).
- netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (CVE-2023-0179 bsc#1207034).
- netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git-fixes).
- nfp: flower: fix ingress police using matchall filter (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs4trace: fix state manager flag printing (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Cleanup unused rpc_clnt variable (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Fix an Oops in nfs_d_automount() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git-fixes).
- nfs: fix disabling of swap (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Protect against filesystem freezing (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nfsd: callback request does not use correct credential for AUTH_SYS (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- nfsd: fix race to check ls_layouts (git-fixes).
- nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsd: shut down the NFSv4 state objects before the filecache (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- nfsv3: handle out-of-order write replies (bsc#1205544).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 provide mount option to toggle trunking discovery (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nfsv4: keep state manager thread active if swap is enabled (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nilfs2: fix underflow in second superblock position calculations (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the name of Zone Append for verbose logging (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: add missing goto in nvmet_setup_auth() (bsc#1207050 CVE-2023-0122).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: fix non-auto defrag path not working issue (bsc#1199304).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- octeon: constify netdev->dev_addr (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- of/address: Return an error when no valid dma-ranges are found (git-fixes).
- ovl: fail on invalid uid/gid mapping at copy up (CVE-2023-0386 bsc#1209615).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes).
- pci/dpc: Await readiness of secondary bus after reset (git-fixes).
- pci/edr: Clear Device Status after EDR error recovery (git-fixes).
- pci/iov: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: hv: Add a per-bus mutex state_lock (bsc#1207185).
- pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- pci: hv: Use async probing to reduce boot time (bsc#1207185).
- pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes).
- pci: imx6: Install the fault handler only on compatible match (git-fixes).
- pci: loongson: Add more devices that need MRRS quirk (git-fixes).
- pci: loongson: Prevent LS7A MRRS increases (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/cstate: Add Emerald Rapids (PED-4396).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function (CVE-2023-23000 bsc#1208816).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644).
- platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644).
- platform/x86/amd/pmc: Add new platform support (bsc#1210644).
- platform/x86/amd/pmc: Add new platform support (bsc#1210644).
- platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644).
- platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644).
- platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644).
- platform/x86/amd: pmc: Add defines for STB events (bsc#1210644).
- platform/x86/amd: pmc: Add line break for readability (bsc#1210644).
- platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644).
- platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644).
- platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644).
- platform/x86/amd: pmc: Always write to the STB (bsc#1210644).
- platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644).
- platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes).
- platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git-fixes).
- platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644).
- platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644).
- platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes).
- platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes).
- platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes).
- platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644).
- platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644).
- platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes).
- platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644).
- platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes).
- platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644).
- platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644).
- platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: ISST: Remove 8 socket limit (bsc#1211836).
- platform/x86: Move AMD platform drivers to separate directory (bsc#1210644).
- platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644).
- platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644).
- platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644).
- platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644).
- platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644).
- platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644).
- platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644).
- platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644).
- platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644).
- platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644).
- platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644).
- platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644).
- platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644).
- platform/x86: amd-pmc: Output error codes in messages (bsc#1210644).
- platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644).
- platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644).
- platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644).
- platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644).
- platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644).
- platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644).
- platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644).
- platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644).
- platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644).
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- pm: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- pm: hibernate: Turn snapshot_test into global variable (git-fixes).
- pm: hibernate: fix load_image_and_restore() error path (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition (CVE-2023-33288 bsc#1211590).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powercap: intel_rapl: add support for Emerald Rapids (PED-4398).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/mm: Fix false detection of read faults (bsc#1208864).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- powerpc: declare unmodified attribute_group usages const (bsc#1207935).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qede: Fix scheduling while atomic (git-fixes).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/bnxt_re: Fix a possible memory leak (git-fixes)
- rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- rdma/cma: Allow UD qp_type to join multicast only (git-fixes)
- rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
- rdma/core: Fix ib block iterator counter overflow (git-fixes)
- rdma/core: Fix multiple -Warray-bounds warnings (git-fixes)
- rdma/core: Refactor rdma_bind_addr (bsc#1210629 CVE-2023-2176)
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/efa: Fix unsupported page sizes in device (git-fixes)
- rdma/hns: Fix base address table allocation (git-fixes)
- rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- rdma/hns: Modify the value of long message loopback slice (git-fixes)
- rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/irdma: Do not generate SW completions for NOPs (git-fixes)
- rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- rdma/irdma: Fix Local Invalidate fencing (git-fixes)
- rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- rdma/irdma: Fix memory leak of PBLE objects (git-fixes)
- rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- rdma/irdma: Increase iWARP CM default rexmit count (git-fixes)
- rdma/irdma: Prevent QP use after free (git-fixes)
- rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- rdma/irdma: Remove excess error variables (jsc#SLE-18383).
- rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022).
- rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- rdma/mlx5: Fix flow counter query via DEVX (git-fixes)
- rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/mlx5: Use correct device num_ports when modify DC (git-fixes)
- rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes)
- rdma/rdmavt: Delete unnecessary NULL check (git-fixes)
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/rxe: Fix mr->map double free (git-fixes)
- rdma/rxe: Fix oops with zero length reads (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Make responder handle RDMA Read failures (git-fixes)
- rdma/rxe: Prevent faulty rkey generation (git-fixes)
- rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- rdma/siw: Fix potential page_array out of range access (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- rdma/srp: Move large values to a new enum for gcc13 (git-fixes)
- rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- rdma: Handle the return code from dma_resv_wait_timeout() properly (git-fixes)
- rds: rds_rm_zerocopy_callback() correct order for list_add_tail() (CVE-2023-1078 bsc#1208601).
- ref_tracker: use __GFP_NOFAIL more carefully (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185).
- rethook: Reject getting a rethook if RCU is not watching (git-fixes).
- rethook: fix a potential memleak in rethook_alloc() (git-fixes).
- rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE This new form was added in commit e89c2e815e76 ('riscv: Handle zicsr/zifencei issues between clang and binutils').
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/group-source-files.pl: Fix output difference when / is in location While previous attempt to fix group-source-files.pl in 6d651362c38 'rpm/group-source-files.pl: Deal with {pre,post}fixed / in location' breaks the infinite loop, it does not properly address the issue. Having prefixed and/or postfixed forward slash still result in different output. This commit changes the script to use the Perl core module File::Spec for proper path manipulation to give consistent output.
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix memory leak in ap_init_qci_info() (git-fixes).
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-fixes).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- sched/core: Avoid obvious double update_rq_clock warning (git-fixes)
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077)
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)).
- scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
- scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes).
- scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes).
- scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes).
- scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes).
- scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_ioctl: Validate command size (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: sd: Revert 'Rework asynchronous resume support' (bsc#1209092).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315).
- scsi: smartpqi: Add new controller PCI IDs (bsc#1207315).
- scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315).
- scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315).
- scsi: smartpqi: Convert to host_tagset (bsc#1207315).
- scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315).
- scsi: smartpqi: Correct max LUN number (bsc#1207315).
- scsi: smartpqi: Initialize feature section info (bsc#1207315).
- scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- scsi_disk kABI: add back members (bsc#1209092).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- signal: Implement force_fatal_sig (git-fixes).
- smb3.1.1: add new tree connect ShareFlags (bsc#1193629).
- smb3: Add missing locks to protect deferred close file list (git-fixes).
- smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- smb3: Close deferred file handles in case of handle lease break (bsc#1193629).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: drop reference to cfile before sending oplock break (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: force unmount was failing to close deferred close files (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: fix handling and sanity checking of xattr_ids count (git-fixes).
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git-fixes).
- staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- struct dwc3: mask new member (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix a server shutdown leak (git-fixes).
- sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- sunrpc: Update trace flags (git-fixes).
- sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).
- sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- supported.conf:
- supported.conf: Add a guard for unsupported DVB modules
- supported.conf: Add a guard for unsupported rose module
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- supported.conf: Remove duplicate entry.
- supported.conf: add comments for missing CVE fixes for net/rose
- supported.conf: declaring usb_f_ncm supported as requested in (jsc#PED-3750) Support for the legacy functionality g_ncm is still under discussion (see jsc-PED#3200) For maintainance see (jsc#PED-3759)
- supported.conf: mark mana_ib supported
- supported.conf: support u_ether and libcomposite (jsc-PED#3750) This is necessary for g_ncm (for maintainance see jsc-PED#3759)
- swim3: add missing major.h include (git-fixes).
- swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259).
- swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259).
- swiotlb: avoid potential left shift overflow (PED-3259).
- swiotlb: clean up some coding style and minor issues (PED-3259).
- swiotlb: consolidate rounding up default_nslabs (PED-3259).
- swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259).
- swiotlb: ensure a segment does not cross the area boundary (PED-3259).
- swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259).
- swiotlb: fix a typo (PED-3259).
- swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259).
- swiotlb: fix setting ->force_bounce (PED-3259).
- swiotlb: fix use after free on error handling path (PED-3259).
- swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259).
- swiotlb: make the swiotlb_init interface more useful (PED-3259).
- swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259).
- swiotlb: panic if nslabs is too small (PED-3259).
- swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259).
- swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259).
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- swiotlb: remove a useless return in swiotlb_init (PED-3259).
- swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259).
- swiotlb: remove unused fields in io_tlb_mem (PED-3259).
- swiotlb: rename swiotlb_late_init_with_default_size (PED-3259).
- swiotlb: simplify debugfs setup (jsc#PED-3259).
- swiotlb: simplify swiotlb_max_segment (PED-3259).
- swiotlb: split up the global swiotlb lock (PED-3259).
- swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259).
- swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259).
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- tap: tap_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599).
- task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes).
- task_work: Introduce task_work_pending (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- thermal/core: Remove duplicate information when an error occurs (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing/fprobe: Fix to check whether fprobe is registered correctly (git-fixes).
- tracing/hist: Fix issue of losting command info in error_log (git-fixes).
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
- tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/probes: Handle system names with hyphens (git-fixes).
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
- tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing: Avoid adding tracer option before update_tracer_options (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Do not use out-of-sync va_list in event printing (git-fixes).
- tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
- tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
- tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
- tracing: Fix issue of missing one synthetic field (git-fixes).
- tracing: Fix mismatched comment in __string_len (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
- tracing: Fix race where histograms can be called before the event (git-fixes).
- tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
- tracing: Fix warning on variable 'struct trace_array' (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Have type enum modifications copy the strings (git-fixes).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- tty: serial: fsl_lpuart: avoid checking for transfer complete when UARTCTRL_SBK is asserted in lpuart32_tx_empty (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- tun: annotate access to queue->trans_start (jsc#PED-370).
- tun: tun_chr_open(): correctly initialize socket uid (CVE-2023-1076 bsc#1208599).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Support splicing to file (bsc#1210770).
- update internal module version number for cifs.ko (bsc#1193629).
- usb / dwc3: Fix a checkpatch warning in core.c (git-fixes).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: UHCI: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
- usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: core: Add routines for endpoint checks in old drivers (git-fixes).
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix a typo in field name (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- usb: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: gadget: udc: do not clear gadget driver.bus (git-fixes).
- usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- usb: serial: option: add Quectel EC200U modem (git-fixes).
- usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- usb: serial: option: add Quectel EM05CN modem (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: serial: option: add Quectel RM500U-CN modem (git-fixes).
- usb: serial: option: add Telit FE990 compositions (git-fixes).
- usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: sisusbvga: Add endpoint checks (git-fixes).
- usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git-fixes).
- usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes).
- usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- usb: typec: ucsi: Do not attempt to resume the ports before they exist (git-fixes).
- usb: typec: ucsi: Do not warn on probe deferral (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- usb: ucsi: Fix ucsi->connector race (git-fixes).
- usb: ucsi_acpi: Increase the command completion timeout (git-fixes).
- usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- usb: xhci: tegra: fix sleep in atomic call (git-fixes).
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549).
- vDPA: check virtio device features to detect MQ (jsc#PED-1549).
- vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549).
- vdpa/mlx5: Directly assign memory key (jsc#PED-1549).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549).
- vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549).
- vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549).
- vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vdpa: Use BIT_ULL for bit operations (jsc#PED-1549).
- vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549).
- vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549).
- vduse: avoid empty string for dev name (jsc#PED-1549).
- vduse: check that offset is within bounds in get_config() (jsc#PED-1549).
- vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549).
- vduse: prevent uninitialized memory accesses (jsc#PED-1549).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
- vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549).
- vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549).
- vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog/hpwdt: Enable HP_WATCHDOG for ARM64 systems. (jsc#PED-3210) Also enable module in aarch64 default configuration.
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: ixp4xx: Implement restart (bsc#1208619).
- watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619).
- watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath11k: fix SAC bug on peer addition with sta band migration (git-fixes).
- wifi: ath11k: fix deinitialization of firmware resources (git-fixes).
- wifi: ath11k: fix writing to unintended memory region (git-fixes).
- wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980).
- wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980).
- wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980).
- wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980).
- wifi: mt76: mt7915: expose device tree match table (git-fixes).
- wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980).
- wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes).
- wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980).
- wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980).
- wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes).
- wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980).
- wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes).
- wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: fix random fw download fail (git-fixes).
- wifi: mt76: mt7921e: fix random fw download fail (git-fixes).
- wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes).
- wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980).
- wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/ACPI/boot: Use FADT version to check support for online capable (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes).
- x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/bugs: Flush IBP in ib_prctl_set() (bsc#1207773 CVE-2023-0045).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
- x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes). This is a preparation for the next patch
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Randomize per-cpu entry area (bsc#1207845 CVE-2023-0597).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/msr: Add AMD CPPC MSR definitions (bsc#1212445).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619).
- x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86: remove cruft from <asm/dma-mapping.h> (PED-3259).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: hoist refcount record merge predicates (bsc#1208183).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
- xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes).
- zram: do not lookup algorithm in backends table (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1142685SUSE bug 1152472SUSE bug 1152489SUSE bug 1155798SUSE bug 1160435SUSE bug 1166486SUSE bug 1172073SUSE bug 1174777SUSE bug 1177529SUSE bug 1185861SUSE bug 1186449SUSE bug 1189998SUSE bug 1189999SUSE bug 1191731SUSE bug 1193629SUSE bug 1194869SUSE bug 1195175SUSE bug 1195655SUSE bug 1195921SUSE bug 1196058SUSE bug 1197534SUSE bug 1197617SUSE bug 1198101SUSE bug 1198400SUSE bug 1198438SUSE bug 1198835SUSE bug 1199304SUSE bug 1199701SUSE bug 1200054SUSE bug 1202353SUSE bug 1202633SUSE bug 1203039SUSE bug 1203200SUSE bug 1203325SUSE bug 1203331SUSE bug 1203332SUSE bug 1203693SUSE bug 1203906SUSE bug 1204356SUSE bug 1204363SUSE bug 1204662SUSE bug 1204993SUSE bug 1205153SUSE bug 1205191SUSE bug 1205205SUSE bug 1205544SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1205846SUSE bug 1206024SUSE bug 1206036SUSE bug 1206056SUSE bug 1206057SUSE bug 1206103SUSE bug 1206224SUSE bug 1206232SUSE bug 1206340SUSE bug 1206459SUSE bug 1206492SUSE bug 1206493SUSE bug 1206578SUSE bug 1206640SUSE bug 1206649SUSE bug 1206824SUSE bug 1206843SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206894SUSE bug 1206935SUSE bug 1206992SUSE bug 1207034SUSE bug 1207036SUSE bug 1207050SUSE bug 1207051SUSE bug 1207088SUSE bug 1207125SUSE bug 1207149SUSE bug 1207158SUSE bug 1207168SUSE bug 1207185SUSE bug 1207270SUSE bug 1207315SUSE bug 1207328SUSE bug 1207497SUSE bug 1207500SUSE bug 1207501SUSE bug 1207506SUSE bug 1207507SUSE bug 1207521SUSE bug 1207553SUSE bug 1207560SUSE bug 1207574SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207602SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207611SUSE bug 1207612SUSE bug 1207613SUSE bug 1207614SUSE bug 1207615SUSE bug 1207616SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207622SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207627SUSE bug 1207628SUSE bug 1207629SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207633SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207637SUSE bug 1207638SUSE bug 1207639SUSE bug 1207640SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207649SUSE bug 1207650SUSE bug 1207651SUSE bug 1207652SUSE bug 1207653SUSE bug 1207734SUSE bug 1207768SUSE bug 1207769SUSE bug 1207770SUSE bug 1207771SUSE bug 1207773SUSE bug 1207795SUSE bug 1207827SUSE bug 1207842SUSE bug 1207845SUSE bug 1207875SUSE bug 1207878SUSE bug 1207933SUSE bug 1207935SUSE bug 1207948SUSE bug 1208050SUSE bug 1208076SUSE bug 1208081SUSE bug 1208105SUSE bug 1208107SUSE bug 1208128SUSE bug 1208130SUSE bug 1208149SUSE bug 1208153SUSE bug 1208183SUSE bug 1208212SUSE bug 1208219SUSE bug 1208290SUSE bug 1208368SUSE bug 1208410SUSE bug 1208420SUSE bug 1208428SUSE bug 1208429SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208542SUSE bug 1208570SUSE bug 1208588SUSE bug 1208598SUSE bug 1208599SUSE bug 1208600SUSE bug 1208601SUSE bug 1208602SUSE bug 1208604SUSE bug 1208605SUSE bug 1208607SUSE bug 1208619SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208758SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208815SUSE bug 1208816SUSE bug 1208829SUSE bug 1208837SUSE bug 1208843SUSE bug 1208845SUSE bug 1208848SUSE bug 1208864SUSE bug 1208902SUSE bug 1208948SUSE bug 1208976SUSE bug 1209008SUSE bug 1209039SUSE bug 1209052SUSE bug 1209092SUSE bug 1209159SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209287SUSE bug 1209288SUSE bug 1209290SUSE bug 1209291SUSE bug 1209292SUSE bug 1209366SUSE bug 1209367SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504SUSE bug 1209532SUSE bug 1209556SUSE bug 1209600SUSE bug 1209615SUSE bug 1209635SUSE bug 1209636SUSE bug 1209637SUSE bug 1209684SUSE bug 1209687SUSE bug 1209693SUSE bug 1209739SUSE bug 1209779SUSE bug 1209780SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1209856SUSE bug 1209871SUSE bug 1209927SUSE bug 1209980SUSE bug 1209982SUSE bug 1209999SUSE bug 1210034SUSE bug 1210050SUSE bug 1210158SUSE bug 1210165SUSE bug 1210202SUSE bug 1210203SUSE bug 1210206SUSE bug 1210216SUSE bug 1210230SUSE bug 1210294SUSE bug 1210301SUSE bug 1210329SUSE bug 1210336SUSE bug 1210337SUSE bug 1210409SUSE bug 1210439SUSE bug 1210449SUSE bug 1210450SUSE bug 1210453SUSE bug 1210454SUSE bug 1210469SUSE bug 1210498SUSE bug 1210506SUSE bug 1210533SUSE bug 1210551SUSE bug 1210629SUSE bug 1210644SUSE bug 1210647SUSE bug 1210725SUSE bug 1210741SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210793SUSE bug 1210806SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210940SUSE bug 1210943SUSE bug 1210947SUSE bug 1210953SUSE bug 1210986SUSE bug 1211025SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211400SUSE bug 1211410SUSE bug 1211414SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211593SUSE bug 1211595SUSE bug 1211654SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211794SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211820SUSE bug 1211836SUSE bug 1211847SUSE bug 1211852SUSE bug 1211855SUSE bug 1211960SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212350SUSE bug 1212405SUSE bug 1212445SUSE bug 1212448SUSE bug 1212494SUSE bug 1212495SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212556SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212701SUSE bug 1212741CVE-2020-24588 at SUSECVE-2020-24588 at NVDCVE-2022-2196 at SUSECVE-2022-2196 at NVDCVE-2022-3523 at SUSECVE-2022-3523 at NVDCVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0386 at SUSECVE-2023-0386 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0469 at SUSECVE-2023-0469 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1078 at SUSECVE-2023-1078 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1583 at SUSECVE-2023-1583 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-21106 at SUSECVE-2023-21106 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-23454 at SUSECVE-2023-23454 at NVDCVE-2023-23455 at SUSECVE-2023-23455 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28466 at SUSECVE-2023-28466 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3220 at SUSECVE-2023-3220 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDcpe:/o:opensuse:leap:15.5Security update for geoipupdate (Important)openSUSE Leap 15.5
This update of geoipupdate fixes the following issues:
- rebuild the package with the go 1.20 security release (bsc#1206346).
ImportantSUSE bug 1206346cpe:/o:opensuse:leap:15.5Security update for rabbitmq-c (Important)openSUSE Leap 15.5
This update for rabbitmq-c fixes the following issues:
- CVE-2023-35789: Fixed insecure credentials submission (bsc#1212499).
ImportantSUSE bug 1212499CVE-2023-35789 at SUSECVE-2023-35789 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtbase (Important)openSUSE Leap 15.5
This update for libqt5-qtbase fixes the following issues:
- CVE-2023-32763: Fixed an overflow in QTextLayout (bsc#1211798).
ImportantSUSE bug 1211798CVE-2023-32763 at SUSECVE-2023-32763 at NVDcpe:/o:opensuse:leap:15.5Security update for php7 (Moderate)openSUSE Leap 15.5
This update for php7 fixes the following issues:
- CVE-2023-3247: Fixed missing error check and insufficient random bytes in HTTP Digest authentication for SOAP (bsc#1212349).
ModerateSUSE bug 1212349CVE-2023-3247 at SUSECVE-2023-3247 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Important)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2023-36664: Fixed permission validation mishandling for pipe devices with the %pipe% prefix or the | pipe character prefix (bsc#1212711).
ImportantSUSE bug 1212711CVE-2023-36664 at SUSECVE-2023-36664 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3268: Fixed an out of bounds flaw in relay_file_read_start_pos in kernel/relay.c that allowed a local attacker to crash the system or leak kernel internal information (bsc#1212502).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501).
The following non-security bugs were fixed:
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Move setting %%build_html to config.sh
- Move setting %%split_optional to config.sh
- Move setting %%supported_modules_check to config.sh
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
ImportantSUSE bug 1160435SUSE bug 1198400SUSE bug 1208604SUSE bug 1209039SUSE bug 1209779SUSE bug 1210533SUSE bug 1211449SUSE bug 1212051SUSE bug 1212128SUSE bug 1212129SUSE bug 1212154SUSE bug 1212158SUSE bug 1212501SUSE bug 1212502SUSE bug 1212606SUSE bug 1212842CVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-3159 at SUSECVE-2023-3159 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-35824 at SUSECVE-2023-35824 at NVDcpe:/o:opensuse:leap:15.5Security update for bind (Important)openSUSE Leap 15.5
This update for bind fixes the following issues:
Update to release 9.16.42
Security Fixes:
* The overmem cleaning process has been improved, to prevent the
cache from significantly exceeding the configured
max-cache-size limit. (CVE-2023-2828)
* A query that prioritizes stale data over lookup triggers a
fetch to refresh the stale data in cache. If the fetch is
aborted for exceeding the recursion quota, it was possible for
named to enter an infinite callback loop and crash due to stack
overflow. This has been fixed. (CVE-2023-2911)
Bug Fixes:
* Previously, it was possible for a delegation from cache to be
returned to the client after the stale-answer-client-timeout
duration. This has been fixed. [bsc#1212544, bsc#1212567, jsc#SLE-24600]
Update to release 9.16.41
Bug Fixes:
* When removing delegations from an opt-out range,
empty-non-terminal NSEC3 records generated by those delegations
were not cleaned up. This has been fixed. [jsc#SLE-24600]
Update to release 9.16.40
Bug Fixes:
* Logfiles using timestamp-style suffixes were not always
correctly removed when the number of files exceeded the limit
set by versions. This has been fixed for configurations which
do not explicitly specify a directory path as part of the file
argument in the channel specification.
* Performance of DNSSEC validation in zones with many DNSKEY
records has been improved.
Update to release 9.16.39
Feature Changes:
* libuv support for receiving multiple UDP messages in a single
recvmmsg() system call has been tweaked several times between
libuv versions 1.35.0 and 1.40.0; the current recommended libuv
version is 1.40.0 or higher. New rules are now in effect for
running with a different version of libuv than the one used at
compilation time. These rules may trigger a fatal error at
startup:
- Building against or running with libuv versions 1.35.0 and
1.36.0 is now a fatal error.
- Running with libuv version higher than 1.34.2 is now a
fatal error when named is built against libuv version
1.34.2 or lower.
- Running with libuv version higher than 1.39.0 is now a
fatal error when named is built against libuv version
1.37.0, 1.38.0, 1.38.1, or 1.39.0.
* This prevents the use of libuv versions that may trigger an
assertion failure when receiving multiple UDP messages in a
single system call.
Bug Fixes:
* named could crash with an assertion failure when adding a new
zone into the configuration file for a name which was already
configured as a member zone for a catalog zone. This has been
fixed.
* When named starts up, it sends a query for the DNSSEC key for
each configured trust anchor to determine whether the key has
changed. In some unusual cases, the query might depend on a
zone for which the server is itself authoritative, and would
have failed if it were sent before the zone was fully loaded.
This has now been fixed by delaying the key queries until all
zones have finished loading. [jsc#SLE-24600]
ImportantSUSE bug 1212090SUSE bug 1212544SUSE bug 1212567CVE-2023-2828 at SUSECVE-2023-2828 at NVDCVE-2023-2911 at SUSECVE-2023-2911 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Moderate)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- CVE-2023-31047: Fixed a potential bypass of validation when uploading multiple files using one form field (bsc#1210866).
- CVE-2023-36053: Fixed potential regular expression denial of service vulnerability in EmailValidator/URLValidator (bsc#1212742).
ModerateSUSE bug 1210866SUSE bug 1212742CVE-2023-31047 at SUSECVE-2023-31047 at NVDCVE-2023-36053 at SUSECVE-2023-36053 at NVDcpe:/o:opensuse:leap:15.5Security update for bouncycastle (Important)openSUSE Leap 15.5
This update for bouncycastle fixes the following issues:
- CVE-2023-33201: Fixed an issue with the X509LDAPCertStoreSpi where a specially crafted certificate subject could be used to try and extract extra information out of an LDAP server (bsc#1212508).
ImportantSUSE bug 1212508CVE-2023-33201 at SUSECVE-2023-33201 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.19 (Moderate)openSUSE Leap 15.5
This update for go1.19 fixes the following issues:
go was updated to version 1.19.11 (bsc#1200441):
- CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229).
ModerateSUSE bug 1200441SUSE bug 1213229CVE-2023-29406 at SUSECVE-2023-29406 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Moderate)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
go was updated to version 1.20.6 (bsc#1206346):
- CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229).
ModerateSUSE bug 1206346SUSE bug 1213229CVE-2023-29406 at SUSECVE-2023-29406 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 6 (bsc#1213000):
- Fixed issue in Java Virtual Machine where outofmemory (OOM) killer terminates the jvm due to failure in control groups detection.
ImportantSUSE bug 1213000cpe:/o:opensuse:leap:15.5Security update for python-requests (Moderate)openSUSE Leap 15.5
This update for python-requests fixes the following issues:
- CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674).
ModerateSUSE bug 1211674CVE-2023-32681 at SUSECVE-2023-32681 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024).
- CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756).
- CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758).
- CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760).
- CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762).
- CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0122: Fixed a NULL pointer dereference vulnerability in nvmet_setup_auth(), that allowed an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine (bsc#1207050).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2023-0394: Fixed a null pointer dereference in the network subcomponent. This flaw could cause system crashes (bsc#1207168).
- CVE-2023-0461: Fixed use-after-free in icsk_ulp_data (bsc#1208787).
- CVE-2023-0469: Fixed a use-after-free flaw in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent (bsc#1207521).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1075: Fixed a type confusion in tls_is_tx_ready (bsc#1208598).
- CVE-2023-1076: Fixed incorrect UID assigned to tun/tap sockets (bsc#1208599).
- CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600).
- CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604).
- CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532).
- CVE-2023-1582: Fixed soft lockup in __page_mapcount (bsc#1209636).
- CVE-2023-1583: Fixed a NULL pointer dereference in io_file_bitmap_get in io_uring/filetable.c (bsc#1209637).
- CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687).
- CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779).
- CVE-2023-1652: Fixed use-after-free that could lead to DoS and information leak in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c (bsc#1209788).
- CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203).
- CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202).
- CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336).
- CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506).
- CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533).
- CVE-2023-21102: Fixed possible bypass of shadow stack protection in __efi_rt_asm_wrapper of efi-rt-wrapper.S (bsc#1212155).
- CVE-2023-21106: Fixed possible memory corruption due to double free in adreno_set_param of adreno_gpu.c (bsc#1211654).
- CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647).
- CVE-2023-2176: Fixed an out-of-boundary read in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA (bsc#1210629).
- CVE-2023-2235: Fixed a use-after-free vulnerability in the Performance Events system that could have been exploited to achieve local privilege escalation (bsc#1210986).
- CVE-2023-2269: Fixed a denial-of-service problem due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c (bsc#1210806).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23001: Fixed misinterpretation of regulator_get return value in drivers/scsi/ufs/ufs-mediatek.c (bsc#1208829).
- CVE-2023-23004: Fixed misinterpretation of get_sg_table return value (bsc#1208843).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-2430: Fixed a missing lock on overflow for IOPOLL (bsc#1211014).
- CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037).
- CVE-2023-25012: Fixed a use-after-free in bigben_set_led() (bsc#1207560).
- CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
- CVE-2023-28327: Fixed DoS in in_skb in unix_diag_get_exact() (bsc#1209290).
- CVE-2023-28410: Fixed improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers that may have allowed an authenticated user to potentially enable escalation of privilege via local access (bsc#1211263).
- CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052).
- CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780).
- CVE-2023-3006: Fixed a known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, for the new hw AmpereOne (bsc#1211855).
- CVE-2023-30456: Fixed an issue in arch/x86/kvm/vmx/nested.c with nVMX on x86_64 lacks consistency checks for CR0 and CR4 (bsc#1210294).
- CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129).
- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940).
- CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556).
- CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043).
- CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
The following non-security bugs were fixed:
- 3c589_cs: Fix an error handling path in tc589_probe() (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Avoid deadlock for recursive I/O on dm-thin when used as swap (bsc#1177529).
- Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158).
- Fix page corruption caused by racy check in __free_pages (bsc#1208149).
- Get module prefix from kmod (bsc#1212835).
- Move upstreamed x86, scsi and arm patches into sorted section
- Fixed typo that might caused (bsc#1209457).
- Fix bug introduced by broken backport (bsc#1208628).
- Update patch for launch issue (bsc#1210853).
- [infiniband] READ is 'data destination', not source... (git-fixes)
- [xen] fix 'direction' argument of iov_iter_kvec() (git-fixes).
- acpi / x86: Add support for LPS0 callback handler (git-fixes).
- acpi: Do not build ACPICA with '-Os' (git-fixes).
- acpi: EC: Fix EC address space handler unregistration (bsc#1207149).
- acpi: EC: Fix ECDT probe ordering issues (bsc#1207149).
- acpi: EC: Fix oops when removing custom query handlers (git-fixes).
- acpi: NFIT: fix a potential deadlock during NFIT teardown (git-fixes).
- acpi: PM: Do not turn of unused power resources on the Toshiba Click Mini (git-fixes).
- acpi: PM: s2idle: Add support for upcoming AMD uPEP HID AMDI008 (bsc#1206224).
- acpi: PM: s2idle: Use LPS0 idle if ACPI_FADT_LOW_POWER_S0 is unset (bsc#1206224).
- acpi: PPTT: Fix to avoid sleep in the atomic context when PPTT is absent (git-fixes).
- acpi: VIOT: Initialize the correct IOMMU fwspec (git-fixes).
- acpi: battery: Fix missing NUL-termination with large strings (git-fixes).
- acpi: bus: Ensure that notify handlers are not running after removal (git-fixes).
- acpi: cppc: Add AMD pstate energy performance preference cppc control (bsc#1212445).
- acpi: cppc: Add auto select register read/write support (bsc#1212445).
- acpi: cppc: Disable FIE if registers in PCC regions (bsc#1210953).
- acpi: processor: Fix evaluating _PDC method when running as Xen dom0 (git-fixes).
- acpi: resource: Add IRQ override quirk for LG UltraPC 17U70P (git-fixes).
- acpi: resource: Add IRQ overrides for MAINGEAR Vector Pro 2 models (git-fixes).
- acpi: resource: Add Medion S17413 to IRQ override quirk (git-fixes).
- acpi: resource: Add helper function acpi_dev_get_memory_resources() (git-fixes).
- acpi: resource: Do IRQ override on all TongFang GMxRGxx (git-fixes).
- acpi: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- acpi: tables: Add support for NBFT (bsc#1195921).
- acpi: tables: Add support for NBFT (bsc#1206340).
- acpi: video: Add acpi_video_backlight_use_native() helper (bsc#1206843).
- acpi: video: Allow GPU drivers to report no panels (bsc#1206843).
- acpi: video: Fix Lenovo Ideapad Z570 DMI match (git-fixes).
- acpi: video: Fix missing native backlight on Chromebooks (bsc#1206843).
- acpi: video: Refactor acpi_video_get_backlight_type() a bit (bsc#1203693).
- acpi: x86: s2idle: Add a quirk for ASUS ROG Zephyrus G14 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUS TUF Gaming A17 FA707RE (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for ASUSTeK COMPUTER INC. ROG Flow X13 (bsc#1206224).
- acpi: x86: s2idle: Add a quirk for Lenovo Slim 7 Pro 14ARH7 (bsc#1206224).
- acpi: x86: s2idle: Add another ID to s2idle_dmi_table (bsc#1206224).
- acpi: x86: s2idle: Add module parameter to prefer Microsoft GUID (bsc#1206224).
- acpi: x86: s2idle: Fix a NULL pointer dereference (bsc#1206224).
- acpi: x86: s2idle: Force AMD GUID/_REV 2 on HP Elitebook 865 (bsc#1206224).
- acpi: x86: s2idle: If a new AMD _HID is missing assume Rembrandt (bsc#1206224).
- acpi: x86: s2idle: Move _HID handling for AMD systems into structures (bsc#1206224).
- acpi: x86: s2idle: Stop using AMD specific codepath for Rembrandt+ (bsc#1206224).
- acpi: x86: utils: Add Cezanne to the list for forcing StorageD3Enable (git-fixes).
- acpica: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects (git-fixes).
- acpica: Allow address_space_handler Install and _REG execution as 2 separate steps (bsc#1207149).
- acpica: Avoid undefined behavior: applying zero offset to null pointer (git-fixes).
- acpica: Drop port I/O validation for some regions (git-fixes).
- acpica: include/acpi/acpixf.h: Fix indentation (bsc#1207149).
- acpica: nsrepair: handle cases without a return value correctly (git-fixes).
- add mainline tags to five pci_hyperv patches
- affs: initialize fsdata in affs_truncate() (git-fixes).
- alarmtimer: Prevent starvation by small intervals and SIG_IGN (git-fixes)
- alsa: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- alsa: asihpi: check pao in control_message() (git-fixes).
- alsa: caiaq: input: Add error handling for unsupported input methods in `snd_usb_caiaq_input_init` (git-fixes).
- alsa: cs46xx: mark snd_cs46xx_download_image as static (git-fixes).
- alsa: emu10k1: do not create old pass-through playback device on Audigy (git-fixes).
- alsa: emu10k1: fix capture interrupt handler unlinking (git-fixes).
- alsa: emux: Avoid potential array out-of-bound in snd_emux_xg_control() (git-fixes).
- alsa: fireface: make read-only const array for model names static (git-fixes).
- alsa: firewire-digi00x: prevent potential use after free (git-fixes).
- alsa: firewire-tascam: add missing unwind goto in snd_tscm_stream_start_duplex() (git-fixes).
- alsa: hda/ca0132: add quirk for EVGA X299 DARK (git-fixes).
- alsa: hda/ca0132: fixup buffer overrun at tuning_ctl_set() (git-fixes).
- alsa: hda/ca0132: minor fix for allocation size (git-fixes).
- alsa: hda/cirrus: Add extra 10 ms delay to allow PLL settle and lock (git-fixes).
- alsa: hda/conexant: Partial revert of a quirk for Lenovo (git-fixes).
- alsa: hda/conexant: add a new hda codec SN6180 (git-fixes).
- alsa: hda/hdmi: Preserve the previous PCM device upon re-enablement (git-fixes).
- alsa: hda/hdmi: disable KAE for Intel DG2 (git-fixes).
- alsa: hda/realtek - fixed wrong gpio assigned (git-fixes).
- alsa: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- alsa: hda/realtek: Add Acer Predator PH315-54 (git-fixes).
- alsa: hda/realtek: Add Lenovo P3 Tower platform (git-fixes).
- alsa: hda/realtek: Add Positivo N14KP6-TG (git-fixes).
- alsa: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP EliteDesk 805 (git-fixes).
- alsa: hda/realtek: Add a quirk for HP Slim Desktop S01 (git-fixes).
- alsa: hda/realtek: Add quirk for 2nd ASUS GU603 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402 using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS UM3402YAR using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo L140AU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo NS50AU (git-fixes).
- alsa: hda/realtek: Add quirk for Clevo X370SNW (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteBook G10 laptops (git-fixes).
- alsa: hda/realtek: Add quirk for HP EliteDesk 800 G6 Tower PC (git-fixes).
- alsa: hda/realtek: Add quirk for Lenovo ZhaoYang CF4620Z (git-fixes).
- alsa: hda/realtek: Add quirk for ThinkPad P1 Gen 6 (git-fixes).
- alsa: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- alsa: hda/realtek: Add quirks for Asus ROG 2024 laptops using CS35L41 (git-fixes).
- alsa: hda/realtek: Add quirks for Lenovo Z13/Z16 Gen2 (git-fixes).
- alsa: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- alsa: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- alsa: hda/realtek: Add quirks for some Clevo laptops (git-fixes).
- alsa: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- alsa: hda/realtek: Apply HP B&O top speaker profile to Pavilion 15 (git-fixes).
- alsa: hda/realtek: Enable 4 amplifiers instead of 2 on a HP platform (git-fixes).
- alsa: hda/realtek: Enable headset onLenovo M70/M90 (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs and speaker support for HP Laptops (git-fixes).
- alsa: hda/realtek: Enable mute/micmute LEDs on HP Elitebook, 645 G9 (git-fixes).
- alsa: hda/realtek: Fix mute and micmute LEDs for an HP laptop (git-fixes).
- alsa: hda/realtek: Fix mute and micmute LEDs for yet another HP laptop (git-fixes).
- alsa: hda/realtek: Fix support for Dell Precision 3260 (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro (git-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book2 Pro 360 (git-fixes).
- alsa: hda/realtek: Remove specific patch for Dell Precision 3260 (git-fixes).
- alsa: hda/realtek: Whitespace fix (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs, speaker do not work for a HP platform (git-fixes).
- alsa: hda/realtek: fix speaker, mute/micmute LEDs not work on a HP platform (git-fixes).
- alsa: hda/realtek: support HP Pavilion Aero 13-be0xxx Mute LED (git-fixes).
- alsa: hda/sigmatel: add pin overrides for Intel DP45SG motherboard (git-fixes).
- alsa: hda/sigmatel: fix S/PDIF out on Intel D*45* motherboards (git-fixes).
- alsa: hda/via: Avoid potential array out-of-bound in add_secret_dac_path() (git-fixes).
- alsa: hda: Add NVIDIA codec IDs a3 through a7 to patch table (git-fixes).
- alsa: hda: Do not unset preset when cleaning up codec (git-fixes).
- alsa: hda: Fix Oops by 9.1 surround channel names (git-fixes).
- alsa: hda: Fix unhandled register update during auto-suspend period (git-fixes).
- alsa: hda: Glenfly: add HD Audio PCI IDs and HDMI Codec Vendor IDs (git-fixes).
- alsa: hda: LNL: add HD Audio PCI ID (git-fixes).
- alsa: hda: Match only Intel devices with CONTROLLER_IN_GPU() (git-fixes).
- alsa: hda: cs35l41: Enable Amp High Pass Filter (git-fixes).
- alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- alsa: hda: intel-dsp-config: add MTL PCI id (git-fixes).
- alsa: hda: patch_realtek: add quirk for Asus N7601ZM (git-fixes).
- alsa: i2c/cs8427: fix iec958 mixer control deactivation (git-fixes).
- alsa: ice1712: Delete unreachable code in aureon_add_controls() (git-fixes).
- alsa: ice1712: Do not left ice->gpio_mutex locked in aureon_add_controls() (git-fixes).
- alsa: jack: Fix mutex call in snd_jack_report() (git-fixes).
- alsa: memalloc: Workaround for Xen PV (git-fixes).
- alsa: oss: avoid missing-prototype warnings (git-fixes).
- alsa: oxfw: make read-only const array models static (git-fixes).
- alsa: pci: lx6464es: fix a debug loop (git-fixes).
- alsa: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- alsa: usb-audio: Add a sample rate workaround for Line6 Pod Go (git-fixes).
- alsa: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- alsa: usb-audio: Add quirk for Pioneer DDJ-800 (git-fixes).
- alsa: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- alsa: usb-audio: Fix recursive locking at XRUN during syncing (git-fixes).
- alsa: usb-audio: Fix regression on detection of Roland VS-100 (git-fixes).
- alsa: ymfpci: Fix BUG_ON in probe function (git-fixes).
- amdgpu/nv.c: Corrected typo in the video capabilities resolution (git-fixes).
- amdgpu: disable powerpc support for the newer display engine (bsc#1194869).
- amdgpu: fix build on non-DCN platforms (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- apparmor: add a kernel label to use on kernel objects (bsc#1211113).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- applicom: Fix PCI device refcount leak in applicom_init() (git-fixes).
- arch: fix broken BuildID for arm64 and riscv (bsc#1209798).
- arm64/cpufeature: Fix field sign for DIT hwcap detection (git-fixes)
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: Treat ESR_ELx as a 64-bit register (git-fixes)
- arm64: atomics: remove LL/SC trampolines (git-fixes)
- arm64: cacheinfo: Fix incorrect assignment of signed error value to (git-fixes)
- arm64: cmpxchg_double*: hazard against entire exchange variable (git-fixes)
- arm64: dts: Add DTS files for bcmbca SoC BCM4912 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM63158 (git-fixes).
- arm64: dts: Add DTS files for bcmbca SoC BCM6858 (git-fixes).
- arm64: dts: Add base DTS file for bcmbca device Asus GT-AX6000 (git-fixes).
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: amlogic: meson-axg: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gx-libretech-pc: fix update button name (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing SCPI sensors compatible (git-fixes).
- arm64: dts: amlogic: meson-gx: add missing unit address to rng node name (git-fixes).
- arm64: dts: amlogic: meson-gx: fix SCPI clock dvfs node name (git-fixes).
- arm64: dts: amlogic: meson-gxbb-kii-pro: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-phicomm-n1: fix led node name (git-fixes).
- arm64: dts: amlogic: meson-gxl-s905d-sml5442tw: drop invalid clock-names property (git-fixes).
- arm64: dts: amlogic: meson-gxl: add missing unit address to eth-phy-mux node name (git-fixes).
- arm64: dts: amlogic: meson-sm1-bananapi-m5: fix adc keys node names (git-fixes).
- arm64: dts: amlogic: meson-sm1-odroid-hc4: fix active fan thermal trip (git-fixes).
- arm64: dts: arm: drop unused interrupt-names in MHU (git-fixes)
- arm64: dts: broadcom: bcm4908: add DT for Netgear RAXE500 (git-fixes).
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: freescale: Fix pca954x i2c-mux node names (git-fixes)
- arm64: dts: imx8-ss-dma: assign default clock rate for lpuarts (git-fixes).
- arm64: dts: imx8m: Align SoC unique ID node unit address (git-fixes).
- arm64: dts: imx8mm-evk: correct pmic clock source (git-fixes).
- arm64: dts: imx8mm-nitrogen-r2: fix WM8960 clock name (git-fixes).
- arm64: dts: imx8mm: Fix pad control for UART1_DTE_RX (git-fixes).
- arm64: dts: imx8mn-beacon: Fix SPI CS pinmux (git-fixes).
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- arm64: dts: imx8mn: specify #sound-dai-cells for SAI nodes (git-fixes).
- arm64: dts: imx8mp-phycore-som: Remove invalid PMIC property (git-fixes)
- arm64: dts: imx8mp: correct usb clocks (git-fixes)
- arm64: dts: imx8mq-thor96: fix no-mmc property for SDHCI (git-fixes).
- arm64: dts: imx8mq: add mipi csi phy and csi bridge descriptions (git-fixes)
- arm64: dts: imx8mq: fix mipi_csi bidirectional port numbers (git-fixes)
- arm64: dts: imx8qm-mek: correct GPIOs for USDHC2 CD and WP signals (git-fixes).
- arm64: dts: juno: Add missing MHU secure-irq (git-fixes)
- arm64: dts: mediatek: mt7622: Add missing pwm-cells to pwm node (git-fixes).
- arm64: dts: mediatek: mt8183: Fix systimer 13 MHz clock description (git-fixes).
- arm64: dts: meson-axg: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson-g12-common: specify full DMC range (git-fixes).
- arm64: dts: meson-g12a: Fix internal Ethernet PHY unit name (git-fixes).
- arm64: dts: meson-gx: Fix Ethernet MAC address unit name (git-fixes).
- arm64: dts: meson-gx: Fix the SCPI DVFS node name and unit address (git-fixes).
- arm64: dts: meson-gx: Make mmc host controller interrupts level-sensitive (git-fixes).
- arm64: dts: meson: bananapi-m5: switch VDDIO_C pin to OPEN_DRAIN (git-fixes).
- arm64: dts: meson: remove CPU opps below 1GHz for G12A boards (git-fixes).
- arm64: dts: mt8192: Fix CPU map for single-cluster SoC (git-fixes).
- arm64: dts: qcom: Fix IPQ8074 PCIe PHY nodes (git-fixes).
- arm64: dts: qcom: ipq8074-hk01: enable QMP device, not the PHY node (git-fixes).
- arm64: dts: qcom: ipq8074: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: ipq8074: correct Gen2 PCIe ranges (git-fixes).
- arm64: dts: qcom: ipq8074: correct PCIe QMP PHY output clock names (git-fixes).
- arm64: dts: qcom: ipq8074: correct USB3 QMP PHY-s clock output names (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen2 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe QMP PHY (git-fixes).
- arm64: dts: qcom: ipq8074: fix Gen3 PCIe node (git-fixes).
- arm64: dts: qcom: ipq8074: fix PCIe PHY serdes size (git-fixes).
- arm64: dts: qcom: msm8992-libra: Add CPU regulators (git-fixes).
- arm64: dts: qcom: msm8992-libra: Fix the memory map (git-fixes).
- arm64: dts: qcom: msm8994-kitakami: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8994-msft-lumia-octagon: drop unit address from PMI8994 regulator (git-fixes).
- arm64: dts: qcom: msm8996: Add missing DWC3 quirks (git-fixes).
- arm64: dts: qcom: msm8996: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: msm8998: Fix stm-stimulus-base reg name (git-fixes).
- arm64: dts: qcom: msm8998: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: pmk8350: Specify PBS register for PON (git-fixes).
- arm64: dts: qcom: pmk8350: Use the correct PON compatible (git-fixes).
- arm64: dts: qcom: qcs404: use symbol names for PCIe resets (git-fixes).
- arm64: dts: qcom: sc7180-lite: Fix SDRAM freq for misidentified sc7180-lite boards (git-fixes).
- arm64: dts: qcom: sc7180-trogdor-lazor: correct trackpad supply (git-fixes).
- arm64: dts: qcom: sc7180: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sc7280: correct SPMI bus address cells (git-fixes).
- arm64: dts: qcom: sdm845-db845c: fix audio codec interrupt pin name (git-fixes).
- arm64: dts: qcom: sdm845: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8150-kumano: Panel framebuffer is 2.5k instead of 4k (git-fixes).
- arm64: dts: qcom: sm8250: Fix the PCI I/O port range (git-fixes).
- arm64: dts: qcom: sm8350: Mark UFS controller as cache coherent (git-fixes).
- arm64: dts: renesas: beacon-renesom: Fix gpio expander reference (git-fixes).
- arm64: dts: renesas: r8a774c0: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: renesas: r8a77990: Remove bogus voltages from OPP table (git-fixes).
- arm64: dts: rockchip: drop unused LED mode property from rk3328-roc-cc (git-fixes).
- arm64: dts: ti: k3-j7200: Fix wakeup pinmux range (git-fixes).
- arm64: dts: ti: k3-j721e-main: Remove ti,strobe-sel property (git-fixes).
- arm64: efi: Execute runtime services from a dedicated stack (git-fixes).
- arm64: efi: Make efi_rt_lock a raw_spinlock (git-fixes).
- arm64: errata: add detection for AMEVCNTR01 incrementing incorrectly (git-fixes) Enable workaround and fix kABI breakage.
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes)
- arm64: kgdb: Set PSTATE.SS to 1 to re-enable single-step (git-fixes).
- arm64: make is_ttbrX_addr() noinstr-safe (git-fixes)
- arm64: mm: kfence: only handle translation faults (git-fixes)
- arm: 9290/1: uaccess: Fix KASAN false-positives (git-fixes).
- arm: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- arm: 9296/1: HP Jornada 7XX: fix kernel-doc warnings (git-fixes).
- arm: bcm2835_defconfig: Enable the framebuffer (git-fixes).
- arm: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- arm: defconfig: drop CONFIG_DRM_RCAR_LVDS (git-fixes).
- arm: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- arm: dts: am5748: keep usb4_tm disabled (git-fixes)
- arm: dts: exynos: Use Exynos5420 compatible for the MIPI video phy (git-fixes).
- arm: dts: exynos: correct HDMI phy compatible in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos4210 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Exynos5250 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid HC1 (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU (git-fixes).
- arm: dts: exynos: correct TMU phandle in Odroid XU3 family (git-fixes).
- arm: dts: exynos: correct wr-active property in Exynos3250 Rinato (git-fixes).
- arm: dts: exynos: fix WM8960 clock name in Itop Elite (git-fixes).
- arm: dts: gta04: fix excess dma channel usage (git-fixes).
- arm: dts: imx6sl: tolino-shine2hd: fix usbotg1 pinctrl (git-fixes).
- arm: dts: imx6sll: e60k02: fix usbotg1 pinctrl (git-fixes).
- arm: dts: imx7-colibri-eval-v3: correct can controller comment (git-fixes)
- arm: dts: imx7s: correct iomuxc gpr mux controller cells (git-fixes).
- arm: dts: imx: Fix pca9547 i2c-mux node name (git-fixes).
- arm: dts: qcom: ipq4019: Fix the PCI I/O port range (git-fixes).
- arm: dts: qcom: ipq8064: Fix the PCI I/O port range (git-fixes).
- arm: dts: qcom: ipq8064: reduce pci IO size to 64K (git-fixes).
- arm: dts: qcom: msm8974: add required ranges to OCMEM (git-fixes)
- arm: dts: qcom: sdx55: Add Qcom SMMU-500 as the fallback for IOMMU node (git-fixes).
- arm: dts: rockchip: add power-domains property to dp node on rk3288 (git-fixes).
- arm: dts: rockchip: fix a typo error for rk3288 spdif node (git-fixes).
- arm: dts: s5pv210: correct MIPI CSIS clock name (git-fixes).
- arm: dts: spear320-hmi: correct STMPE GPIO compatible (git-fixes).
- arm: dts: stm32: add missing usbh clock and fix clk order on (git-fixes)
- arm: dts: stm32: use usbphyc ck_usbo_48m as USBH OHCI clock on (git-fixes)
- arm: dts: sun8i: nanopi-duo2: Fix regulator GPIO reference (git-fixes).
- arm: dts: vexpress: add missing cache properties (git-fixes).
- arm: dts: vf610: Fix pca9548 i2c-mux node names (git-fixes).
- arm: imx: Call ida_simple_remove() for ida_simple_get (git-fixes).
- arm: imx: rename DEBUG_IMX21_IMX27_UART to DEBUG_IMX27_UART (git-fixes)
- arm: oMAP1: call platform_device_put() in error case in omap1_dm_timer_init() (git-fixes).
- arm: oMAP2+: Fix memory leak in realtime_counter_init() (git-fixes).
- arm: omap: remove debug-leds driver (git-fixes)
- arm: remove some dead code (git-fixes)
- arm: renumber bits related to _TIF_WORK_MASK (git-fixes)
- arm: s3c: fix s3c64xx_set_timer_source prototype (git-fixes).
- arm: shmobile: rcar-gen2: Add missing of_node_put() (git-fixes)
- arm: zynq: Fix refcount leak in zynq_early_slcr_init (git-fixes).
- asm-generic/io.h: suppress endianness warnings for readq() and writeq() (git-fixes).
- asn.1: Fix check for strdup() success (git-fixes).
- asoc: adau7118: do not disable regulators on device unbind (git-fixes).
- asoc: amd: acp-es8336: Drop reference count of ACPI device after use (git-fixes).
- asoc: codecs: Change bulk clock voting to optional voting in digital codecs (git-fixes).
- asoc: codecs: lpass: fix incorrect mclk rate (git-fixes).
- asoc: codecs: rx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: rx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: tx-macro: Fix for KASAN: slab-out-of-bounds (git-fixes).
- asoc: codecs: tx-macro: move clk provider to managed variants (git-fixes).
- asoc: codecs: tx-macro: move to individual clks from bulk (git-fixes).
- asoc: codecs: wsa881x: do not set can_multi_write flag (git-fixes).
- asoc: cs35l41: Only disable internal boost (git-fixes).
- asoc: cs42l56: fix DT probe (git-fixes).
- asoc: dt-bindings: meson: fix gx-card codec node regex (git-fixes).
- asoc: dwc: limit the number of overrun messages (git-fixes).
- asoc: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- asoc: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- asoc: es8316: Handle optional IRQ assignment (git-fixes).
- asoc: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- asoc: fsl-asoc-card: Fix naming of AC'97 CODEC widgets (git-fixes).
- asoc: fsl_asrc_dma: fix potential null-ptr-deref (git-fixes).
- asoc: fsl_micfil: Correct the number of steps on SX controls (git-fixes).
- asoc: fsl_micfil: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: fsl_mqs: move of_node_put() to the correct location (git-fixes).
- asoc: fsl_sai: Update to modern clocking terminology (git-fixes).
- asoc: fsl_ssi: Rename AC'97 streams to avoid collisions with AC'97 CODEC (git-fixes).
- asoc: hdac_hdmi: use set_stream() instead of set_tdm_slots() (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: intel: Skylake: Fix declaration of enum skl_ch_cfg (git-fixes).
- asoc: intel: Skylake: Fix driver hang during shutdown (git-fixes).
- asoc: intel: avs: Access path components under lock (git-fixes).
- asoc: intel: avs: Fix declaration of enum avs_channel_config (git-fixes).
- asoc: intel: avs: Implement PCI shutdown (git-fixes).
- asoc: intel: avs: Use min_t instead of min with cast (git-fixes).
- asoc: intel: boards: fix spelling in comments (git-fixes).
- asoc: intel: bytcht_es8316: Drop reference count of ACPI device after use (git-fixes).
- asoc: intel: bytcht_es8316: move comment to the right place (git-fixes).
- asoc: intel: bytcr_rt5640: Add quirk for the Acer Iconia One 7 B1-750 (git-fixes).
- asoc: intel: bytcr_rt5640: Drop reference count of ACPI device after use (git-fixes).
- asoc: intel: bytcr_rt5651: Drop reference count of ACPI device after use (git-fixes).
- asoc: intel: bytcr_wm5102: Drop reference count of ACPI device after use (git-fixes).
- asoc: intel: soc-acpi-byt: Fix 'WM510205' match no longer working (git-fixes).
- asoc: intel: soc-acpi: fix copy-paste issue in topology names (git-fixes).
- asoc: intel: sof_cs42l42: always set dpcm_capture for amplifiers (git-fixes).
- asoc: intel: sof_es8336: Drop reference count of ACPI device after use (git-fixes).
- asoc: intel: sof_rt5682: always set dpcm_capture for amplifiers (git-fixes).
- asoc: intel: sof_sdw: add quirk for Intel 'Rooks County' NUC M15 (git-fixes).
- asoc: kirkwood: Iterate over array indexes instead of using pointer math (git-fixes).
- asoc: lpass: Fix for KASAN use_after_free out of bounds (git-fixes).
- asoc: mchp-spdifrx: Fix uninitialized use of mr in mchp_spdifrx_hw_params() (git-fixes).
- asoc: mchp-spdifrx: disable all interrupts in mchp_spdifrx_dai_remove() (git-fixes).
- asoc: mchp-spdifrx: fix controls which rely on rsr register (git-fixes).
- asoc: mediatek: mt8173: Fix irq error path (git-fixes).
- asoc: nau8824: Add quirk to active-high jack-detect (git-fixes).
- asoc: rsnd: Remove unnecessary rsnd_dbg_dai_call() (git-fixes).
- asoc: rsnd: fixup #endif position (git-fixes).
- asoc: rt1308-sdw: add the default value of some registers (git-fixes).
- asoc: rt5682: Disable jack detection interrupt during suspend (git-fixes).
- asoc: rt715-sdca: fix clock stop prepare timeout issue (git-fixes).
- asoc: simple-card: Add missing of_node_put() in case of error (git-fixes).
- asoc: soc-compress.c: fixup private_data on snd_soc_new_compress() (git-fixes).
- asoc: soc-compress: Inherit atomicity from DAI link for Compress FE (git-fixes).
- asoc: soc-compress: Reposition and add pcm_mutex (git-fixes).
- asoc: soc-dapm.h: fixup warning struct snd_pcm_substream not declared (git-fixes).
- asoc: soc-pcm: fix hw->formats cleared by soc_pcm_hw_init() for dpcm (git-fixes).
- asoc: soc-pcm: test if a BE can be prepared (git-fixes).
- asoc: sof: Intel: MTL: Fix the device description (git-fixes).
- asoc: sof: ipc4-topology: set dmic dai index from copier (git-fixes).
- asoc: sof: ipc4: Ensure DSP is in D0I0 during sof_ipc4_set_get_data() (git-fixes).
- asoc: ssm2602: Add workaround for playback distortions (git-fixes).
- asoc: tlv320adcx140: fix 'ti,gpio-config' DT property init (git-fixes).
- asoc: topology: Properly access value coming from topology file (git-fixes).
- asoc: topology: Return -ENOMEM on memory allocation failure (git-fixes).
- asoc: zl38060 add gpiolib dependency (git-fixes).
- asoc: zl38060: Remove spurious gpiolib select (git-fixes).
- ata: libata-scsi: Use correct device no in ata_find_dev() (git-fixes).
- ata: libata: Fix sata_down_spd_limit() when no link speed is reported (git-fixes).
- ata: libata: Set __ATA_BASE_SHT max_sectors (git-fixes).
- ata: libata: fix NCQ autosense logic (git-fixes).
- ata: pata_macio: Fix compilation warning (git-fixes).
- ata: pata_octeon_cf: drop kernel-doc notation (git-fixes).
- ata: pata_octeon_cf: fix call to trace_ata_bmdma_stop() (git-fixes).
- ath11k: Fix unexpected return buffer manager error for QCA6390 (git-fixes).
- ath6kl: Use struct_group() to avoid size-mismatched casting (git-fixes).
- ath9k: hif_usb: simplify if-if to if-else (git-fixes).
- ath9k: htc: clean up statistics macros (git-fixes).
- atm: idt77252: fix kmemleak when rmmod idt77252 (git-fixes).
- audit: update the mailing list in MAINTAINERS (git-fixes).
- auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() (git-fixes).
- backlight: backlight: Fix doc for backlight_device_get_by_name (git-fixes).
- batman-adv: Broken sync while rescheduling delayed work (git-fixes).
- bcache: Revert 'bcache: use bvec_virt' (git-fixes).
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- bcache: fix wrong bdev parameter when calling bio_alloc_clone() in do_bio_hook() (git-fixes).
- bcache: put bch_bio_map() back to correct location in journal_write_unlocked() (git-fixes).
- bfq: fix use-after-free in bfq_dispatch_request (git-fixes).
- bfq: fix waker_bfqq inconsistency crash (git-fixes).
- Blacklist commit that might cause regression (bsc#1210947)
- blk-cgroup: fix missing pd_online_fn() while activating policy (git-fixes).
- blk-cgroup: properly pin the parent in blkcg_css_online (bsc#1208105).
- blk-lib: fix blkdev_issue_secure_erase (git-fixes).
- blk-mq: Fix kmemleak in blk_mq_init_allocated_queue (git-fixes).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (git-fixes).
- blk-mq: fix possible memleak when register 'hctx' failed (git-fixes).
- blk-mq: run queue no matter whether the request is the last request (git-fixes).
- blk-throttle: fix that io throttle can only work for single bio (git-fixes).
- blk-throttle: prevent overflow while calculating wait time (git-fixes).
- blk-wbt: fix that 'rwb->wc' is always set to 1 in wbt_init() (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- block, bfq: do not move oom_bfqq (git-fixes).
- block, bfq: fix null pointer dereference in bfq_bio_bfqg() (git-fixes).
- block, bfq: fix possible uaf for 'bfqq->bic' (git-fixes).
- block, bfq: fix uaf for bfqq in bfq_exit_icq_bfqq (git-fixes).
- block, bfq: fix uaf for bfqq in bic_set_bfqq() (git-fixes).
- block, bfq: protect 'bfqd->queued' by 'bfqd->lock' (git-fixes).
- block/bfq-iosched.c: use 'false' rather than 'BLK_RW_ASYNC' (git-fixes).
- block/bfq_wf2q: correct weight to ioprio (git-fixes).
- block/bio: remove duplicate append pages code (git-fixes).
- block: Fix possible memory leak for rq_wb on add_disk failure (git-fixes).
- block: add a bdev_max_zone_append_sectors helper (git-fixes).
- block: bio-integrity: Copy flags when bio_integrity_payload is cloned (bsc#1208541).
- block: check minor range in device_add_disk() (git-fixes).
- block: clear ->slave_dir when dropping the main slave_dir reference (git-fixes).
- block: do not allow splitting of a REQ_NOWAIT bio (git-fixes).
- block: do not allow the same type rq_qos add more than once (git-fixes).
- block: do not reverse request order when flushing plug list (bsc#1208588 bsc#1208128).
- block: ensure iov_iter advances for added pages (git-fixes).
- block: fix and cleanup bio_check_ro (git-fixes).
- block: fix default IO priority handling again (git-fixes).
- block: fix infinite loop for invalid zone append (git-fixes).
- block: fix leaking minors of hidden disks (git-fixes).
- block: fix memory leak for elevator on add_disk failure (git-fixes).
- block: fix missing blkcg_bio_issue_init (bsc#1208107).
- block: loop:use kstatfs.f_bsize of backing file to set discard granularity (git-fixes).
- block: mq-deadline: Do not break sequential write streams to zoned HDDs (git-fixes).
- block: mq-deadline: Fix dd_finish_request() for zoned devices (git-fixes).
- block: mq-deadline: Rename deadline_is_seq_writes() (git-fixes).
- block: null_blk: Fix null_zone_write() (git-fixes).
- block: pop cached rq before potentially blocking rq_qos_throttle() (git-fixes).
- block: use bdev_get_queue() in bio.c (git-fixes).
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (git-fixes).
- bluetooth: Fix crash when replugging CSR fake controllers (git-fixes).
- bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464).
- bluetooth: Fix l2cap_disconnect_req deadlock (git-fixes).
- bluetooth: Fix race condition in hci_cmd_sync_clear (git-fixes).
- bluetooth: Fix race condition in hidp_session_thread (git-fixes).
- bluetooth: Fix support for Read Local Supported Codecs V2 (git-fixes).
- bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- bluetooth: HCI: Fix global-out-of-bounds (git-fixes).
- bluetooth: ISO: Avoid circular locking dependency (git-fixes).
- bluetooth: ISO: Fix possible circular locking dependency (git-fixes).
- bluetooth: ISO: do not try to remove CIG if there are bound CIS left (git-fixes).
- bluetooth: ISO: fix timestamped HCI ISO data packet parsing (git-fixes).
- bluetooth: L2CAP: Add missing checks for invalid DCID (git-fixes).
- bluetooth: L2CAP: Fix potential user-after-free (git-fixes).
- bluetooth: L2CAP: Fix responding with wrong PDU type (git-fixes).
- bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp} (git-fixes).
- bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp (git-fixes).
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (git-fixes).
- bluetooth: Remove codec id field in vendor codec definition (git-fixes).
- bluetooth: SCO: Fix possible circular locking dependency sco_sock_getsockopt (git-fixes).
- bluetooth: Set ISO Data Path on broadcast sink (git-fixes).
- bluetooth: btintel: Add LE States quirk support (git-fixes).
- bluetooth: btqcomsmd: Fix command timeout after setting BD address (git-fixes).
- bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (git-fixes).
- bluetooth: btusb: Add VID:PID 13d3:3529 for Realtek RTL8821CE (git-fixes).
- bluetooth: btusb: Remove detection of ISO packets over bulk (git-fixes).
- bluetooth: hci_bcm: Fall back to getting bdaddr from EFI if not set (git-fixes).
- bluetooth: hci_conn: Fix memory leaks (git-fixes).
- bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (git-fixes).
- bluetooth: hci_conn: Refactor hci_bind_bis() since it always succeeds (git-fixes).
- bluetooth: hci_conn: use HCI dst_type values also for BIS (git-fixes).
- bluetooth: hci_core: Detect if an ACL packet is in fact an ISO packet (git-fixes).
- bluetooth: hci_core: fix error handling in hci_register_dev() (git-fixes).
- bluetooth: hci_event: Fix Invalid wait context (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bluetooth: hci_qca: fix debugfs registration (git-fixes).
- bluetooth: hci_qca: get wakeup status from serdev device handle (git-fixes).
- bluetooth: hci_sock: purge socket queues in the destruct() callback (git-fixes).
- bluetooth: hci_sync: Fix not indicating power state (git-fixes).
- bluetooth: hci_sync: Fix use HCI_OP_LE_READ_BUFFER_SIZE_V2 (git-fixes).
- bluetooth: hci_sync: cancel cmd_timer if hci_open failed (git-fixes).
- bnxt: Do not read past the end of test names (jsc#SLE-18978).
- bnxt: prevent skb UAF after handing over to PTP worker (jsc#SLE-18978).
- bnxt_en: Add missing 200G link speed reporting (jsc#SLE-18978).
- bnxt_en: Avoid order-5 memory allocation for TPA data (jsc#SLE-18978).
- bnxt_en: Do not initialize PTP on older P3/P4 chips (jsc#SLE-18978).
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Fix mqprio and XDP ring checking logic (jsc#SLE-18978).
- bnxt_en: Fix reporting of test result in ethtool selftest (jsc#SLE-18978).
- bnxt_en: Fix typo in PCI id to device description string mapping (jsc#SLE-18978).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bnxt_en: fix NQ resource accounting during vf creation on 57500 chips (jsc#SLE-18978).
- bnxt_en: set missing reload flag in devlink features (jsc#SLE-18978).
- bonding: Fix negative jump label count on nested bonding (bsc#1212685).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf, perf: Use subprog name when reporting subprog ksymbol (git fixes).
- bpf, x64: Factor out emission of REX byte in more cases (git-fixes).
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- bpf: Fix a possible task gone issue with bpf_send_signal[_thread]() helpers (git-fixes).
- bpf: Fix extable address check (git-fixes).
- bpf: Fix extable fixup offset (git-fixes).
- bpf: Skip task with pid=1 in send_signal_common() (git-fixes).
- btrfs: fix race between quota enable and quota rescan ioctl (bsc#1207158).
- btrfs: fix race between quota rescan and disable leading to NULL pointer deref (bsc#1207158).
- btrfs: fix trace event name typo for FLUSH_DELAYED_REFS (git-fixes).
- btrfs: move QUOTA_ENABLED check to rescan_should_stop from btrfs_qgroup_rescan_worker (bsc#1207158).
- btrfs: qgroup: remove duplicated check in adding qgroup relations (bsc#1207158).
- btrfs: qgroup: remove outdated TODO comments (bsc#1207158).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: mhi: host: Fix race between channel preparation and M0 event (git-fixes).
- bus: mhi: host: Range check CHDBOFF and ERDBOFF (git-fixes).
- bus: mhi: host: Remove duplicate ee check for syserr (git-fixes).
- bus: mhi: host: Use mhi_tryset_pm_state() for setting fw error state (git-fixes).
- bus: sunxi-rsb: Fix error handling in sunxi_rsb_init() (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- ca8210: Fix unsigned mac_len comparison with zero in ca8210_skb_tx() (git-fixes).
- ca8210: fix mac_len negative array access (git-fixes).
- can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write (git-fixes).
- can: isotp: isotp_ops: fix poll() to not report false EPOLLOUT events (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: isotp: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: j1939: avoid possible use-after-free when j1939_can_rx_register fails (git-fixes).
- can: j1939: change j1939_netdev_lock type to mutex (git-fixes).
- can: j1939: do not wait 250 ms if the same addr was already claimed (git-fixes).
- can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate (git-fixes).
- can: j1939: j1939_sk_send_loop_abort(): improved error queue handling in J1939 Socket (git-fixes).
- can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access (git-fixes).
- can: j1939: recvmsg(): allow MSG_CMSG_COMPAT flag (git-fixes).
- can: kvaser_pciefd: Call request_irq() before enabling interrupts (git-fixes).
- can: kvaser_pciefd: Clear listen-only bit if not explicitly requested (git-fixes).
- can: kvaser_pciefd: Disable interrupts in probe error path (git-fixes).
- can: kvaser_pciefd: Do not send EFLUSH command on TFD interrupt (git-fixes).
- can: kvaser_pciefd: Empty SRB buffer in probe (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: kvaser_pciefd: Set CAN_STATE_STOPPED in kvaser_pciefd_stop() (git-fixes).
- can: kvaser_usb: Add struct kvaser_usb_busparams (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Get capabilities from device (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Handle CMD_ERROR_EVENT (git-fixes).
- can: kvaser_usb: kvaser_usb_leaf: Rename {leaf,usbcan}_cmd_error_event to {leaf,usbcan}_cmd_can_error_event (git-fixes).
- can: kvaser_usb_leaf: Fix overread with an invalid command (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- cassini: Fix a memory leak in the error handling path of cas_init_one() (git-fixes).
- ceph: avoid use-after-free in ceph_fl_release_lock() (jsc#SES-1880).
- ceph: blocklist the kclient when receiving corrupted snap trace (jsc#SES-1880).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- ceph: flush cap releases when the session is flushed (bsc#1208428).
- ceph: flush cap releases when the session is flushed (jsc#SES-1880).
- ceph: force updating the msg pointer in non-split case (bsc#1211804).
- ceph: move mount state enum to super.h (jsc#SES-1880).
- ceph: remove useless session parameter for check_caps() (jsc#SES-1880).
- ceph: switch to vfs_inode_has_locks() to fix file lock bug (jsc#SES-1880).
- ceph: try to check caps immediately after async creating finishes (jsc#SES-1880).
- ceph: update the time stamps and try to drop the suid/sgid (bsc#1209504).
- ceph: use locks_inode_context helper (jsc#SES-1880).
- cfg80211: allow continuous radar monitoring on offchannel chain (bsc#1209980).
- cfg80211: fix possible NULL pointer dereference in cfg80211_stop_offchan_radar_detection (bsc#1209980).
- cfg80211: implement APIs for dedicated radar detection HW (bsc#1209980).
- cfg80211: move offchan_cac_event to a dedicated work (bsc#1209980).
- cfg80211: rename offchannel_chain structs to background_chain to avoid confusion with ETSI standard (bsc#1209980).
- cfg80211: schedule offchan_cac_abort_wk in cfg80211_radar_event (bsc#1209980).
- cgroup.c: add helper __cset_cgroup_from_root to cleanup duplicated codes (bsc#1203906).
- cgroup/cpuset: Wake up cpuset_attach_wq tasks in cpuset_cancel_attach() (bsc#1210827).
- cgroup: Homogenize cgroup_get_from_id() return value (bsc#1205650).
- cgroup: Honor caller's cgroup NS when resolving path (bsc#1205650).
- cgroup: Make cgroup_get_from_id() prettier (bsc#1205650).
- cgroup: Reorganize css_set_lock and kernfs path processing (bsc#1205650).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: cgroup: Honor caller's cgroup NS when resolving cgroup id (bsc#1205650).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- cgroup: reduce dependency on cgroup_mutex (bsc#1205650).
- cifs: Avoid a cast in add_lease_context() (bsc#1193629).
- cifs: Check the lease context if we actually got a lease (bsc#1193629).
- cifs: Convert struct fealist away from 1-element array (bsc#1193629).
- cifs: Fix lost destroy smbd connection when MR allocate failed (git-fixes).
- cifs: Fix oops due to uncleared server->smbd_conn in reconnect (git-fixes).
- cifs: Fix smb2_set_path_size() (git-fixes).
- cifs: Fix uninitialized memory read in smb3_qfs_tcon() (bsc#1193629).
- cifs: Fix uninitialized memory reads for oparms.mode (bsc#1193629).
- cifs: Fix use-after-free in rdata->read_into_pages() (git-fixes).
- cifs: Fix warning and UAF when destroy the MR list (git-fixes).
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (bsc#1193629).
- cifs: Move the in_send statistic to __smb_send_rqst() (git-fixes).
- cifs: Replace remaining 1-element arrays (bsc#1193629).
- cifs: Replace zero-length arrays with flexible-array members (bsc#1193629).
- cifs: Simplify SMB2_open_init() (bsc#1193629).
- cifs: Use kstrtobool() instead of strtobool() (bsc#1193629).
- cifs: append path to open_enter trace event (bsc#1193629).
- cifs: avoid dup prefix path in dfs_get_automount_devname() (git-fixes).
- cifs: avoid potential races when handling multiple dfs tcons (bsc#1208758).
- cifs: avoid race conditions with parallel reconnects (bsc#1193629).
- cifs: avoid races in parallel reconnects in smb1 (bsc#1193629).
- cifs: avoid re-lookups in dfs_cache_find() (bsc#1193629).
- cifs: check only tcon status on tcon related functions (bsc#1193629).
- cifs: do not include page data when checking signature (git-fixes).
- cifs: do not poll server interfaces too regularly (bsc#1193629).
- cifs: do not take exclusive lock for updating target hints (bsc#1193629).
- cifs: do not try to use rdma offload on encrypted connections (bsc#1193629).
- cifs: double lock in cifs_reconnect_tcon() (git-fixes).
- cifs: dump pending mids for all channels in DebugData (bsc#1193629).
- cifs: empty interface list when server does not support query interfaces (bsc#1193629).
- cifs: fix DFS traversal oops without CONFIG_CIFS_DFS_UPCALL (bsc#1193629).
- cifs: fix dentry lookups in directory handle cache (bsc#1193629).
- cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1193629).
- cifs: fix mount on old smb servers (boo#1206935).
- cifs: fix negotiate context parsing (bsc#1210301).
- cifs: fix pcchunk length type in smb2_copychunk_range (bsc#1193629).
- cifs: fix potential deadlock in cache_refresh_path() (git-fixes).
- cifs: fix potential race when tree connecting ipc (bsc#1208758).
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (bsc#1208758).
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1193629).
- cifs: fix sharing of DFS connections (bsc#1208758).
- cifs: fix smb1 mount regression (bsc#1193629).
- cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1193629).
- cifs: generate signkey for the channel that's reconnecting (bsc#1193629).
- cifs: get rid of dead check in smb2_reconnect() (bsc#1193629).
- cifs: get rid of dns resolve worker (bsc#1193629).
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (bsc#1193629).
- cifs: handle cache lookup errors different than -ENOENT (bsc#1193629).
- cifs: improve checking of DFS links over STATUS_OBJECT_NAME_INVALID (git-fixes).
- cifs: introduce cifs_io_parms in smb2_async_writev() (bsc#1193629).
- cifs: lock chan_lock outside match_session (bsc#1193629).
- cifs: mapchars mount option ignored (bsc#1193629).
- cifs: match even the scope id for ipv6 addresses (bsc#1193629).
- cifs: missing lock when updating session status (bsc#1193629).
- cifs: prevent data race in cifs_reconnect_tcon() (bsc#1193629).
- cifs: prevent data race in smb2_reconnect() (bsc#1193629).
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (bsc#1193629).
- cifs: print last update time for interface list (bsc#1193629).
- cifs: print session id while listing open files (bsc#1193629).
- cifs: print smb3_fs_context::source when mounting (bsc#1193629).
- cifs: protect access of TCP_Server_Info::{origin,leaf}_fullpath (bsc#1208758).
- cifs: protect session status check in smb2_reconnect() (bsc#1208758).
- cifs: release leases for deferred close handles when freezing (bsc#1193629).
- cifs: remove duplicate code in __refresh_tcon() (bsc#1193629).
- cifs: remove unneeded 2bytes of padding from smb2 tree connect (bsc#1193629).
- cifs: remove unused function (bsc#1193629).
- cifs: return DFS root session id in DebugData (bsc#1193629).
- cifs: return a single-use cfid if we did not get a lease (bsc#1193629).
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1193629).
- cifs: sanitize paths in cifs_update_super_prepath (git-fixes).
- cifs: set DFS root session in cifs_get_smb_ses() (bsc#1193629).
- cifs: split out smb3_use_rdma_offload() helper (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- cifs: update ip_addr for ses only for primary chan setup (bsc#1193629).
- cifs: use DFS root session instead of tcon ses (bsc#1193629).
- cifs: use tcon allocation functions even for dummy tcon (git-fixes).
- cifs: use the least loaded channel for sending requests (bsc#1193629).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: HI655X: select REGMAP instead of depending on it (git-fixes).
- clk: Honor CLK_OPS_PARENT_ENABLE in clk_core_is_enabled() (git-fixes).
- clk: add missing of_node_put() in 'assigned-clocks' property parsing (git-fixes).
- clk: at91: clk-sam9x60-pll: fix return value check (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: avoid memory leak (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: ingenic: jz4760: Update M/N/OD calculation algorithm (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: mxl: Add option to override gate clks (git-fixes).
- clk: mxl: Fix a clk entry by adding relevant flags (git-fixes).
- clk: mxl: Remove redundant spinlocks (git-fixes).
- clk: mxl: Switch from direct readl/writel based IO to regmap based IO (git-fixes).
- clk: mxl: syscon_node_to_regmap() returns error pointers (git-fixes).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- clk: qcom: gcc-qcs404: disable gpll[04]_out_aux parents (git-fixes).
- clk: qcom: gcc-qcs404: fix names of the DSI clocks used as parents (git-fixes).
- clk: qcom: gcc-sm8350: fix PCIe PIPE clocks handling (git-fixes).
- clk: qcom: regmap: add PHY clock source implementation (git-fixes).
- clk: ralink: fix 'mt7621_gate_is_enabled()' function (git-fixes).
- clk: renesas: cpg-mssr: Fix use after free if cpg_mssr_common_init() failed (git-fixes).
- clk: renesas: cpg-mssr: Remove superfluous check in resume code (git-fixes).
- clk: rockchip: rk3399: allow clk_cifout to force clk_cifout_src to reparent (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: sprd: set max_register according to mapping range (git-fixes).
- clk: tegra20: fix gcc-7 constant overflow warning (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- clocksource/drivers/davinci: Fix memory leak in davinci_timer_register when init fails (git-fixes).
- clocksource/drivers/mediatek: Optimize systimer irq clear flow on shutdown (git-fixes).
- clocksource: Suspend the watchdog temporarily when high read latency detected (git-fixes).
- comedi: use menuconfig for main Comedi menu (git-fixes).
- configfs: fix possible memory leak in configfs_create_dir() (git-fixes).
- cpufreq: Add Tegra234 to cpufreq-dt-platdev blocklist (git-fixes).
- cpufreq: CPPC: Fix build error without CONFIG_ACPI_CPPC_CPUFREQ_FIE (bsc#1210953).
- cpufreq: CPPC: Fix performance/frequency conversion (git-fixes).
- cpufreq: armada-37xx: stop using 0 as NULL pointer (git-fixes).
- cpumask: fix incorrect cpumask scanning result checks (bsc#1210943).
- crypto: acomp - define max size for destination (jsc#PED-3692)
- crypto: arm64 - Fix unused variable compilation warnings of (git-fixes)
- crypto: caam - Clear some memory in instantiate_rng (git-fixes).
- crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 (git-fixes).
- crypto: ccp - Failure on re-initialization due to duplicate sysfs filename (git-fixes).
- crypto: crypto4xx - Call dma_unmap_page when done (git-fixes).
- crypto: drbg - Only fail when jent is unavailable in FIPS mode (git-fixes).
- crypto: drivers - move from strlcpy with unused retval to (jsc#PED-3692)
- crypto: essiv - Handle EBUSY correctly (git-fixes).
- crypto: hisilicon/qm - add missing pci_dev_put() in q_num_set() (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- crypto: qat - Fix unsigned function returning negative (jsc#PED-3692)
- crypto: qat - Removes the x86 dependency on the QAT drivers (jsc#PED-3692)
- crypto: qat - abstract PFVF messages with struct pfvf_message (jsc#PED-3692)
- crypto: qat - abstract PFVF receive logic (jsc#PED-3692)
- crypto: qat - abstract PFVF send function (jsc#PED-3692)
- crypto: qat - add PFVF support to enable the reset of ring (jsc#PED-3692)
- crypto: qat - add PFVF support to the GEN4 host driver (jsc#PED-3692)
- crypto: qat - add VF and PF wrappers to common send function (jsc#PED-3692)
- crypto: qat - add backlog mechanism (jsc#PED-3692)
- crypto: qat - add check for invalid PFVF protocol version 0 (jsc#PED-3692)
- crypto: qat - add check to validate firmware images (jsc#PED-3692)
- crypto: qat - add limit to linked list parsing (jsc#PED-3692)
- crypto: qat - add misc workqueue (jsc#PED-3692)
- crypto: qat - add missing restarting event notification in (jsc#PED-3692)
- crypto: qat - add param check for DH (jsc#PED-3692)
- crypto: qat - add param check for RSA (jsc#PED-3692)
- crypto: qat - add pfvf_ops (jsc#PED-3692)
- crypto: qat - add resubmit logic for decompression (jsc#PED-3692)
- crypto: qat - add support for 401xx devices (jsc#PED-3692)
- crypto: qat - add support for compression for 4xxx (jsc#PED-3692)
- crypto: qat - add the adf_get_pmisc_base() helper function (jsc#PED-3692)
- crypto: qat - allow detection of dc capabilities for 4xxx (jsc#PED-3692)
- crypto: qat - change PFVF ACK behaviour (jsc#PED-3692)
- crypto: qat - change behaviour of (jsc#PED-3692)
- crypto: qat - change bufferlist logic interface (jsc#PED-3692)
- crypto: qat - config VFs based on ring-to-svc mapping (jsc#PED-3692)
- crypto: qat - differentiate between pf2vf and vf2pf offset (jsc#PED-3692)
- crypto: qat - disable AER if an error occurs in probe (jsc#PED-3692)
- crypto: qat - do not handle PFVF sources for qat_4xxx (jsc#PED-3692)
- crypto: qat - do not rely on min version (jsc#PED-3692)
- crypto: qat - enable deflate for QAT GEN4 (jsc#PED-3692)
- crypto: qat - enable power management for QAT GEN4 (jsc#PED-3692)
- crypto: qat - exchange device capabilities over PFVF (jsc#PED-3692)
- crypto: qat - exchange ring-to-service mappings over PFVF (jsc#PED-3692)
- crypto: qat - expose deflate through acomp api for QAT GEN2 (jsc#PED-3692)
- crypto: qat - expose device config through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - expose device state through sysfs for 4xxx (jsc#PED-3692)
- crypto: qat - extend buffer list interface (jsc#PED-3692)
- crypto: qat - extend crypto capability detection for 4xxx (jsc#PED-3692)
- crypto: qat - extract send and wait from (jsc#PED-3692)
- crypto: qat - fix DMA transfer direction (jsc#PED-3692)
- crypto: qat - fix ETR sources enabled by default on GEN2 (jsc#PED-3692)
- crypto: qat - fix VF IDs in PFVF log messages (jsc#PED-3692)
- crypto: qat - fix a signedness bug in get_service_enabled() (jsc#PED-3692)
- crypto: qat - fix a typo in a comment (jsc#PED-3692)
- crypto: qat - fix access to PFVF interrupt registers for GEN4 (jsc#PED-3692)
- crypto: qat - fix definition of ring reset results (jsc#PED-3692)
- crypto: qat - fix error return code in adf_probe (git-fixes).
- crypto: qat - fix error return code in adf_probe (jsc#PED-3692)
- crypto: qat - fix handling of VF to PF interrupts (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf cap_msg structures (jsc#PED-3692)
- crypto: qat - fix initialization of pfvf rts_map_msg (jsc#PED-3692)
- crypto: qat - fix off-by-one error in PFVF debug print (jsc#PED-3692)
- crypto: qat - fix out-of-bounds read (git-fixes).
- crypto: qat - fix wording and formatting in code comment (jsc#PED-3692)
- crypto: qat - flush vf workqueue at driver removal (jsc#PED-3692)
- crypto: qat - free irq in case of failure (jsc#PED-3692)
- crypto: qat - free irqs only if allocated (jsc#PED-3692)
- crypto: qat - generalize crypto request buffers (jsc#PED-3692)
- crypto: qat - get compression extended capabilities (jsc#PED-3692)
- crypto: qat - handle retries due to collisions in (jsc#PED-3692)
- crypto: qat - honor CRYPTO_TFM_REQ_MAY_SLEEP flag (jsc#PED-3692)
- crypto: qat - improve logging of PFVF messages (jsc#PED-3692)
- crypto: qat - improve the ACK timings in PFVF send (jsc#PED-3692)
- crypto: qat - introduce support for PFVF block messages (jsc#PED-3692)
- crypto: qat - leverage bitfield.h utils for PFVF messages (jsc#PED-3692)
- crypto: qat - leverage read_poll_timeout in PFVF send (jsc#PED-3692)
- crypto: qat - leverage the GEN2 VF mask definiton (jsc#PED-3692)
- crypto: qat - make PFVF message construction direction (jsc#PED-3692)
- crypto: qat - make PFVF send and receive direction agnostic (jsc#PED-3692)
- crypto: qat - move VF message handler to adf_vf2pf_msg.c (jsc#PED-3692)
- crypto: qat - move and rename GEN4 error register definitions (jsc#PED-3692)
- crypto: qat - move interrupt code out of the PFVF handler (jsc#PED-3692)
- crypto: qat - move pfvf collision detection values (jsc#PED-3692)
- crypto: qat - move vf2pf interrupt helpers (jsc#PED-3692)
- crypto: qat - pass the PF2VF responses back to the callers (jsc#PED-3692)
- crypto: qat - prevent spurious MSI interrupt in VF (jsc#PED-3692)
- crypto: qat - re-enable interrupts for legacy PFVF messages (jsc#PED-3692)
- crypto: qat - re-enable registration of algorithms (jsc#PED-3692)
- crypto: qat - refactor PF top half for PFVF (jsc#PED-3692)
- crypto: qat - refactor pfvf version request messages (jsc#PED-3692)
- crypto: qat - refactor submission logic (jsc#PED-3692)
- crypto: qat - relocate PFVF PF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF VF related logic (jsc#PED-3692)
- crypto: qat - relocate PFVF disabled function (jsc#PED-3692)
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (jsc#PED-3692)
- crypto: qat - relocate backlog related structures (jsc#PED-3692)
- crypto: qat - relocate bufferlist logic (jsc#PED-3692)
- crypto: qat - relocate qat_algs_alloc_flags() (jsc#PED-3692)
- crypto: qat - remove duplicated logic across GEN2 drivers (jsc#PED-3692)
- crypto: qat - remove empty sriov_configure() (jsc#PED-3692)
- crypto: qat - remove line wrapping for pfvf_ops functions (jsc#PED-3692)
- crypto: qat - remove the unnecessary get_vintmsk_offset() (jsc#PED-3692)
- crypto: qat - remove unmatched CPU affinity to cluster IRQ (jsc#PED-3692)
- crypto: qat - remove unnecessary tests to detect PFVF support (jsc#PED-3692)
- crypto: qat - remove unneeded assignment (jsc#PED-3692)
- crypto: qat - remove unneeded braces (jsc#PED-3692)
- crypto: qat - remove unneeded packed attribute (jsc#PED-3692)
- crypto: qat - remove unused PFVF stubs (jsc#PED-3692)
- crypto: qat - rename and relocate GEN2 config function (jsc#PED-3692)
- crypto: qat - rename bufferlist functions (jsc#PED-3692)
- crypto: qat - rename pfvf collision constants (jsc#PED-3692)
- crypto: qat - reorganize PFVF code (jsc#PED-3692)
- crypto: qat - reorganize PFVF protocol definitions (jsc#PED-3692)
- crypto: qat - replace deprecated MSI API (jsc#PED-3692)
- crypto: qat - replace disable_vf2pf_interrupts() (jsc#PED-3692)
- crypto: qat - replace get_current_node() with numa_node_id() (jsc#PED-3692)
- crypto: qat - rework the VF2PF interrupt handling logic (jsc#PED-3692)
- crypto: qat - set CIPHER capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for DH895XCC (jsc#PED-3692)
- crypto: qat - set COMPRESSION capability for QAT GEN2 (jsc#PED-3692)
- crypto: qat - set DMA mask to 48 bits for Gen2 (jsc#PED-3692)
- crypto: qat - set PFVF_MSGORIGIN just before sending (jsc#PED-3692)
- crypto: qat - share adf_enable_pf2vf_comms() from (jsc#PED-3692)
- crypto: qat - simplify adf_enable_aer() (jsc#PED-3692)
- crypto: qat - simplify code and axe the use of a deprecated (jsc#PED-3692)
- crypto: qat - split PFVF message decoding from handling (jsc#PED-3692)
- crypto: qat - stop using iommu_present() (jsc#PED-3692)
- crypto: qat - store the PFVF protocol version of the (jsc#PED-3692)
- crypto: qat - store the ring-to-service mapping (jsc#PED-3692)
- crypto: qat - support fast ACKs in the PFVF protocol (jsc#PED-3692)
- crypto: qat - support the reset of ring pairs on PF (jsc#PED-3692)
- crypto: qat - test PFVF registers for spurious interrupts on (jsc#PED-3692)
- crypto: qat - use enums for PFVF protocol codes (jsc#PED-3692)
- crypto: qat - use hweight for bit counting (jsc#PED-3692)
- crypto: qat - use pre-allocated buffers in datapath (jsc#PED-3692)
- crypto: qat - use reference to structure in dma_map_single() (jsc#PED-3692)
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (jsc#PED-3692)
- crypto: rsa-pkcs1pad - Use akcipher_request_complete (git-fixes).
- crypto: sa2ul - Select CRYPTO_DES (git-fixes).
- crypto: safexcel - Cleanup ring IRQ workqueues on load failure (git-fixes).
- crypto: seqiv - Handle EBUSY correctly (git-fixes).
- crypto: sun8i-ss - Fix a test in sun8i_ss_setup_ivs() (git-fixes).
- crypto: x86/ghash - fix unaligned access in ghash_setkey() (git-fixes).
- crypto: xts - Handle EBUSY correctly (git-fixes).
- cxgb4: fix missing unlock on ETHOFLD desc collect fail path (jsc#SLE-18992).
- debugfs: add debugfs_lookup_and_remove() (git-fixes).
- debugfs: fix error when writing negative value to atomic_t debugfs file (git-fixes).
- device-dax: Fix duplicate 'hmem' device registration (bsc#1211400).
- devlink: hold region lock when flushing snapshots (git-fixes).
- disable two x86 PAT related patches (bsc#1212456) This may break i915 when booted with nopat, but fixes /dev/mem access in Xen PV domU.
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: clear the journal on suspend (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm raid: fix address sanitizer warning in raid_resume (git-fixes).
- dm raid: fix address sanitizer warning in raid_status (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm writecache: set a default MAX_WRITEBACK_JOBS (git-fixes).
- dm: fix alloc_dax error handling in alloc_dev (git-fixes).
- dm: requeue IO if mapping table not yet available (git-fixes).
- dma-buf: Use dma_fence_unwrap_for_each when importing fences (git-fixes).
- dma-buf: cleanup kerneldoc of removed component (git-fixes).
- dma-direct: use is_swiotlb_active in dma_direct_map_page (PED-3259).
- dma-mapping: reformat comment to suppress htmldoc warning (git-fixes).
- dma: gpi: remove spurious unlock in gpi_ch_init (git-fixes).
- dmaengine: at_xdmac: Move the free desc to the tail of the desc list (git-fixes).
- dmaengine: at_xdmac: do not enable all cyclic channels (git-fixes).
- dmaengine: at_xdmac: fix potential Oops in at_xdmac_prep_interleaved() (git-fixes).
- dmaengine: dw-axi-dmac: Do not dereference NULL structure (git-fixes).
- dmaengine: dw-edma: Do not permit non-inc interleaved xfers (git-fixes).
- dmaengine: dw-edma: Drop chancnt initialization (git-fixes).
- dmaengine: dw-edma: Fix invalid interleaved xfers semantics (git-fixes).
- dmaengine: dw-edma: Fix missing src/dst address of interleaved xfers (git-fixes).
- dmaengine: dw-edma: Fix readq_ch() return value truncation (git-fixes).
- dmaengine: dw-edma: Fix to change for continuous transfer (git-fixes).
- dmaengine: dw-edma: Fix to enable to issue dma request on DMA processing (git-fixes).
- dmaengine: idxd: Do not enable user type Work Queue without Shared Virtual Addressing (git-fixes).
- dmaengine: idxd: Only call idxd_enable_system_pasid() if succeeded in enabling SVA feature (git-fixes).
- dmaengine: idxd: Separate user and kernel pasid enabling (git-fixes).
- dmaengine: idxd: Set traffic class values in GRPCFG on DSA 2.0 (git-fixes).
- dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init (git-fixes).
- dmaengine: mv_xor_v2: Fix an error code (git-fixes).
- dmaengine: pl330: rename _start to prevent build error (git-fixes).
- dmaengine: ptdma: check for null desc before calling pt_cmd_callback (git-fixes).
- dmaengine: sf-pdma: pdma_desc memory leak fix (git-fixes).
- dmaengine: tegra: Fix memory leak in terminate_all() (git-fixes).
- do not reuse connection if share marked as isolated (bsc#1193629).
- docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes).
- docs/scripts/gdb: add necessary make scripts_gdb step (git-fixes).
- docs: Correct missing 'd_' prefix for dentry_operations member d_weak_revalidate (git-fixes).
- docs: driver-api: firmware_loader: fix missing argument in usage example (git-fixes).
- docs: ftrace: fix a issue with duplicated subtitle number (git-fixes).
- docs: gdbmacros: print newest record (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- docs: networking: fix x25-iface.rst heading & index order (git-fixes).
- documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- driver core: Do not require dynamic_debug for initcall_debug probe timing (git-fixes).
- driver core: fix potential null-ptr-deref in device_add() (git-fixes).
- driver core: fix resource leak in device_add() (git-fixes).
- driver core: fw_devlink: Add DL_FLAG_CYCLE support to device links (git-fixes).
- drivers/base: Fix unsigned comparison to -1 in CPUMAP_FILE_MAX_BYTES (bsc#1208815).
- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (bsc#1208815).
- drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() (git-fixes).
- drivers: base: component: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: dd: fix memory leak with using debugfs_lookup() (git-fixes).
- drivers: base: transport_class: fix possible memory leak (git-fixes).
- drivers: base: transport_class: fix resource leak when transport_add_device() fails (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() (git-fixes).
- drivers: staging: rtl8723bs: Fix locking in rtw_scan_timeout_handler() (git-fixes).
- drivers: vmbus: Check for channel allocation before looking up relids (git-fixes).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- drm-hyperv: Add a bug reference to two existing changes (bsc#1211281).
- drm/amd/amdgpu: fix warning during suspend (bsc#1206843).
- drm/amd/display/dc/dce60/Makefile: Fix previous attempt to silence known override-init warnings (git-fixes).
- drm/amd/display: Add DCN314 display SG Support (bsc#1206843).
- drm/amd/display: Add DSC Support for Synaptics Cascaded MST Hub (git-fixes).
- drm/amd/display: Add NULL plane_state check for cursor disable logic (git-fixes).
- drm/amd/display: Add check for DET fetch latency hiding for dcn32 (bsc#1206843).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add missing brackets in calculation (bsc#1206843).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Adjust downscaling limits for dcn314 (bsc#1206843).
- drm/amd/display: Allow subvp on vactive pipes that are 2560x1440@60 (bsc#1206843).
- drm/amd/display: Clear MST topology if it fails to resume (git-fixes).
- drm/amd/display: Conversion to bool not necessary (git-fixes).
- drm/amd/display: Defer DIG FIFO disable after VID stream enable (bsc#1206843).
- drm/amd/display: Disable DRR actions during state commit (bsc#1206843).
- drm/amd/display: Disable HUBP/DPP PG on DCN314 for now (bsc#1206843).
- drm/amd/display: Do not clear GPINT register when releasing DMUB from reset (git-fixes).
- drm/amd/display: Do not commit pipe when updating DRR (bsc#1206843).
- drm/amd/display: Do not set DRR on pipe Commit (bsc#1206843).
- drm/amd/display: Enable P-state validation checks for DCN314 (bsc#1206843).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fail atomic_check early on normalize_zpos error (git-fixes).
- drm/amd/display: Fix DP MST sinks removal issue (git-fixes).
- drm/amd/display: Fix DTBCLK disable requests and SRC_SEL programming (bsc#1206843).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Fix display corruption w/ VSR enable (bsc#1206843).
- drm/amd/display: Fix hang when skipping modeset (git-fixes).
- drm/amd/display: Fix potential null dereference (git-fixes).
- drm/amd/display: Fix potential null-deref in dm_resume (git-fixes).
- drm/amd/display: Fix race condition in DPIA AUX transfer (bsc#1206843).
- drm/amd/display: Fix set scaling doesn's work (git-fixes).
- drm/amd/display: Fix timing not changning when freesync video is enabled (git-fixes).
- drm/amd/display: Fixes for dcn32_clk_mgr implementation (git-fixes).
- drm/amd/display: Include virtual signal to set k1 and k2 values (bsc#1206843).
- drm/amd/display: Move DCN314 DOMAIN power control to DMCUB (bsc#1206843).
- drm/amd/display: Pass the right info to drm_dp_remove_payload (bsc#1206843).
- drm/amd/display: Properly handle additional cases where DCN is not supported (git-fixes).
- drm/amd/display: Properly reuse completion structure (bsc#1206843).
- drm/amd/display: Reduce expected sdp bandwidth for dcn321 (bsc#1206843).
- drm/amd/display: Remove OTG DIV register write for Virtual signals (bsc#1206843).
- drm/amd/display: Report to ACPI video if no panels were found (bsc#1206843).
- drm/amd/display: Reset DMUB mailbox SW state after HW reset (bsc#1206843).
- drm/amd/display: Reset OUTBOX0 r/w pointer on DMUB reset (git-fixes).
- drm/amd/display: Return error code on DSC atomic check failure (git-fixes).
- drm/amd/display: Revert Reduce delay when sink device not able to ACK 00340h write (git-fixes).
- drm/amd/display: Set dcn32 caps.seamless_odm (bsc#1206843).
- drm/amd/display: Set hvm_enabled flag for S/G mode (bsc#1206843).
- drm/amd/display: Simplify same effect if/else blocks (git-fixes).
- drm/amd/display: Take FEC Overhead into Timeslot Calculation (bsc#1206843).
- drm/amd/display: Take emulated dc_sink into account for HDCP (bsc#1207734).
- drm/amd/display: Unassign does_plane_fit_in_mall function from dcn3.2 (bsc#1206843).
- drm/amd/display: Uninitialized variables causing 4k60 UCLK to stay at DPM1 and not DPM0 (bsc#1206843).
- drm/amd/display: Update bounding box values for DCN321 (git-fixes).
- drm/amd/display: Update clock table to include highest clock setting (bsc#1206843).
- drm/amd/display: Use DC_LOG_DC in the trasform pixel function (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: Use min transition for SubVP into MPO (bsc#1206843).
- drm/amd/display: Workaround to increase phantom pipe vactive in pipesplit (bsc#1206843).
- drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961).
- drm/amd/display: adjust MALL size available for DCN32 and DCN321 (bsc#1206843).
- drm/amd/display: disable S/G display on DCN 3.1.4 (bsc#1206843).
- drm/amd/display: disable S/G display on DCN 3.1.5 (bsc#1206843).
- drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961).
- drm/amd/display: disconnect MPCC only on OTG change (bsc#1206843).
- drm/amd/display: do not call dc_interrupt_set() for disabled crtcs (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix FCLK pstate change underflow (bsc#1206843).
- drm/amd/display: fix cursor offset on rotation 180 (git-fixes).
- drm/amd/display: fix duplicate assignments (git-fixes).
- drm/amd/display: fix flickering caused by S/G mode (git-fixes).
- drm/amd/display: fix issues with driver unload (git-fixes).
- drm/amd/display: fix k1 k2 divider programming for phantom streams (bsc#1206843).
- drm/amd/display: fix mapping to non-allocated address (bsc#1206843).
- drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/display: fix wrong index used in dccg32_set_dpstreamclk (bsc#1206843).
- drm/amd/display: move remaining FPU code to dml folder (bsc#1206843).
- drm/amd/display: properly handling AGP aperture in vm setup (bsc#1206843).
- drm/amd/display: reduce else-if to else in dcn10_blank_pixel_data() (git-fixes).
- drm/amd/display: revert Disable DRR actions during state commit (bsc#1206843).
- drm/amd/display: skip commit minimal transition state (bsc#1206843).
- drm/amd/display: wait for vblank during pipe programming (git-fixes).
- drm/amd/pm/smu13: BACO is supported when it's in BACO state (bsc#1206843).
- drm/amd/pm: Enable bad memory page/channel recording support for smu v13_0_0 (bsc#1206843).
- drm/amd/pm: Fix output of pp_od_clk_voltage (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: Fix sienna cichlid incorrect OD volage after resume (bsc#1206843).
- drm/amd/pm: add SMU 13.0.7 missing GetPptLimit message mapping (bsc#1206843).
- drm/amd/pm: add missing AllowIHInterrupt message mapping for SMU13.0.0 (bsc#1206843).
- drm/amd/pm: add missing SMU13.0.0 mm_dpm feature mapping (bsc#1206843).
- drm/amd/pm: add missing SMU13.0.7 mm_dpm feature mapping (bsc#1206843).
- drm/amd/pm: add the missing mapping for PPT feature on SMU13.0.0 and 13.0.7 (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.0 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.4 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU 13.0.7 driver_if header version (bsc#1206843).
- drm/amd/pm: bump SMU13.0.0 driver_if header to version 0x34 (bsc#1206843).
- drm/amd/pm: correct SMU13.0.0 pstate profiling clock settings (bsc#1206843).
- drm/amd/pm: correct SMU13.0.7 max shader clock reporting (bsc#1206843).
- drm/amd/pm: correct SMU13.0.7 pstate profiling clock settings (bsc#1206843).
- drm/amd/pm: correct the fan speed retrieving in PWM for some SMU13 asics (bsc#1206843).
- drm/amd/pm: correct the pcie link state check for SMU13 (bsc#1206843).
- drm/amd/pm: correct the reference clock for fan speed(rpm) calculation (bsc#1206843).
- drm/amd/pm: drop unneeded dpm features disablement for SMU 13.0.4/11 (bsc#1206843).
- drm/amd/pm: enable GPO dynamic control support for SMU13.0.0 (bsc#1206843).
- drm/amd/pm: enable GPO dynamic control support for SMU13.0.7 (bsc#1206843).
- drm/amd/pm: enable mode1 reset on smu_v13_0_10 (bsc#1206843).
- drm/amd/pm: parse pp_handle under appropriate conditions (git-fixes).
- drm/amd/pm: remove unused num_of_active_display variable (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for renoir (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for vangogh (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for yellow carp (git-fixes).
- drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961).
- drm/amd/pm: update SMU13.0.0 reported maximum shader clock (bsc#1206843).
- drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961).
- drm/amd: Avoid ASSERT for some message failures (bsc#1206843).
- drm/amd: Avoid BUG() for case of SRIOV missing IP version (bsc#1206843).
- drm/amd: Delay removal of the firmware framebuffer (git-fixes).
- drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961).
- drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961).
- drm/amd: Fix an out of bounds error in BIOS parser (git-fixes).
- drm/amd: Fix initialization for nbio 4.3.0 (bsc#1206843).
- drm/amd: Fix initialization for nbio 7.5.1 (bsc#1206843).
- drm/amd: Fix initialization mistake for NBIO 7.3.0 (bsc#1206843).
- drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes).
- drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes).
- drm/amdgpu/discovery: add PSP IP v13.0.11 support (bsc#1206843).
- drm/amdgpu/discovery: enable gfx v11 for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable gmc v11 for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable mes support for GC v11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: enable nbio support for NBIO v7.7.1 (bsc#1206843).
- drm/amdgpu/discovery: enable soc21 common for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/discovery: set the APU flag for GC 11.0.4 (bsc#1206843).
- drm/amdgpu/display/mst: Fix mst_state->pbn_div and slot count assignments (bsc#1206843).
- drm/amdgpu/display/mst: adjust the naming of mst_port and port of aconnector (bsc#1206843).
- drm/amdgpu/display/mst: limit payload to be updated one by one (bsc#1206843).
- drm/amdgpu/display/mst: update mst_mgr relevant variable when long HPD (bsc#1206843).
- drm/amdgpu/dm/dp_mst: Do not grab mst_mgr->lock when computing DSC state (bsc#1206843).
- drm/amdgpu/dm/mst: Fix uninitialized var in pre_compute_mst_dsc_configs_for_state() (bsc#1206843).
- drm/amdgpu/dm/mst: Use the correct topology mgr pointer in amdgpu_dm_connector (bsc#1206843).
- drm/amdgpu/fence: Fix oops due to non-matching drm_sched init/fini (git-fixes).
- drm/amdgpu/gfx10: Disable gfxoff before disabling powergating (git-fixes).
- drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras (git-fixes).
- drm/amdgpu/mst: Stop ignoring error codes and deadlocking (bsc#1206843).
- drm/amdgpu/nv: Apply ASPM quirk on Intel ADL + AMD Navi (bsc#1206843).
- drm/amdgpu/pm: add GFXOFF control IP version check for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/pm: enable swsmu for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/pm: use the specific mailbox registers only for SMU IP v13.0.4 (bsc#1206843).
- drm/amdgpu/smu: skip pptable init under sriov (bsc#1206843).
- drm/amdgpu/soc21: Add video cap query support for VCN_4_0_4 (bsc#1206843).
- drm/amdgpu/soc21: add mode2 asic reset for SMU IP v13.0.11 (bsc#1206843).
- drm/amdgpu/soc21: do not expose AV1 if VCN0 is harvested (bsc#1206843).
- drm/amdgpu: Add unique_id support for GC 11.0.1/2 (bsc#1206843).
- drm/amdgpu: Correct the power calcultion for Renior/Cezanne (git-fixes).
- drm/amdgpu: Do not register backlight when another backlight should be used (v3) (bsc#1206843).
- drm/amdgpu: Do not resume IOMMU after incomplete init (bsc#1206843).
- drm/amdgpu: Enable pg/cg flags on GC11_0_4 for VCN (bsc#1206843).
- drm/amdgpu: Enable vclk dclk node for gc11.0.3 (bsc#1206843).
- drm/amdgpu: Fix call trace warning and hang when removing amdgpu device (bsc#1206843).
- drm/amdgpu: Fix potential NULL dereference (bsc#1206843).
- drm/amdgpu: Fix potential double free and null pointer dereference (bsc#1206843).
- drm/amdgpu: Fix size validation for non-exclusive domains (v4) (bsc#1206843).
- drm/amdgpu: Fix vram recover does not work after whole GPU reset (v2) (git-fixes).
- drm/amdgpu: Fixed bug on error when unloading amdgpu (bsc#1206843).
- drm/amdgpu: Re-enable DCN for 64-bit powerpc (bsc#1194869).
- drm/amdgpu: Register ACPI video backlight when skipping amdgpu backlight registration (bsc#1206843).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Use the TGID for trace_amdgpu_vm_update_ptes (bsc#1206843).
- drm/amdgpu: Use the default reset when loading or reloading the driver (git-fixes).
- drm/amdgpu: Use the sched from entity for amdgpu_cs trace (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: add a missing lock for AMDGPU_SCHED (git-fixes).
- drm/amdgpu: add gfx support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add gmc v11 support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add missing radeon secondary PCI ID (git-fixes).
- drm/amdgpu: add smu 13 support for smu 13.0.11 (bsc#1206843).
- drm/amdgpu: add soc21 common ip block support for GC 11.0.4 (bsc#1206843).
- drm/amdgpu: add tmz support for GC 11.0.1 (bsc#1206843).
- drm/amdgpu: add tmz support for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: allow more APUs to do mode2 reset when go to S4 (bsc#1206843).
- drm/amdgpu: allow multipipe policy on ASICs with one MEC (bsc#1206843).
- drm/amdgpu: change gfx 11.0.4 external_id range (git-fixes).
- drm/amdgpu: complete gfxoff allow signal during suspend without delay (git-fixes).
- drm/amdgpu: correct MEC number for gfx11 APUs (bsc#1206843).
- drm/amdgpu: disable runtime pm on several sienna cichlid cards(v2) (git-fixes).
- drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend (git-fixes).
- drm/amdgpu: drop experimental flag on aldebaran (git-fixes).
- drm/amdgpu: enable GFX Clock Gating control for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: enable GFX IP v11.0.4 CG support (bsc#1206843).
- drm/amdgpu: enable GFX Power Gating for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: enable HDP SD for gfx 11.0.3 (bsc#1206843).
- drm/amdgpu: enable PSP IP v13.0.11 support (bsc#1206843).
- drm/amdgpu: enable VCN DPG for GC IP v11.0.4 (bsc#1206843).
- drm/amdgpu: fix Null pointer dereference error in amdgpu_device_recover_vram (git-fixes).
- drm/amdgpu: fix amdgpu_job_free_resources v2 (bsc#1206843).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961).
- drm/amdgpu: fix enum odm_combine_mode mismatch (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for nv (bsc#1206843).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc15 (git-fixes).
- drm/amdgpu: fix error checking in amdgpu_read_mm_registers for soc21 (bsc#1206843).
- drm/amdgpu: fix mmhub register base coding error (git-fixes).
- drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961).
- drm/amdgpu: fix return value check in kfd (git-fixes).
- drm/amdgpu: fix ttm_bo calltrace warning in psp_hw_fini (bsc#1206843).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdgpu: for S0ix, skip SDMA 5.x+ suspend/resume (git-fixes).
- drm/amdgpu: release gpu full access after 'amdgpu_device_ip_late_init' (git-fixes).
- drm/amdgpu: reposition the gpu reset checking for reuse (bsc#1206843).
- drm/amdgpu: set GC 11.0.4 family (bsc#1206843).
- drm/amdgpu: skip ASIC reset for APUs when go to S4 (bsc#1206843).
- drm/amdgpu: skip MES for S0ix as well since it's part of GFX (bsc#1206843).
- drm/amdgpu: skip disabling fence driver src_irqs when device is unplugged (git-fixes).
- drm/amdgpu: skip mes self test after s0i3 resume for MES IP v11.0 (bsc#1206843).
- drm/amdgpu: skip psp suspend for IMU enabled ASICs mode2 reset (git-fixes).
- drm/amdgpu: update drm_display_info correctly when the edid is read (git-fixes).
- drm/amdgpu: update wave data type to 3 for gfx11 (bsc#1206843).
- drm/amdkfd: Add sync after creating vram bo (bsc#1206843).
- drm/amdkfd: Fix BO offset for multi-VMA page migration (git-fixes).
- drm/amdkfd: Fix NULL pointer error for GC 11.0.1 on mGPU (bsc#1206843).
- drm/amdkfd: Fix an illegal memory access (git-fixes).
- drm/amdkfd: Fix double release compute pasid (bsc#1206843).
- drm/amdkfd: Fix kfd_process_device_init_vm error handling (bsc#1206843).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/amdkfd: Fix the memory overrun (bsc#1206843).
- drm/amdkfd: Fix the warning of array-index-out-of-bounds (bsc#1206843).
- drm/amdkfd: Fixed kfd_process cleanup on module exit (git-fixes).
- drm/amdkfd: Get prange->offset after svm_range_vram_node_new (git-fixes).
- drm/amdkfd: Page aligned memory reserve size (bsc#1206843).
- drm/amdkfd: add GC 11.0.4 KFD support (bsc#1206843).
- drm/amdkfd: fix a potential double free in pqm_create_queue (git-fixes).
- drm/amdkfd: fix potential kgd_mem UAFs (git-fixes).
- drm/amdkfd: introduce dummy cache info for property asic (bsc#1206843).
- drm/armada: Fix a potential double free in an error handling path (git-fixes).
- drm/ast: Fix ARM compatibility (git-fixes).
- drm/bochs: fix blanking (git-fixes).
- drm/bridge: Fix returned array size name for atomic_get_input_bus_fmts kdoc (git-fixes).
- drm/bridge: adv7533: Fix adv7533_mode_valid for adv7533 and adv7535 (git-fixes).
- drm/bridge: it6505: Fix return value check for pm_runtime_get_sync (git-fixes).
- drm/bridge: lt8912b: Add hot plug detection (git-fixes).
- drm/bridge: lt8912b: Fix DSI Video Mode (git-fixes).
- drm/bridge: lt8912b: return EPROBE_DEFER if bridge is not found (git-fixes).
- drm/bridge: lt9611: Fix PLL being unable to lock (git-fixes).
- drm/bridge: lt9611: fix HPD reenablement (git-fixes).
- drm/bridge: lt9611: fix clock calculation (git-fixes).
- drm/bridge: lt9611: fix polarity programming (git-fixes).
- drm/bridge: lt9611: fix programming of video modes (git-fixes).
- drm/bridge: lt9611: fix sleep mode setup (git-fixes).
- drm/bridge: lt9611: pass a pointer to the of node (git-fixes).
- drm/bridge: megachips: Fix error handling in i2c_register_driver() (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix delay after reset deassert to match spec (git-fixes).
- drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes).
- drm/cirrus: NULL-check pipe->plane.state->fb in cirrus_pipe_update() (git-fixes).
- drm/connector: print max_requested_bpc in state debugfs (git-fixes).
- drm/display/dp_mst: Add drm_atomic_get_old_mst_topology_state() (bsc#1206843).
- drm/display/dp_mst: Add helper for finding payloads in atomic MST state (bsc#1206843).
- drm/display/dp_mst: Add helpers for serializing SST <-> MST transitions (bsc#1206843).
- drm/display/dp_mst: Add nonblocking helpers for DP MST (bsc#1206843).
- drm/display/dp_mst: Call them time slots, not VCPI slots (bsc#1206843).
- drm/display/dp_mst: Correct the kref of port (bsc#1206843).
- drm/display/dp_mst: Do not open code modeset checks for releasing time slots (bsc#1206843).
- drm/display/dp_mst: Drop all ports from topology on CSNs before queueing link address work (bsc#1206843).
- drm/display/dp_mst: Fix confusing docs for drm_dp_atomic_release_time_slots() (bsc#1206843).
- drm/display/dp_mst: Fix down message handling after a packet reception error (git-fixes).
- drm/display/dp_mst: Fix down/up message handling after sink disconnect (git-fixes).
- drm/display/dp_mst: Fix drm_dp_mst_add_affected_dsc_crtcs() return code (git-fixes).
- drm/display/dp_mst: Fix modeset tracking in drm_dp_atomic_release_vcpi_slots() (bsc#1206843).
- drm/display/dp_mst: Handle old/new payload states in drm_dp_remove_payload() (bsc#1206843).
- drm/display/dp_mst: Maintain time slot allocations when deleting payloads (bsc#1206843).
- drm/display/dp_mst: Move all payload info into the atomic state (bsc#1206843).
- drm/display/dp_mst: Rename drm_dp_mst_vcpi_allocation (bsc#1206843).
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (git-fixes).
- drm/displayid: add displayid_get_header() and check bounds better (git-fixes).
- drm/dp: Do not rewrite link config when setting phy test pattern (git-fixes).
- drm/dp_mst: Avoid deleting payloads for connectors staying enabled (bsc#1206843).
- drm/dp_mst: fix drm_dp_dpcd_read return value checks (git-fixes).
- drm/edid: fix AVI infoframe aspect ratio handling (git-fixes).
- drm/edid: fix parsing of 3D modes from HDMI VSDB (git-fixes).
- drm/etnaviv: fix reference leak when mmaping imported buffer (git-fixes).
- drm/exynos: fix g2d_open/close helper function definitions (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/fb-helper: set x/yres_virtual in drm_fb_helper_check_var (git-fixes).
- drm/fbdev-generic: prohibit potential out-of-bounds access (git-fixes).
- drm/fourcc: Add missing big-endian XRGB1555 and RGB565 formats (git-fixes).
- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (git-fixes).
- drm/hyperv: Add error message for fb size greater than allocated (git-fixes).
- drm/hyperv: Fix an error handling path in hyperv_vmbus_probe() (git-fixes).
- drm/i915/active: Fix missing debug object activation (git-fixes).
- drm/i915/active: Fix misuse of non-idle barriers as fence trackers (git-fixes).
- drm/i915/adlp: Fix typo for reference clock (git-fixes).
- drm/i915/color: Fix typo for Plane CSC indexes (git-fixes).
- drm/i915/dg2: Add HDMI pixel clock frequencies 267.30 and 319.89 MHz (git-fixes).
- drm/i915/dg2: Add additional HDMI pixel clock frequencies (git-fixes).
- drm/i915/dg2: Drop one PCI ID (git-fixes).
- drm/i915/dg2: Support 4k@30 on HDMI (git-fixes).
- drm/i915/dgfx: Keep PCI autosuspend control 'on' by default on all dGPU (git-fixes).
- drm/i915/display/psr: Handle plane and pipe restrictions at every page flip (git-fixes).
- drm/i915/display/psr: Use drm damage helpers to calculate plane damaged area (git-fixes).
- drm/i915/display: Check source height is > 0 (git-fixes).
- drm/i915/display: Workaround cursor left overs with PSR2 selective fetch enabled (git-fixes).
- drm/i915/display: clean up comments (git-fixes).
- drm/i915/dmc: Update DG2 DMC version to v2.08 (git-fixes).
- drm/i915/dp: prevent potential div-by-zero (git-fixes).
- drm/i915/dp_mst: Fix mst_mgr lookup during atomic check (bsc#1206843).
- drm/i915/dp_mst: Fix payload removal during output disabling (bsc#1206843).
- drm/i915/dpt: Treat the DPT BO as a framebuffer (git-fixes).
- drm/i915/dsi: Use unconditional msleep() instead of intel_dsi_msleep() (git-fixes).
- drm/i915/dsi: fix DSS CTL register offsets for TGL+ (git-fixes).
- drm/i915/gem: Flush lmem contents after construction (git-fixes).
- drm/i915/gen11: Moving WAs to icl_gt_workarounds_init() (git-fixes).
- drm/i915/gen11: Wa_1408615072/Wa_1407596294 should be on GT list (git-fixes).
- drm/i915/gt: Use the correct error value when kernel_context() fails (git-fixes).
- drm/i915/gt: perform uc late init after probe error injection (git-fixes).
- drm/i915/guc: Do not capture Gen8 regs on Xe devices (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/huc: always init the delayed load fence (git-fixes).
- drm/i915/huc: bump timeout for delayed load and reduce print verbosity (git-fixes).
- drm/i915/huc: fix leak of debug object in huc load fence on driver unload (git-fixes).
- drm/i915/migrate: Account for the reserved_space (git-fixes).
- drm/i915/migrate: fix corner case in CCS aux copying (git-fixes).
- drm/i915/psr: Fix PSR_IMR/IIR field handling (git-fixes).
- drm/i915/psr: Use calculated io and fast wake lines (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915/pxp: use <> instead of '' for headers in include/ (git-fixes).
- drm/i915/quirks: Add inverted backlight quirk for HP 14-r206nv (git-fixes).
- drm/i915/selftest: fix intel_selftest_modify_policy argument types (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915/tc: Fix the ICL PHY ownership check in TC-cold state (git-fixes).
- drm/i915: Allow switching away via vga-switcheroo if uninitialized (git-fixes).
- drm/i915: Avoid potential vm use-after-free (git-fixes).
- drm/i915: Disable DC states for all commits (git-fixes).
- drm/i915: Do not use BAR mappings for ring buffers with LLC (git-fixes).
- drm/i915: Do not use stolen memory for ring buffers with LLC (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Fix NULL ptr deref by checking new_crtc_state (git-fixes).
- drm/i915: Fix VBT DSI DVO port handling (git-fixes).
- drm/i915: Fix context runtime accounting (git-fixes).
- drm/i915: Fix fast wake AUX sync len (git-fixes).
- drm/i915: Fix potential bit_17 double-free (git-fixes).
- drm/i915: Fix potential context UAFs (git-fixes).
- drm/i915: Fix request ref counting during error capture & debugfs dump (git-fixes).
- drm/i915: Fix up locking around dumping requests lists (git-fixes).
- drm/i915: Initialize the obj flags for shmem objects (git-fixes).
- drm/i915: Make intel_get_crtc_new_encoder() less oopsy (git-fixes).
- drm/i915: Move CSC load back into .color_commit_arm() when PSR is enabled on skl/glk (git-fixes).
- drm/i915: Move fd_install after last use of fence (git-fixes).
- drm/i915: Preserve crtc_state->inherited during state clearing (git-fixes).
- drm/i915: Remove __maybe_unused from mtl_info (git-fixes).
- drm/i915: Remove unused bits of i915_vma/active api (git-fixes).
- drm/i915: Remove unused variable (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/i915: fix race condition UAF in i915_perf_add_config_ioctl (git-fixes).
- drm/i915: move a Kconfig symbol to unbreak the menu presentation (git-fixes).
- drm/i915: stop abusing swiotlb_max_segment (git-fixes).
- drm/lima/lima_drv: Add missing unwind goto in lima_pdev_probe() (git-fixes).
- drm/mediatek: Clean dangling pointer on bind error path (git-fixes).
- drm/mediatek: Drop unbalanced obj unref (git-fixes).
- drm/mediatek: Use NULL instead of 0 for NULL pointer (git-fixes).
- drm/mediatek: dsi: Reduce the time of dsi from LP11 to sending cmd (git-fixes).
- drm/mediatek: mtk_drm_crtc: Add checks for devm_kcalloc (git-fixes).
- drm/meson: fix 1px pink line on GXM when scaling video overlay (git-fixes).
- drm/meson: fix missing component unbind on bind errors (git-fixes).
- drm/meson: reorder driver deinit sequence to fix use-after-free bug (git-fixes).
- drm/mgag200: Fix gamma lut not initialized (git-fixes).
- drm/mipi-dsi: Fix byte order of 16-bit DCS set/get brightness (git-fixes).
- drm/mipi-dsi: Set the fwnode for mipi_dsi_device (git-fixes).
- drm/msm/a5xx: fix context faults during ring switch (git-fixes).
- drm/msm/a5xx: fix highest bank bit for a530 (git-fixes).
- drm/msm/a5xx: fix setting of the CP_PREEMPT_ENABLE_LOCAL register (git-fixes).
- drm/msm/a5xx: fix the emptyness check in the preempt code (git-fixes).
- drm/msm/a6xx: Fix kvzalloc vs state_kcalloc usage (git-fixes).
- drm/msm/a6xx: Fix speed-bin detection vs probe-defer (git-fixes).
- drm/msm/adreno: Fix null ptr access in adreno_gpu_cleanup() (git-fixes).
- drm/msm/adreno: adreno_gpu: Use suspend() instead of idle() on load error (git-fixes).
- drm/msm/adreno: drop bogus pm_runtime_set_active() (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at gpu load (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/disp/dpu: check for crtc enable rather than crtc active to release shared resources (git-fixes).
- drm/msm/disp/dpu: fix sc7280_pp base offset (git-fixes).
- drm/msm/dp: Clean up handling of DP AUX interrupts (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dp: cleared DP_DOWNSPREAD_CTRL register before start link training (git-fixes).
- drm/msm/dp: unregister audio driver during unbind (git-fixes).
- drm/msm/dpu: Add INTF_5 interrupts (git-fixes).
- drm/msm/dpu: Add check for cstate (git-fixes).
- drm/msm/dpu: Add check for pstates (git-fixes).
- drm/msm/dpu: Disallow unallocated resources to be returned (git-fixes).
- drm/msm/dpu: Move non-MDP_TOP INTF_INTR offsets out of hwio header (git-fixes).
- drm/msm/dpu: Reject topologies for which no DSC blocks are available (git-fixes).
- drm/msm/dpu: Remove duplicate register defines from INTF (git-fixes).
- drm/msm/dpu: Remove num_enc from topology struct in favour of num_dsc (git-fixes).
- drm/msm/dpu: Wire up DSC mask for active CTL configuration (git-fixes).
- drm/msm/dpu: check for null return of devm_kzalloc() in dpu_writeback_init() (git-fixes).
- drm/msm/dpu: clear DSPP reservations in rm release (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: disable features unsupported by QCM2290 (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dpu: drop DPU_DIM_LAYER from MIXER_MSM8998_MASK (git-fixes).
- drm/msm/dpu: drop stale comment from struct dpu_mdp_cfg doc (git-fixes).
- drm/msm/dpu: fix clocks settings for msm8998 SSPP blocks (git-fixes).
- drm/msm/dpu: fix len of sc7180 ctl blocks (git-fixes).
- drm/msm/dpu: sc7180: add missing WB2 clock control (git-fixes).
- drm/msm/dpu: set pdpu->is_rt_pipe early in dpu_plane_sspp_atomic_update() (git-fixes).
- drm/msm/dsi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/dsi: Allow 2 CTRLs on v2.5.0 (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/msm/gem: Add check for kmalloc (git-fixes).
- drm/msm/hdmi: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/msm/mdp5: Add check for kzalloc (git-fixes).
- drm/msm/mdp5: fix reading hw revision on db410c platform (git-fixes).
- drm/msm: Be more shouty if per-process pgtables are not working (git-fixes).
- drm/msm: Fix potential invalid ptr free (git-fixes).
- drm/msm: Set max segment size earlier (git-fixes).
- drm/msm: clean event_thread->worker in case of an error (git-fixes).
- drm/msm: fix NULL-deref on irq uninstall (git-fixes).
- drm/msm: fix NULL-deref on snapshot tear down (git-fixes).
- drm/msm: fix drm device leak on bind errors (git-fixes).
- drm/msm: fix missing wq allocation error handling (git-fixes).
- drm/msm: fix vram leak on bind errors (git-fixes).
- drm/msm: fix workqueue leak on bind errors (git-fixes).
- drm/msm: use strscpy instead of strncpy (git-fixes).
- drm/nouveau/devinit/tu102-: wait for GFW_BOOT_PROGRESS == COMPLETED (git-fixes).
- drm/nouveau/disp: Support more modes by checking with lower bpc (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau/kms/nv50-: remove unused functions (git-fixes).
- drm/nouveau/kms/nv50: fix nv50_wndw_new_ prototype (git-fixes).
- drm/nouveau/kms: Cache DP encoders in nouveau_connector (bsc#1206843).
- drm/nouveau/kms: Pull mst state in for all modesets (bsc#1206843).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/omap: dsi: Fix excessive stack usage (git-fixes).
- drm/omapdrm: Remove unused struct csc_coef_rgb2yuv (git-fixes).
- drm/panel: novatek-nt35950: Improve error handling (git-fixes).
- drm/panel: novatek-nt35950: Only unregister DSI1 if it exists (git-fixes).
- drm/panel: otm8009a: Set backlight parent to panel device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/panfrost: Do not sync rpm suspension after mmu flushing (git-fixes).
- drm/panfrost: Fix the panfrost_mmu_map_fault_addr() error path (git-fixes).
- drm/probe-helper: Cancel previous job before starting new one (git-fixes).
- drm/radeon: Drop legacy MST support (bsc#1206843).
- drm/radeon: Fix eDP for single-display iMac11,2 (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/radeon: free iio for atombios when driver shutdown (git-fixes).
- drm/radeon: reintroduce radeon_dp_work_func content (git-fixes).
- drm/rockchip: Drop unbalanced obj unref (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/sched: Remove redundant check (git-fixes).
- drm/shmem-helper: Fix locking for drm_gem_shmem_get_pages_sgt() (git-fixes).
- drm/shmem-helper: Remove another errant put in error path (git-fixes).
- drm/shmem-helper: Revert accidental non-GPL export (git-fixes).
- drm/sun4i: fix missing component unbind on bind errors (git-fixes).
- drm/tegra: Avoid potential 32-bit integer overflow (git-fixes).
- drm/tegra: firewall: Check for is_addr_reg existence in IMM check (git-fixes).
- drm/tiny: ili9486: Do not assume 8-bit only SPI controllers (git-fixes).
- drm/ttm/pool: Fix ttm_pool_alloc error path (git-fixes).
- drm/ttm: Fix a NULL pointer dereference (git-fixes).
- drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED (git-fixes).
- drm/ttm: optimize pool allocations a bit v2 (git-fixes).
- drm/vc4: crtc: Increase setup cost in core clock calculation to handle extreme reduced blanking (git-fixes).
- drm/vc4: dpi: Add option for inverting pixel clock and output enable (git-fixes).
- drm/vc4: dpi: Fix format mapping for RGB565 (git-fixes).
- drm/vc4: drv: Call component_unbind_all() (git-fixes).
- drm/vc4: hdmi: Correct interlaced timings again (git-fixes).
- drm/vc4: hdmi: make CEC adapter name unique (git-fixes).
- drm/vc4: hvs: Fix colour order for xRGB1555 on HVS5 (git-fixes).
- drm/vc4: hvs: SCALER_DISPBKGND_AUTOHS is only valid on HVS4 (git-fixes).
- drm/vc4: hvs: Set AXI panic modes (git-fixes).
- drm/vc4: kms: Sort the CRTCs by output before assigning them (git-fixes).
- drm/vc4: vec: Use pm_runtime_resume_and_get() in vc4_vec_encoder_enable() (git-fixes).
- drm/vgem: add missing mutex_destroy (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- drm/virtio: exbuf->fence_fd unmodified on interrupted wait (git-fixes).
- drm/vkms: Fix memory leak in vkms_init() (git-fixes).
- drm/vkms: Fix null-ptr-deref in vkms_release() (git-fixes).
- drm/vmwgfx: Do not drop the reference to the handle too soon (git-fixes).
- drm/vmwgfx: Fix memory leak in vmw_mksstat_add_ioctl() (git-fixes).
- drm/vmwgfx: Fix race issue calling pin_user_pages (git-fixes).
- drm/vmwgfx: Stop accessing buffer objects which failed init (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: Add orientation quirk for Lenovo ideapad D330-10IGL (git-fixes).
- drm: Fix potential null-ptr-deref due to drmm_mode_config_init() (git-fixes).
- drm: amd: display: Fix memory leakage (git-fixes).
- drm: bridge: adv7511: unregister cec i2c device after cec adapter (git-fixes).
- drm: exynos: dsi: Fix MIPI_DSI*_NO_* mode flags (git-fixes).
- drm: msm: adreno: Disable preemption on Adreno 510 (git-fixes).
- drm: mxsfb: DRM_IMX_LCDIF should depend on ARCH_MXC (git-fixes).
- drm: mxsfb: DRM_MXSFB should depend on ARCH_MXS || ARCH_MXC (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo IdeaPad Duet 3 10IGL5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Book X90F (git-fixes).
- drm: rcar-du: Fix a NULL vs IS_ERR() bug (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm: tidss: Fix pixel format definition (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type (git-fixes).
- dt-bindings: arm: fsl: Fix bindings for APF28Dev board (git-fixes).
- dt-bindings: arm: fsl: Fix copy-paste error in comment (git-fixes).
- dt-bindings: ata: ahci-ceva: Cover all 4 iommus entries (git-fixes).
- dt-bindings: ata: ahci-ceva: convert to yaml (git-fixes).
- dt-bindings: hwlock: sun6i: Add missing #hwlock-cells (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- dt-bindings: iio: adc: renesas,rcar-gyroadc: Fix adi,ad7476 compatible value (git-fixes).
- dt-bindings: iio: ti,tmp117: fix documentation link (git-fixes).
- dt-bindings: input: iqs626a: Redefine trackpad property types (git-fixes).
- dt-bindings: mailbox: qcom,apcs-kpss-global: fix SDX55 'if' match (git-fixes).
- dt-bindings: msm: dsi-controller-main: Add vdd* descriptions back in (git-fixes).
- dt-bindings: net: snps,dwmac: Fix snps,reset-delays-us dependency (git-fixes).
- dt-bindings: nvmem: qcom,spmi-sdam: fix example 'reg' property (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- dt-bindings: power: renesas,apmu: Fix cpus property limits (git-fixes).
- dt-bindings: power: supply: pm8941-coincell: Do not require charging properties (git-fixes).
- dt-bindings: remoteproc: st,stm32-rproc: Fix phandle-array parameters description (git-fixes).
- dt-bindings: remoteproc: stm32-rproc: Typo fix (git-fixes).
- dt-bindings: serial: renesas,scif: Fix 4th IRQ for 4-IRQ SCIFs (git-fixes).
- dt-bindings: soc: qcom: smd-rpm: re-add missing qcom,rpm-msm8994 (git-fixes).
- dt-bindings: usb: amlogic,meson-g12a-usb-ctrl: make G12A usb3-phy0 optional (git-fixes).
- dt-bindings: usb: snps,dwc3: Fix 'snps,hsphy_interface' type (git-fixes).
- e1000e: Disable TSO on i219-LM card to increase speed (git-fixes).
- edac/i10nm: Add Intel Emerald Rapids server support (PED-4400).
- eeprom: at24: also select REGMAP (git-fixes).
- eeprom: idt_89hpesx: Fix error handling in idt_init() (git-fixes).
- efi/x86: libstub: Fix typo in __efi64_argmap* name (git-fixes).
- efi: Accept version 2 of memory attributes table (git-fixes).
- efi: efivars: Fix variable writes with unsupported query_variable_store() (git-fixes).
- efi: efivars: Fix variable writes without query_variable_store() (git-fixes).
- efi: fix potential NULL deref in efi_mem_reserve_persistent (git-fixes).
- efi: rt-wrapper: Add missing include (git-fixes).
- efi: ssdt: Do not free memory if ACPI table was loaded successfully (git-fixes).
- efi: sysfb_efi: Add quirk for Lenovo Yoga Book X91F/L (git-fixes).
- efi: sysfb_efi: Fix DMI quirks not working for simpledrm (git-fixes).
- elevator: update the document of elevator_switch (git-fixes).
- elf: correct note name comment (git-fixes).
- ethernet: 3com/typhoon: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: 8390/etherh: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: i825xx: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: ice: avoid gcc-9 integer overflow warning (jsc#PED-376).
- ethernet: seeq/ether3: do not write directly to netdev->dev_addr (git-fixes).
- ethernet: tundra: do not write directly to netdev->dev_addr (git-fixes).
- exit: Add and use make_task_dead (bsc#1207328).
- exit: Allow oops_limit to be disabled (bsc#1207328).
- exit: Guarantee make_task_dead leaks the tsk when calling do_task_exit (bsc#1207328).
- exit: Move force_uaccess back into do_exit (bsc#1207328).
- exit: Move oops specific logic from do_exit into make_task_dead (bsc#1207328).
- exit: Put an upper limit on how often we can oops (bsc#1207328).
- exit: Stop poorly open coding do_task_dead in make_task_dead (bsc#1207328).
- exit: Use READ_ONCE() for all oops/warn limit reads (bsc#1207328).
- ext4,f2fs: fix readahead of verity data (bsc#1207648).
- ext4: Fix deadlock during directory rename (bsc#1210763).
- ext4: Fix possible corruption when moving a directory (bsc#1210763).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode (bsc#1207619).
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add helper to check quota inums (bsc#1207618).
- ext4: add inode table check in __ext4_get_inode_loc to aovid possible infinite loop (bsc#1207617).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add missing validation of fast-commit record lengths (bsc#1207626).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: allocate extended attribute value in vmalloc area (bsc#1207635).
- ext4: avoid crash when inline data creation follows DIO write (bsc#1206883).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: avoid resizing to a partial cluster size (bsc#1206880).
- ext4: avoid unaccounted block allocation when expanding inode (bsc#1207634).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: continue to expand file system when the target size does not reach (bsc#1206882).
- ext4: correct cluster len and clusters changed accounting in ext4_mb_mark_bb (bsc#1207592).
- ext4: correct max_inline_xattr_value_size computing (bsc#1206878).
- ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878).
- ext4: disable fast-commit of encrypted dir operations (bsc#1207623).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: do not allow journal inode to have encrypt flag (bsc#1207621).
- ext4: do not increase iversion counter for ea_inodes (bsc#1207605).
- ext4: do not run ext4lazyinit for read-only filesystems (bsc#1207603).
- ext4: do not set up encryption key during jbd2 transaction (bsc#1207624).
- ext4: drop ineligible txn start stop APIs (bsc#1207588).
- ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate (bsc#1207606).
- ext4: factor out ext4_fc_get_tl() (bsc#1207615).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fast commit may miss file actions (bsc#1207591).
- ext4: fast commit may not fallback for ineligible commit (bsc#1207590).
- ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886).
- ext4: fix RENAME_WHITEOUT handling for inline directories (bsc#1210766).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix another off-by-one fsmap error on 1k block filesystems (bsc#1210767).
- ext4: fix bad checksum after online resize (bsc#1210762 bsc#1208076).
- ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881).
- ext4: fix bug_on in __es_tree_search caused by bad boot loader inode (bsc#1207620).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix bug_on in start_this_handle during umount filesystem (bsc#1207594).
- ext4: fix cgroup writeback accounting with fs-layer encryption (bsc#1210765).
- ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock due to mbcache entry corruption (bsc#1207653).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline (bsc#1207631).
- ext4: fix dir corruption when ext4_dx_add_entry() fails (bsc#1207608).
- ext4: fix error code return to user-space in ext4_get_branch() (bsc#1207630).
- ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit (bsc#1207593).
- ext4: fix extent status tree race in writeback error recovery path (bsc#1206877).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix incorrect options show of original mount_opt and extend mount_opt2 (bsc#1210764).
- ext4: fix inode leak in ext4_xattr_inode_create() on an error path (bsc#1207636).
- ext4: fix kernel BUG in 'ext4_write_inline_data_end()' (bsc#1206894).
- ext4: fix leaking uninitialized memory in fast-commit journal (bsc#1207625).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix miss release buffer head in ext4_fc_write_inode (bsc#1207609).
- ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884).
- ext4: fix off-by-one errors in fast-commit block filling (bsc#1207628).
- ext4: fix possible double unlock when moving a directory (bsc#1210763).
- ext4: fix potential memory leak in ext4_fc_record_modified_inode() (bsc#1207611).
- ext4: fix potential memory leak in ext4_fc_record_regions() (bsc#1207612).
- ext4: fix potential out of bound read in ext4_fc_replay_scan() (bsc#1207616).
- ext4: fix reserved cluster accounting in __es_remove_extent() (bsc#1207637).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix unaligned memory access in ext4_fc_reserve_space() (bsc#1207627).
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890).
- ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893).
- ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888).
- ext4: fix use-after-free in ext4_orphan_cleanup (bsc#1207622).
- ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: fix warning in 'ext4_da_release_space' (bsc#1206887).
- ext4: goto right label 'failed_mount3a' (bsc#1207610).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: init quota for 'old.inode' in 'ext4_rename' (bsc#1207629).
- ext4: initialize quota before expanding inode in setproject ioctl (bsc#1207633).
- ext4: introduce EXT4_FC_TAG_BASE_LEN helper (bsc#1207614).
- ext4: limit the number of retries after discarding preallocations blocks (bsc#1207602).
- ext4: make ext4_lazyinit_thread freezable (bsc#1206885).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: place buffer head allocation before handle start (bsc#1207607).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889).
- ext4: simplify updating of fast commit stats (bsc#1207589).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: unconditionally enable the i_version counter (bsc#1211299).
- ext4: update 'state->fc_regions_size' after successful memory allocation (bsc#1207613).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: use ext4_journal_start/stop for fast commit transactions (bsc#1210793).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- extcon: usbc-tusb320: fix kernel-doc warning (git-fixes).
- f2fs: Fix f2fs_truncate_partial_nodes ftrace event (git-fixes).
- fbcon: Check font dimension limits (git-fixes).
- fbcon: Fix error paths in set_con2fb_map (git-fixes).
- fbcon: Fix null-ptr-deref in soft_cursor (git-fixes).
- fbcon: set_con2fb_map needs to set con2fb_map! (git-fixes).
- fbdev: Prevent possible use-after-free in fb_release() (bsc#1152472).
- fbdev: arcfb: Fix error handling in arcfb_probe() (git-fixes).
- fbdev: au1200fb: Fix potential divide by zero (git-fixes).
- fbdev: ep93xx-fb: Add missing clk_disable_unprepare in ep93xxfb_probe() (git-fixes).
- fbdev: fbcon: Destroy mutex on freeing struct fb_info (bsc#1152489)
- fbdev: imsttfb: Fix use after free bug in imsttfb_probe (git-fixes bsc#1211387).
- fbdev: intelfb: Fix potential divide by zero (git-fixes).
- fbdev: lxfb: Fix potential divide by zero (git-fixes).
- fbdev: mmp: Fix deferred clk handling in mmphw_probe() (git-fixes).
- fbdev: modedb: Add 1920x1080 at 60 Hz video mode (git-fixes).
- fbdev: nvidia: Fix potential divide by zero (git-fixes).
- fbdev: omapfb: avoid stack overflow warning (git-fixes).
- fbdev: omapfb: cleanup inconsistent indentation (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- fbdev: smscufx: fix error handling code in ufx_usb_probe (git-fixes).
- fbdev: stifb: Fall back to cfb_fillrect() on 32-bit HCRX cards (git-fixes).
- fbdev: stifb: Fix info entry in sti_struct on error path (git-fixes).
- fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks (git-fixes).
- fbdev: tgafb: Fix potential divide by zero (git-fixes).
- fbdev: udlfb: Fix endpoint check (git-fixes).
- fbmem: Reject FB_ACTIVATE_KD_TEXT from userspace (git-fixes).
- filelock: new helper: vfs_inode_has_locks (jsc#SES-1880).
- firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region (git-fixes).
- firmware/efi sysfb_efi: Add quirk for Lenovo IdeaPad Duet 3 (git-fixes).
- firmware: arm_ffa: Check if ffa_driver remove is present before executing (git-fixes).
- firmware: arm_ffa: Set handle field to zero in memory descriptor (git-fixes).
- firmware: arm_ffa: Set reserved/MBZ fields to zero in the memory descriptors (git-fixes).
- firmware: arm_scmi: Fix device node validation for mailbox transport (git-fixes).
- firmware: coreboot: Remove GOOGLE_COREBOOT_TABLE_ACPI/OF Kconfig entries (git-fixes).
- firmware: coreboot: framebuffer: Ignore reserved pixel color bits (git-fixes).
- firmware: dmi-sysfs: Fix null-ptr-deref in dmi_sysfs_register_handle (git-fixes).
- firmware: qcom_scm: Clear download bit during reboot (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- firmware: stratix10-svc: add missing gen_pool_destroy() in stratix10_svc_drv_probe() (git-fixes).
- firmware: xilinx: do not make a sleepable memory allocation from an atomic context (git-fixes).
- flow_dissector: Do not count vlan tags inside tunnel payload (git-fixes).
- fork: allow CLONE_NEWTIME in clone3 flags (bsc#1209258).
- fotg210-udc: Add missing completion handler (git-fixes).
- fpga: bridge: fix kernel-doc parameter description (git-fixes).
- fpga: bridge: properly initialize bridge device before populating children (git-fixes).
- fpga: m10bmc-sec: Fix probe rollback (git-fixes).
- fpga: stratix10-soc: Fix return value check in s10_ops_write_init() (git-fixes).
- fprobe: Check rethook_alloc() return in rethook initialization (git-fixes).
- fprobe: Fix smatch type mismatch warning (git-fixes).
- fprobe: add recursion detection in fprobe_exit_handler (git-fixes).
- fprobe: make fprobe_kprobe_handler recursion free (git-fixes).
- fs/jfs: fix shift exponent db_agl2size negative (git-fixes).
- fs: account for filesystem mappings (bsc#1205191).
- fs: account for group membership (bsc#1205191).
- fs: add i_user_ns() helper (bsc#1205191).
- fs: dlm: do not call kernel_getpeername() in error_report() (bsc#1208130).
- fs: dlm: use sk->sk_socket instead of con->sock (bsc#1208130).
- fs: ext4: initialize fsdata in pagecache_write() (bsc#1207632).
- fs: hfsplus: fix UAF issue in hfsplus_put_super (git-fixes).
- fs: jfs: fix possible NULL pointer dereference in dbFree() (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbAllocAG (git-fixes).
- fs: jfs: fix shift-out-of-bounds in dbDiscardAG (git-fixes).
- fs: move mapping helpers (bsc#1205191)
- fs: remove __sync_filesystem (git-fixes).
- fs: sysv: Fix sysv_nblocks() returns wrong value (git-fixes).
- fs: tweak fsuidgid_has_mapping() (bsc#1205191).
- fscache: Use wait_on_bit() to wait for the freeing of relinquished volume (bsc#1210409).
- fscache_cookie_enabled: check cookie is valid before accessing it (bsc#1208429).
- ftrace/x86: Add back ftrace_expected for ftrace bug reports (git-fixes).
- ftrace: Clean comments related to FTRACE_OPS_FL_PER_CPU (git-fixes).
- ftrace: Fix invalid address access in lookup_rec() when index is 0 (git-fixes).
- ftrace: Fix issue that 'direct->addr' not restored in modify_ftrace_direct() (git-fixes).
- ftrace: Mark get_lock_parent_ip() __always_inline (git-fixes).
- fuse: add inode/permission checks to fileattr_get/fileattr_set (bsc#1208759).
- fuse: always revalidate rename target dentry (bsc#1211808).
- fuse: fix attr version comparison in fuse_read_update_size() (bsc#1211807).
- futex: Resend potentially swallowed owner death notification (git-fixes).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- git-sort: Add io_uring 6.3 fixes remote
- google/gve:fix repeated words in comments (bsc#1211519).
- gpio: GPIO_REGMAP: select REGMAP instead of depending on it (git-fixes).
- gpio: davinci: Add irq chip flag to skip set wake (git-fixes).
- gpio: mockup: Fix mode of debugfs files (git-fixes).
- gpio: tegra186: remove unneeded loop in tegra186_gpio_init_route_mapping() (git-fixes).
- gpio: vf610: connect GPIO label to dev name (git-fixes).
- gpu: host1x: Do not skip assigning syncpoints to channels (git-fixes).
- gpu: host1x: Fix mask for syncpoint increment register (git-fixes).
- gpu: host1x: Fix potential double free if IOMMU is disabled (git-fixes).
- gpu: ipu-v3: common: Add of_node_put() for reference returned by of_graph_get_port_by_id() (git-fixes).
- gve: Adding a new AdminQ command to verify driver (bsc#1211519).
- gve: Cache link_speed value from device (git-fixes).
- gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519).
- gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519).
- gve: Handle alternate miss completions (bsc#1211519).
- gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519).
- gve: Remove the code of clearing PBA bit (git-fixes).
- gve: Secure enough bytes in the first TX desc for all TCP pkts (git-fixes).
- gve: enhance no queue page list detection (bsc#1211519).
- hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling (git-fixes).
- hfs/hfsplus: use WARN_ON for sanity check (git-fixes).
- hfs: Fix OOB Write in hfs_asc2mac (git-fixes).
- hfs: fix OOB Read in __hfs_brec_find (git-fixes).
- hfs: fix missing hfs_bnode_get() in __hfs_bnode_create (git-fixes).
- hfsplus: fix bug causing custom uid and gid being unable to be assigned with mount (git-fixes).
- hid: Add Mapping for System Microphone Mute (git-fixes).
- hid: asus: use spinlock to protect concurrent accesses (git-fixes).
- hid: asus: use spinlock to safely schedule workers (git-fixes).
- hid: bigben: use spinlock to protect concurrent accesses (git-fixes).
- hid: bigben: use spinlock to safely schedule workers (git-fixes).
- hid: bigben_probe(): validate report count (git-fixes).
- hid: bigben_worker() remove unneeded check on report_field (git-fixes).
- hid: core: Fix deadloop in hid_apply_multiplier (git-fixes).
- hid: cp2112: Fix driver not registering GPIO IRQ chip as threaded (git-fixes).
- hid: elecom: add support for TrackBall 056E:011C (git-fixes).
- hid: google: add jewel USB id (git-fixes).
- hid: intel-ish-hid: ipc: Fix potential use-after-free in work function (git-fixes).
- hid: logitech-hidpp: Do not restart communication if not necessary (git-fixes).
- hid: logitech-hidpp: Do not use the USB serial for USB devices (git-fixes).
- hid: logitech-hidpp: Reconcile USB and Unifying serials (git-fixes).
- hid: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- hid: microsoft: Add rumble support to latest xbox controllers (bsc#1211280).
- hid: multitouch: Add quirks for flipped axes (git-fixes).
- hid: playstation: sanity check DualSense calibration data (git-fixes).
- hid: retain initial quirks set up when creating HID devices (git-fixes).
- hid: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- hid: wacom: Add new Intuos Pro Small (PTH-460) device IDs (git-fixes).
- hid: wacom: Force pen out of prox if no events have been received in a while (git-fixes).
- hid: wacom: Set a default resolution for older tablets (git-fixes).
- hid: wacom: add three styli to wacom_intuos_get_tool_type (git-fixes).
- hid: wacom: avoid integer overflow in wacom_intuos_inout() (git-fixes).
- hid: wacom: generic: Set battery quirk only when we see battery data (git-fixes).
- hv: fix comment typo in vmbus_channel/low_latency (git-fixes).
- hv: hv_balloon: fix memory leak with using debugfs_lookup() (git-fixes).
- hv_netvsc: Allocate memory in netvsc_dma_map() with GFP_ATOMIC (git-fixes).
- hv_netvsc: Check status in SEND_RNDIS_PKT completion message (git-fixes).
- hv_netvsc: Fix missed pagebuf entries in netvsc_dma_map/unmap() (git-fixes).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1266) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (adt7475) Display smoothing attributes in correct order (git-fixes).
- hwmon: (adt7475) Fix masking of hysteresis registers (git-fixes).
- hwmon: (adt7475) Use device_property APIs when configuring polarity (git-fixes).
- hwmon: (coretemp) Simplify platform device handling (git-fixes).
- hwmon: (ftsteutates) Fix scaling of measurements (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwmon: (ina3221) return prober error code (git-fixes).
- hwmon: (k10temp) Check range scale when CUR_TEMP register is read-write (git-fixes).
- hwmon: (k10temp): Add support for new family 17h and 19h models (bsc#1208848).
- hwmon: (ltc2945) Handle error case in ltc2945_value_store (git-fixes).
- hwmon: (ltc2992) Set `can_sleep` flag for GPIO chip (git-fixes).
- hwmon: (mlxreg-fan) Return zero speed for broken fan (git-fixes).
- hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E (git-fixes).
- hwmon: (ucd90320) Add minimum delay between bus accesses (git-fixes).
- hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition (git-fixes).
- hwmon: fix potential sensor registration fail if of_node is missing (git-fixes).
- hwmon: tmp512: drop of_match_ptr for ID table (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: cadence: cdns_i2c_master_xfer(): Fix runtime PM leak on error path (git-fixes).
- i2c: designware-pci: Add new PCI IDs for AMD NAVI GPU (git-fixes).
- i2c: designware: fix i2c_dw_clk_rate() return size to be u32 (git-fixes).
- i2c: hisi: Avoid redundant interrupts (git-fixes).
- i2c: hisi: Only use the completion interrupt to finish the transfer (git-fixes).
- i2c: imx-lpi2c: check only for enabled interrupt flags (git-fixes).
- i2c: imx-lpi2c: clean rx/tx buffers upon new message (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: mv64xxx: Add atomic_xfer method to driver (git-fixes).
- i2c: mv64xxx: Fix reading invalid status value in atomic mode (git-fixes).
- i2c: mv64xxx: Remove shutdown method from driver (git-fixes).
- i2c: mxs: suppress probe-deferral error message (git-fixes).
- i2c: ocores: generate stop condition after timeout in polling mode (git-fixes).
- i2c: omap: Fix standard mode false ACK readings (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- i2c: rk3x: fix a bunch of kernel-doc warnings (git-fixes).
- i2c: sprd: Delete i2c adapter in .remove's error path (git-fixes).
- i2c: tegra: Fix PEC support for SMBUS block read (git-fixes).
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (git-fixes).
- i40e: Add checking for null for nlmsg_find_attr() (jsc#SLE-18378).
- i40e: Fix ADQ rate limiting for PF (jsc#SLE-18378).
- i40e: Fix DMA mappings leak (jsc#SLE-18378).
- i40e: Fix VF hang when reset is triggered on another VF (jsc#SLE-18378).
- i40e: Fix VF set max MTU size (jsc#SLE-18378).
- i40e: Fix VF's MAC Address change on VM (jsc#SLE-18378).
- i40e: Fix adding ADQ filter to TC0 (jsc#SLE-18378).
- i40e: Fix calculating the number of queue pairs (jsc#SLE-18378).
- i40e: Fix erroneous adapter reinitialization during recovery process (jsc#SLE-18378).
- i40e: Fix ethtool rx-flow-hash setting for X722 (jsc#SLE-18378).
- i40e: Fix flow-type by setting GL_HASH_INSET registers (jsc#SLE-18378).
- i40e: Fix for VF MAC address 0 (jsc#SLE-18378).
- i40e: Fix incorrect address type for IPv6 flow rules (jsc#SLE-18378).
- i40e: Fix interface init with MSI interrupts (no MSI-X) (jsc#SLE-18378).
- i40e: Fix kernel crash during module removal (jsc#SLE-18378).
- i40e: Fix kernel crash during reboot when adapter is in recovery mode (jsc#SLE-18378).
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (jsc#SLE-18378).
- i40e: Fix the inability to attach XDP program on downed interface (jsc#SLE-18378).
- i40e: Refactor tc mqprio checks (jsc#SLE-18378).
- i40e: add double of VLAN header when computing the max MTU (jsc#SLE-18378).
- i40e: fix accessing vsi->active_filters without holding lock (jsc#SLE-18378).
- i40e: fix flow director packet filter programming (jsc#SLE-18378).
- i40e: fix i40e_setup_misc_vector() error handling (jsc#SLE-18378).
- i40e: fix registers dump after run ethtool adapter self test (jsc#SLE-18378).
- i825xx: sni_82596: use eth_hw_addr_set() (git-fixes).
- i915 kABI workaround (git-fixes).
- i915/perf: Replace DRM_DEBUG with driver specific drm_dbg call (git-fixes).
- iavf/iavf_main: actually log ->src mask when talking about it (jsc#SLE-18385).
- iavf: Detach device during reset task (jsc#SLE-18385).
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (jsc#SLE-18385).
- iavf: Do not restart Tx queues after reset task failure (jsc#SLE-18385).
- iavf: Fix 'tc qdisc show' listing too many queues (jsc#SLE-18385).
- iavf: Fix a crash during reset task (jsc#SLE-18385).
- iavf: Fix bad page state (jsc#SLE-18385).
- iavf: Fix cached head and tail value for iavf_get_tx_pending (jsc#SLE-18385).
- iavf: Fix error handling in iavf_init_module() (jsc#SLE-18385).
- iavf: Fix max_rate limiting (jsc#SLE-18385).
- iavf: Fix race condition between iavf_shutdown and iavf_remove (jsc#SLE-18385).
- iavf: Fix set max MTU size with port VLAN and jumbo frames (jsc#SLE-18385).
- iavf: do not track VLAN 0 filters (jsc#PED-835).
- iavf: fix hang on reboot with ice (jsc#SLE-18385).
- iavf: fix inverted Rx hash condition leading to disabled hash (jsc#SLE-18385).
- iavf: fix non-tunneled IPv6 UDP packet type and hashing (jsc#SLE-18385).
- iavf: fix temporary deadlock and failure to set MAC address (jsc#PED-835).
- iavf: refactor VLAN filter states (jsc#PED-835).
- iavf: remove active_cvlans and active_svlans bitmaps (jsc#PED-835).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- iavf: schedule watchdog immediately when changing primary MAC (jsc#PED-835).
- ib/hfi1: Assign npages earlier (git-fixes)
- ib/hfi1: Fix SDMA mmu_rb_node not being evicted in LRU order (git-fixes)
- ib/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests (git-fixes)
- ib/hfi1: Fix expected receive setup error exit issues (git-fixes)
- ib/hfi1: Fix math bugs in hfi1_can_pin_pages() (git-fixes)
- ib/hfi1: Fix sdma.h tx->num_descs off-by-one errors (git-fixes)
- ib/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- ib/hfi1: Immediately remove invalid memory from hardware (git-fixes)
- ib/hfi1: Reject a zero-length user expected buffer (git-fixes)
- ib/hfi1: Remove user expected buffer invalidate race (git-fixes)
- ib/hfi1: Reserve user expected TIDs (git-fixes)
- ib/hfi1: Restore allocated resources on failed copyout (git-fixes)
- ib/hfi1: Update RMT size calculation (git-fixes)
- ib/hifi1: add a null check of kzalloc_node in hfi1_ipoib_txreq_init (git-fixes)
- ib/iPoIB: Fix legacy IPoIB due to wrong number of queues (git-fixes)
- ib/isert: Fix dead lock in ib_isert (git-fixes)
- ib/isert: Fix incorrect release of isert connection (git-fixes)
- ib/isert: Fix possible list corruption in CMA handler (git-fixes)
- ib/mad: Do not call to function that might sleep while in atomic context (git-fixes).
- ib/mlx5: Add support for 400G_8X lane speed (git-fixes)
- ib/rdmavt: add missing locks in rvt_ruc_loopback (git-fixes)
- ib/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Add check for kzalloc (jsc#PED-376).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix DSCP PFC TLV creation (jsc#PED-376).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix disabling Rx VLAN filtering with port VLAN enabled (jsc#PED-376).
- ice: Fix ice VF reset during iavf initialization (jsc#PED-376).
- ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix interrupt moderation settings getting cleared (jsc#SLE-18375).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Fix potential memory leak in ice_gnss_tty_write() (jsc#PED-376).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (jsc#PED-376).
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (jsc#SLE-18375).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: add profile conflict check for AVF FDIR (jsc#PED-376).
- ice: avoid bonding causing auxiliary plug/unplug under RTNL lock (bsc#1210158).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: block LAN in case of VF to VF offload (jsc#PED-376).
- ice: check if VF exists before mode check (jsc#PED-376).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376).
- ice: fix lost multicast packets in promisc mode (jsc#PED-376).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix wrong fallback logic for FDIR (jsc#PED-376).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: move devlink port creation/deletion (jsc#PED-376).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: Fix cleaning of XDP_TX frames (jsc#PED-376).
- ice: xsk: disable txq irq before flushing hw (jsc#PED-376).
- ice: xsk: do not use xdp_return_frame() on tx_buf->raw_buf (jsc#PED-376).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee80211: add TWT element definitions (bsc#1209980).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: Add lock to avoid data race (jsc#SLE-18379).
- igb: Enable SR-IOV after reinit (jsc#SLE-18379).
- igb: Fix PPS input and output using 3rd and 4th SDP (jsc#PED-370).
- igb: Fix extts capture value format for 82580/i354/i350 (git-fixes).
- igb: Initialize mailbox message for VF reset (jsc#SLE-18379).
- igb: conditionalize I2C bit banging on external thermal sensor support (jsc#SLE-18379).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igb: revert rtnl_lock() that causes deadlock (jsc#SLE-18379).
- igbvf: Regard vf reset nack as success (jsc#SLE-18379).
- igc: Add checking for basetime less than zero (jsc#SLE-18377).
- igc: Add ndo_tx_timeout support (jsc#SLE-18377).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Enhance Qbv scheduling by using first flag bit (jsc#SLE-18377).
- igc: Fix PPS delta between two synchronized end-points (jsc#SLE-18377).
- igc: Fix possible system crash when loading module (git-fixes).
- igc: Lift TAPRIO schedule restriction (jsc#SLE-18377).
- igc: Reinstate IGC_REMOVED logic and implement it properly (jsc#SLE-18377).
- igc: Set Qbv start_time and end_time to end_time if not being configured in GCL (jsc#SLE-18377).
- igc: Use strict cycles for Qbv scheduling (jsc#SLE-18377).
- igc: allow BaseTime 0 enrollment for Qbv (jsc#SLE-18377).
- igc: fix the validation logic for taprio's gate list (jsc#SLE-18377).
- igc: read before write to SRRCTL register (jsc#SLE-18377).
- igc: recalculate Qbv end_time by considering cycle time (jsc#SLE-18377).
- igc: return an error if the mac type is unknown in igc_ptp_systim_to_hwtstamp() (jsc#SLE-18377).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_config_word() (git-fixes).
- iio: accel: mma9551_core: Prevent uninitialized variable in mma9551_read_status_word() (git-fixes).
- iio: accel: st_accel: Fix invalid mount_matrix on devices without ACPI _ONT method (git-fixes).
- iio: adc: ad7192: Change 'shorted' channels to differential (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- iio: adc: ad7791: fix IRQ flags (git-fixes).
- iio: adc: ad_sigma_delta: Fix IRQ issue by setting IRQ_DISABLE_UNLAZY flag (git-fixes).
- iio: adc: at91-sama5d2_adc: fix an error code in at91_adc_allocate_trigger() (git-fixes).
- iio: adc: berlin2-adc: Add missing of_node_put() in error path (git-fixes).
- iio: adc: mxs-lradc: fix the order of two cleanup operations (git-fixes).
- iio: adc: palmas_gpadc: fix NULL dereference on rmmod (git-fixes).
- iio: adc: stm32-dfsdm: fill module aliases (git-fixes).
- iio: adc: ti-ads7950: Set `can_sleep` flag for GPIO chip (git-fixes).
- iio: adis16480: select CONFIG_CRC32 (git-fixes).
- iio: dac: cio-dac: Fix max DAC write value check for 12-bit (git-fixes).
- iio: dac: mcp4725: Fix i2c_master_send() return value handling (git-fixes).
- iio: hid: fix the retval in accel_3d_capture_sample (git-fixes).
- iio: hid: fix the retval in gyro_3d_capture_sample (git-fixes).
- iio: imu: fxos8700: fix ACCEL measurement range selection (git-fixes).
- iio: imu: fxos8700: fix IMU data bits returned to user space (git-fixes).
- iio: imu: fxos8700: fix MAGN sensor scale and unit (git-fixes).
- iio: imu: fxos8700: fix failed initialization ODR mode assignment (git-fixes).
- iio: imu: fxos8700: fix incomplete ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: fix incorrect ODR mode readback (git-fixes).
- iio: imu: fxos8700: fix map label of channel type to MAGN sensor (git-fixes).
- iio: imu: fxos8700: fix swapped ACCEL and MAGN channels readback (git-fixes).
- iio: imu: fxos8700: remove definition FXOS8700_CTRL_ODR_MIN (git-fixes).
- iio: imu: inv_icm42600: fix timestamp reset (git-fixes).
- iio: light: cm32181: Unregister second I2C client if present (git-fixes).
- iio: light: tsl2563: Do not hardcode interrupt trigger type (git-fixes).
- iio: light: tsl2772: fix reading proximity-diodes from device tree (git-fixes).
- iio: light: vcnl4035: fixed chip ID check (git-fixes).
- iio:adc:twl6030: Enable measurement of VAC (git-fixes).
- iio:adc:twl6030: Enable measurements of VUSB, VBAT and others (git-fixes).
- ima: Fix memory leak in __ima_inode_hash() (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- input: ads7846 - always set last command to PWRDOWN (git-fixes).
- input: ads7846 - do not check penirq immediately for 7845 (git-fixes).
- input: ads7846 - do not report pressure for ads7845 (git-fixes).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: alps - fix compatibility with -funsigned-char (bsc#1209805).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling GO bit (git-fixes).
- input: exc3000 - properly stop timer on shutdown (git-fixes).
- input: fix open count when closing inhibited device (git-fixes).
- input: focaltech - use explicitly signed char type (git-fixes).
- input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table (git-fixes).
- input: hp_sdc_rtc - mark an unused function as __maybe_unused (git-fixes).
- input: iqs269a - configure device with a single block write (git-fixes).
- input: iqs269a - drop unused device node references (git-fixes).
- input: iqs269a - increase interrupt handler return delay (git-fixes).
- input: iqs626a - drop unused device node references (git-fixes).
- input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- input: raspberrypi-ts - fix refcount leak in rpi_ts_probe (git-fixes).
- input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- input: xpad - add constants for GIP interface numbers (git-fixes).
- input: xpad - delete a Razer DeathAdder mouse VID/PID entry (git-fixes).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- intel/igbvf: free irq on the error path in igbvf_request_msix() (jsc#SLE-18379).
- intel_idle: add Emerald Rapids Xeon support (PED-3849).
- interconnect: exynos: fix node leak in probe PM QoS error path (git-fixes).
- interconnect: fix mem leak when freeing nodes (git-fixes).
- interconnect: qcom: osm-l3: fix icc_onecell_data allocation (git-fixes).
- io_uring/fdinfo: fix sqe dumping for IORING_SETUP_SQE128 (git-fixes).
- io_uring/kbuf: fix not advancing READV kbuf ring (git-fixes).
- io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-fixes).
- io_uring: do not expose io_fill_cqe_aux() (bsc#1211014).
- io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes).
- io_uring: ensure that cached task references are always put on exit (git-fixes).
- io_uring: fix CQ waiting timeout handling (git-fixes).
- io_uring: fix fget leak when fs do not support nowait buffered read (bsc#1205205).
- io_uring: fix ordering of args in io_uring_queue_async_work (git-fixes).
- io_uring: fix return value when removing provided buffers (git-fixes).
- io_uring: fix size calculation when registering buf ring (git-fixes).
- io_uring: recycle kbuf recycle on tw requeue (git-fixes).
- iommu/hyper-v: Allow hyperv irq remapping without x2apic (git-fixes).
- iommu/vt-d: Add a fix for devices need extra dtlb flush (bsc#1208219).
- iommu/vt-d: Avoid superfluous IOTLB tracking in lazy mode (bsc#1208948).
- iommu/vt-d: Fix buggy QAT device mask (bsc#1208219).
- ipmi: fix SSIF not responding under certain cond (git-fixes).
- ipmi:ssif: Add 60ms time internal between write retries (bsc#1206459).
- ipmi:ssif: Add a timer between request retries (bsc#1206459).
- ipmi:ssif: Add send_retries increment (git-fixes).
- ipmi:ssif: Increase the message retry time (bsc#1206459).
- ipmi:ssif: Remove rtc_us_timer (bsc#1206459).
- ipmi:ssif: resend_msg() cannot fail (bsc#1206459).
- ipmi_ssif: Rename idle state and check (bsc#1206459).
- ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/gic-v3: Refactor ISB + EOIR at ack time (git-fixes)
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() (git-fixes)
- iwlwifi: cfg: Add missing MODULE_FIRMWARE() for *.pnvm (bsc#1207553).
- ixgbe: Allow flow hash to be set via ethtool (jsc#SLE-18384).
- ixgbe: Enable setting RSS table to default values (jsc#SLE-18384).
- ixgbe: Fix panic during XDP_TX with > 64 CPUs (jsc#SLE-18384).
- ixgbe: add double of VLAN header when computing the max MTU (jsc#SLE-18384).
- ixgbe: allow to increase MTU to 3K with XDP enabled (jsc#SLE-18384).
- ixgbe: fix pci device refcount leak (jsc#SLE-18384).
- ixgbe: stop resetting SYSTIME in ixgbe_ptp_start_cyclecounter (jsc#SLE-18384).
- jbd2: Fix up kABI of ext4 fast commit interface (bsc#1207590).
- jbd2: add miss release buffer head in fc_do_one_pass() (bsc#1207646).
- jbd2: fix a potential race while discarding reserved buffers after an abort (bsc#1207641).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jbd2: fix potential buffer head reference count leak (bsc#1207644).
- jbd2: fix potential use-after-free in jbd2_fc_wait_bufs (bsc#1207645).
- jbd2: use the correct print format (git-fixes).
- jbd2: wake up journal waiters in FIFO order, not LIFO (bsc#1207643).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- jfs: Fix fortify moan in symlink (git-fixes).
- k-m-s: Drop Linux 2.6 support
- kABI compatibility workaround for efivars (git-fixes).
- kABI workaround for btbcm.c (git-fixes).
- kABI workaround for cpp_acpi extensions for EPP (bsc#1212445).
- kABI workaround for drm_dp_mst helper updates (bsc#1206843).
- kABI workaround for hid quirks (git-fixes).
- kABI workaround for ieee80211 and co (bsc#1209980).
- kABI workaround for mt76_poll_msec() (git-fixes).
- kABI workaround for struct acpi_ec (bsc#1207149).
- kABI workaround for xhci (git-fixes).
- kABI: Fix kABI after backport Emulate RDPID only if it is enabled in guest (git-fixes)
- kABI: PCI: Reduce warnings on possible RW1C corruption (kabi).
- kABI: PCI: dwc: Add dw_pcie_ops.host_deinit() callback (kabi).
- kABI: PCI: loongson: Prevent LS7A MRRS increases (kabi).
- kABI: Preserve TRACE_EVENT_FL values (git-fixes).
- kABI: Work around kABI changes after '20347fca71a3 swiotlb: split up the global swiotlb lock' (jsc#PED-3259).
- kABI: x86/msi: Fix msi message data shadow struct (kabi).
- kABI: x86/msr: Remove .fixup usage (kabi).
- kabi FIX FOR NFSv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- kabi FIX FOR: NFS: Further optimisations for 'ls -l' (git-fixes).
- kabi FIX FOR: NFSD: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- kabi FIX FOR: NFSv4.1 query for fs_location attr on a new file system (Never, kabi).
- kabi FIX FOR: NFSv4: keep state manager thread active if swap is enabled (Never, kabi).
- kabi fix for: NFSv3: handle out-of-order write replies (bsc#1205544).
- kabi/severities: add mlx5 internal symbols
- kabi/severities: added Microsoft mana symbold (bsc#1210551)
- kabi/severities: ignore KABI for NVMe target (bsc#1174777) The target code is only for testing and there are no external users.
- kabi/severities: ignore kABI changes for mt76/* local modules (bsc#1209980)
- kabi/severities: ignore kABI in bq27xxx_battery module Those are local symbols that are used only by child drivers
- kasan: no need to unset panic_on_warn in end_report() (bsc#1207328).
- kconfig: Update config changed flag before calling callback (git-fixes).
- kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi
- kernel-binary: install expoline.o (boo#1210791 bsc#1211089)
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kernel-source: Remove unused macro variant_symbols
- kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides
- kernel: Do not sign the vanilla kernel (bsc#1209008).
- kernel: Kernel is locked down even though secure boot is disabled (bsc#1198101, bsc#1208976).
- keys: Add missing function documentation (git-fixes).
- keys: Create static version of public_key_verify_signature (git-fixes).
- keys: Do not cache key in task struct if key is requested from kernel thread (git-fixes).
- keys: Fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- keys: asymmetric: Copy sig and digest in public_key_verify_signature() (git-fixes).
- keys: asymmetric: Fix ECDSA use via keyctl uapi (git-fixes).
- kmap_local: do not assume kmap PTEs are linear arrays in memory (git-fixes) Update config/armv7hl/default too.
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- kvm/vfio: Fix potential deadlock on vfio group_lock (git-fixes)
- kvm/vfio: Fix potential deadlock problem in vfio (git-fixes)
- kvm: Destroy target device if coalesced MMIO unregistration fails (git-fixes)
- kvm: Disallow user memslot with size that exceeds 'unsigned long' (git-fixes)
- kvm: Do not create VM debugfs files outside of the VM directory (git-fixes)
- kvm: Do not set Accessed/Dirty bits for ZERO_PAGE (git-fixes)
- kvm: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (git-fixes).
- kvm: Prevent module exit until all VMs are freed (git-fixes)
- kvm: arm64: Do not arm a hrtimer for an already pending timer (git-fixes)
- kvm: arm64: Do not hypercall before EL2 init (git-fixes)
- kvm: arm64: Do not return from void function (git-fixes)
- kvm: arm64: Fix PAR_TO_HPFAR() to work independently of PA_BITS. (git-fixes)
- kvm: arm64: Fix S1PTW handling on RO memslots (git-fixes)
- kvm: arm64: Fix bad dereference on MTE-enabled systems (git-fixes)
- kvm: arm64: Fix buffer overflow in kvm_arm_set_fw_reg() (git-fixes)
- kvm: arm64: Fix kvm init failure when mode!=vhe and VA_BITS=52. (git-fixes)
- kvm: arm64: Free hypervisor allocations if vector slot init fails (git-fixes)
- kvm: arm64: GICv4.1: Fix race with doorbell on VPE (git-fixes)
- kvm: arm64: Limit length in kvm_vm_ioctl_mte_copy_tags() to INT_MAX (git-fixes)
- kvm: arm64: PMU: Restore the guest's EL0 event counting after (git-fixes)
- kvm: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- kvm: arm64: Reject 32bit user PSTATE on asymmetric systems (git-fixes)
- kvm: arm64: Save PSTATE early on exit (git-fixes)
- kvm: arm64: Stop handle_exit() from handling HVC twice when an SError (git-fixes)
- kvm: arm64: Treat PMCR_EL1.LC as RES1 on asymmetric systems (git-fixes)
- kvm: arm64: nvhe: Eliminate kernel-doc warnings (git-fixes)
- kvm: arm64: vgic: Fix exit condition in scan_its_table() (git-fixes)
- kvm: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- kvm: nVMX: Also filter MSR_IA32_VMX_TRUE_PINBASED_CTLS when eVMCS (git-fixes).
- kvm: nVMX: Do not use Enlightened MSR Bitmap for L3 (git-fixes).
- kvm: nVMX: Document that ignoring memory failures for VMCLEAR is deliberate (git-fixes).
- kvm: nVMX: Emulate NOPs in L2, and PAUSE if it's not intercepted (git-fixes).
- kvm: nVMX: Inject #GP, not #UD, if 'generic' VMXON CR0/CR4 check fails (git-fixes).
- kvm: nVMX: Prioritize TSS T-flag #DBs over Monitor Trap Flag (git-fixes).
- kvm: nVMX: Properly expose ENABLE_USR_WAIT_PAUSE control to L1 (git-fixes).
- kvm: nVMX: Treat General Detect #DB (DR7.GD=1) as fault-like (git-fixes).
- kvm: nVMX: eVMCS: Filter out VM_EXIT_SAVE_VMX_PREEMPTION_TIMER (git-fixes).
- kvm: s390: selftest: memop: Fix integer literal (git-fixes).
- kvm: svm: Do not rewrite guest ICR on AVIC IPI virtualization failure (git-fixes).
- kvm: svm: Fix benign 'bool vs. int' comparison in svm_set_cr0() (git-fixes).
- kvm: svm: Fix potential overflow in SEV's send|receive_update_data() (git-fixes).
- kvm: svm: Require logical ID to be power-of-2 for AVIC entry (git-fixes).
- kvm: svm: Skip WRMSR fastpath on VM-Exit if next RIP isn't valid (git-fixes).
- kvm: svm: hyper-v: placate modpost section mismatch error (git-fixes).
- kvm: vmx: Introduce vmx_msr_bitmap_l01_changed() helper (git-fixes).
- kvm: vmx: Resume guest immediately when injecting #GP on ECREATE (git-fixes).
- kvm: vmx: Set vmcs.PENDING_DBG.BS on #DB in STI/MOVSS blocking shadow (git-fixes).
- kvm: vmx: Use is_64_bit_mode() to check 64-bit mode in SGX handler (git-fixes).
- kvm: x86/emulator: Emulate RDPID only if it is enabled in guest (git-fixes).
- kvm: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (git-fixes).
- kvm: x86/pmu: Ignore pmu->global_ctrl check if vPMU does not support global_ctrl (git-fixes).
- kvm: x86/svm: add __GFP_ACCOUNT to __sev_dbg_{en,de}crypt_user() (git-fixes).
- kvm: x86/vmx: Do not skip segment attributes if unusable bit is set (git-fixes).
- kvm: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page() (git-fixes).
- kvm: x86: Copy filter arg outside kvm_vm_ioctl_set_msr_filter() (git-fixes).
- kvm: x86: Disable KVM_HC_CLOCK_PAIRING if tsc is in always catchup mode (git-fixes).
- kvm: x86: Do not change ICR on write to APIC_SELF_IPI (git-fixes).
- kvm: x86: Fail emulation during EMULTYPE_SKIP on any exception (git-fixes).
- kvm: x86: Fix tlb flush for tdp in kvm_invalidate_pcid() (git-fixes).
- kvm: x86: Inject #GP if WRMSR sets reserved bits in APIC Self-IPI (git-fixes).
- kvm: x86: Mask off reserved bits in CPUID.8000001FH (git-fixes).
- kvm: x86: Mask off unsupported and unknown bits of IA32_ARCH_CAPABILITIES (git-fixes).
- kvm: x86: Protect the unused bits in MSR exiting flags (git-fixes).
- kvm: x86: Remove a redundant guest cpuid check in kvm_set_cr4() (git-fixes).
- kvm: x86: Report deprecated x87 features in supported CPUID (git-fixes).
- kvm: x86: do not set st->preempted when going back to user space (git-fixes).
- kvm: x86: fix sending PV IPI (git-fixes).
- kvm: x86: fix typo in __try_cmpxchg_user causing non-atomicness (git-fixes).
- kvm: x86: ioapic: Fix level-triggered EOI and userspace I/OAPIC reconfigure race (git-fixes).
- lan78xx: Add missing return code checks (git-fixes).
- lan78xx: Fix exception on link speed change (git-fixes).
- lan78xx: Fix memory allocation bug (git-fixes).
- lan78xx: Fix partial packet errors on suspend/resume (git-fixes).
- lan78xx: Fix race condition in disconnect handling (git-fixes).
- lan78xx: Fix race conditions in suspend/resume handling (git-fixes).
- lan78xx: Fix white space and style issues (git-fixes).
- lan78xx: Remove unused pause frame queue (git-fixes).
- lan78xx: Remove unused timer (git-fixes).
- lan78xx: Set flow control threshold to prevent packet loss (git-fixes).
- leds: Fix reference to led_set_brightness() in doc (git-fixes).
- leds: TI_LMU_COMMON: select REGMAP instead of depending on it (git-fixes).
- leds: led-class: Add missing put_device() to led_put() (git-fixes).
- leds: led-core: Fix refcount leak in of_led_get() (git-fixes).
- leds: tca6507: Fix error handling of using fwnode_property_read_string (git-fixes).
- lib/mpi: Fix buffer overrun when SG is too long (git-fixes).
- lib/sbitmap: Fix invalid loop in __sbitmap_queue_get_batch() (git-fixes).
- lib/zlib: remove redundation assignement of avail_in dfltcc_gdht() (git-fixes).
- libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (git-fixes).
- lockd: set file_lock start and end when decoding nlm4 testargs (git-fixes).
- locking/rwbase: Mitigate indefinite writer starvation (bsc#1189998 (PREEMPT_RT prerequisite backports), bsc#1206552).
- locking/rwsem: Add __always_inline annotation to __down_read_common() and inlined callers (git-fixes).
- locking/rwsem: Allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270).
- locking/rwsem: Always try to wake waiters in out_nolock path (bsc#1207270).
- locking/rwsem: Conditionally wake waiters in reader/writer slowpaths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_read*() and up_read() code paths (bsc#1207270).
- locking/rwsem: Disable preemption in all down_write*() and up_write() code paths (bsc#1207270).
- locking/rwsem: Disable preemption while trying for rwsem lock (bsc#1207270).
- locking/rwsem: Make handoff bit handling more consistent (bsc#1207270).
- locking/rwsem: No need to check for handoff bit if wait queue empty (bsc#1207270).
- locking/rwsem: Prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270).
- locking: Add missing __sched attributes (bsc#1207270).
- loop: Fix the max_loop commandline argument treatment when it is set to 0 (git-fixes).
- loop: fix ioctl calls using compat_loop_info (git-fixes).
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- lpfc: update metadata
- mac80211: introduce individual TWT support in AP mode (bsc#1209980).
- mac80211: introduce set_radar_offchan callback (bsc#1209980).
- mac80211: twt: do not use potentially unaligned pointer (bsc#1209980).
- mailbox: mailbox-test: Fix potential double-free in mbox_test_message_write() (git-fixes).
- mailbox: mailbox-test: fix a locking issue in mbox_test_message_write() (git-fixes).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- mailbox: zynqmp: Fix IPI isr handling (git-fixes).
- mailbox: zynqmp: Fix typo in IPI documentation (git-fixes).
- mbcache: Avoid nesting of cache->c_list_lock under bit locks (bsc#1207647).
- mbcache: Fixup kABI of mb_cache_entry (bsc#1207653).
- mce: fix set_mce_nospec to always unmap the whole page (git-fixes).
- md/bitmap: Fix bitmap chunk size overflow issues (git-fixes).
- md/raid1: stop mdx_raid1 thread when raid1 array run failed (git-fixes).
- md/raid5: Improve performance for sequential IO (bsc#1208081).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: fix a crash in mempool_free (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: av7110: prevent underflow in write_ts_to_decoder() (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: coda: Add check for dcoda_iram_alloc (git-fixes).
- media: coda: Add check for kmalloc (git-fixes).
- media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() (git-fixes).
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (git-fixes).
- media: dvb-usb-v2: ce6230: fix null-ptr-deref in ce6230_i2c_master_xfer() (git-fixes).
- media: dvb-usb-v2: ec168: fix null-ptr-deref in ec168_i2c_xfer() (git-fixes).
- media: dvb-usb-v2: rtl28xxu: fix null-ptr-deref in rtl28xxu_i2c_xfer (git-fixes).
- media: dvb-usb: az6027: fix three null-ptr-deref in az6027_i2c_xfer() (git-fixes).
- media: dvb-usb: digitv: fix null-ptr-deref in digitv_i2c_xfer() (git-fixes).
- media: dvb-usb: dw2102: fix uninit-value in su3000_read_mac_address (git-fixes).
- media: dvb_ca_en50221: fix a size write bug (git-fixes).
- media: dvb_demux: fix a bug for the continuity counter (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: i2c: imx219: Fix binning for RAW8 capture (git-fixes).
- media: i2c: imx219: Split common registers from mode tables (git-fixes).
- media: i2c: ov7670: 0 instead of -EINVAL was returned (git-fixes).
- media: i2c: ov772x: Fix memleak in ov772x_probe() (git-fixes).
- media: imx: imx7-media-csi: fix missing clk_disable_unprepare() in imx7_csi_init() (git-fixes).
- media: ipu3-cio2: Fix PM runtime usage_count in driver unbind (git-fixes).
- media: m5mols: fix off-by-one loop termination error (git-fixes).
- media: max9286: Fix memleak in max9286_v4l2_register() (git-fixes).
- media: max9286: Free control handler (git-fixes).
- media: mn88443x: fix !CONFIG_OF error by drop of_match_ptr from ID table (git-fixes).
- media: netup_unidvb: fix irq init by register it at the end of probe (git-fixes).
- media: netup_unidvb: fix use-after-free at del_timer() (git-fixes).
- media: ov2740: Fix memleak in ov2740_init_controls() (git-fixes).
- media: ov5640: Fix analogue gain control (git-fixes).
- media: ov5675: Fix memleak in ov5675_init_controls() (git-fixes).
- media: pci: tw68: Fix null-ptr-deref bug in buf prepare and finish (git-fixes).
- media: platform: ti: Add missing check for devm_regulator_get (git-fixes).
- media: radio-shark: Add endpoint checks (git-fixes).
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (git-fixes).
- media: rc: gpio-ir-recv: Fix support for wake-up (git-fixes).
- media: rc: gpio-ir-recv: add remove function (git-fixes).
- media: rcar_fdp1: Fix the correct variable assignments (git-fixes).
- media: rcar_fdp1: Make use of the helper function devm_platform_ioremap_resource() (git-fixes).
- media: rkvdec: fix use after free bug in rkvdec_remove (git-fixes).
- media: saa7134: Use video_unregister_device for radio_dev (git-fixes).
- media: saa7134: fix use after free bug in saa7134_finidev due to race condition (git-fixes).
- media: ti: cal: fix possible memory leak in cal_ctx_create() (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix use after free bugs caused by do_submit_urb (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS (git-fixes).
- media: uvcvideo: Check controls flags before accessing them (git-fixes).
- media: uvcvideo: Check for INACTIVE in uvc_ctrl_is_accessible() (git-fixes).
- media: uvcvideo: Do not check for V4L2_CTRL_WHICH_DEF_VAL (git-fixes).
- media: uvcvideo: Fix memory leak of object map on error exit path (git-fixes).
- media: uvcvideo: Fix race condition with usb_kill_urb (git-fixes).
- media: uvcvideo: Handle cameras with invalid descriptors (git-fixes).
- media: uvcvideo: Handle errors from calls to usb_string (git-fixes).
- media: uvcvideo: Quirk for autosuspend in Logitech B910 and C910 (git-fixes).
- media: uvcvideo: Remove s_ctrl and g_ctrl (git-fixes).
- media: uvcvideo: Silence memcpy() run-time false positive warnings (git-fixes).
- media: uvcvideo: Use control names from framework (git-fixes).
- media: uvcvideo: refactor __uvc_ctrl_add_mapping (git-fixes).
- media: v4l2-jpeg: correct the skip count in jpeg_parse_app14_data (git-fixes).
- media: v4l2-jpeg: ignore the unknown APP14 marker (git-fixes).
- media: venus: dec: Fix handling of the start cmd (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- mei: bus-fixup:upon error print return values of send and receive (git-fixes).
- mei: bus: fix unlink on bus in error path (git-fixes).
- mei: me: add meteor lake point M DID (git-fixes).
- mei: pxp: Use correct macros to initialize uuid_le (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- memstick: fix memory leak if card device is never registered (git-fixes).
- memstick: r592: Fix UAF bug in r592_remove due to race condition (bsc#1211449).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak (git-fixes).
- mfd: cs5535: Do not build on UML (git-fixes).
- mfd: dln2: Fix memory leak in dln2_probe() (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- mfd: tqmx86: Correct board names for TQMxE39x (git-fixes).
- mfd: tqmx86: Do not access I2C_DETECT register through io_base (git-fixes).
- misc/mei/hdcp: Use correct macros to initialize uuid_le (git-fixes).
- misc: enclosure: Fix doc for enclosure_find() (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: fastrpc: reject new invocations during device removal (git-fixes).
- misc: fastrpc: return -EPIPE to invocations on device removal (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mkinitrd: Replace dependency with dracut (bsc#1202353).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549).
- mlx5: fix skb leak while fifo resync and push (jsc#PED-1549).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mlxsw: minimal: Fix deadlock in ports creation (git-fixes).
- mlxsw: spectrum: Allow driver to load with old firmware versions (git-fixes).
- mm/filemap: fix page end in filemap_get_read_batch (bsc#1210768).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (bsc#1209262).
- mm: memcg: fix swapcached stat accounting (bsc#1209804).
- mm: mmap: remove newline at the end of the trace (git-fixes).
- mm: page_alloc: skip regions with hugetlbfs pages when allocating 1G pages (bsc#1210034).
- mm: take a page reference when removing device exclusive entries (bsc#1211025).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: atmel-mci: fix race between stop command and start of next command (git-fixes).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: block: Remove error check of hw_reset on reset (git-fixes).
- mmc: block: ensure error propagation for non-blk (git-fixes).
- mmc: jz4740: Work around bug on JZ4760(B) (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmc_spi: fix error handling in mmc_spi_probe() (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-esdhc-imx: make 'no-mmc-hs400' works (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sdhci_am654: Set HIGH_SPEED_ENA for SDR12 and SDR25 (git-fixes).
- mmc: sdhci_am654: lower power-on failed message severity (git-fixes).
- mmc: sdio: fix possible resource leaks in some error paths (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mmc: vub300: fix invalid response handling (git-fixes).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- mt76: Make use of the helper macro kthread_run() (bsc#1209980).
- mt76: Print error message when reading EEPROM from mtd failed (bsc#1209980).
- mt76: add 6GHz support (bsc#1209980).
- mt76: add MT_RXQ_MAIN_WA for mt7916 (bsc#1209980).
- mt76: add support for setting mcast rate (bsc#1209980).
- mt76: allow drivers to drop rx packets early (bsc#1209980).
- mt76: clear sta powersave flag after notifying driver (bsc#1209980).
- mt76: connac: add 6 GHz support for wtbl and starec configuration (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_set_channel_domain (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_sta_tlv (bsc#1209980).
- mt76: connac: add 6GHz support to mt76_connac_mcu_uni_add_bss (bsc#1209980).
- mt76: connac: add support for limiting to maximum regulatory Tx power (bsc#1209980).
- mt76: connac: add support for passing the cipher field in bss_info (bsc#1209980).
- mt76: connac: adjust wlan_idx size from u8 to u16 (bsc#1209980).
- mt76: connac: align MCU_EXT definitions with 7915 driver (bsc#1209980).
- mt76: connac: enable 6GHz band for hw scan (bsc#1209980).
- mt76: connac: enable hw amsdu @ 6GHz (bsc#1209980).
- mt76: connac: extend mcu_get_nic_capability (bsc#1209980).
- mt76: connac: fix a theoretical NULL pointer dereference in mt76_connac_get_phy_mode (bsc#1209980).
- mt76: connac: fix last_chan configuration in mt76_connac_mcu_rate_txpower_band (bsc#1209980).
- mt76: connac: fix unresolved symbols when CONFIG_PM is unset (bsc#1209980).
- mt76: connac: introduce MCU_CE_CMD macro (bsc#1209980).
- mt76: connac: introduce MCU_EXT macros (bsc#1209980).
- mt76: connac: introduce MCU_UNI_CMD macro (bsc#1209980).
- mt76: connac: introduce is_connac_v1 utility routine (bsc#1209980).
- mt76: connac: make read-only array ba_range static const (bsc#1209980).
- mt76: connac: move mcu reg access utility routines in mt76_connac_lib module (bsc#1209980).
- mt76: connac: move mt76_connac_chan_bw in common code (bsc#1209980).
- mt76: connac: move mt76_connac_lmac_mapping in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_add_key in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_basic_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_ext_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_bss_omac_tlv in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_gen_dl_mode in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_get_cipher in common code (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_rdd_cmd in mt76-connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_restart in common module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_set_pm in connac module (bsc#1209980).
- mt76: connac: move mt76_connac_mcu_wtbl_update_hdr_trans in connac module (bsc#1209980).
- mt76: connac: rely on MCU_CMD macro (bsc#1209980).
- mt76: connac: rely on le16_add_cpu in mt76_connac_mcu_add_nested_tlv (bsc#1209980).
- mt76: connac: remove MCU_FW_PREFIX bit (bsc#1209980).
- mt76: connac: remove PHY_MODE_AX_6G configuration in mt76_connac_get_phy_mode (bsc#1209980).
- mt76: connac: set 6G phymode in mt76_connac_get_phy_mode{,v2} (bsc#1209980).
- mt76: connac: set 6G phymode in single-sku support (bsc#1209980).
- mt76: debugfs: fix queue reporting for mt76-usb (bsc#1209980).
- mt76: debugfs: improve queue node readability (bsc#1209980).
- mt76: disable BH around napi_schedule() calls (bsc#1209980).
- mt76: do not access 802.11 header in ccmp check for 802.3 rx skbs (bsc#1209980).
- mt76: do not always copy ethhdr in reverse_frag0_hdr_trans (bsc#1209980).
- mt76: do not reset MIB counters in get_stats callback (bsc#1209980).
- mt76: eeprom: tolerate corrected bit-flips (bsc#1209980).
- mt76: fill boottime_ns in Rx path (bsc#1209980).
- mt76: fix antenna config missing in 6G cap (bsc#1209980).
- mt76: fix boolreturn.cocci warnings (bsc#1209980).
- mt76: fix dfs state issue with 160 MHz channels (bsc#1209980).
- mt76: fix endianness errors in reverse_frag0_hdr_trans (bsc#1209980).
- mt76: fix invalid rssi report (bsc#1209980).
- mt76: fix key pointer overwrite in mt7921s_write_txwi/mt7663_usb_sdio_write_txwi (bsc#1209980).
- mt76: fix monitor rx FCS error in DFS channel (bsc#1209980).
- mt76: fix possible OOB issue in mt76_calculate_default_rate (bsc#1209980).
- mt76: fix possible pktid leak (bsc#1209980).
- mt76: fix the wiphy's available antennas to the correct value (bsc#1209980).
- mt76: fix timestamp check in tx_status (bsc#1209980).
- mt76: fix tx status related use-after-free race on station removal (bsc#1209980).
- mt76: fix use-after-free by removing a non-RCU wcid pointer (git-fixes).
- mt76: fix wrong HE data rate in sniffer tool (bsc#1209980).
- mt76: improve signal strength reporting (bsc#1209980).
- mt76: introduce packet_id idr (bsc#1209980).
- mt76: make mt76_sar_capa static (bsc#1209980).
- mt76: move mt76_ethtool_worker_info in mt76 module (bsc#1209980).
- mt76: move mt76_sta_stats in mt76.h (bsc#1209980).
- mt76: move sar utilities to mt76-core module (bsc#1209980).
- mt76: move sar_capa configuration in common code (bsc#1209980).
- mt76: move spin_lock_bh to spin_lock in tasklet (bsc#1209980).
- mt76: mt7603: improve reliability of tx powersave filtering (bsc#1209980).
- mt76: mt7603: introduce SAR support (bsc#1209980).
- mt76: mt7615: add support for LG LGSBWAC02 (MT7663BUN) (bsc#1209980).
- mt76: mt7615: apply cached RF data for DBDC (bsc#1209980).
- mt76: mt7615: clear mcu error interrupt status on mt7663 (bsc#1209980).
- mt76: mt7615: fix a possible race enabling/disabling runtime-pm (bsc#1209980).
- mt76: mt7615: fix compiler warning on frame size (bsc#1209980).
- mt76: mt7615: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980).
- mt76: mt7615: fix throughput regression on DFS channels (bsc#1209980).
- mt76: mt7615: fix unused tx antenna mask in testmode (bsc#1209980).
- mt76: mt7615: fix/rewrite the dfs state handling logic (bsc#1209980).
- mt76: mt7615: honor ret from mt7615_mcu_restart in mt7663u_mcu_init (bsc#1209980).
- mt76: mt7615: in debugfs queue stats, skip wmm index 3 on mt7663 (bsc#1209980).
- mt76: mt7615: introduce SAR support (bsc#1209980).
- mt76: mt7615: move mt7615_mcu_set_p2p_oppps in mt76_connac module (bsc#1209980).
- mt76: mt7615: remove dead code in get_omac_idx (bsc#1209980).
- mt76: mt7615: update bss_info with cipher after setting the group key (bsc#1209980).
- mt76: mt7615e: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7663: disable 4addr capability (bsc#1209980).
- mt76: mt7663s: flush runtime-pm queue after waking up the device (bsc#1209980).
- mt76: mt7663s: rely on mcu reg access utility (bsc#1209980).
- mt76: mt7663u: introduce mt7663u_mcu_power_on routine (bsc#1209980).
- mt76: mt76_connac: fix MCU_CE_CMD_SET_ROC definition error (bsc#1209980).
- mt76: mt76x02: improve tx hang detection (bsc#1209980).
- mt76: mt76x02: introduce SAR support (bsc#1209980).
- mt76: mt76x02: use mt76_phy_dfs_state to determine radar detector state (bsc#1209980).
- mt76: mt76x0: correct VHT MCS 8/9 tx power eeprom offset (bsc#1209980).
- mt76: mt7915: Fix PCI device refcount leak in mt7915_pci_init_hif2() (bsc#1209980).
- mt76: mt7915: Fix channel state update error issue (bsc#1209980).
- mt76: mt7915: add 6 GHz support (bsc#1209980).
- mt76: mt7915: add HE-LTF into fixed rate command (bsc#1209980).
- mt76: mt7915: add LED support (bsc#1209980).
- mt76: mt7915: add WA firmware log support (bsc#1209980).
- mt76: mt7915: add control knobs for thermal throttling (bsc#1209980).
- mt76: mt7915: add debugfs knobs for MCU utilization (bsc#1209980).
- mt76: mt7915: add default calibrated data support (bsc#1209980).
- mt76: mt7915: add device id for mt7916 (bsc#1209980).
- mt76: mt7915: add ethtool stats support (bsc#1209980).
- mt76: mt7915: add firmware support for mt7916 (bsc#1209980).
- mt76: mt7915: add mib counters to ethtool stats (bsc#1209980).
- mt76: mt7915: add missing DATA4_TB_SPTL_REUSE1 to mt7915_mac_decode_he_radiotap (bsc#1209980).
- mt76: mt7915: add more MIB registers (bsc#1209980).
- mt76: mt7915: add mt7915_mmio_probe() as a common probing function (bsc#1209980).
- mt76: mt7915: add mt7916 calibrated data support (bsc#1209980).
- mt76: mt7915: add mu-mimo and ofdma debugfs knobs (bsc#1209980).
- mt76: mt7915: add some per-station tx stats to ethtool (bsc#1209980).
- mt76: mt7915: add support for MT7986 (bsc#1209980).
- mt76: mt7915: add support for passing chip/firmware debug data to user space (bsc#1209980).
- mt76: mt7915: add twt_stats knob in debugfs (bsc#1209980).
- mt76: mt7915: add tx mu/su counters to mib (bsc#1209980).
- mt76: mt7915: add tx stats gathered from tx-status callbacks (bsc#1209980).
- mt76: mt7915: add txfree event v3 (bsc#1209980).
- mt76: mt7915: add txpower init for 6GHz (bsc#1209980).
- mt76: mt7915: allow beaconing on all chains (bsc#1209980).
- mt76: mt7915: change max rx len limit of hw modules (bsc#1209980).
- mt76: mt7915: check band idx for bcc event (bsc#1209980).
- mt76: mt7915: check for devm_pinctrl_get() failure (bsc#1209980).
- mt76: mt7915: do not pass data pointer to mt7915_mcu_muru_debug_set (bsc#1209980).
- mt76: mt7915: enable HE UL MU-MIMO (bsc#1209980).
- mt76: mt7915: enable configured beacon tx rate (bsc#1209980).
- mt76: mt7915: enable radar background detection (bsc#1209980).
- mt76: mt7915: enable radar trigger on rdd2 (bsc#1209980).
- mt76: mt7915: enable twt responder capability (bsc#1209980).
- mt76: mt7915: enlarge wcid size to 544 (bsc#1209980).
- mt76: mt7915: fix DBDC default band selection on MT7915D (bsc#1209980).
- mt76: mt7915: fix DFS no radar detection event (bsc#1209980).
- mt76: mt7915: fix SMPS operation fail (bsc#1209980).
- mt76: mt7915: fix WMM index on DBDC cards (bsc#1209980).
- mt76: mt7915: fix beamforming mib stats (bsc#1209980).
- mt76: mt7915: fix decap offload corner case with 4-addr VLAN frames (bsc#1209980).
- mt76: mt7915: fix eeprom fields of txpower init values (bsc#1209980).
- mt76: mt7915: fix endiannes warning mt7915_mcu_beacon_check_caps (bsc#1209980).
- mt76: mt7915: fix endianness warnings in mt7915_debugfs_rx_fw_monitor (bsc#1209980).
- mt76: mt7915: fix endianness warnings in mt7915_mac_tx_free() (bsc#1209980).
- mt76: mt7915: fix he_mcs capabilities for 160mhz (bsc#1209980).
- mt76: mt7915: fix incorrect testmode ipg on band 1 caused by wmm_idx (git-fixes).
- mt76: mt7915: fix mcs_map in mt7915_mcu_set_sta_he_mcs() (bsc#1209980).
- mt76: mt7915: fix missing HE phy cap (bsc#1209980).
- mt76: mt7915: fix phy cap in mt7915_set_stream_he_txbf_caps() (bsc#1209980).
- mt76: mt7915: fix polling firmware-own status (git-fixes).
- mt76: mt7915: fix possible NULL pointer dereference in mt7915_mac_fill_rx_vector (git-fixes).
- mt76: mt7915: fix possible memory leak in mt7915_mcu_add_sta (bsc#1209980).
- mt76: mt7915: fix possible uninitialized pointer dereference in mt7986_wmac_gpio_setup (bsc#1209980).
- mt76: mt7915: fix potential NPE in TXS processing (bsc#1209980).
- mt76: mt7915: fix potential memory leak of fw monitor packets (bsc#1209980).
- mt76: mt7915: fix return condition in mt7915_tm_reg_backup_restore() (bsc#1209980).
- mt76: mt7915: fix the muru tlv issue (bsc#1209980).
- mt76: mt7915: fix the nss setting in bitrates (bsc#1209980).
- mt76: mt7915: fix twt table_mask to u16 in mt7915_dev (bsc#1209980).
- mt76: mt7915: fix txbf starec TLV issues (bsc#1209980).
- mt76: mt7915: fix typos in comments (bsc#1209980).
- mt76: mt7915: fix/rewrite the dfs state handling logic (bsc#1209980).
- mt76: mt7915: get rid of mt7915_mcu_set_fixed_rate routine (bsc#1209980).
- mt76: mt7915: honor all possible error conditions in mt7915_mcu_init() (bsc#1209980).
- mt76: mt7915: improve code readability for xmit-queue handler (bsc#1209980).
- mt76: mt7915: improve code readability in mt7915_mcu_sta_bfer_ht (bsc#1209980).
- mt76: mt7915: improve starec readability of txbf (bsc#1209980).
- mt76: mt7915: improve wmm index allocation (bsc#1209980).
- mt76: mt7915: initialize smps mode in mt7915_mcu_sta_rate_ctrl_tlv() (bsc#1209980).
- mt76: mt7915: introduce SAR support (bsc#1209980).
- mt76: mt7915: introduce __mt7915_get_tsf routine (bsc#1209980).
- mt76: mt7915: introduce band_idx in mt7915_phy (bsc#1209980).
- mt76: mt7915: introduce bss coloring support (bsc#1209980).
- mt76: mt7915: introduce mt76 debugfs sub-dir for ext-phy (bsc#1209980).
- mt76: mt7915: introduce mt76_vif in mt7915_vif (bsc#1209980).
- mt76: mt7915: introduce mt7915_mac_add_twt_setup routine (bsc#1209980).
- mt76: mt7915: introduce mt7915_mcu_beacon_check_caps() (bsc#1209980).
- mt76: mt7915: introduce mt7915_mcu_twt_agrt_update mcu command (bsc#1209980).
- mt76: mt7915: introduce mt7915_set_radar_background routine (bsc#1209980).
- mt76: mt7915: introduce rdd_monitor debugfs node (bsc#1209980).
- mt76: mt7915: move pci specific code back to pci.c (bsc#1209980).
- mt76: mt7915: move tx amsdu stats in mib_stats (bsc#1209980).
- mt76: mt7915: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7915: refine register definition (bsc#1209980).
- mt76: mt7915: rely on mt76_connac definitions (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_get_phy utilities (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_add_tlv routine (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_alloc_sta_req (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_alloc_wtbl_req (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_init_download (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_patch_sem_ctrl/mt76_connac_mcu_start_patch (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_set_rts_thresh (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_ba (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_ba_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_basic_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_sta_uapsd (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_start_firmware (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_ba_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_generic_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_hdr_trans_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_ht_tlv (bsc#1209980).
- mt76: mt7915: rely on mt76_connac_mcu_wtbl_smps_tlv (bsc#1209980).
- mt76: mt7915: remove dead code in debugfs code (bsc#1209980).
- mt76: mt7915: remove duplicated defs in mcu.h (bsc#1209980).
- mt76: mt7915: remove mt7915_mcu_add_he() (bsc#1209980).
- mt76: mt7915: rename debugfs tx-queues (bsc#1209980).
- mt76: mt7915: report radar pattern if detected by rdd2 (bsc#1209980).
- mt76: mt7915: report rx mode value in mt7915_mac_fill_rx_rate (bsc#1209980).
- mt76: mt7915: rework .set_bitrate_mask() to support more options (bsc#1209980).
- mt76: mt7915: rework debugfs fixed-rate knob (bsc#1209980).
- mt76: mt7915: rework debugfs queue info (bsc#1209980).
- mt76: mt7915: rework dma.c to adapt mt7916 changes (bsc#1209980).
- mt76: mt7915: rework eeprom.c to adapt mt7916 changes (bsc#1209980).
- mt76: mt7915: rework mt7915_mcu_sta_muru_tlv() (bsc#1209980).
- mt76: mt7915: rework starec TLV tags (bsc#1209980).
- mt76: mt7915: run mt7915_get_et_stats holding mt76 mutex (bsc#1209980).
- mt76: mt7915: send EAPOL frames at lowest rate (bsc#1209980).
- mt76: mt7915: set VTA bit in tx descriptor (bsc#1209980).
- mt76: mt7915: set band1 TGID field in tx descriptor (bsc#1209980).
- mt76: mt7915: set bssinfo/starec command when adding interface (bsc#1209980).
- mt76: mt7915: set muru platform type (bsc#1209980).
- mt76: mt7915: simplify conditional (bsc#1209980).
- mt76: mt7915: switch proper tx arbiter mode in testmode (bsc#1209980).
- mt76: mt7915: update bss_info with cipher after setting the group key (bsc#1209980).
- mt76: mt7915: update mac timing settings (bsc#1209980).
- mt76: mt7915: update max_mpdu_size in mt7915_mcu_sta_amsdu_tlv() (bsc#1209980).
- mt76: mt7915: update mt7915_chan_mib_offs for mt7916 (bsc#1209980).
- mt76: mt7915: update rx rate reporting for mt7916 (bsc#1209980).
- mt76: mt7915: use min_t() to make code cleaner (bsc#1209980).
- mt76: mt7915e: Add a hwmon attribute to get the actual throttle state (bsc#1209980).
- mt76: mt7915e: Enable thermal management by default (bsc#1209980).
- mt76: mt7915e: Fix degraded performance after temporary overheat (bsc#1209980).
- mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (git-fixes).
- mt76: mt7921: add 6GHz support (bsc#1209980).
- mt76: mt7921: add MT7921_COMMON module (bsc#1209980).
- mt76: mt7921: add MU EDCA cmd support (bsc#1209980).
- mt76: mt7921: add delay config for sched scan (bsc#1209980).
- mt76: mt7921: add mt7921u driver (bsc#1209980).
- mt76: mt7921: add per-vif counters in ethtool (bsc#1209980).
- mt76: mt7921: add some more MIB counters (bsc#1209980).
- mt76: mt7921: add sta stats accounting in mt7921_mac_add_txs_skb (bsc#1209980).
- mt76: mt7921: add support for PCIe ID 0x0608/0x0616 (bsc#1209980).
- mt76: mt7921: add support for tx status reporting (bsc#1209980).
- mt76: mt7921: clear pm->suspended in mt7921_mac_reset_work (bsc#1209980).
- mt76: mt7921: disable 4addr capability (bsc#1209980).
- mt76: mt7921: disable runtime pm for usb (bsc#1209980).
- mt76: mt7921: do not always disable fw runtime-pm (bsc#1209980).
- mt76: mt7921: do not enable beacon filter when IEEE80211_CONF_CHANGE_MONITOR is set (bsc#1209980).
- mt76: mt7921: do not update pm states in case of error (git-fixes).
- mt76: mt7921: fix MT7921E reset failure (bsc#1209980).
- mt76: mt7921: fix Wformat build warning (bsc#1209980).
- mt76: mt7921: fix a possible race enabling/disabling runtime-pm (bsc#1209980).
- mt76: mt7921: fix boolreturn.cocci warning (bsc#1209980).
- mt76: mt7921: fix build regression (bsc#1209980).
- mt76: mt7921: fix endianness issues in mt7921_mcu_set_tx() (bsc#1209980).
- mt76: mt7921: fix endianness warnings in mt7921_mac_decode_he_mu_radiotap (bsc#1209980).
- mt76: mt7921: fix ht mcs in mt7921_mac_add_txs_skb() (bsc#1209980).
- mt76: mt7921: fix injected MPDU transmission to not use HW A-MSDU (bsc#1209980).
- mt76: mt7921: fix kernel crash at mt7921_pci_remove (git-fixes).
- mt76: mt7921: fix kernel panic by accessing unallocated eeprom.data (git-fixes).
- mt76: mt7921: fix mt7921s Kconfig (bsc#1209980).
- mt76: mt7921: fix network buffer leak by txs missing (bsc#1209980).
- mt76: mt7921: fix possible NULL pointer dereference in mt7921_mac_write_txwi (bsc#1209980).
- mt76: mt7921: fix up the monitor mode (bsc#1209980).
- mt76: mt7921: fix xmit-queue dump for usb and sdio (bsc#1209980).
- mt76: mt7921: forbid the doze mode when coredump is in progress (bsc#1209980).
- mt76: mt7921: get rid of monitor_vif (bsc#1209980).
- mt76: mt7921: get rid of mt7921_mcu_get_eeprom (bsc#1209980).
- mt76: mt7921: get rid of mt7921_wait_for_mcu_init declaration (bsc#1209980).
- mt76: mt7921: honor mt76_connac_mcu_set_rate_txpower return value in mt7921_config (bsc#1209980).
- mt76: mt7921: honor pm user configuration in mt7921_sniffer_interface_iter (bsc#1209980).
- mt76: mt7921: introduce 160 MHz channel bandwidth support (bsc#1209980).
- mt76: mt7921: introduce mt7921s support (bsc#1209980).
- mt76: mt7921: introduce stats reporting through ethtool (bsc#1209980).
- mt76: mt7921: make all event parser reusable between mt7921s and mt7921e (bsc#1209980).
- mt76: mt7921: make mt7921_init_tx_queues static (bsc#1209980).
- mt76: mt7921: move mt76_connac_mcu_set_hif_suspend to bus-related files (bsc#1209980).
- mt76: mt7921: move mt7921_init_hw in a dedicated work (bsc#1209980).
- mt76: mt7921: move mt7921_queue_rx_skb to mac.c (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_complete_skb in common mac code (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_prepare_skb in common mac code (bsc#1209980).
- mt76: mt7921: move mt7921_usb_sdio_tx_status_data in mac common code (bsc#1209980).
- mt76: mt7921: move tx amsdu stats in mib_stats (bsc#1209980).
- mt76: mt7921: reduce log severity levels for informative messages (bsc#1209980).
- mt76: mt7921: refactor dma.c to be pcie specific (bsc#1209980).
- mt76: mt7921: refactor init.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mac.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mcu.c to be bus independent (bsc#1209980).
- mt76: mt7921: refactor mt7921_mcu_send_message (bsc#1209980).
- mt76: mt7921: rely on mcu_get_nic_capability (bsc#1209980).
- mt76: mt7921: remove dead definitions (bsc#1209980).
- mt76: mt7921: remove duplicated code in mt7921_mac_decode_he_radiotap (bsc#1209980).
- mt76: mt7921: remove mcu rate reporting code (bsc#1209980).
- mt76: mt7921: remove mt7921_sta_stats (bsc#1209980).
- mt76: mt7921: report tx rate directly from tx status (bsc#1209980).
- mt76: mt7921: robustify hardware initialization flow (bsc#1209980).
- mt76: mt7921: send EAPOL frames at lowest rate (bsc#1209980).
- mt76: mt7921: set EDCA parameters with the MCU CE command (bsc#1209980).
- mt76: mt7921: start reworking tx rate reporting (bsc#1209980).
- mt76: mt7921: toggle runtime-pm adding a monitor vif (bsc#1209980).
- mt76: mt7921: update mib counters dumping phy stats (bsc#1209980).
- mt76: mt7921: update mt7921_skb_add_usb_sdio_hdr to support usb (bsc#1209980).
- mt76: mt7921: use correct iftype data on 6GHz cap init (bsc#1209980).
- mt76: mt7921: use mt76_hw instead of open coding it (bsc#1209980).
- mt76: mt7921: use physical addr to unify register access (bsc#1209980).
- mt76: mt7921e: fix possible probe failure after reboot (bsc#1198835).
- mt76: mt7921e: make dev->fw_assert usage consistent (bsc#1209980).
- mt76: mt7921e: process txfree and txstatus without allocating skbs (bsc#1209980).
- mt76: mt7921s: add reset support (bsc#1209980).
- mt76: mt7921s: clear MT76_STATE_MCU_RUNNING immediately after reset (bsc#1209980).
- mt76: mt7921s: fix a possible memory leak in mt7921_load_patch (bsc#1209980).
- mt76: mt7921s: fix bus hang with wrong privilege (bsc#1209980).
- mt76: mt7921s: fix cmd timeout in throughput test (bsc#1209980).
- mt76: mt7921s: fix firmware download random fail (bsc#1209980).
- mt76: mt7921s: fix missing fc type/sub-type for 802.11 pkts (bsc#1209980).
- mt76: mt7921s: fix mt7921s_mcu_[fw|drv]_pmctrl (bsc#1209980).
- mt76: mt7921s: fix possible kernel crash due to invalid Rx count (bsc#1209980).
- mt76: mt7921s: fix possible sdio deadlock in command fail (bsc#1209980).
- mt76: mt7921s: fix suspend error with enlarging mcu timeout value (bsc#1209980).
- mt76: mt7921s: fix the device cannot sleep deeply in suspend (bsc#1209980).
- mt76: mt7921s: make pm->suspended usage consistent (bsc#1209980).
- mt76: mt7921s: run sleep mode by default (bsc#1209980).
- mt76: mt7921s: update mt7921s_wfsys_reset sequence (bsc#1209980).
- mt76: only access ieee80211_hdr after mt76_insert_ccmp_hdr (bsc#1209980).
- mt76: only set rx radiotap flag from within decoder functions (bsc#1209980).
- mt76: redefine mt76_for_each_q_rx to adapt mt7986 changes (bsc#1209980).
- mt76: rely on phy pointer in mt76_register_debugfs_fops routine signature (bsc#1209980).
- mt76: remove mt76_wcid pointer from mt76_tx_status_check signature (bsc#1209980).
- mt76: remove variable set but not used (bsc#1209980).
- mt76: reverse the first fragmented frame to 802.11 (bsc#1209980).
- mt76: schedule status timeout at dma completion (bsc#1209980).
- mt76: sdio: disable interrupt in mt76s_sdio_irq (bsc#1209980).
- mt76: sdio: export mt76s_alloc_rx_queue and mt76s_alloc_tx routines (bsc#1209980).
- mt76: sdio: extend sdio module to support CONNAC2 (bsc#1209980).
- mt76: sdio: honor the largest Tx buffer the hardware can support (bsc#1209980).
- mt76: sdio: introduce parse_irq callback (bsc#1209980).
- mt76: sdio: lock sdio when it is needed (bsc#1209980).
- mt76: sdio: move common code in mt76_sdio module (bsc#1209980).
- mt76: set wlan_idx_hi on mt7916 (bsc#1209980).
- mt76: split single ldpc cap bit into bits (bsc#1209980).
- mt76: substitute sk_buff_head status_list with spinlock_t status_lock (bsc#1209980).
- mt76: support reading EEPROM data embedded in fdt (bsc#1209980).
- mt76: switch from 'pci_' to 'dma_' API (bsc#1209980).
- mt76: testmode: add support to set MAC (bsc#1209980).
- mt76: usb: add req_type to ___mt76u_rr signature (bsc#1209980).
- mt76: usb: add req_type to ___mt76u_wr signature (bsc#1209980).
- mt76: usb: introduce __mt76u_init utility routine (bsc#1209980).
- mt76: use IEEE80211_OFFLOAD_ENCAP_ENABLED instead of MT_DRV_AMSDU_OFFLOAD (bsc#1209980).
- mt76: use a separate CCMP PN receive counter for management frames (bsc#1209980).
- mt76: use le32/16_get_bits() whenever possible (bsc#1209980).
- mt76x02: improve mac error check/reset reliability (bsc#1209980).
- mtd: core: fix error path for nvmem provider (git-fixes).
- mtd: core: fix nvmem error reporting (git-fixes).
- mtd: core: provide unique name for nvmem device, take two (git-fixes).
- mtd: dataflash: remove duplicate SPI ID table (git-fixes).
- mtd: rawnand: fsl_elbc: Propagate HW ECC settings to HW (git-fixes).
- mtd: rawnand: ingenic: fix empty stub helper definitions (git-fixes).
- mtd: rawnand: marvell: do not set the NAND frequency select (git-fixes).
- mtd: rawnand: marvell: ensure timing values are written (git-fixes).
- mtd: rawnand: meson: fix bitmask for length in command word (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- mtd: rawnand: meson: invalidate cache on polling ECC bit (git-fixes).
- mtd: rawnand: stm32_fmc2: remove unsupported EDO mode (git-fixes).
- mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min (git-fixes).
- mtd: rawnand: sunxi: Clean up chips after failed init (git-fixes).
- mtd: rawnand: sunxi: Fix the size of the last OOB region (git-fixes).
- mtd: spi-nor: Fix a trivial typo (git-fixes).
- mtd: spi-nor: Fix shift-out-of-bounds in spi_nor_set_erase_type (git-fixes).
- mtd: spi-nor: core: fix implicit declaration warning (git-fixes).
- mtd: spi-nor: sfdp: Fix index value for SCCR dwords (git-fixes).
- mtd: spi-nor: spansion: Consider reserved bits in CFR5 register (git-fixes).
- mtdblock: tolerate corrected bit-flips (git-fixes).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix hungtask when nbd_config_put (git-fixes).
- nbd: add missing definition of pr_fmt (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- net/iucv: Fix size of interrupt data (bsc#1211465 git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: Collect command failures data only for known commands (jsc#PED-1549).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549).
- net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#1195175).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549).
- net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549).
- net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549).
- net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Expose SF firmware pages counter (jsc#PED-1549).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix command stats access after free (jsc#PED-1549).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549).
- net/mlx5: Fix steering rules cleanup (jsc#PED-1549).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#PED-1549).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549).
- net/mlx5: Store page counters in a single array (jsc#PED-1549).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549).
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549).
- net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549).
- net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549).
- net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549).
- net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549).
- net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549).
- net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Initialize link speed to zero (jsc#PED-1549).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549).
- net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549).
- net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549).
- net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549).
- net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549).
- net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/rose: Fix to not accept on connected socket (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (git-fixes).
- net/tg3: resolve deadlock in tg3_reset_task() during EEH (bsc#1207842).
- net/usb: kalmia: Do not pass act_len in usb_bulk_msg error path (git-fixes).
- net/x25: Fix to not accept on connected socket (git-fixes).
- net: USB: Fix wrong-direction WARNING in plusb.c (git-fixes).
- net: accept UFOv6 packages in virtio_net_hdr_to_skb (git-fixes).
- net: add missing include in include/net/gro.h (git-fixes).
- net: asix: fix modprobe 'sysfs: cannot create duplicate filename' (git-fixes).
- net: cdc_ncm: Deal with too low values of dwNtbOutMaxSize (git-fixes).
- net: devlink: Fix missing mutex_unlock() call (git-fixes).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: linkwatch: be more careful about dev->linkwatch_dev_tracker (git-fixes).
- net: mana: Add new MANA VF performance counters for easier troubleshooting (bsc#1209982).
- net: mana: Add support for auxiliary device (bsc#1210741 jsc#PED-4022).
- net: mana: Add support for jumbo frame (bsc#1210551).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Check if netdev/napi_alloc_frag returns single page (bsc#1210551).
- net: mana: Define and process GDMA response code GDMA_STATUS_MORE_ENTRIES (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for allocating doorbell page from GDMA (bsc#1210741 jsc#PED-4022).
- net: mana: Define data structures for protection domain and memory registration (bsc#1210741 jsc#PED-4022).
- net: mana: Define max values for SGL entries (bsc#1210741 jsc#PED-4022).
- net: mana: Enable RX path to handle various MTU sizes (bsc#1210551).
- net: mana: Export Work Queue functions for use by RDMA driver (bsc#1210741 jsc#PED-4022).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters (git-fixes).
- net: mana: Handle vport sharing between devices (bsc#1210741 jsc#PED-4022).
- net: mana: Move header files to a common location (bsc#1210741 jsc#PED-4022).
- net: mana: Record port number in netdev (bsc#1210741 jsc#PED-4022).
- net: mana: Record the physical address for doorbell page region (bsc#1210741 jsc#PED-4022).
- net: mana: Refactor RX buffer allocation code to prepare for various MTU (bsc#1210551).
- net: mana: Rename mana_refill_rxoob and remove some empty lines (bsc#1210551).
- net: mana: Set the DMA device max segment size (bsc#1210741 jsc#PED-4022).
- net: mana: Use napi_build_skb in RX path (bsc#1210551).
- net: mdio: mvusb: Fix an error handling path in mvusb_mdio_probe() (git-fixes).
- net: mdio: thunder: Add missing fwnode_handle_put() (git-fixes).
- net: mellanox: mlxbf_gige: Fix skb_panic splat under memory pressure (bsc#1211564).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: natsemi: fix hw address initialization for jazz and xtensa (git-fixes).
- net: of: fix stub of_net helpers for CONFIG_NET=n (git-fixes).
- net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() (git-fixes).
- net: phy: Ensure state transitions are processed from phy_stop() (git-fixes).
- net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices (git-fixes).
- net: phy: dp83867: add w/a for packet errors seen with short cables (git-fixes).
- net: phy: dp83869: fix default value for tx-/rx-internal-delay (git-fixes).
- net: phy: meson-gxl: Add generic dummy stubs for MMD register access (git-fixes).
- net: phy: meson-gxl: use MMD access dummy stubs for GXL, internal PHY (git-fixes).
- net: phy: mxl-gpy: add MDINT workaround (git-fixes).
- net: phy: nxp-c45-tja11xx: add remove callback (git-fixes).
- net: phy: nxp-c45-tja11xx: fix MII_BASIC_CONFIG_REV bit (git-fixes).
- net: phy: nxp-c45-tja11xx: fix unsigned long multiplication overflow (git-fixes).
- net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails (git-fixes).
- net: qcom/emac: Fix use after free bug in emac_remove due to race condition (git-fixes).
- net: qrtr: correct types of trace event parameters (git-fixes).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: skip virtio_net_hdr_set_proto if protocol already set (git-fixes).
- net: tun: avoid disabling NAPI twice (git-fixes).
- net: tun: fix bugs for oversize packet when napi frags enabled (git-fixes).
- net: tun: stop NAPI when detaching queues (git-fixes).
- net: tun: unlink NAPI from device on destruction (git-fixes).
- net: usb: asix: remove redundant assignment to variable reg (git-fixes).
- net: usb: cdc_ether: add support for Thales Cinterion PLS62-W modem (git-fixes).
- net: usb: cdc_mbim: avoid altsetting toggling for Telit FE990 (git-fixes).
- net: usb: lan78xx: Limit packet length to skb->len (git-fixes).
- net: usb: qmi_wwan: Set DTR quirk for BroadMobi BM818 (git-fixes).
- net: usb: qmi_wwan: add Telit 0x1080 composition (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- net: usb: smsc75xx: Limit packet length to skb->len (git-fixes).
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (git-fixes).
- net: usb: smsc95xx: Limit packet length to skb->len (git-fixes).
- net: usb: use eth_hw_addr_set() (git-fixes).
- net: virtio_net_hdr_to_skb: count transport header in UFO (git-fixes).
- netrom: Fix use-after-free caused by accept on already connected socket (git-fixes).
- netrom: Fix use-after-free of a listening socket (git-fixes).
- nfc: change order inside nfc_se_io error path (git-fixes).
- nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties (git-fixes).
- nfc: fix memory leak of se_io context in nfc_genl_se_io (git-fixes).
- nfc: pn533: initialize struct pn533_out_arg properly (git-fixes).
- nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: flower-ct: fix error return code in nfp_fl_ct_add_offload() (git-fixes).
- nfp: flower: fix ingress police using matchall filter (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nfs4: Fix kmemleak when allocate slot failed (git-fixes).
- nfs4trace: fix state manager flag printing (git-fixes).
- nfs: Always initialise fattr->label in nfs_fattr_alloc() (git-fixes).
- nfs: Avoid writeback threads getting stuck in mempool_alloc() (git-fixes).
- nfs: Cleanup unused rpc_clnt variable (git-fixes).
- nfs: Create a new nfs_alloc_fattr_with_label() function (git-fixes).
- nfs: Do not allocate nfs_fattr on the stack in __nfs42_ssc_open() (git-fixes).
- nfs: Fix an Oops in nfs_d_automount() (git-fixes).
- nfs: Further optimisations for 'ls -l' (git-fixes).
- nfs: Pass i_size to fscache_unuse_cookie() when a file is released (git-fixes).
- nfs: fix disabling of swap (git-fixes).
- nfs: nfs4clinet: check the return value of kstrdup() (git-fixes).
- nfs: nfsiod should not block forever in mempool_alloc() (git-fixes).
- nfsd: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL (git-fixes).
- nfsd: COMMIT operations must not return NFS?ERR_INVAL (git-fixes).
- nfsd: De-duplicate net_generic(nf->nf_net, nfsd_net_id) (git-fixes).
- nfsd: Finish converting the NFSv2 GETACL result encoder (git-fixes).
- nfsd: Finish converting the NFSv3 GETACL result encoder (git-fixes).
- nfsd: Fix a memory leak in an error handling path (git-fixes).
- nfsd: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes).
- nfsd: Fix nfsd_breaker_owns_lease() return values (git-fixes).
- nfsd: Have legacy NFSD WRITE decoders use xdr_stream_subsegment() (git-fixes).
- nfsd: Protect against filesystem freezing (git-fixes).
- nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes).
- nfsd: call op_release, even when op_func returns an error (git-fixes).
- nfsd: callback request does not use correct credential for AUTH_SYS (git-fixes).
- nfsd: do not call nfsd_file_put from client states seqfile display (git-fixes).
- nfsd: fix handling of readdir in v4root vs. mount upcall timeout (git-fixes).
- nfsd: fix leaked reference count of nfsd4_ssc_umount_item (git-fixes).
- nfsd: fix problems with cleanup on errors in nfsd4_copy (git-fixes).
- nfsd: fix race to check ls_layouts (git-fixes).
- nfsd: fix use-after-free in nfsd4_ssc_setup_dul() (git-fixes).
- nfsd: fix use-after-free on source server when doing inter-server copy (git-fixes).
- nfsd: pass range end to vfs_fsync_range() instead of count (git-fixes).
- nfsd: shut down the NFSv4 state objects before the filecache (git-fixes).
- nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure (git-fixes).
- nfsd: zero out pointers after putting nfsd_files on COPY setup error (git-fixes).
- nfsv3: handle out-of-order write replies (bsc#1205544).
- nfsv4 expose nfs_parse_server_name function (git-fixes).
- nfsv4 handle port presence in fs_location server string (git-fixes).
- nfsv4 only print the label when its queried (git-fixes).
- nfsv4 remove zero number of fs_locations entries error check (git-fixes).
- nfsv4 store server support for fs_location attribute (git-fixes).
- nfsv4.1 provide mount option to toggle trunking discovery (git-fixes).
- nfsv4.1 query for fs_location attr on a new file system (git-fixes).
- nfsv4.1: Fix uninitialised variable in devicenotify (git-fixes).
- nfsv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes).
- nfsv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes).
- nfsv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes).
- nfsv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes).
- nfsv4.2: Fix initialisation of struct nfs4_label (git-fixes).
- nfsv4.2: Fixup CLONE dest file size for zero-length count (git-fixes).
- nfsv4.2: fix reference count leaks in _nfs42_proc_copy_notify() (git-fixes).
- nfsv4.x: Fail client initialisation if state manager thread can't run (git-fixes).
- nfsv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes).
- nfsv4/pnfs: Fix a use-after-free bug in open (git-fixes).
- nfsv4: Add an fattr allocation to _nfs4_discover_trunking() (git-fixes).
- nfsv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes).
- nfsv4: Fix a credential leak in _nfs4_discover_trunking() (git-fixes).
- nfsv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes).
- nfsv4: Fix a potential state reclaim deadlock (git-fixes).
- nfsv4: Fix free of uninitialized nfs4_label on referral lookup (git-fixes).
- nfsv4: Fix hangs when recovering open state after a server reboot (git-fixes).
- nfsv4: Protect the state recovery thread against direct reclaim (git-fixes).
- nfsv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes).
- nfsv4: keep state manager thread active if swap is enabled (git-fixes).
- nilfs2: do not write dirty data after degenerating to read-only (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix general protection fault in nilfs_btree_insert() (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix infinite loop in nilfs_mdt_get_block() (git-fixes).
- nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() (git-fixes).
- nilfs2: fix sysfs interface lifetime (git-fixes).
- nilfs2: fix underflow in second superblock position calculations (git-fixes).
- nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() (git-fixes).
- nilfs2: initialize unused bytes in segment summary blocks (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- ntb: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: Add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- nvdimm: disable namespace on error (bsc#1166486).
- nvme initialize core quirks before calling nvme_init_subsystem (git-fixes).
- nvme-auth: check chap ctrl_key once constructed (bsc#1202633).
- nvme-auth: clear sensitive info right after authentication completes (bsc#1202633).
- nvme-auth: convert dhchap_auth_list to an array (bsc#1202633).
- nvme-auth: do not ignore key generation failures when initializing ctrl keys (bsc#1202633).
- nvme-auth: do not keep long lived 4k dhchap buffer (bsc#1202633).
- nvme-auth: do not override ctrl keys before validation (bsc#1202633).
- nvme-auth: do not re-authenticate if the controller is not LIVE (bsc#1202633).
- nvme-auth: do not use NVMe status codes (bsc#1202633).
- nvme-auth: fix an error code in nvme_auth_process_dhchap_challenge() (bsc#1202633).
- nvme-auth: fix smatch warning complaints (bsc#1202633).
- nvme-auth: guarantee dhchap buffers under memory pressure (bsc#1202633).
- nvme-auth: have dhchap_auth_work wait for queues auth to complete (bsc#1202633).
- nvme-auth: mark nvme_auth_wq static (bsc#1202633).
- nvme-auth: no need to reset chap contexts on re-authentication (bsc#1202633).
- nvme-auth: remove redundant auth_work flush (bsc#1202633).
- nvme-auth: remove redundant buffer deallocations (bsc#1202633).
- nvme-auth: remove redundant deallocations (bsc#1202633).
- nvme-auth: remove redundant if statement (bsc#1202633).
- nvme-auth: remove symbol export from nvme_auth_reset (bsc#1202633).
- nvme-auth: rename __nvme_auth_[reset|free] to nvme_auth[reset|free]_dhchap (bsc#1202633).
- nvme-auth: rename authentication work elements (bsc#1202633).
- nvme-auth: uninitialized variable in nvme_auth_transform_key() (git-fixes).
- nvme-auth: use workqueue dedicated to authentication (bsc#1202633).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-fabrics: show well known discovery name (bsc#1200054).
- nvme-fc: fix a missing queue put in nvmet_fc_ls_create_association (git-fixes).
- nvme-fcloop: fix 'inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage' (git-fixes).
- nvme-hwmon: consistently ignore errors from nvme_hwmon_init (git-fixes).
- nvme-hwmon: kmalloc the NVME SMART log buffer (git-fixes).
- nvme-multipath: fix hang when disk goes live over reconnect (git-fixes).
- nvme-multipath: fix possible hang in live ns resize with ANA access (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme-pci: add bogus ID quirk for ADATA SX6000PNP (bsc#1207827).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme-pci: add quirks for Samsung X5 SSDs (git-fixes).
- nvme-pci: add the IGNORE_DEV_SUBNQN quirk for Intel P4500/P4600 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro5000 SSDs (git-fixes).
- nvme-pci: avoid the deepest sleep state on ZHITAI TiPro7000 SSDs (git-fixes).
- nvme-pci: clear the prp2 field when not used (git-fixes).
- nvme-pci: disable write zeroes on various Kingston SSD (git-fixes).
- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (git-fixes).
- nvme-pci: fix doorbell buffer value endianness (git-fixes).
- nvme-pci: fix mempool alloc size (git-fixes).
- nvme-pci: fix page size checks (git-fixes).
- nvme-pci: fix timeout request state check (git-fixes).
- nvme-pci: mark Lexar NM760 as IGNORE_DEV_SUBNQN (git-fixes).
- nvme-pci: set min_align_mask before calculating max_hw_sectors (git-fixes).
- nvme-rdma: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: always fail a request when sending it failed (bsc#1208902).
- nvme-tcp: fix a possible UAF when failing to allocate an io queue (git-fixes).
- nvme-tcp: fix bogus request completion when failing to send AER (git-fixes).
- nvme-tcp: fix possible circular locking when deleting a controller under memory pressure (git-fixes).
- nvme-tcp: fix possible hang caused during ctrl deletion (git-fixes).
- nvme-tcp: fix regression that causes sporadic requests to time out (git-fixes).
- nvme-tcp: lockdep: annotate in-kernel sockets (git-fixes).
- nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices (git-fixes).
- nvme: add a bogus subsystem NQN quirk for Micron MTFDKBA2T0TFH (git-fixes).
- nvme: add device name to warning in uuid_show() (git-fixes).
- nvme: also return I/O command effects from nvme_command_effects (git-fixes).
- nvme: bring back auto-removal of deleted namespaces during sequential scan (git-fixes).
- nvme: catch -ENODEV from nvme_revalidate_zones again (git-fixes).
- nvme: check for duplicate identifiers earlier (git-fixes).
- nvme: cleanup __nvme_check_ids (git-fixes).
- nvme: copy firmware_rev on each init (git-fixes).
- nvme: define compat_ioctl again to unbreak 32-bit userspace (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- nvme: fix async event trace event (git-fixes).
- nvme: fix discard support without oncs (git-fixes).
- nvme: fix handling single range discard request (git-fixes).
- nvme: fix interpretation of DMRSL (git-fixes).
- nvme: fix multipath crash caused by flush request when blktrace is enabled (git-fixes).
- nvme: fix passthrough csi check (git-fixes).
- nvme: fix per-namespace chardev deletion (git-fixes).
- nvme: fix the CRIMS and CRWMS definitions to match the spec (git-fixes).
- nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition (git-fixes).
- nvme: fix the name of Zone Append for verbose logging (git-fixes).
- nvme: fix the read-only state for zoned namespaces with unsupposed features (git-fixes).
- nvme: generalize the nvme_multi_css check in nvme_scan_ns (git-fixes).
- nvme: improve the NVME_CONNECT_AUTHREQ* definitions (git-fixes).
- nvme: introduce nvme_start_request (bsc#1210565).
- nvme: move nvme_multi_css into nvme.h (git-fixes).
- nvme: move the Samsung X5 quirk entry to the core quirks (git-fixes).
- nvme: rename nvme_validate_or_alloc_ns to nvme_scan_ns (git-fixes).
- nvme: return err on nvme_init_non_mdts_limits fail (git-fixes).
- nvme: send Identify with CNS 06h only to I/O controllers (bsc#1209693).
- nvme: set dma alignment to dword (git-fixes).
- nvme: set non-mdts limits in nvme_scan_work (git-fixes).
- nvme: use command_id instead of req->tag in trace_nvme_complete_rq() (git-fixes).
- nvmet-auth: do not try to cancel a non-initialized work_struct (git-fixes).
- nvmet-tcp: add bounds check on Transfer Tag (git-fixes).
- nvmet-tcp: fix incomplete data digest send (git-fixes).
- nvmet-tcp: fix lockdep complaint on nvmet_tcp_wq flush during queue teardown (git-fixes).
- nvmet-tcp: fix regression in data_digest calculation (git-fixes).
- nvmet-tcp: fix unhandled tcp states in nvmet_tcp_state_change() (git-fixes).
- nvmet: add helpers to set the result field for connect commands (git-fixes).
- nvmet: avoid potential UAF in nvmet_req_complete() (git-fixes).
- nvmet: do not defer passthrough commands with trivial effects to the workqueue (git-fixes).
- nvmet: fix I/O Command Set specific Identify Controller (git-fixes).
- nvmet: fix Identify Active Namespace ID list handling (git-fixes).
- nvmet: fix Identify Controller handling (git-fixes).
- nvmet: fix Identify Namespace handling (git-fixes).
- nvmet: fix a memory leak (git-fixes).
- nvmet: fix a memory leak in nvmet_auth_set_key (git-fixes).
- nvmet: fix a use-after-free (git-fixes).
- nvmet: fix invalid memory reference in nvmet_subsys_attr_qid_max_show (git-fixes).
- nvmet: fix mar and mor off-by-one errors (git-fixes).
- nvmet: fix memory leak in nvmet_subsys_attr_model_store_locked (git-fixes).
- nvmet: fix workqueue MEM_RECLAIM flushing dependency (git-fixes).
- nvmet: force reconnect when number of queue changes (git-fixes).
- nvmet: looks at the passthrough controller when initializing CAP (git-fixes).
- nvmet: move the call to nvmet_ns_changed out of nvmet_ns_revalidate (git-fixes).
- nvmet: only allocate a single slab for bvecs (git-fixes).
- nvmet: use IOCB_NOWAIT only if the filesystem supports it (git-fixes).
- nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it (git-fixes).
- objtool: Add a missing comma to avoid string concatenation (bsc#1207328).
- ocfs2: Fix data corruption after failed write (bsc#1208542).
- ocfs2: clear dinode links count in case of error (bsc#1207650).
- ocfs2: fix BUG when iput after ocfs2_mknod fails (bsc#1207649).
- ocfs2: fix crash when mount with quota enabled (bsc#1207640).
- ocfs2: fix defrag path triggering jbd2 ASSERT (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix memory leak in ocfs2_mount_volume() (bsc#1207652).
- ocfs2: fix memory leak in ocfs2_stack_glue_init() (bsc#1207651).
- ocfs2: fix non-auto defrag path not working issue (bsc#1199304).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- ocfs2: ocfs2_mount_volume does cleanup job before return error (bsc#1207770).
- ocfs2: quota_local: fix possible uninitialized-variable access in ocfs2_local_read_info() (bsc#1207768).
- ocfs2: rewrite error handling of ocfs2_fill_super (bsc#1207771).
- octeon: constify netdev->dev_addr (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- of/address: Return an error when no valid dma-ranges are found (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- pNFS/filelayout: Fix coalescing test for single DS (git-fixes).
- panic: Consolidate open-coded panic_on_warn checks (bsc#1207328).
- panic: Introduce warn_limit (bsc#1207328).
- panic: unset panic_on_warn inside panic() (bsc#1207328).
- pci/aspm: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- pci/aspm: Remove pcie_aspm_pm_state_change() (git-fixes).
- pci/dpc: Await readiness of secondary bus after reset (git-fixes).
- pci/edr: Clear Device Status after EDR error recovery (git-fixes).
- pci/iov: Enlarge virtfn sysfs name buffer (git-fixes).
- pci/pm: Always disable PTM for all devices during suspend (git-fixes).
- pci/pm: Avoid putting Elo i2 PCIe Ports in D3cold (git-fixes).
- pci/pm: Fix bridge_d3_blacklist Elo i2 overwrite of Gigabyte X299 (git-fixes).
- pci/pm: Observe reset delay irrespective of bridge_d3 (git-fixes).
- pci/ptm: Add pci_suspend_ptm() and pci_resume_ptm() (git-fixes).
- pci: Add ACS quirk for Wangxun NICs (git-fixes).
- pci: Add SolidRun vendor ID (git-fixes).
- pci: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- pci: Align extra resources for hotplug bridges properly (git-fixes).
- pci: Avoid FLR for AMD FCH AHCI adapters (git-fixes).
- pci: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (git-fixes).
- pci: Fix dropping valid root bus resources with .end = zero (git-fixes).
- pci: Reduce warnings on possible RW1C corruption (git-fixes).
- pci: Release resource invalidated by coalescing (git-fixes).
- pci: Take other bus devices into account when distributing resources (git-fixes).
- pci: Unify delay handling for reset and resume (git-fixes).
- pci: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (git-fixes).
- pci: aardvark: Fix link training (git-fixes).
- pci: cadence: Fix Gen2 Link Retraining process (git-fixes).
- pci: dwc: Add dw_pcie_ops.host_deinit() callback (git-fixes).
- pci: dwc: Fix PORT_LINK_CONTROL update when CDM check enabled (git-fixes).
- pci: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- pci: ftpci100: Release the clock resources (git-fixes).
- pci: hotplug: Allow marking devices as disconnected during bind/unbind (git-fixes).
- pci: hv: Add a per-bus mutex state_lock (bsc#1207185).
- pci: hv: Fix a race condition in hv_irq_unmask() that can cause panic (bsc#1207185).
- pci: hv: Remove the useless hv_pcichild_state from struct hv_pci_dev (bsc#1207185).
- pci: hv: Use async probing to reduce boot time (bsc#1207185).
- pci: hv: fix a race condition bug in hv_pci_query_relations() (bsc#1207185).
- pci: hv: update comment in x86 specific hv_arch_irq_unmask (git-fixes).
- pci: imx6: Install the fault handler only on compatible match (git-fixes).
- pci: loongson: Add more devices that need MRRS quirk (git-fixes).
- pci: loongson: Prevent LS7A MRRS increases (git-fixes).
- pci: mediatek-gen3: Assert resets to ensure expected init state (git-fixes).
- pci: mediatek-gen3: Fix refcount leak in mtk_pcie_init_irq_domains() (git-fixes).
- pci: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- pci: pciehp: Fix AB-BA deadlock between reset_lock and device_lock (git-fixes).
- pci: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- pci: qcom: Fix host-init error handling (git-fixes).
- pci: qcom: Fix pipe clock imbalance (git-fixes).
- pci: qcom: Fix the incorrect register usage in v2.7.0 config (git-fixes).
- pci: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- pci: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- pci: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- pci: rockchip: Set address alignment for endpoint mode (git-fixes).
- pci: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: Write PCI Device ID to correct register (git-fixes).
- pci: switchtec: Return -EFAULT for copy_to_user() errors (git-fixes).
- pci: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- pci: vmd: Reset VMD config register between soft reboots (git-fixes).
- pci: xgene: Revert 'PCI: xgene: Use inbound resources for setup' (git-fixes).
- perf/amd/ibs: Use interrupt regs ip for stack unwinding (git fixes).
- perf/core: Call LSM hook after copying perf_event_attr (git fixes).
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (git fixes).
- perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output (git fixes).
- perf/core: Fix the same task check in perf_event_set_output (git fixes).
- perf/core: Inherit event_caps (git fixes).
- perf/x86/amd: fix potential integer overflow on shift of a int (git fixes).
- perf/x86/intel/cstate: Add Emerald Rapids (PED-4396).
- perf/x86/intel/ds: Fix precise store latency handling (git fixes).
- perf/x86/intel/lbr: Use setup_clear_cpu_cap() instead of clear_cpu_cap() (git fixes).
- perf/x86/intel/pt: Fix sampling using single range output (git fixes).
- perf/x86/intel/pt: Relax address filter validation (git fixes).
- perf/x86/intel/uncore: Add Emerald Rapids (git fixes).
- perf/x86/intel/uncore: Clear attr_update properly (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Disable I/O stacks to PMU mapping on ICX-D (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Icelake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Sapphire Rapids (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Enable UPI topology discovery for Skylake Server (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Fix broken read_counter() for SNB IMC PMU (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in __uncore_imc_init_box() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in hswep_has_limit_sbox() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in sad_cfg_iio_topology() (git fixes).
- perf/x86/intel/uncore: Fix reference count leak in snr_uncore_mmio_map() (git fixes).
- perf/x86/intel/uncore: Generalize IIO topology support (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Generalize get_topology() for SKX PMUs (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Get UPI NodeID and GroupID (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Introduce UPI topology type (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Make set_mapping() procedure void (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel/uncore: Update sysfs-devices-mapping file (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/intel: Add Cooper Lake stepping to isolation_ucodes (git fixes).
- perf/x86/intel: Add Emerald Rapids (git fixes).
- perf/x86/intel: Do not extend the pseudo-encoding to GP counters (git fixes).
- perf/x86/intel: Fix PEBS data source encoding for ADL (git fixes).
- perf/x86/intel: Fix PEBS memory access info encoding for ADL (git fixes).
- perf/x86/intel: Fix event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ADL (git fixes).
- perf/x86/intel: Fix pebs event constraints for ICL (git fixes).
- perf/x86/intel: Fix pebs event constraints for SPR (git fixes).
- perf/x86/lbr: Enable the branch type for the Arch LBR by default (git fixes).
- perf/x86/msr: Add Emerald Rapids (git fixes).
- perf/x86/rapl: Add support for Intel AlderLake-N (git fixes).
- perf/x86/rapl: Add support for Intel Emerald Rapids (PED-4394).
- perf/x86/rapl: Treat Tigerlake like Icelake (git fixes).
- perf/x86/rapl: Use standard Energy Unit for SPR Dram RAPL domain (git fixes).
- perf/x86/rapl: fix AMD event handling (git fixes).
- perf/x86/uncore: Add Raptor Lake uncore support (git fixes).
- perf/x86/uncore: Add a quirk for UPI on SPR (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Add new Alder Lake and Raptor Lake support (git fixes).
- perf/x86/uncore: Add new Raptor Lake S support (git fixes).
- perf/x86/uncore: Clean up uncore_pci_ids (git fixes).
- perf/x86/uncore: Do not WARN_ON_ONCE() for a broken discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Factor out uncore_device_to_die() (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (bsc#1206824, bsc#1206493, bsc#1206492).
- perf/x86/uncore: Ignore broken units in discovery table (bsc#1206824, bsc#1206493, bsc#1206492).
- perf: Always wake the parent event (git fixes).
- perf: Fix check before add_event_to_groups() in perf_group_detach() (git fixes).
- perf: Fix possible memleak in pmu_dev_alloc() (git fixes).
- perf: fix perf_event_context->time (git fixes).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: rockchip-typec: Fix unsigned comparison with less than zero (git-fixes).
- phy: rockchip-typec: fix tcphy_get_mode error case (git-fixes).
- phy: st: miphy28lp: use _poll_timeout functions for waits (git-fixes).
- phy: tegra: xusb: Add missing tegra_xusb_port_unregister for usb2_port and ulpi_port (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pinctrl: amd: Disable and mask interrupts on resume (git-fixes).
- pinctrl: aspeed: Fix confusing types in return value (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: at91-pio4: fix domain name assignment (git-fixes).
- pinctrl: at91: use devm_kasprintf() to avoid potential leaks (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: intel: Restore the pins that used to be in Direct IRQ mode (git-fixes).
- pinctrl: mediatek: Fix the drive register definition of some Pins (git-fixes).
- pinctrl: mediatek: Initialize variable *buf to zero (git-fixes).
- pinctrl: mediatek: fix coding style (git-fixes).
- pinctrl: meson-axg: add missing GPIOA_18 gpio group (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- pinctrl: ocelot: Fix alt mode for ocelot (git-fixes).
- pinctrl: qcom: lpass-lpi: set output value before enabling output (git-fixes).
- pinctrl: qcom: pinctrl-msm8976: Correct function names for wcss pins (git-fixes).
- pinctrl: renesas: r8a779a0: Remove incorrect AVB[01] pinmux configuration (git-fixes).
- pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups (git-fixes).
- pinctrl: single: fix potential NULL dereference (git-fixes).
- pinctrl: stm32: Fix refcount leak in stm32_pctrl_get_irq_domain (git-fixes).
- platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl (git-fixes).
- platform/surface: aggregator: Allow completion work-items to be executed in parallel (git-fixes).
- platform/x86 (gigabyte-wmi): Add support for A320M-S2H V2 (git-fixes).
- platform/x86/amd/pmc: Add new acpi id for PMC controller (bsc#1210644).
- platform/x86/amd/pmc: Add new platform support (bsc#1210644).
- platform/x86/amd: Fix refcount leak in amd_pmc_probe (bsc#1210644).
- platform/x86/amd: pmc: Add a module parameter to disable workarounds (bsc#1210644).
- platform/x86/amd: pmc: Add a workaround for an s0i3 issue on Cezanne (bsc#1210644).
- platform/x86/amd: pmc: Add defines for STB events (bsc#1210644).
- platform/x86/amd: pmc: Add line break for readability (bsc#1210644).
- platform/x86/amd: pmc: Add new ACPI ID AMDI0009 (bsc#1210644).
- platform/x86/amd: pmc: Add num_samples message id support to STB (bsc#1210644).
- platform/x86/amd: pmc: Add sysfs files for SMU (bsc#1210644).
- platform/x86/amd: pmc: Always write to the STB (bsc#1210644).
- platform/x86/amd: pmc: Disable IRQ1 wakeup for RN/CZN (bsc#1210644).
- platform/x86/amd: pmc: Do not dump data after resume from s0i3 on picasso (git-fixes).
- platform/x86/amd: pmc: Do not try to read SMU version on Picasso (git-fixes).
- platform/x86/amd: pmc: Fix build without debugfs (bsc#1210644).
- platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() (bsc#1210644).
- platform/x86/amd: pmc: Hide SMU version and program attributes for Picasso (git-fixes).
- platform/x86/amd: pmc: Move idlemask check into `amd_pmc_idlemask_read` (git-fixes).
- platform/x86/amd: pmc: Move out of BIOS SMN pair for STB init (git-fixes).
- platform/x86/amd: pmc: Read SMU version during suspend on Cezanne systems (bsc#1210644).
- platform/x86/amd: pmc: Remove more CONFIG_DEBUG_FS checks (bsc#1210644).
- platform/x86/amd: pmc: Utilize SMN index 0 for driver probe (git-fixes).
- platform/x86/amd: pmc: Write dummy postcode into the STB DRAM (bsc#1210644).
- platform/x86/amd: pmc: add CONFIG_SERIO dependency (git-fixes).
- platform/x86/amd: pmc: differentiate STB/SMU messaging prints (bsc#1210644).
- platform/x86/amd: pmc: remove CONFIG_DEBUG_FS checks (bsc#1210644).
- platform/x86/amd: pmc: remove CONFIG_SUSPEND checks (bsc#1210644).
- platform/x86/intel/pmc: Alder Lake PCH slp_s0_residency fix (git-fixes).
- platform/x86: ISST: PUNIT device mapping with Sub-NUMA clustering (bsc#1208420).
- platform/x86: ISST: Remove 8 socket limit (bsc#1211836).
- platform/x86: Move AMD platform drivers to separate directory (bsc#1210644).
- platform/x86: amd-pmc: Add a message to print resume time info (bsc#1210644).
- platform/x86: amd-pmc: Add special handling for timer based S0i3 wakeup (bsc#1210644).
- platform/x86: amd-pmc: Add support for AMD Smart Trace Buffer (bsc#1210644).
- platform/x86: amd-pmc: Add support for AMD Spill to DRAM STB feature (bsc#1210644).
- platform/x86: amd-pmc: Avoid reading SMU version at probe time (bsc#1210644).
- platform/x86: amd-pmc: Check s0i3 cycle status (bsc#1210644).
- platform/x86: amd-pmc: Correct usage of SMU version (git-fixes).
- platform/x86: amd-pmc: Downgrade dev_info message to dev_dbg (bsc#1210644).
- platform/x86: amd-pmc: Drop CPU QoS workaround (bsc#1210644).
- platform/x86: amd-pmc: Drop check for valid alarm time (bsc#1210644).
- platform/x86: amd-pmc: Export Idlemask values based on the APU (git-fixes).
- platform/x86: amd-pmc: Fix build error unused-function (bsc#1210644).
- platform/x86: amd-pmc: Fix compilation when CONFIG_DEBUGFS is disabled (git-fixes).
- platform/x86: amd-pmc: Fix compilation without CONFIG_SUSPEND (bsc#1210644).
- platform/x86: amd-pmc: Make amd_pmc_stb_debugfs_fops static (bsc#1210644).
- platform/x86: amd-pmc: Move FCH init to first use (bsc#1210644).
- platform/x86: amd-pmc: Move SMU logging setup out of init (bsc#1210644).
- platform/x86: amd-pmc: Move to later in the suspend process (bsc#1210644).
- platform/x86: amd-pmc: Only report STB errors when STB enabled (bsc#1210644).
- platform/x86: amd-pmc: Output error codes in messages (bsc#1210644).
- platform/x86: amd-pmc: Send command to dump data after clearing OS_HINT (bsc#1210644).
- platform/x86: amd-pmc: Set QOS during suspend on CZN w/ timer wakeup (bsc#1210644).
- platform/x86: amd-pmc: Shuffle location of amd_pmc_get_smu_version() (bsc#1210644).
- platform/x86: amd-pmc: Simplify error handling and store the pci_dev in amd_pmc_dev structure (bsc#1210644).
- platform/x86: amd-pmc: Validate entry into the deepest state on resume (bsc#1210644).
- platform/x86: amd-pmc: adjust arguments for `amd_pmc_send_cmd` (bsc#1210644).
- platform/x86: amd-pmc: fix compilation without CONFIG_RTC_SYSTOHC_DEVICE (bsc#1210644).
- platform/x86: amd-pmc: uninitialized variable in amd_pmc_s2d_init() (bsc#1210644).
- platform/x86: amd: pmc: Remove __maybe_unused from amd_pmc_suspend_handler() (bsc#1210644).
- platform/x86: amd: pmc: provide user message where s0ix is not supported (bsc#1210644).
- platform/x86: asus-nb-wmi: Add alternate mapping for KEY_SCREENLOCK (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: dell-wmi: Add a keymap for KEY_MUTE in type 0x0010 table (git-fixes).
- platform/x86: gigabyte-wmi: add support for B450M DS3H WIFI-CF (git-fixes).
- platform/x86: gigabyte-wmi: add support for X570S AORUS ELITE (git-fixes).
- platform/x86: hp-wmi: Support touchpad on/off (git-fixes).
- platform/x86: intel-uncore-freq: add Emerald Rapids support (PED-4390).
- platform/x86: intel_scu_pcidrv: Add back PCI ID for Medfield (git-fixes).
- platform/x86: think-lmi: Add possible_values for ThinkStation (git-fixes).
- platform/x86: think-lmi: Certificate authentication support (bsc#1210050).
- platform/x86: think-lmi: Clean up display of current_value on Thinkstation (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: Fix memory leak when showing current settings (git-fixes).
- platform/x86: think-lmi: Fix memory leaks when parsing ThinkStation WMI strings (git-fixes).
- platform/x86: think-lmi: Move kobject_init() call into tlmi_create_auth() (bsc#1210050).
- platform/x86: think-lmi: Opcode support (bsc#1210050).
- platform/x86: think-lmi: Prevent underflow in index_store() (bsc#1210050).
- platform/x86: think-lmi: Simplify tlmi_analyze() error handling a bit (bsc#1210050).
- platform/x86: think-lmi: Use min_t() for comparison and assignment (bsc#1210050).
- platform/x86: think-lmi: add debug_cmd (bsc#1210050).
- platform/x86: think-lmi: add missing type attribute (git-fixes).
- platform/x86: think-lmi: certificate support clean ups (bsc#1210050).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: think-lmi: only display possible_values if available (git-fixes).
- platform/x86: think-lmi: use correct possible_values delimiters (git-fixes).
- platform/x86: thinkpad-acpi: Add support for automatic mode transitions (bsc#1210050).
- platform/x86: thinkpad-acpi: Enable AMT by default on supported systems (bsc#1210050).
- platform/x86: thinkpad-acpi: profile capabilities as integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Accept ibm_init_struct.init() returning -ENODEV (bsc#1210050).
- platform/x86: thinkpad_acpi: Add LED_RETAIN_AT_SHUTDOWN to led_class_devs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add PSC mode support (bsc#1210050).
- platform/x86: thinkpad_acpi: Add a s2idle resume quirk for a number of laptops (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Add dual-fan quirk for T15g (2nd gen) (bsc#1210050).
- platform/x86: thinkpad_acpi: Add hotkey_notify_extended_hotkey() helper (bsc#1210050).
- platform/x86: thinkpad_acpi: Add lid_logo_dot to the list of safe LEDs (bsc#1210050).
- platform/x86: thinkpad_acpi: Add quirk for ThinkPads without a fan (bsc#1210050).
- platform/x86: thinkpad_acpi: Cleanup dytc_profile_available (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert btusb DMI list to quirks (bsc#1210050).
- platform/x86: thinkpad_acpi: Convert platform driver to use dev_groups (bsc#1210050).
- platform/x86: thinkpad_acpi: Correct dual fan probe (bsc#1210050).
- platform/x86: thinkpad_acpi: Do not use test_bit on an integer (bsc#1210050).
- platform/x86: thinkpad_acpi: Enable s2idle quirk for 21A1 machine type (bsc#1210050).
- platform/x86: thinkpad_acpi: Explicitly set to balanced mode on startup (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix a memory leak of EFCH MMIO resource (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix coccinelle warnings (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix compiler warning about uninitialized err variable (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix incorrect use of platform profile on AMD platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- platform/x86: thinkpad_acpi: Fix max_brightness of thinklight (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix platform profiles on T490 (git-fixes).
- platform/x86: thinkpad_acpi: Fix profile mode display in AMT mode (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix profile modes on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix reporting a non present second fan on some models (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix the hwmon sysfs-attr showing up in the wrong place (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thermal_temp_input_attr sorting (bsc#1210050).
- platform/x86: thinkpad_acpi: Fix thinklight LED brightness returning 255 (bsc#1210050).
- platform/x86: thinkpad_acpi: Get privacy-screen / lcdshadow ACPI handles only once (bsc#1210050).
- platform/x86: thinkpad_acpi: Make *_init() functions return -ENODEV instead of 1 (bsc#1210050).
- platform/x86: thinkpad_acpi: Properly indent code in tpacpi_dytc_profile_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Register tpacpi_pdriver after subdriver init (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove 'goto err_exit' from hotkey_init() (bsc#1210050).
- platform/x86: thinkpad_acpi: Remove unused sensors_pdev_attrs_registered flag (bsc#1210050).
- platform/x86: thinkpad_acpi: Restore missing hotkey_tablet_mode and hotkey_radio_sw sysfs-attr (bsc#1210050).
- platform/x86: thinkpad_acpi: Simplify dytc_version handling (bsc#1210050).
- platform/x86: thinkpad_acpi: Switch to common use of attributes (bsc#1210050).
- platform/x86: thinkpad_acpi: Use backlight helper (bsc#1210050).
- platform/x86: thinkpad_acpi: clean up dytc profile convert (bsc#1210050).
- platform/x86: thinkpad_acpi: consistently check fan_get_status return (bsc#1210050).
- platform/x86: thinkpad_acpi: do not use PSC mode on Intel platforms (bsc#1210050).
- platform/x86: thinkpad_acpi: tpacpi_attr_group contains driver attributes not device attrs (bsc#1210050).
- platform/x86: thinkpad_acpi: use strstarts() (bsc#1210050).
- platform/x86: touchscreen_dmi: Add Chuwi Vi8 (CWI501) DMI match (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the CSL Panther Tab HD (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Dexp Ursus KX210i (git-fixes).
- platform/x86: touchscreen_dmi: Add upside-down quirk for GDIX1002 ts on the Juno Tablet (git-fixes).
- platform: x86: MLX_PLATFORM: select REGMAP instead of depending on it (git-fixes).
- pm: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- pm: hibernate: Do not get block device exclusively in test_resume mode (git-fixes).
- pm: hibernate: Turn snapshot_test into global variable (git-fixes).
- pm: hibernate: fix load_image_and_restore() error path (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- power: supply: bq27xxx: Add cache parameter to bq27xxx_battery_current_and_status() (git-fixes).
- power: supply: bq27xxx: After charger plug in/out wait 0.5s for things to stabilize (git-fixes).
- power: supply: bq27xxx: Ensure power_supply_changed() is called on current sign changes (git-fixes).
- power: supply: bq27xxx: Fix I2C IRQ race on remove (git-fixes).
- power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition (git-fixes).
- power: supply: bq27xxx: Fix poll_interval handling and races on remove (git-fixes).
- power: supply: bq27xxx: Move bq27xxx_battery_update() down (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: bq27xxx: expose battery data when CI=1 (git-fixes).
- power: supply: cros_usbpd: reclassify 'default case!' as debug (git-fixes).
- power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (git-fixes).
- power: supply: generic-adc-battery: fix unit scaling (git-fixes).
- power: supply: leds: Fix blink to LED on transition (git-fixes).
- power: supply: sbs-charger: Fix INHIBITED bit for Status reg (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powercap: fix possible name leak in powercap_register_zone() (git-fixes).
- powercap: intel_rapl: add support for Emerald Rapids (PED-4398).
- powerpc/64: Always build with 128-bit long double (bsc#1194869).
- powerpc/64e: Fix amdgpu build on Book3E w/o AltiVec (bsc#1194869).
- powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch (bsc#1194869).
- powerpc/64s/radix: Fix RWX mapping with relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix crash with unaligned relocated kernel (bsc#1194869).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/64s/radix: Fix soft dirty tracking (bsc#1065729).
- powerpc/64s: Fix local irq disable when PMIs are disabled (bsc#1195655 ltc#1195655 git-fixes).
- powerpc/64s: Make POWER10 and later use pause_short in cpu_relax loops (bsc#1209367 ltc#195662).
- powerpc/btext: add missing of_node_put (bsc#1065729).
- powerpc/eeh: Set channel state after notifying the drivers (bsc#1208784 ltc#201612).
- powerpc/hv-gpci: Fix hv_gpci event list (bsc#1207935).
- powerpc/hv-gpci: Fix hv_gpci event list (git fixes).
- powerpc/ioda/iommu/debugfs: Generate unique debugfs entries (bsc#1194869).
- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (bsc#1194869).
- powerpc/iommu: DMA address offset is incorrectly calculated with 2MB TCEs (jsc#SLE-19556 git-fixes).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/iommu: fix memory leak with using debugfs_lookup() (bsc#1194869).
- powerpc/kcsan: Exclude udelay to prevent recursive instrumentation (bsc#1194869).
- powerpc/kexec_file: Count hot-pluggable memory in FDT estimate (bsc#1194869).
- powerpc/kexec_file: Fix division by zero in extra size estimation (bsc#1194869).
- powerpc/kexec_file: fix implicit decl error (bsc#1194869).
- powerpc/mm: Fix false detection of read faults (bsc#1208864).
- powerpc/papr_scm: Update the NUMA distance table for the target node (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/perf/hv-24x7: add missing RTAS retry status handling (git fixes).
- powerpc/powernv/ioda: Skip unallocated resources when mapping to PE (bsc#1065729).
- powerpc/powernv: fix missing of_node_put in uv_init() (bsc#1194869).
- powerpc/pseries/lpar: add missing RTAS retry status handling (bsc#1109158 ltc#169177 git-fixes).
- powerpc/pseries/lparcfg: add missing RTAS retry status handling (bsc#1065729).
- powerpc/pseries/vas: Ignore VAS update for DLPAR if copy/paste is not enabled (bsc#1210216 ltc#202189).
- powerpc/pseries: Consolidate different NUMA distance update code paths (bsc#1209999 ltc#202140 bsc#1142685 ltc#179509 git-fixes).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/rtas: ensure 4KB alignment for rtas_data_buf (bsc#1065729).
- powerpc/rtas: use memmove for potentially overlapping buffer copy (bsc#1065729).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- powerpc/vmlinux.lds: Add an explicit symbol for the SRWX boundary (bsc#1194869).
- powerpc/vmlinux.lds: Define RUNTIME_DISCARD_EXIT (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .comment (bsc#1194869).
- powerpc/vmlinux.lds: Do not discard .rela* for relocatable builds (bsc#1194869).
- powerpc/vmlinux.lds: Ensure STRICT_ALIGN_SIZE is at least page aligned (bsc#1194869).
- powerpc/xmon: Fix -Wswitch-unreachable warning in bpt_cmds (bsc#1194869).
- powerpc: Do not try to copy PPR for task with NULL pt_regs (bsc#1065729).
- powerpc: Redefine HMT_xxx macros as empty on PPC32 (bsc#1209367 ltc#195662).
- powerpc: Remove linker flag from KBUILD_AFLAGS (bsc#1194869).
- powerpc: add ISA v3.0 / v3.1 wait opcode macro (bsc#1209367 ltc#195662).
- powerpc: declare unmodified attribute_group usages const (bsc#1207935).
- powerpc: declare unmodified attribute_group usages const (git-fixes).
- powerpc: move __end_rodata to cover arch read-only sections (bsc#1194869).
- printf: fix errname.c list (git-fixes).
- prlimit: do_prlimit needs to have a speculation check (bsc#1209256).
- pstore/ram: Add check for kstrdup (git-fixes).
- pstore: Revert pmsg_lock back to a normal mutex (git-fixes).
- purgatory: fix disabling debug info (git-fixes).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: cros-ec: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: meson: Fix axg ao mux parents (git-fixes).
- pwm: meson: Fix g12a ao clk81 name (git-fixes).
- pwm: sprd: Explicitly set .polarity in .get_state() (git-fixes).
- pwm: stm32-lp: fix the check on arr and cmp registers update (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- qed/qed_dev: guard against a possible division by zero (jsc#SLE-19001).
- qed/qed_mng_tlv: correctly zero out ->min instead of ->hour (jsc#SLE-19001).
- qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info (jsc#SLE-19001).
- qed/qede: Fix scheduling while atomic (git-fixes).
- qed: allow sleep in qed_mcp_trace_dump() (jsc#SLE-19001).
- qede: avoid uninitialized entries in coal_entry array (bsc#1205846).
- qede: execute xdp_do_flush() before napi_complete_done() (jsc#SLE-19001).
- qede: fix interrupt coalescing configuration (bsc#1205846).
- quota: Check next/prev free block number after reading from quota file (bsc#1206640).
- quota: Prevent memory allocation recursion while holding dq_lock (bsc#1207639).
- r8152: add vendor/device ID pair for Microsoft Devkit (git-fixes).
- r8152: fix flow control issue of RTL8156A (git-fixes).
- r8152: fix the poor throughput for 2.5G devices (git-fixes).
- r8152: move setting r8153b_rx_agg_chg_indicate() (git-fixes).
- r8169: fix RTL8168H and RTL8107E rx crc error (git-fixes).
- r8169: move rtl_wol_enable_rx() and rtl_prepare_power_down() (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- rcu: Fix rcu_torture_read ftrace event (git-fixes).
- rcu: Tighten rcu_advance_cbs_nowake() checks (bsc#1209159).
- rdma/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: Fix a possible memory leak (git-fixes)
- rdma/bnxt_re: Fix return value of bnxt_re_process_raw_qp_pkt_rx (git-fixes)
- rdma/bnxt_re: Fix the page_size used during the MR creation (git-fixes)
- rdma/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: Remove unnecessary checks (git-fixes)
- rdma/bnxt_re: Return directly without goto jumps (git-fixes)
- rdma/bnxt_re: Use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cm: Trace icm_send_rej event before the cm state is reset (git-fixes)
- rdma/cma: Allow UD qp_type to join multicast only (git-fixes)
- rdma/cma: Always set static rate to 0 for RoCE (git-fixes)
- rdma/core: Fix GID entry ref leak when create_ah fails (git-fixes)
- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
- rdma/core: Fix ib block iterator counter overflow (git-fixes)
- rdma/core: Fix multiple -Warray-bounds warnings (git-fixes)
- rdma/cxgb4: Fix potential null-ptr-deref in pass_establish() (git-fixes)
- rdma/cxgb4: add null-ptr-check after ip_dev_find() (git-fixes)
- rdma/cxgb4: remove unnecessary NULL check in __c4iw_poll_cq_one() (git-fixes)
- rdma/efa: Fix unsupported page sizes in device (git-fixes)
- rdma/hns: Fix base address table allocation (git-fixes)
- rdma/hns: Fix hns_roce_table_get return value (git-fixes)
- rdma/hns: Fix timeout attr in query qp for HIP08 (git-fixes)
- rdma/hns: Modify the value of long message loopback slice (git-fixes)
- rdma/irdma: Add SW mechanism to generate completions on error (jsc#SLE-18383).
- rdma/irdma: Add ipv4 check to irdma_find_listener() (git-fixes)
- rdma/irdma: Cap MSIX used to online CPUs + 1 (git-fixes)
- rdma/irdma: Do not generate SW completions for NOPs (git-fixes)
- rdma/irdma: Do not generate SW completions for NOPs (jsc#SLE-18383).
- rdma/irdma: Fix Local Invalidate fencing (git-fixes)
- rdma/irdma: Fix RQ completion opcode (jsc#SLE-18383).
- rdma/irdma: Fix drain SQ hang with no completion (jsc#SLE-18383).
- rdma/irdma: Fix inline for multiple SGE's (jsc#SLE-18383).
- rdma/irdma: Fix memory leak of PBLE objects (git-fixes)
- rdma/irdma: Fix potential NULL-ptr-dereference (git-fixes)
- rdma/irdma: Increase iWARP CM default rexmit count (git-fixes)
- rdma/irdma: Prevent QP use after free (git-fixes)
- rdma/irdma: Remove enum irdma_status_code (jsc#SLE-18383).
- rdma/irdma: Remove excess error variables (jsc#SLE-18383).
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/mana: Remove redefinition of basic u64 type (bsc#1210741 jsc#PED-4022).
- rdma/mana: hide new rdma_driver_ids (bsc#1210741 jsc#PED-4022).
- rdma/mana_ib: Add a driver for Microsoft Azure Network Adapter (bsc#1210741 jsc#PED-4022).
- rdma/mana_ib: Fix a bug when the PF indicates more entries for registering memory on first packet (bsc#1210741 jsc#PED-4022).
- rdma/mana_ib: Prevent array underflow in mana_ib_create_qp_raw() (bsc#1210741 jsc#PED-4022).
- rdma/mlx4: Prevent shift wrapping in set_user_sq_size() (jsc#SLE-19255).
- rdma/mlx5: Create an indirect flow table for steering anchor (git-fixes)
- rdma/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: Fix affinity assignment (git-fixes)
- rdma/mlx5: Fix flow counter query via DEVX (git-fixes)
- rdma/mlx5: Fix mlx5_ib_get_hw_stats when used for device (git-fixes)
- rdma/mlx5: Fix validation of max_rd_atomic caps for DC (git-fixes)
- rdma/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- rdma/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- rdma/mlx5: Use correct device num_ports when modify DC (git-fixes)
- rdma/mlx5: Use rdma_umem_for_each_dma_block() (git-fixes)
- rdma/rdmavt: Delete unnecessary NULL check (git-fixes)
- rdma/rtrs-clt: Replace list_next_or_null_rr_rcu with an inline function (git-fixes)
- rdma/rtrs-srv: Pass the correct number of entries for dma mapped SGL (git-fixes)
- rdma/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- rdma/rxe: Fix inaccurate constants in rxe_type_info (git-fixes)
- rdma/rxe: Fix missing memory barriers in rxe_queue.h (git-fixes)
- rdma/rxe: Fix mr->map double free (git-fixes)
- rdma/rxe: Fix oops with zero length reads (git-fixes)
- rdma/rxe: Fix packet length checks (git-fixes)
- rdma/rxe: Fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: Fix rxe_cq_post (git-fixes)
- rdma/rxe: Fix the error 'trying to register non-static key in rxe_cleanup_task' (git-fixes)
- rdma/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: Make responder handle RDMA Read failures (git-fixes)
- rdma/rxe: Prevent faulty rkey generation (git-fixes)
- rdma/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: Remove tasklet call from rxe_cq.c (git-fixes)
- rdma/rxe: Remove the unused variable obj (git-fixes)
- rdma/rxe: Removed unused name from rxe_task struct (git-fixes)
- rdma/siw: Fix potential page_array out of range access (git-fixes)
- rdma/siw: Fix user page pinning accounting (git-fixes)
- rdma/siw: Remove namespace check from siw_netdev_event() (git-fixes)
- rdma/srp: Move large values to a new enum for gcc13 (git-fixes)
- rdma/srpt: Add a check for valid 'mad_agent' pointer (git-fixes)
- rdma/usnic: use iommu_map_atomic() under spin_lock() (git-fixes)
- rdma/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- rdma/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- rdma: Handle the return code from dma_resv_wait_timeout() properly (git-fixes)
- ref_tracker: use __GFP_NOFAIL more carefully (git-fixes).
- regmap: Account for register length when chunking (git-fixes).
- regmap: cache: Return error in cache sync operations for REGCACHE_NONE (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: Flag uncontrollable regulators as always_on (git-fixes).
- regulator: Handle deferred clk (git-fixes).
- regulator: core: Avoid lockdep reports when resolving supplies (git-fixes).
- regulator: core: Consistently set mutex_owner when using ww_mutex_lock_slow() (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Fix off-on-delay-us for always-on/boot-on regulators (git-fixes).
- regulator: core: Shorten off-on-delay-us for always-on/boot-on by time since booted (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: core: Use ktime_get_boottime() to determine how long a regulator was off (git-fixes).
- regulator: fan53555: Explicitly include bits header (git-fixes).
- regulator: fan53555: Fix wrong TCS_SLEW_MASK (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: max77802: Bounds check regulator id against opmode (git-fixes).
- regulator: mt6359: add read check for PMIC MT6359 (git-fixes).
- regulator: pca9450: Fix BUCK2 enable_mask (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- regulator: s5m8767: Bounds check id indexing into arrays (git-fixes).
- regulator: stm32-pwr: fix of_iomap leak (git-fixes).
- reiserfs: Add missing calls to reiserfs_security_free() (git-fixes).
- reiserfs: Add security prefix to xattr name in reiserfs_security_write() (git-fixes).
- remoteproc/mtk_scp: Move clk ops outside send_lock (git-fixes).
- remoteproc: Harden rproc_handle_vdev() against integer overflow (git-fixes).
- remoteproc: imx_rproc: Call of_node_put() on iteration error (git-fixes).
- remoteproc: qcom_q6v5_mss: Use a carveout to authenticate modem headers (git-fixes).
- remoteproc: st: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32: Call of_node_put() on iteration error (git-fixes).
- remoteproc: stm32_rproc: Add mutex protection for workqueue (git-fixes).
- remove 'PCI: hv: Use async probing to reduce boot time' (bsc#1207185).
- rethook: Reject getting a rethook if RCU is not watching (git-fixes).
- rethook: fix a potential memleak in rethook_alloc() (git-fixes).
- rethook: use preempt_{disable, enable}_notrace in rethook_trampoline_handler (git-fixes).
- revert 'squashfs: harden sanity check in squashfs_read_xattr_id_table' (git-fixes).
- ring-buffer: Ensure proper resetting of atomic variables in ring_buffer_reset_online_cpus (git-fixes).
- ring-buffer: Fix kernel-doc (git-fixes).
- ring-buffer: Fix race while reader and writer are on the same page (git-fixes).
- ring-buffer: Handle race between rb_move_tail and rb_check_pages (git-fixes).
- ring-buffer: Sync IRQ works before buffer destruction (git-fixes).
- ring-buffer: remove obsolete comment for free_buffer_page() (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB
- rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm
- rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435)
- rpm/kernel-obs-build.spec.in: Remove SLE11 cruft
- rpm/kernel-source.spec.in: Add patches.drm for moved DRM patches
- rtc: allow rtc_read_alarm without read_alarm callback (git-fixes).
- rtc: efi: Add wakeup support (bsc#1213116).
- rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116).
- rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116).
- rtc: meson-vrtc: Use ktime_get_real_ts64() to get the current time (git-fixes).
- rtc: omap: include header for omap_rtc_power_off_program prototype (git-fixes).
- rtc: pm8xxx: fix set-alarm race (git-fixes).
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- rtc: sun6i: Always export the internal oscillator (git-fixes).
- rtmutex: Ensure that the top waiter is always woken up (git-fixes).
- s390/ap: fix memory leak in ap_init_qci_info() (git-fixes).
- s390/boot: simplify and fix kernel memory layout setup (bsc#1209600).
- s390/ctcm: Fix return type of ctc{mp,}m_tx() (git-fixes bsc#1211686).
- s390/dasd: Fix potential memleak in dasd_eckd_init() (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/dasd: fix hanging blockdevice after request requeue (git-fixes bsc#1211687).
- s390/dasd: fix no record found for raw_track_access (bsc#1207574).
- s390/extmem: return correct segment type in __segment_load() (bsc#1210450 git-fixes).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/kprobes: fix current_kprobe never cleared after kprobes reenter (git-fixes bsc#1211688).
- s390/kprobes: fix irq mask clobbering on kprobe reenter from post_handler (git-fixes bsc#1211689).
- s390/lcs: Fix return type of lcs_start_xmit() (git-fixes bsc#1211690).
- s390/mem_detect: fix detect_memory() error handling (git-fixes bsc#1211691).
- s390/netiucv: Fix return type of netiucv_tx() (git-fixes bsc#1211692).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- s390/qdio: fix do_sqbs() inline assembly constraint (git-fixes bsc#1211693).
- s390/qeth: fix use-after-free in hsci (bsc#1210449 git-fixes).
- s390/uaccess: add missing earlyclobber annotations to __clear_user() (bsc#1209856 git-fixes).
- s390/vdso: remove -nostdlib compiler flag (git-fixes bsc#1211714).
- s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-fixes).
- s390/vfio-ap: fix memory leak in vfio_ap device driver (git-fixes).
- sched, cpuset: Fix dl_cpu_busy() panic due to empty (git-fixes)
- sched/core: Avoid obvious double update_rq_clock warning (git-fixes)
- sched/core: Fix arch_scale_freq_tick() on tickless systems (git-fixes)
- sched/core: Introduce sched_asym_cpucap_active() (git-fixes)
- sched/deadline: Merge dl_task_can_attach() and dl_cpu_busy() (git-fixes)
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched/fair: Fix imbalance overflow (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Limit sched slice duration (bsc#1189999 (Scheduler functional and performance backports)).
- sched/fair: Move calculate of avg_load to a better location (bsc#1155798 (CPU scheduler functional and performance backports)).
- sched/fair: Sanitize vruntime of entity being migrated (bsc#1203325).
- sched/fair: sanitize vruntime of entity being placed (bsc#1203325).
- sched/numa: Stop an exhastive search if an idle core is found (bsc#1189999 (Scheduler functional and performance backports)).
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1209799).
- sched/tracing: Report TASK_RTLOCK_WAIT tasks as (git-fixes)
- sched/uclamp: Make asym_fits_capacity() use util_fits_cpu() (git-fixes)
- sched: Avoid double preemption in __cond_resched_*lock*() (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- sched_getaffinity: do not assume 'cpumask_size()' is fully initialized (bsc#1155798 (CPU scheduler functional and performance backports)).
- scsi: Revert 'scsi: core: map PQ=1, PDT=other values to SCSI_SCAN_TARGET_PRESENT' (git-fixes).
- scsi: aacraid: Allocate cmd_priv with scsicmd (git-fixes).
- scsi: aic94xx: Add missing check for dma_map_single() (git-fixes).
- scsi: core: Add BLIST_NO_VPD_SIZE for some VDASD (git-fixes bsc#1203039) (renamed now that it's upstgream)
- scsi: core: Add BLIST_SKIP_VPD_PAGES for SKhynix H28U74301AMR (git-fixes).
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: core: Fix a procfs host directory removal regression (git-fixes).
- scsi: core: Fix a source code comment (git-fixes).
- scsi: core: Improve scsi_vpd_inquiry() checks (git-fixes).
- scsi: core: Remove the /proc/scsi/${proc_name} directory earlier (git-fixes).
- scsi: hisi_sas: Check devm_add_action() return value (git-fixes).
- scsi: hisi_sas: Handle NCQ error when IPTT is valid (git-fixes).
- scsi: hisi_sas: Revert change to limit max hw sectors for v3 HW (bsc#1210230).
- scsi: hisi_sas: Set a port invalid only if there are no devices attached when refreshing port id (git-fixes).
- scsi: hpsa: Fix allocation size for scsi_host_alloc() (git-fixes).
- scsi: ipr: Work around fortify-string warning (git-fixes).
- scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() (git-fixes).
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (git-fixes).
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (git-fixes).
- scsi: kABI workaround for fc_host_fpin_rcv (git-fixes).
- scsi: libsas: Add sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Grab the ATA port lock in sas_ata_device_link_abort() (git-fixes).
- scsi: libsas: Remove useless dev_list delete in sas_ex_discover_end_dev() (git-fixes).
- scsi: lpfc: Add new RCQE status for handling DMA failures (bsc#1211847).
- scsi: lpfc: Avoid usage of list iterator variable after loop (git-fixes).
- scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.10 patches (bsc#1208607).
- scsi: lpfc: Copyright updates for 14.2.0.11 patches (bsc#1210943).
- scsi: lpfc: Correct used_rpi count when devloss tmo fires with no recovery (bsc#1210943).
- scsi: lpfc: Defer issuing new PLOGI if received RSCN before completing REG_LOGIN (bsc#1210943).
- scsi: lpfc: Drop redundant pci_enable_pcie_error_reporting() (bsc#1210943).
- scsi: lpfc: Exit PRLI completion handling early if ndlp not in PRLI_ISSUE state (bsc#1208607).
- scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() (bsc#1211847).
- scsi: lpfc: Fix double word in comments (bsc#1210943).
- scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() (bsc#1210943).
- scsi: lpfc: Fix lockdep warning for rx_monitor lock when unloading driver (bsc#1210943).
- scsi: lpfc: Fix space indentation in lpfc_xcvr_data_show() (bsc#1208607).
- scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write (bsc#1208607).
- scsi: lpfc: Fix verbose logging for SCSI commands issued to SES devices (bsc#1211847).
- scsi: lpfc: Introduce new attention types for lpfc_sli4_async_fc_evt() handler (bsc#1208607).
- scsi: lpfc: Match lock ordering of lpfc_cmd->buf_lock and hbalock for abort paths (bsc#1211847).
- scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow (bsc#1210943).
- scsi: lpfc: Record LOGO state with discovery engine even if aborted (bsc#1210943).
- scsi: lpfc: Reinitialize internal VMID data structures after FLOGI completion (bsc#1208607).
- scsi: lpfc: Remove duplicate ndlp kref decrement in lpfc_cleanup_rpis() (bsc#1208607 bsc#1208534).
- scsi: lpfc: Remove redundant clean up code in disable_vport() (bsc#1208607).
- scsi: lpfc: Reorder freeing of various DMA buffers and their list removal (bsc#1210943).
- scsi: lpfc: Replace blk_irq_poll intr handler with threaded IRQ (bsc#1211847).
- scsi: lpfc: Replace outdated strncpy() with strscpy() (bsc#1208607).
- scsi: lpfc: Resolve miscellaneous variable set but not used compiler warnings (bsc#1208607).
- scsi: lpfc: Revise lpfc_error_lost_link() reason code evaluation logic (bsc#1210943).
- scsi: lpfc: Set max DMA segment size to HBA supported SGE length (bsc#1208607).
- scsi: lpfc: Silence an incorrect device output (bsc#1210943).
- scsi: lpfc: Skip waiting for register ready bits when in unrecoverable state (bsc#1210943).
- scsi: lpfc: Update congestion warning notification period (bsc#1211847).
- scsi: lpfc: Update lpfc version to 14.2.0.10 (bsc#1208607).
- scsi: lpfc: Update lpfc version to 14.2.0.11 (bsc#1210943).
- scsi: lpfc: Update lpfc version to 14.2.0.12 (bsc#1211847).
- scsi: megaraid: Fix mega_cmd_done() CMDID_INT_CMDS (git-fixes).
- scsi: megaraid_sas: Fix crash after a double completion (git-fixes).
- scsi: megaraid_sas: Fix fw_crash_buffer_show() (git-fixes).
- scsi: megaraid_sas: Update max supported LD IDs to 240 (git-fixes).
- scsi: mpi3mr: Fix issues in mpi3mr_get_all_tgt_info() (git-fixes).
- scsi: mpi3mr: Fix missing mrioc->evtack_cmds initialization (git-fixes).
- scsi: mpi3mr: Fix throttle_groups memory leak (git-fixes).
- scsi: mpi3mr: Remove unnecessary memcpy() to alltgt_info->dmi (git-fixes).
- scsi: mpi3mr: Suppress command reply debug prints (bsc#1211820).
- scsi: mpt3sas: Do not print sense pool info twice (git-fixes).
- scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix a memory leak (git-fixes).
- scsi: mpt3sas: Remove scsi_dma_map() error messages (git-fixes).
- scsi: qedi: Fix use after free bug in qedi_remove() (git-fixes).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: qla2xxx: Check if port is online before sending ELS (bsc#1208570).
- scsi: qla2xxx: Drop redundant pci_enable_pcie_error_reporting() (bsc#1211960).
- scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (bsc#1208570).
- scsi: qla2xxx: Fix IOCB resource check warning (bsc#1208570).
- scsi: qla2xxx: Fix erroneous link down (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription (bsc#1208570).
- scsi: qla2xxx: Fix exchange oversubscription for management commands (bsc#1208570).
- scsi: qla2xxx: Fix hang in task management (bsc#1211960).
- scsi: qla2xxx: Fix link failure in NPIV environment (bsc#1208570).
- scsi: qla2xxx: Fix mem access after free (bsc#1211960).
- scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() (git-fixes).
- scsi: qla2xxx: Fix printk() format string (bsc#1208570).
- scsi: qla2xxx: Fix stalled login (bsc#1208570).
- scsi: qla2xxx: Fix task management cmd fail due to unavailable resource (bsc#1211960).
- scsi: qla2xxx: Fix task management cmd failure (bsc#1211960).
- scsi: qla2xxx: Make qla_trim_buf() and __qla_adjust_buf() static (bsc#1208570).
- scsi: qla2xxx: Multi-que support for TMF (bsc#1211960).
- scsi: qla2xxx: Perform lockless command completion in abort path (git-fixes).
- scsi: qla2xxx: Refer directly to the qla2xxx_driver_template (bsc#1211960).
- scsi: qla2xxx: Relocate/rename vp map (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GNN ID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (GPNID) (bsc#1208570).
- scsi: qla2xxx: Remove dead code (bsc#1208570).
- scsi: qla2xxx: Remove default fabric ops callouts (bsc#1211960).
- scsi: qla2xxx: Remove increment of interface err cnt (bsc#1208570).
- scsi: qla2xxx: Remove the unused variable wwn (bsc#1208570).
- scsi: qla2xxx: Remove unintended flag clearing (bsc#1208570).
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (bsc#1211960).
- scsi: qla2xxx: Select qpair depending on which CPU post_cmd() gets called (bsc#1208570).
- scsi: qla2xxx: Simplify if condition evaluation (bsc#1208570).
- scsi: qla2xxx: Synchronize the IOCB count to be in order (bsc#1209292 bsc#1209684 bsc#1209556).
- scsi: qla2xxx: Update version to 10.02.08.100-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.200-k (bsc#1208570).
- scsi: qla2xxx: Update version to 10.02.08.300-k (bsc#1211960).
- scsi: qla2xxx: Use a variable for repeated mem_size computation (bsc#1208570).
- scsi: qla2xxx: Wait for io return on terminate rport (bsc#1211960).
- scsi: qla2xxx: edif: Fix clang warning (bsc#1208570).
- scsi: qla2xxx: edif: Fix performance dip due to lock contention (bsc#1208570).
- scsi: qla2xxx: edif: Fix stall session after app start (bsc#1208570).
- scsi: qla2xxx: edif: Reduce memory usage during low I/O (bsc#1208570).
- scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() (git-fixes).
- scsi: scsi_ioctl: Validate command size (git-fixes).
- scsi: scsi_transport_fc: Add an additional flag to fc_host_fpin_rcv() (bsc#1210943).
- scsi: sd: Fix wrong zone_write_granularity value during revalidate (git-fixes).
- scsi: sd: Revert 'Rework asynchronous resume support' (bsc#1209092).
- scsi: ses: Do not attach if enclosure has no components (git-fixes).
- scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_enclosure_data_process() (git-fixes).
- scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() (git-fixes).
- scsi: ses: Handle enclosure with just a primary component gracefully (git-fixes).
- scsi: smartpqi: Add controller cache flush during rmmod (bsc#1207315).
- scsi: smartpqi: Add new controller PCI IDs (bsc#1207315).
- scsi: smartpqi: Change sysfs raid_level attribute to N/A for controllers (bsc#1207315).
- scsi: smartpqi: Change version to 2.1.20-035 (bsc#1207315).
- scsi: smartpqi: Convert to host_tagset (bsc#1207315).
- scsi: smartpqi: Correct device removal for multi-actuator devices (bsc#1207315).
- scsi: smartpqi: Correct max LUN number (bsc#1207315).
- scsi: smartpqi: Initialize feature section info (bsc#1207315).
- scsi: smartpqi: Replace one-element array with flexible-array member (bsc#1207315).
- scsi: snic: Fix memory leak with using debugfs_lookup() (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (git-fixes).
- scsi: storvsc: Do not pass unused PFNs to Hyper-V host (git-fixes).
- scsi: storvsc: Handle BlockSize change in Hyper-V VHD/VHDX file (git-fixes).
- scsi: tracing: Fix compile error in trace_array calls when TRACING is disabled (git-fixes).
- scsi: ufs: Stop using the clock scaling lock in the error handler (git-fixes).
- scsi: ufs: core: Enable link lost interrupt (git-fixes).
- scsi_disk kABI: add back members (bsc#1209092).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- sctp: sctp_sock_filter(): avoid list_entry() on possibly empty list (bsc#1208602, git-fixes).
- seccomp: Move copy_seccomp() to no failure path (bsc#1210817).
- sefltests: netdevsim: wait for devlink instance after netns removal (git-fixes).
- selftest/lkdtm: Skip stack-entropy test if lkdtm is not available (git-fixes).
- selftests mount: Fix mount_setattr_test builds failed (git-fixes).
- selftests/ftrace: Add check for ping command for trigger tests (bsc#1204993 ltc#200103).
- selftests/ftrace: Convert tracer tests to use 'requires' to specify program dependency (bsc#1204993 ltc#200103).
- selftests/kselftest/runner/run_one(): allow running non-executable files (git-fixes).
- selftests/powerpc: Account for offline cpus in perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Bump up rlimit for perf-hwbreak test (bsc#1206232).
- selftests/powerpc: Move perror closer to its use (bsc#1206232).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- selftests/resctrl: Allow ->setup() to return errors (git-fixes).
- selftests/resctrl: Check for return value after write_schemata() (git-fixes).
- selftests/resctrl: Extend CPU vendor detection (git-fixes).
- selftests/resctrl: Move ->setup() call outside of test specific branches (git-fixes).
- selftests/resctrl: Return NULL if malloc_and_init_memory() did not alloc mem (git-fixes).
- selftests/sgx: Add 'test_encl.elf' to TEST_FILES (git-fixes).
- selftests/vm: remove ARRAY_SIZE define from individual tests (git-fixes).
- selftests: Provide local define of __cpuid_count() (git-fixes).
- selftests: forwarding: lib: quote the sysctl values (git-fixes).
- selftests: mptcp: connect: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: pm nl: skip if MPTCP is not supported (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: mptcp: sockopt: skip if MPTCP is not supported (git-fixes).
- selftests: net: udpgso_bench: Fix racing bug between the rx/tx programs (git-fixes).
- selftests: net: udpgso_bench_rx/tx: Stop when wrong CLI args are provided (git-fixes).
- selftests: net: udpgso_bench_rx: Fix 'used uninitialized' compiler warning (git-fixes).
- selftests: net: udpgso_bench_tx: Cater for pending datagrams zerocopy benchmarking (git-fixes).
- selftests: seg6: disable DAD on IPv6 router cfg for srv6_end_dt4_l3vpn_test (git-fixes).
- selftests: sigaltstack: fix -Wuninitialized (git-fixes).
- selftests: srv6: make srv6_end_dt46_l3vpn_test more robust (git-fixes).
- selftests: xsk: Disable IPv6 on VETH1 (git-fixes).
- selftets: seg6: disable rp_filter by default in srv6_end_dt4_l3vpn_test (git-fixes).
- selinux: do not use make's grouped targets feature yet (git-fixes).
- selinux: ensure av_permissions.h is built when needed (git-fixes).
- selinux: fix Makefile dependencies of flask.h (git-fixes).
- serial: 8250: ASPEED_VUART: select REGMAP instead of depending on it (git-fixes).
- serial: 8250: Add missing wakeup event reporting (git-fixes).
- serial: 8250: Reinit port->pm on port specific driver unbind (git-fixes).
- serial: 8250: SERIAL_8250_ASPEED_VUART should depend on ARCH_ASPEED (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_bcm7271: Fix arbitration handling (git-fixes).
- serial: 8250_bcm7271: balance clk_enable calls (git-fixes).
- serial: 8250_bcm7271: fix leak in `brcmuart_probe` (git-fixes).
- serial: 8250_dma: Fix DMA Rx rearm race (git-fixes).
- serial: 8250_em: Fix UART port type (git-fixes).
- serial: 8250_exar: Add support for USR298x PCI Modems (git-fixes).
- serial: 8250_exar: derive nr_ports from PCI ID for Acces I/O cards (git-fixes).
- serial: 8250_fsl: fix handle_irq locking (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: 8250_tegra: Fix an error handling path in tegra_uart_probe() (git-fixes).
- serial: Add support for Advantech PCI-1611U card (git-fixes).
- serial: arc_uart: fix of_iomap leak in `arc_serial_probe` (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: exar: Add support for Sealevel 7xxxC serial cards (git-fixes).
- serial: fsl_lpuart: Fix comment typo (git-fixes).
- serial: fsl_lpuart: fix RS485 RTS polariy inverse issue (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- serial: qcom-geni: fix console shutdown hang (git-fixes).
- serial: qcom-geni: fix enabling deactivated interrupt (git-fixes).
- serial: sc16is7xx: setup GPIO controller later in probe (git-fixes).
- serial: stm32: re-introduce an irq flag condition in usart_receive_chars (git-fixes).
- serial: tegra: Add missing clk_disable_unprepare() in tegra_uart_hw_init() (git-fixes).
- sfc: Change VF mac via PF as first preference if available (git-fixes).
- sfc: Fix module EEPROM reporting for QSFP modules (git-fixes).
- sfc: Fix use-after-free due to selftest_work (git-fixes).
- sfc: correctly advertise tunneled IPv6 segmentation (git-fixes).
- sfc: disable RXFCS and RXALL features by default (git-fixes).
- sfc: ef10: do not overwrite offload features at NIC reset (git-fixes).
- sfc: fix TX channel offset when using legacy interrupts (git-fixes).
- sfc: fix considering that all channels have TX queues (git-fixes).
- sfc: fix null pointer dereference in efx_hard_start_xmit (git-fixes).
- sfc: fix wrong tx channel offset with efx_separate_tx_channels (git-fixes).
- sfc: include vport_id in filter spec hash and equal() (git-fixes).
- signal handling: do not use BUG_ON() for debugging (bsc#1210439).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- signal/seccomp: Refactor seccomp signal and coredump generation (git-fixes).
- signal/vm86_32: Properly send SIGSEGV when the vm86 state cannot be saved (git-fixes).
- signal/x86: In emulate_vsyscall force a signal instead of calling do_exit (git-fixes).
- signal: Add SA_IMMUTABLE to ensure forced siganls do not get changed (bsc#1210816).
- signal: Do not always set SA_IMMUTABLE for forced signals (bsc#1210816).
- signal: HANDLER_EXIT should clear SIGNAL_UNKILLABLE (bsc#1210816).
- signal: Implement force_fatal_sig (git-fixes).
- smb3.1.1: add new tree connect ShareFlags (bsc#1193629).
- smb3: Add missing locks to protect deferred close file list (git-fixes).
- smb3: Close all deferred handles of inode in case of handle lease break (bsc#1193629).
- smb3: Close deferred file handles in case of handle lease break (bsc#1193629).
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (bsc#1193629).
- smb3: display debug information better for encryption (bsc#1193629).
- smb3: drop reference to cfile before sending oplock break (bsc#1193629).
- smb3: fix problem remounting a share after shutdown (bsc#1193629).
- smb3: fix unusable share after force unmount failure (bsc#1193629).
- smb3: force unmount was failing to close deferred close files (bsc#1193629).
- smb3: improve parallel reads of large files (bsc#1193629).
- smb3: lower default deferred close timeout to address perf regression (bsc#1193629).
- smb3: make query_on_disk_id open context consistent and move to common code (bsc#1193629).
- smb3: move some common open context structs to smbfs_common (bsc#1193629).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc/tegra: cbb: Use correct master_id mask for CBB NOC in Tegra194 (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soc: ti: pm33xx: Fix refcount leak in am33xx_pm_probe (git-fixes).
- soundwire: cadence: Do not overflow the command FIFOs (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- soundwire: qcom: correct setting ignore bit on v1.5.1 (git-fixes).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- soundwire: qcom: gracefully handle too many ports in DT (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx-hsspi: Endianness fix for ARM based SoC (git-fixes).
- spi: cadence-quadspi: fix suspend-resume implementations (git-fixes).
- spi: dw: Fix wrong FIFO level setting for long xfers (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: dw_bt1: fix MUX_MMIO dependencies (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: fsl-spi: Fix CPM/QE mode Litte Endian (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: qup: Do not skip cleanup in remove's error path (git-fixes).
- spi: qup: Request DMA before enabling clocks (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 (git-fixes).
- spi: spi-imx: using pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes).
- spi: spidev: remove debug messages that access spidev->spi without locking (git-fixes).
- spi: synquacer: Fix timeout handling in synquacer_spi_transfer_one() (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Fix validate combined sequence (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- squashfs: harden sanity check in squashfs_read_xattr_id_table (git-fixes).
- staging: emxx_udc: Add checks for dma_alloc_coherent() (git-fixes).
- staging: iio: resolver: ads1210: fix config mode (git-fixes).
- staging: mt7621-dts: change palmbus address to lower case (git-fixes).
- staging: mt7621-dts: change some node hex addresses to lower case (git-fixes).
- staging: octeon: delete my name from TODO contact (git-fixes).
- staging: rtl8192e: Fix W_DISABLE# does not work after stop/start (git-fixes).
- staging: rtl8192e: Remove call_usermodehelper starting RadioPower.sh (git-fixes).
- staging: rtl8192e: Remove function ..dm_check_ac_dc_power calling a script (git-fixes).
- staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE (git-fixes).
- stat: fix inconsistency between struct stat and struct compat_stat (git-fixes).
- struct ci_hdrc: hide new member at end (git-fixes).
- struct dwc3: mask new member (git-fixes).
- struct uvc_device move flush_status new member to end (git-fixes).
- sunrpc allow for unspecified transport time in rpc_clnt_add_xprt (git-fixes).
- sunrpc: Clean up svc_deferred_class trace events (git-fixes).
- sunrpc: Do not dereference xprt->snd_task if it's a cookie (git-fixes).
- sunrpc: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes).
- sunrpc: Fix a server shutdown leak (git-fixes).
- sunrpc: Fix missing release socket in rpc_sockname() (git-fixes).
- sunrpc: Fix null-ptr-deref when xps sysfs alloc failed (git-fixes).
- sunrpc: Fix potential race conditions in rpc_sysfs_xprt_state_change() (git-fixes).
- sunrpc: Fix socket waits for write buffer space (git-fixes).
- sunrpc: Return true/false (not 1/0) from bool functions (git-fixes).
- sunrpc: Update trace flags (git-fixes).
- sunrpc: Use BIT() macro in rpc_show_xprt_state() (git-fixes).
- sunrpc: ensure the matching upcall is in-flight upon downcall (git-fixes).
- sunrpc: fix breakage caused by introduction of rq_xprt_ctxt (bsc#1210775).
- sunrpc: only free unix grouplist after RCU settles (git-fixes).
- swim3: add missing major.h include (git-fixes).
- swiotlb: Free tbl memory in swiotlb_exit() (jsc#PED-3259).
- swiotlb: add a SWIOTLB_ANY flag to lift the low memory restriction (PED-3259).
- swiotlb: avoid potential left shift overflow (PED-3259).
- swiotlb: clean up some coding style and minor issues (PED-3259).
- swiotlb: consolidate rounding up default_nslabs (PED-3259).
- swiotlb: do not panic when the swiotlb buffer can't be allocated (PED-3259).
- swiotlb: ensure a segment does not cross the area boundary (PED-3259).
- swiotlb: fail map correctly with failed io_tlb_default_mem (PED-3259).
- swiotlb: fix a typo (PED-3259).
- swiotlb: fix passing local variable to debugfs_create_ulong() (PED-3259).
- swiotlb: fix setting ->force_bounce (PED-3259).
- swiotlb: fix use after free on error handling path (PED-3259).
- swiotlb: make swiotlb_exit a no-op if SWIOTLB_FORCE is set (PED-3259).
- swiotlb: make the swiotlb_init interface more useful (PED-3259).
- swiotlb: merge swiotlb-xen initialization into swiotlb (jsc#PED-3259).
- swiotlb: panic if nslabs is too small (PED-3259).
- swiotlb: pass a gfp_mask argument to swiotlb_init_late (PED-3259).
- swiotlb: provide swiotlb_init variants that remap the buffer (PED-3259).
- swiotlb: relocate PageHighMem test away from rmem_swiotlb_setup (git-fixes).
- swiotlb: remove a useless return in swiotlb_init (PED-3259).
- swiotlb: remove swiotlb_init_with_tbl and swiotlb_init_late_with_tbl (PED-3259).
- swiotlb: remove unused fields in io_tlb_mem (PED-3259).
- swiotlb: rename swiotlb_late_init_with_default_size (PED-3259).
- swiotlb: simplify debugfs setup (jsc#PED-3259).
- swiotlb: simplify swiotlb_max_segment (PED-3259).
- swiotlb: split up the global swiotlb lock (PED-3259).
- swiotlb: use the right nslabs value in swiotlb_init_remap (PED-3259).
- swiotlb: use the right nslabs-derived sizes in swiotlb_init_late (PED-3259).
- sysctl: add a new register_sysctl_init() interface (bsc#1207328).
- task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes).
- task_work: Introduce task_work_pending (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: fix the memory leak of the allocated firmware buffer (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/core: Remove duplicate information when an error occurs (git-fixes).
- thermal/drivers/hisi: Drop second sensor hi3660 (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thermal/drivers/tsens: Add compat string for the qcom,msm8960 (git-fixes).
- thermal/drivers/tsens: Drop msm8976-specific defines (git-fixes).
- thermal/drivers/tsens: Sort out msm8976 vs msm8956 data (git-fixes).
- thermal/drivers/tsens: fix slope values for msm8939 (git-fixes).
- thermal/drivers/tsens: limit num_sensors to 9 for msm8939 (git-fixes).
- thermal: intel: BXT_PMIC: select REGMAP instead of depending on it (git-fixes).
- thermal: intel: Fix unsigned comparison with less than zero (git-fixes).
- thermal: intel: intel_pch: Add support for Wellsburg PCH (git-fixes).
- thermal: intel: powerclamp: Fix cur_state for multi package system (git-fixes).
- thermal: intel: quark_dts: fix error pointer dereference (git-fixes).
- thunderbolt: Add missing UNSET_INBOUND_SBTX for retimer access (git-fixes).
- thunderbolt: Call tb_check_quirks() after initializing adapters (git-fixes).
- thunderbolt: Clear registers properly when auto clear isn't in use (bsc#1210165).
- thunderbolt: Disable interrupt auto clear for rings (git-fixes).
- thunderbolt: Mask ring interrupt on Intel hardware as well (bsc#1210165).
- thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit (git-fixes).
- thunderbolt: Use const qualifier for `ring_interrupt_index` (git-fixes).
- thunderbolt: Use scale field when allocating USB3 bandwidth (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- timers: Prevent union confusion from unexpected (git-fixes)
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools/iio/iio_utils:fix memory leak (git-fixes).
- tools/virtio: compile with -pthread (git-fixes).
- tools/virtio: fix the vringh test for virtio ring changes (git-fixes).
- tools/virtio: fix virtio_test execution (git-fixes).
- tools/virtio: initialize spinlocks in vring_test.c (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tools: fix ARRAY_SIZE defines in tools and selftests hdrs (git-fixes).
- tpm, tpm_tis: Claim locality before writing TPM_INT_ENABLE register (git-fixes).
- tpm, tpm_tis: Disable interrupts if tpm_tis_probe_irq() failed (git-fixes).
- tpm, tpm_tis: Request threaded interrupt handler (git-fixes).
- tpm/eventlog: Do not abort tpm_read_log on faulty ACPI address (git-fixes).
- tpm/tpm_tis: Disable interrupts for more Lenovo devices (git-fixes).
- trace/hwlat: Do not start per-cpu thread if it is already running (git-fixes).
- trace/hwlat: Do not wipe the contents of per-cpu thread data (git-fixes).
- trace/hwlat: make use of the helper function kthread_run_on_cpu() (git-fixes).
- trace_events_hist: add check for return value of 'create_hist_field' (git-fixes).
- tracing/fprobe: Fix to check whether fprobe is registered correctly (git-fixes).
- tracing/hist: Fix issue of losting command info in error_log (git-fixes).
- tracing/hist: Fix out-of-bound write on 'action_data.var_ref_idx' (git-fixes).
- tracing/hist: Fix wrong return value in parse_action_params() (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/hwlat: Replace sched_setaffinity with set_cpus_allowed_ptr (git-fixes).
- tracing/osnoise: Make osnoise_main to sleep for microseconds (git-fixes).
- tracing/perf: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/probes: Handle system names with hyphens (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Add '__rel_loc' using trace event macros (git-fixes).
- tracing: Add DYNAMIC flag for dynamic events (git-fixes).
- tracing: Add NULL checks for buffer in ring_buffer_free_read_page() (git-fixes).
- tracing: Add trace_array_puts() to write into instance (git-fixes).
- tracing: Add trace_event helper macros __string_len() and __assign_str_len() (git-fixes).
- tracing: Avoid -Warray-bounds warning for __rel_loc macro (git-fixes).
- tracing: Avoid adding tracer option before update_tracer_options (git-fixes).
- tracing: Check field value in hist_field_name() (git-fixes).
- tracing: Do not let histogram values have some modifiers (git-fixes).
- tracing: Do not use out-of-sync va_list in event printing (git-fixes).
- tracing: Ensure trace buffer is at least 4096 bytes large (git-fixes).
- tracing: Fix a kmemleak false positive in tracing_map (git-fixes).
- tracing: Fix complicated dependency of CONFIG_TRACER_MAX_TRACE (git-fixes).
- tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line (git-fixes).
- tracing: Fix issue of missing one synthetic field (git-fixes).
- tracing: Fix mismatched comment in __string_len (git-fixes).
- tracing: Fix permissions for the buffer_percent file (git-fixes).
- tracing: Fix poll() and select() do not work on per_cpu trace_pipe and trace_pipe_raw (git-fixes).
- tracing: Fix possible memory leak in __create_synth_event() error path (git-fixes).
- tracing: Fix race where histograms can be called before the event (git-fixes).
- tracing: Fix sleeping function called from invalid context on RT kernel (git-fixes).
- tracing: Fix tp_printk option related with tp_printk_stop_on_boot (git-fixes).
- tracing: Fix warning on variable 'struct trace_array' (git-fixes).
- tracing: Fix wrong return in kprobe_event_gen_test.c (git-fixes).
- tracing: Free error logs of tracing instances (git-fixes).
- tracing: Have TRACE_DEFINE_ENUM affect trace event types as well (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Have syscall trace events use trace_event_buffer_lock_reserve() (git-fixes).
- tracing: Have tracing_snapshot_instance_cond() write errors to the appropriate instance (git-fixes).
- tracing: Have type enum modifications copy the strings (git-fixes).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Make splice_read available again (git-fixes).
- tracing: Make sure trace_printk() can output as soon as it can be used (git-fixes).
- tracing: Make tp_printk work on syscall tracepoints (git-fixes).
- tracing: Make tracepoint lockdep check actually test something (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tracing: Use alignof__(struct {type b;}) instead of offsetof() (git-fixes).
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (git-fixes).
- tty: Prevent writing chars during tcsetattr TCSADRAIN/FLUSH (git-fixes).
- tty: fix out-of-bounds access in tty_driver_lookup_tty() (git-fixes).
- tty: serial: fsl_lpuart: Fix the wrong RXWATER setting for rx dma case (git-fixes).
- tty: serial: fsl_lpuart: adjust buffer length to the intended size (git-fixes).
- tty: serial: fsl_lpuart: clear LPUART Status Register in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable Rx/Tx DMA in lpuart32_shutdown() (git-fixes).
- tty: serial: fsl_lpuart: disable the CTS when send break signal (git-fixes).
- tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted (git-fixes).
- tty: serial: fsl_lpuart: use UARTCTRL_TXINV to send break instead of UARTCTRL_SBK (git-fixes).
- tty: serial: imx: Handle RS485 DE signal active high (git-fixes).
- tty: serial: imx: disable Ageing Timer interrupt request irq (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: qcom-geni-serial: stop operations in progress at shutdown (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- tty: serial: sh-sci: Fix Rx on RZ/G2L SCI (git-fixes).
- tty: serial: sh-sci: Fix transmit end interrupt handler (git-fixes).
- tun: annotate access to queue->trans_start (jsc#PED-370).
- uas: Add US_FL_NO_REPORT_OPCODES for JMicron JMS583Gen 2 (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- ubsan: no need to unset panic_on_warn in ubsan_epilogue() (bsc#1207328).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Check consistency of Space Bitmap Descriptor (bsc#1210771).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Support splicing to file (bsc#1210770).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- update internal module version number for cifs.ko (bsc#1193629).
- usb-storage: fix deadlock when a scsi command timeouts more than once (git-fixes).
- usb: acpi: add helper to check port lpm capability using acpi _DSM (git-fixes).
- usb: cdns3: Fix issue with using incorrect PCI device function (git-fixes).
- usb: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- usb: cdnsp: Fixes error: uninitialized symbol 'len' (git-fixes).
- usb: cdnsp: Fixes issue with redundant Status Stage (git-fixes).
- usb: cdnsp: changes PCI Device ID to fix conflict with CNDS3 driver (git-fixes).
- usb: chipdea: core: fix return -EINVAL if request role is the same with current role (git-fixes).
- usb: chipidea: core: fix possible concurrent when switch role (git-fixes).
- usb: chipidea: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: chipidea: fix missing goto in `ci_hdrc_probe` (git-fixes).
- usb: chipidea: imx: avoid unnecessary probe defer (git-fixes).
- usb: core: Add routines for endpoint checks in old drivers (git-fixes).
- usb: core: Do not hold device lock while reading the 'descriptors' sysfs file (git-fixes).
- usb: core: add quirk for Alcor Link AK9563 smartcard reader (git-fixes).
- usb: core: hub: disable autosuspend for TI TUSB8041 (git-fixes).
- usb: dwc2: fix a devres leak in hw_enable upon suspend resume (git-fixes).
- usb: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: Align DWC3_EP_* flag macros (git-fixes).
- usb: dwc3: Fix a repeated word checkpatch warning (git-fixes).
- usb: dwc3: Fix a typo in field name (git-fixes).
- usb: dwc3: Fix ep0 handling when getting reset while doing control transfer (git-fixes).
- usb: dwc3: core: Host wake up support from system suspend (git-fixes).
- usb: dwc3: debugfs: Resume dwc3 before accessing registers (git-fixes).
- usb: dwc3: drd: use helper to get role-switch-default-mode (git-fixes).
- usb: dwc3: ep0: Do not prepare beyond Setup stage (git-fixes).
- usb: dwc3: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: dwc3: fix runtime pm imbalance on probe errors (git-fixes).
- usb: dwc3: fix runtime pm imbalance on unbind (git-fixes).
- usb: dwc3: fix use-after-free on core driver unbind (git-fixes).
- usb: dwc3: gadget: Add 1ms delay after end transfer command without IOC (git-fixes).
- usb: dwc3: gadget: Change condition for processing suspend event (git-fixes).
- usb: dwc3: gadget: Delay issuing End Transfer (git-fixes).
- usb: dwc3: gadget: Execute gadget stop after halting the controller (git-fixes).
- usb: dwc3: gadget: Improve dwc3_gadget_suspend() and dwc3_gadget_resume() (git-fixes).
- usb: dwc3: gadget: Only End Transfer for ep0 data phase (git-fixes).
- usb: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- usb: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- usb: dwc3: gadget: Stall and restart EP0 if host is unresponsive (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-M (git-fixes).
- usb: dwc3: pci: add support for the Intel Meteor Lake-S (git-fixes).
- usb: dwc3: qcom: Configure wakeup interrupts during suspend (git-fixes).
- usb: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: Fix memory leak in dwc3_qcom_interconnect_init (git-fixes).
- usb: dwc3: qcom: Fix potential memory leak (git-fixes).
- usb: dwc3: qcom: Keep power domain on to retain controller status (git-fixes).
- usb: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: dwc3: qcom: clean up icc init (git-fixes).
- usb: dwc3: qcom: clean up suspend callbacks (git-fixes).
- usb: dwc3: qcom: enable vbus override when in OTG dr-mode (git-fixes).
- usb: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- usb: dwc3: qcom: fix gadget-only builds (git-fixes).
- usb: dwc3: qcom: fix peripheral and OTG suspend (git-fixes).
- usb: dwc3: qcom: fix wakeup implementation (git-fixes).
- usb: dwc3: qcom: only parse 'maximum-speed' once (git-fixes).
- usb: dwc3: qcom: suppress unused-variable warning (git-fixes).
- usb: dwc3: remove a possible unnecessary 'out of memory' message (git-fixes).
- usb: early: xhci-dbc: Fix a potential out-of-bound memory access (git-fixes).
- usb: ene_usb6250: Allocate enough memory for full object (git-fixes).
- usb: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: fotg210: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: configfs: Restrict symlink creation is UDC already binded (git-fixes).
- usb: gadget: configfs: remove using list iterator after loop body as a ptr (git-fixes).
- usb: gadget: configfs: use to_config_usb_cfg() in os_desc_link() (git-fixes).
- usb: gadget: configfs: use to_usb_function_instance() in cfg (un)link func (git-fixes).
- usb: gadget: f_fs: Add unbind event before functionfs_unbind (git-fixes).
- usb: gadget: f_fs: Fix unbalanced spinlock in __ffs_ep0_queue_wait (git-fixes).
- usb: gadget: f_hid: fix f_hidg lifetime vs cdev (git-fixes).
- usb: gadget: f_hid: fix refcount leak on error path (git-fixes).
- usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() (git-fixes).
- usb: gadget: f_uac2: Fix incorrect increment of bNumEndpoints (git-fixes).
- usb: gadget: fusb300_udc: free irq on the error path in fusb300_probe() (git-fixes).
- usb: gadget: gr_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: lpc32xx_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: pxa25x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: pxa27x_udc: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: gadget: tegra-xudc: Fix crash in vbus_draw (git-fixes).
- usb: gadget: u_audio: do not let userspace block driver unbind (git-fixes).
- usb: gadget: u_ether: Fix host MAC address case (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_resume (git-fixes).
- usb: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: do not clear gadget driver.bus (git-fixes).
- usb: gadget: udc: fix NULL dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: host: xhci-rcar: remove leftover quirk handling (git-fixes).
- usb: host: xhci: mvebu: Iterate over array indexes instead of using pointer math (git-fixes).
- usb: isp116x: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: isp1362: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: max-3421: Fix setting of I/O pins (git-fixes).
- usb: mtu3: fix kernel panic at qmu transfer done irq handler (git-fixes).
- usb: musb: Add and use inline function musb_otg_state_string (git-fixes).
- usb: musb: Add and use inline functions musb_{get,set}_state (git-fixes).
- usb: musb: mediatek: do not unregister something that wasn't registered (git-fixes).
- usb: musb: remove schedule work called after flush (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: cp210x: add SCALANCE LPE-9000 device id (git-fixes).
- usb: serial: cp210x: add Silicon Labs IFS-USB-DATACABLE IDs (git-fixes).
- usb: serial: option: add Quectel EC200U modem (git-fixes).
- usb: serial: option: add Quectel EM05-G (CS) modem (git-fixes).
- usb: serial: option: add Quectel EM05-G (GR) modem (git-fixes).
- usb: serial: option: add Quectel EM05-G (RS) modem (git-fixes).
- usb: serial: option: add Quectel EM05CN (SG) modem (git-fixes).
- usb: serial: option: add Quectel EM05CN modem (git-fixes).
- usb: serial: option: add Quectel EM061KGL series (git-fixes).
- usb: serial: option: add Quectel RM500U-CN modem (git-fixes).
- usb: serial: option: add Telit FE990 compositions (git-fixes).
- usb: serial: option: add UNISOC vendor and TOZED LT70C product (git-fixes).
- usb: serial: option: add support for VW/Skoda 'Carstick LTE' (git-fixes).
- usb: sisusbvga: Add endpoint checks (git-fixes).
- usb: sl811: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: typec: altmodes/displayport: Fix configure initial pin assignment (git-fixes).
- usb: typec: altmodes/displayport: Fix probe pin assign check (git-fixes).
- usb: typec: altmodes/displayport: fix pin_assignment_show (git-fixes).
- usb: typec: intel_pmc_mux: Do not leak the ACPI device reference count (git-fixes).
- usb: typec: intel_pmc_mux: Use the helper acpi_dev_get_memory_resources() (git-fixes).
- usb: typec: pd: Remove usb_suspend_supported sysfs from sink PDO (git-fixes).
- usb: typec: tcpm: fix create duplicate source-capabilities file (git-fixes).
- usb: typec: tcpm: fix multiple times discover svids error (git-fixes).
- usb: typec: tcpm: fix warning when handle discover_identity message (git-fixes).
- usb: typec: ucsi: Do not attempt to resume the ports before they exist (git-fixes).
- usb: typec: ucsi: Do not warn on probe deferral (git-fixes).
- usb: typec: ucsi: Fix command cancellation (git-fixes).
- usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() (git-fixes).
- usb: ucsi: Fix ucsi->connector race (git-fixes).
- usb: ucsi_acpi: Increase the command completion timeout (git-fixes).
- usb: uhci: adjust zhaoxin UHCI controllers OverCurrent bit value (git-fixes).
- usb: uhci: fix memory leak with using debugfs_lookup() (git-fixes).
- usb: usbfs: Enforce page requirements for mmap (git-fixes).
- usb: usbfs: Use consistent mmap functions (git-fixes).
- usb: usbtmc: Fix direction for 0-length ioctl control messages (git-fixes).
- usb: uvc: Enumerate valid values for color matching (git-fixes).
- usb: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- usb: xhci: tegra: fix sleep in atomic call (git-fixes).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835). With the module path adjustment applied as source patch only ALP/Tumbleweed kernel built on SLE/Leap needs the path changed back to non-usrmerged.
- usrmerge: Compatibility with earlier rpm (boo#1211796)
- vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549).
- vDPA: check virtio device features to detect MQ (jsc#PED-1549).
- vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549).
- vc_screen: do not clobber return value in vcs_read (git-fixes).
- vc_screen: modify vcs_size() handling in vcs_read() (git-fixes).
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (git-fixes).
- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (git-fixes).
- vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549).
- vdpa/mlx5: Directly assign memory key (jsc#PED-1549).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549).
- vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549).
- vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549).
- vdpa/vp_vdpa: fix kfree a wrong pointer in vp_vdpa_remove (git-fixes).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vdpa: Use BIT_ULL for bit operations (jsc#PED-1549).
- vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549).
- vdpa: fix use-after-free on vp_vdpa_remove (git-fixes).
- vdpa_sim: not reset state in vdpasim_queue_ready (git-fixes).
- vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready (git-fixes).
- vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549).
- vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549).
- vduse: avoid empty string for dev name (jsc#PED-1549).
- vduse: check that offset is within bounds in get_config() (jsc#PED-1549).
- vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549).
- vduse: prevent uninitialized memory accesses (jsc#PED-1549).
- vfio/type1: prevent underflow of locked_vm via exec() (git-fixes).
- vfio/type1: restore locked_vm (git-fixes).
- vfio/type1: track locked_vm per dma (git-fixes).
- vfs: Check the truncate maximum size in inode_newsize_ok() (bsc#1207642).
- vfs: filename_create(): fix incorrect intent (bsc#1197534).
- vfs: make sync_filesystem return errors from ->sync_fs (git-fixes).
- vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549).
- vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549).
- vhost/net: Clear the pending messages when the backend is removed (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549).
- vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- virt/coco/sev-guest: Add throttling awareness (bsc#1209927).
- virt/coco/sev-guest: Carve out the request issuing logic into a helper (bsc#1209927).
- virt/coco/sev-guest: Check SEV_SNP attribute at probe time (bsc#1209927).
- virt/coco/sev-guest: Convert the sw_exit_info_2 checking to a switch-case (bsc#1209927).
- virt/coco/sev-guest: Do some code style cleanups (bsc#1209927).
- virt/coco/sev-guest: Remove the disable_vmpck label in handle_guest_request() (bsc#1209927).
- virt/coco/sev-guest: Simplify extended guest request handling (bsc#1209927).
- virt/sev-guest: Add a MODULE_ALIAS (bsc#1208449).
- virt/sev-guest: Prevent IV reuse in the SNP guest driver (bsc#1208449).
- virt/sev-guest: Remove unnecessary free in init_crypto() (bsc#1208449).
- virt/sev-guest: Return -EIO if certificate buffer is not large enough (bsc#1209927).
- virt: sev-guest: Pass the appropriate argument type to iounmap() (bsc#1208449).
- virt: sevguest: Change driver name to reflect generic SEV support (bsc#1208449).
- virt: sevguest: Rename the sevguest dir and files to sev-guest (bsc#1208449).
- virtio-blk: modify the value type of num in virtio_queue_rq() (git-fixes).
- virtio-net: Keep stop() to follow mirror sequence of open() (git-fixes).
- virtio-net: execute xdp_do_flush() before napi_complete_done() (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: bugfix overflow inside xdp_linearize_page() (git-fixes).
- virtio_net: split free_unused_bufs() (git-fixes).
- virtio_net: suppress cpu stall when free_unused_bufs (git-fixes).
- virtio_pci: modify ENOENT to EINVAL (git-fixes).
- virtio_ring: do not update event idx on get_buf (git-fixes).
- vmci: check context->notify_page after call to get_user_pages_fast() to avoid GPF (git-fixes).
- vmci_host: fix a race condition in vmci_host_poll() causing GPF (git-fixes).
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- vmxnet3: use gro callback when UPT is enabled (bsc#1209739).
- vp_vdpa: fix the crash in hot unplug with vp_vdpa (git-fixes).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (git-fixes)
- watch_queue: fix IOC_WATCH_QUEUE_SET_SIZE alloc error paths (bsc#1197617).
- watchdog: Fix kmemleak in watchdog_cdev_register (git-fixes).
- watchdog: allow building BCM7038_WDT for BCM4908 (bsc#1208619).
- watchdog: at91sam9_wdt: use devm_request_irq to avoid missing free_irq() in error path (git-fixes).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
- watchdog: dw_wdt: Fix the error handling path of dw_wdt_drv_probe() (git-fixes).
- watchdog: ixp4xx: Implement restart (bsc#1208619).
- watchdog: ixp4xx: Rewrite driver to use core (bsc#1208619).
- watchdog: ixp4xx_wdt: Fix address space warning (bsc#1208619).
- watchdog: menz069_wdt: fix watchdog initialisation (git-fixes).
- watchdog: orion_wdt: support pretimeout on Armada-XP (bsc#1208619).
- watchdog: pcwd_usb: Fix attempting to access uninitialized memory (git-fixes).
- watchdog: sbsa_wdog: Make sure the timeout programming is within the limits (git-fixes).
- watchdog: sp5100_tco: Immediately trigger upon starting (git-fixes).
- wifi: ath11k: Fix SKB corruption in REO destination ring (git-fixes).
- wifi: ath11k: Fix memory leak in ath11k_peer_rx_frag_setup (git-fixes).
- wifi: ath11k: allow system suspend to survive ath11k (git-fixes).
- wifi: ath11k: fix SAC bug on peer addition with sta band migration (git-fixes).
- wifi: ath11k: fix deinitialization of firmware resources (git-fixes).
- wifi: ath11k: fix writing to unintended memory region (git-fixes).
- wifi: ath11k: reduce the MHI timeout to 20s (bsc#1207948).
- wifi: ath5k: fix an off by one check in ath5k_eeprom_read_freq_list() (git-fixes).
- wifi: ath6kl: minor fix for allocation size (git-fixes).
- wifi: ath6kl: reduce WARN to dev_dbg() in callback (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() (git-fixes).
- wifi: ath9k: Fix use-after-free in ath9k_hif_usb_disconnect() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: ath9k: hif_usb: clean up skbs if ath9k_hif_usb_rx_stream() fails (git-fixes).
- wifi: ath9k: hif_usb: fix memory leak of remain_skbs (git-fixes).
- wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no callback function (git-fixes).
- wifi: ath9k: use proper statements in conditionals (git-fixes).
- wifi: ath: Silence memcpy run-time false positive warning (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: b43: fix incorrect __packed annotation (git-fixes).
- wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() (git-fixes).
- wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex (git-fixes).
- wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds (git-fixes).
- wifi: brcmfmac: fix potential memory leak in brcmf_netdev_start_xmit() (git-fixes).
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (git-fixes).
- wifi: brcmfmac: support CQM RSSI notification with older firmware (git-fixes).
- wifi: brcmfmac: unmap dma buffer in brcmf_msgbuf_alloc_pktid() (git-fixes).
- wifi: cfg80211: Fix extended KCK key length check in nl80211_set_rekey_data() (git-fixes).
- wifi: cfg80211: Fix use after free for wext (git-fixes).
- wifi: cfg80211: Partial revert 'wifi: cfg80211: Fix use after free for wext' (git-fixes).
- wifi: cfg80211: fix locking in regulatory disconnect (git-fixes).
- wifi: cfg80211: fix locking in sched scan stop work (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: ipw2200: fix memory leak in ipw_wdev_init() (git-fixes).
- wifi: ipw2x00: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwl3945: Add missing check for create_singlethread_workqueue (git-fixes).
- wifi: iwl4965: Add missing check for create_singlethread_workqueue() (git-fixes).
- wifi: iwlegacy: common: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: iwlwifi: debug: fix crash in __iwl_err() (git-fixes).
- wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace (git-fixes).
- wifi: iwlwifi: fix OEM's name in the ppag approved list (git-fixes).
- wifi: iwlwifi: fix duplicate entry in iwl_dev_info_table (git-fixes).
- wifi: iwlwifi: fw: fix DBGI dump (git-fixes).
- wifi: iwlwifi: fw: fix memory leak in debugfs (git-fixes).
- wifi: iwlwifi: fw: move memset before early return (git-fixes).
- wifi: iwlwifi: make the loop for card preparation effective (git-fixes).
- wifi: iwlwifi: mvm: check firmware response size (git-fixes).
- wifi: iwlwifi: mvm: do not set CHECKSUM_COMPLETE for unsupported protocols (git-fixes).
- wifi: iwlwifi: mvm: do not trust firmware n_channels (git-fixes).
- wifi: iwlwifi: mvm: fix OEM's name in the tas approved list (git-fixes).
- wifi: iwlwifi: mvm: fix cancel_delayed_work_sync() deadlock (git-fixes).
- wifi: iwlwifi: mvm: fix mvmtxq->stopped handling (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: mvm: initialize seq variable (git-fixes).
- wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pcie: fix possible NULL pointer dereference (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: iwlwifi: trans: do not trigger d3 interrupt twice (git-fixes).
- wifi: iwlwifi: yoyo: Fix possible division by zero (git-fixes).
- wifi: iwlwifi: yoyo: skip dump correctly on hw error (git-fixes).
- wifi: libertas: cmdresp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: fix memory leak in lbs_init_adapter() (git-fixes).
- wifi: libertas: if_usb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas: main: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: libertas_tf: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: mac80211: Set TWT Information Frame Disabled bit as 1 (bsc#1209980).
- wifi: mac80211: adjust scan cancel comment/check (git-fixes).
- wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta (git-fixes).
- wifi: mac80211: fix min center freq offset tracing (git-fixes).
- wifi: mac80211: fix qos on mesh interfaces (git-fixes).
- wifi: mac80211: make rate u32 in sta_set_rate_info_rx() (git-fixes).
- wifi: mac80211: sdata can be NULL during AMPDU start (git-fixes).
- wifi: mac80211: simplify chanctx allocation (git-fixes).
- wifi: mt7601u: fix an integer underflow (git-fixes).
- wifi: mt76: add flexible polling wait-interval support (git-fixes).
- wifi: mt76: add memory barrier to SDIO queue kick (bsc#1209980).
- wifi: mt76: add missing locking to protect against concurrent rx/status calls (git-fixes).
- wifi: mt76: connac: fix possible unaligned access in mt76_connac_mcu_add_nested_tlv (bsc#1209980).
- wifi: mt76: dma: free rx_head in mt76_dma_rx_cleanup (git-fixes).
- wifi: mt76: do not run mt76_unregister_device() on unregistered hw (bsc#1209980).
- wifi: mt76: fix 6GHz high channel not be scanned (git-fixes).
- wifi: mt76: fix receiving LLC packets on mt7615/mt7915 (bsc#1209980).
- wifi: mt76: handle failure of vzalloc in mt7615_coredump_work (git-fixes).
- wifi: mt76: mt7615: fix possible race in mt7615_mac_sta_poll (git-fixes).
- wifi: mt76: mt7915: add missing of_node_put() (bsc#1209980).
- wifi: mt76: mt7915: call mt7915_mcu_set_thermal_throttling() only after init_work (bsc#1209980).
- wifi: mt76: mt7915: check return value before accessing free_block_num (bsc#1209980).
- wifi: mt76: mt7915: drop always true condition of __mt7915_reg_addr() (bsc#1209980).
- wifi: mt76: mt7915: expose device tree match table (git-fixes).
- wifi: mt76: mt7915: fix mcs value in ht mode (bsc#1209980).
- wifi: mt76: mt7915: fix memory leak in mt7915_mcu_exit (git-fixes).
- wifi: mt76: mt7915: fix mt7915_mac_set_timing() (bsc#1209980).
- wifi: mt76: mt7915: fix possible unaligned access in mt7915_mac_add_twt_setup (bsc#1209980).
- wifi: mt76: mt7915: fix reporting of TX AGGR histogram (git-fixes).
- wifi: mt76: mt7915: fix unintended sign extension of mt7915_hw_queue_read() (bsc#1209980).
- wifi: mt76: mt7921: fix missing unwind goto in `mt7921u_probe` (git-fixes).
- wifi: mt76: mt7921: fix reporting of TX AGGR histogram (git-fixes).
- wifi: mt76: mt7921e: Set memory space enable in PCI_COMMAND if unset (git-fixes).
- wifi: mt76: mt7921e: fix crash in chip reset fail (bsc#1209980).
- wifi: mt76: mt7921e: fix probe timeout after reboot (git-fixes).
- wifi: mt76: mt7921e: fix random fw download fail (git-fixes).
- wifi: mt76: mt7921e: fix rmmod crash in driver reload test (bsc#1209980).
- wifi: mt76: mt7921e: improve reliability of dma reset (git-fixes).
- wifi: mt76: mt7921e: stop chip reset worker in unregister hook (git-fixes).
- wifi: mt76: mt7921s: fix race issue between reset and suspend/resume (bsc#1209980).
- wifi: mt76: mt7921s: fix slab-out-of-bounds access in sdio host (bsc#1209980).
- wifi: mwifiex: Add missing compatible string for SD8787 (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: mwifiex: fix loop iterator in mwifiex_update_ampdu_txwinsize() (git-fixes).
- wifi: mwifiex: mark OF related data as maybe unused (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: orinoco: check return value of hermes_write_wordrec() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: rsi: Fix memory leak in rsi_coex_attach() (git-fixes).
- wifi: rt2x00: Fix memory leak when handling surveys (git-fixes).
- wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU (git-fixes).
- wifi: rtl8xxxu: RTL8192EU always needs full init (git-fixes).
- wifi: rtl8xxxu: Use a longer retry limit of 48 (git-fixes).
- wifi: rtl8xxxu: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtl8xxxu: fix authentication timeout due to incorrect RCR value (git-fixes).
- wifi: rtl8xxxu: fixing transmisison failure for rtl8192eu (git-fixes).
- wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_reg() (git-fixes).
- wifi: rtlwifi: fix incorrect error codes in rtl_debugfs_set_write_rfreg() (git-fixes).
- wifi: rtlwifi: rtl8188ee: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8723be: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtlwifi: rtl8821ae: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_mac_power_switch() (git-fixes).
- wifi: rtw88: mac: Return the original error from rtw_pwr_seq_parser() (git-fixes).
- wifi: rtw89: Add missing check for alloc_workqueue (git-fixes).
- wifi: rtw89: fix potential race condition between napi_init and napi_enable (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- wifi: wilc1000: fix potential memory leak in wilc_mac_xmit() (git-fixes).
- wifi: wl3501_cs: do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- wireguard: ratelimiter: use hrtimer in selftest (git-fixes)
- workqueue: Fix hung time report of worker pools (bsc#1211044).
- workqueue: Interrupted create_worker() is not a repeated event (bsc#1211044).
- workqueue: Print backtraces from CPUs with hung CPU bound workqueues (bsc#1211044).
- workqueue: Warn when a new worker could not be created (bsc#1211044).
- workqueue: Warn when a rescuer could not be created (bsc#1211044).
- writeback, cgroup: fix null-ptr-deref write in bdi_split_work_to_wbs (bsc#1210769).
- writeback: avoid use-after-free after removing device (bsc#1207638).
- writeback: fix call of incorrect macro (bsc#1213024).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86, sched: Fix undefined reference to init_freq_invariance_cppc() build error (git-fixes).
- x86/64/mm: Map all kernel memory into trampoline_pgd (git-fixes).
- x86/ACPI/boot: Use FADT version to check support for online capable (git-fixes).
- x86/MCE/AMD: Clear DFR errors found in THR handler (git-fixes).
- x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails (git-fixes).
- x86/MCE/AMD: Use an u64 for bank_map (git-fixes).
- x86/PAT: Have pat_enabled() properly reflect state when running on Xen (git-fixes).
- x86/PCI: Add quirk for AMD XHCI controller that loses MSI-X state in D3hot (git-fixes).
- x86/acpi/boot: Correct acpi_is_processor_usable() check (git-fixes).
- x86/acpi/boot: Do not register processors that cannot be onlined for x2APIC (git-fixes).
- x86/alternative: Make debug-alternative selective (bsc#1206578).
- x86/alternative: Report missing return thunk details (git-fixes).
- x86/alternative: Support relocations in alternatives (bsc#1206578).
- x86/amd: Use IBPB for firmware calls (git-fixes).
- x86/amd_nb: Add AMD PCI IDs for SMN communication (bsc#1208848).
- x86/asm: Fix an assembler warning with current binutils (git-fixes).
- x86/boot: Avoid using Intel mnemonics in AT&T syntax asm (git-fixes).
- x86/boot: Skip realmode init code when running as Xen PV guest (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/bug: Prevent shadowing in __WARN_FLAGS (git-fixes).
- x86/bugs: Add 'unknown' reporting for MMIO Stale Data (git-fixes).
- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (git-fixes).
- x86/bugs: Enable STIBP for IBPB mitigated RETBleed (git-fixes).
- x86/bugs: Warn when 'ibrs' mitigation is selected on Enhanced IBRS parts (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Add CPU model numbers for Meteor Lake (git fixes).
- x86/cpu: Add Raptor Lake to Intel family (git fixes).
- x86/cpu: Add new Alderlake and Raptorlake CPU model numbers (git fixes).
- x86/cpu: Add new Raptor Lake CPU model number (git fixes).
- x86/cpu: Add several Intel server CPU model numbers (git fixes).
- x86/cpu: Drop spurious underscore from RAPTOR_LAKE #define (git fixes).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/cpufeatures: Introduce x2AVIC CPUID bit (bsc#1208619).
- x86/crash: Disable virt in core NMI crash handler to avoid double shootdown (git-fixes).
- x86/delay: Fix the wrong asm constraint in delay_loop() (git-fixes).
- x86/entry: Avoid very early RET (git-fixes).
- x86/entry: Build thunk_$(BITS) only if CONFIG_PREEMPTION=y (git-fixes).
- x86/entry: Do not call error_entry() for XENPV (git-fixes).
- x86/entry: Move CLD to the start of the idtentry macro (git-fixes).
- x86/entry: Move PUSH_AND_CLEAR_REGS out of error_entry() (git-fixes).
- x86/entry: Switch the stack after error_entry() returns (git-fixes).
- x86/fault: Cast an argument to the proper address space in prefetch() (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xsave: Initialize offset/size cache early (bsc#1211205).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Cache xfeature flags from CPUID (git-fixes).
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (git-fixes).
- x86/fpu: Fix the init_fpstate size check with the actual size (git-fixes).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Prevent FPU state corruption (git-fixes).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu: Use _Alignof to avoid undefined behavior in TYPE_ALIGN (git-fixes).
- x86/hyperv: Block root partition functionality in a Confidential VM (git-fixes).
- x86/hyperv: Introduce HV_MAX_SPARSE_VCPU_BANKS/HV_VCPUS_PER_SPARSE_BANK constants (git-fixes).
- x86/hyperv: Remove unregister syscore call from Hyper-V cleanup (git-fixes).
- x86/hyperv: Restore VP assist page after cpu offlining/onlining (git-fixes).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/kprobes: Fix kprobes instruction boudary check with CONFIG_RETHUNK (git-fixes).
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (git-fixes).
- x86/kvm: Remove unused virt to phys translation in kvm_guest_cpu_init() (git-fixes).
- x86/lib/memmove: Decouple ERMS from FSRM (bsc#1206578).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce: relocate set{clear}_mce_nospec() functions (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/microcode/AMD: Add a @cpu parameter to the reloading functions (git-fixes).
- x86/microcode/AMD: Fix mixed steppings support (git-fixes).
- x86/microcode/AMD: Track patch allocation size explicitly (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode/intel: Do not retry microcode reloading on the APs (git-fixes).
- x86/microcode: Add a parameter to microcode_check() to store CPU capabilities (git-fixes).
- x86/microcode: Add explicit CPU vendor dependency (git-fixes).
- x86/microcode: Adjust late loading result reporting message (git-fixes).
- x86/microcode: Check CPU capabilities after late microcode update correctly (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/microcode: Rip out the OLD_INTERFACE (git-fixes).
- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: Use proper mask when setting PUD mapping (git-fixes).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/msi: Fix msi message data shadow struct (git-fixes).
- x86/msr: Add AMD CPPC MSR definitions (bsc#1212445).
- x86/msr: Remove .fixup usage (git-fixes).
- x86/nospec: Unwreck the RSB stuffing (git-fixes).
- x86/numa: Use cpumask_available instead of hardcoded NULL check (git-fixes).
- x86/pat: Fix x86_has_pat_wp() (git-fixes).
- x86/pci/xen: Disable PCI/MSI masking for XEN_HVM guests (git-fixes).
- x86/perf/zhaoxin: Add stepping check for ZXC (git fixes).
- x86/perf: Avoid warning for Arch LBR without XSAVE (git fixes).
- x86/perf: Default set FREEZE_ON_SMI for all (git fixes).
- x86/pm: Add enumeration check before spec MSRs save/restore setup (git-fixes).
- x86/reboot: Disable SVM, not just VMX, when stopping CPUs (git-fixes).
- x86/resctrl: Fix min_cbm_bits for AMD (git-fixes).
- x86/sev: Add SEV-SNP guest feature negotiation support (git-fixes).
- x86/sgx: Fix free page accounting (git-fixes).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/signal: Fix the value returned by strict_sas_size() (git-fixes).
- x86/speculation/mmio: Print SMT warning (git-fixes).
- x86/speculation: Identify processors vulnerable to SMT RSB predictions (git-fixes).
- x86/static_call: Serialize __static_call_fixup() properly (git-fixes).
- x86/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes).
- x86/topology: Fix duplicated core ID within a package (git-fixes).
- x86/topology: Fix multiple packages shown on a single-package system (git-fixes).
- x86/traps: Use pt_regs directly in fixup_bad_iret() (git-fixes).
- x86/tsx: Add a feature bit for TSX control MSR support (git-fixes).
- x86/tsx: Disable TSX development mode at boot (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86/xen: Fix memory leak in xen_init_lock_cpu() (git-fixes).
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- x86: ACPI: cstate: Optimize C3 entry on AMD CPUs (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86: Fix return value of __setup handlers (git-fixes).
- x86: Handle idle=nomwait cmdline properly for x86_idle (bsc#1208619).
- x86: Remove vendor checks from prefer_mwait_c1_over_halt (bsc#1208619).
- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (git-fixes).
- x86: centralize setting SWIOTLB_FORCE when guest memory encryption is enabled (jsc#PED-3259).
- x86: drop bogus 'cc' clobber from __try_cmpxchg_user_asm() (git-fixes).
- x86: link vdso and boot with -z noexecstack --no-warn-rwx-segments (bsc#1203200).
- x86: remove cruft from <asm/dma-mapping.h> (PED-3259).
- xen-netfront: Fix NULL sring after live migration (git-fixes).
- xen-pciback: Allow setting PCI_MSIX_FLAGS_MASKALL too (git-fixes).
- xen/arm: Fix race in RB-tree based P2M accounting (git-fixes)
- xen/netback: do not do grant copy across page boundary (git-fixes).
- xen/netback: do some code cleanup (git-fixes).
- xen/netback: fix build warning (git-fixes).
- xen/netback: use same error messages for same errors (git-fixes).
- xen/netfront: destroy queues before real_num_tx_queues is zeroed (git-fixes).
- xen/platform-pci: add missing free_irq() in error path (git-fixes).
- xen/privcmd: Fix a possible warning in privcmd_ioctl_mmap_resource() (git-fixes).
- xfs: Fix unreferenced object reported by kmemleak in xfs_sysfs_init() (git-fixes).
- xfs: convert ptag flags to unsigned (git-fixes).
- xfs: do not assert fail on perag references on teardown (git-fixes).
- xfs: do not leak btree cursor when insrec fails after a split (git-fixes).
- xfs: estimate post-merge refcounts correctly (bsc#1208183).
- xfs: fix incorrect error-out in xfs_remove (git-fixes).
- xfs: fix incorrect i_nlink caused by inode racing (git-fixes).
- xfs: fix maxlevels comparisons in the btree staging code (git-fixes).
- xfs: fix memory leak in xfs_errortag_init (git-fixes).
- xfs: fix rm_offset flag handling in rmap keys (git-fixes).
- xfs: get rid of assert from xfs_btree_islastblock (git-fixes).
- xfs: get root inode correctly at bulkstat (git-fixes).
- xfs: hoist refcount record merge predicates (bsc#1208183).
- xfs: initialize the check_owner object fully (git-fixes).
- xfs: pass the correct cursor to xfs_iomap_prealloc_size (git-fixes).
- xfs: prevent a WARN_ONCE() in xfs_ioc_attr_list() (git-fixes).
- xfs: reject crazy array sizes being fed to XFS_IOC_GETBMAP* (git-fixes).
- xfs: remove xfs_setattr_time() declaration (git-fixes).
- xfs: return errors in xfs_fs_sync_fs (git-fixes).
- xfs: set bnobt/cntbt numrecs correctly when formatting new AGs (git-fixes).
- xfs: zero inode fork buffer at allocation (git-fixes).
- xhci-pci: Only run d3cold avoidance quirk for s2idle (git-fixes).
- xhci-pci: set the dma max_seg_size (git-fixes).
- xhci: Fix incorrect tracking of free space on transfer rings (git-fixes).
- xhci: Fix null pointer dereference when host dies (git-fixes).
- xhci: Free the command allocated for setting LPM if we return early (git-fixes).
- xhci: also avoid the XHCI_ZERO_64B_REGS quirk with a passthrough iommu (git-fixes).
- xhci: fix debugfs register accesses while suspended (git-fixes).
- xirc2ps_cs: Fix use after free bug in xirc2ps_detach (git-fixes).
- xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes).
- xsk: Fix corrupted packets for XDP_SHARED_UMEM (git-fixes).
- zram: do not lookup algorithm in backends table (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1109158SUSE bug 1142685SUSE bug 1152472SUSE bug 1152489SUSE bug 1155798SUSE bug 1160435SUSE bug 1166486SUSE bug 1172073SUSE bug 1174777SUSE bug 1177529SUSE bug 1186449SUSE bug 1187829SUSE bug 1189998SUSE bug 1189999SUSE bug 1191731SUSE bug 1193629SUSE bug 1194869SUSE bug 1195175SUSE bug 1195655SUSE bug 1195921SUSE bug 1196058SUSE bug 1197534SUSE bug 1197617SUSE bug 1198101SUSE bug 1198400SUSE bug 1198438SUSE bug 1198835SUSE bug 1199304SUSE bug 1199701SUSE bug 1200054SUSE bug 1202353SUSE bug 1202633SUSE bug 1203039SUSE bug 1203200SUSE bug 1203325SUSE bug 1203331SUSE bug 1203332SUSE bug 1203693SUSE bug 1203906SUSE bug 1204356SUSE bug 1204363SUSE bug 1204662SUSE bug 1204993SUSE bug 1205153SUSE bug 1205191SUSE bug 1205205SUSE bug 1205544SUSE bug 1205650SUSE bug 1205756SUSE bug 1205758SUSE bug 1205760SUSE bug 1205762SUSE bug 1205803SUSE bug 1205846SUSE bug 1206024SUSE bug 1206036SUSE bug 1206056SUSE bug 1206057SUSE bug 1206103SUSE bug 1206224SUSE bug 1206232SUSE bug 1206340SUSE bug 1206459SUSE bug 1206492SUSE bug 1206493SUSE bug 1206552SUSE bug 1206578SUSE bug 1206640SUSE bug 1206649SUSE bug 1206677SUSE bug 1206824SUSE bug 1206843SUSE bug 1206876SUSE bug 1206877SUSE bug 1206878SUSE bug 1206880SUSE bug 1206881SUSE bug 1206882SUSE bug 1206883SUSE bug 1206884SUSE bug 1206885SUSE bug 1206886SUSE bug 1206887SUSE bug 1206888SUSE bug 1206889SUSE bug 1206890SUSE bug 1206891SUSE bug 1206893SUSE bug 1206894SUSE bug 1206935SUSE bug 1206992SUSE bug 1207034SUSE bug 1207036SUSE bug 1207050SUSE bug 1207051SUSE bug 1207088SUSE bug 1207125SUSE bug 1207149SUSE bug 1207158SUSE bug 1207168SUSE bug 1207185SUSE bug 1207270SUSE bug 1207315SUSE bug 1207328SUSE bug 1207497SUSE bug 1207500SUSE bug 1207501SUSE bug 1207506SUSE bug 1207507SUSE bug 1207521SUSE bug 1207553SUSE bug 1207560SUSE bug 1207574SUSE bug 1207588SUSE bug 1207589SUSE bug 1207590SUSE bug 1207591SUSE bug 1207592SUSE bug 1207593SUSE bug 1207594SUSE bug 1207602SUSE bug 1207603SUSE bug 1207605SUSE bug 1207606SUSE bug 1207607SUSE bug 1207608SUSE bug 1207609SUSE bug 1207610SUSE bug 1207611SUSE bug 1207612SUSE bug 1207613SUSE bug 1207614SUSE bug 1207615SUSE bug 1207616SUSE bug 1207617SUSE bug 1207618SUSE bug 1207619SUSE bug 1207620SUSE bug 1207621SUSE bug 1207622SUSE bug 1207623SUSE bug 1207624SUSE bug 1207625SUSE bug 1207626SUSE bug 1207627SUSE bug 1207628SUSE bug 1207629SUSE bug 1207630SUSE bug 1207631SUSE bug 1207632SUSE bug 1207633SUSE bug 1207634SUSE bug 1207635SUSE bug 1207636SUSE bug 1207637SUSE bug 1207638SUSE bug 1207639SUSE bug 1207640SUSE bug 1207641SUSE bug 1207642SUSE bug 1207643SUSE bug 1207644SUSE bug 1207645SUSE bug 1207646SUSE bug 1207647SUSE bug 1207648SUSE bug 1207649SUSE bug 1207650SUSE bug 1207651SUSE bug 1207652SUSE bug 1207653SUSE bug 1207734SUSE bug 1207768SUSE bug 1207769SUSE bug 1207770SUSE bug 1207771SUSE bug 1207773SUSE bug 1207795SUSE bug 1207827SUSE bug 1207842SUSE bug 1207845SUSE bug 1207875SUSE bug 1207878SUSE bug 1207933SUSE bug 1207935SUSE bug 1207948SUSE bug 1208050SUSE bug 1208076SUSE bug 1208081SUSE bug 1208105SUSE bug 1208107SUSE bug 1208128SUSE bug 1208130SUSE bug 1208149SUSE bug 1208153SUSE bug 1208183SUSE bug 1208212SUSE bug 1208219SUSE bug 1208290SUSE bug 1208368SUSE bug 1208410SUSE bug 1208420SUSE bug 1208428SUSE bug 1208429SUSE bug 1208449SUSE bug 1208534SUSE bug 1208541SUSE bug 1208542SUSE bug 1208570SUSE bug 1208588SUSE bug 1208598SUSE bug 1208599SUSE bug 1208600SUSE bug 1208601SUSE bug 1208602SUSE bug 1208604SUSE bug 1208605SUSE bug 1208607SUSE bug 1208619SUSE bug 1208628SUSE bug 1208700SUSE bug 1208741SUSE bug 1208758SUSE bug 1208759SUSE bug 1208776SUSE bug 1208777SUSE bug 1208784SUSE bug 1208787SUSE bug 1208815SUSE bug 1208816SUSE bug 1208829SUSE bug 1208837SUSE bug 1208843SUSE bug 1208845SUSE bug 1208848SUSE bug 1208864SUSE bug 1208902SUSE bug 1208948SUSE bug 1208976SUSE bug 1209008SUSE bug 1209039SUSE bug 1209052SUSE bug 1209092SUSE bug 1209159SUSE bug 1209256SUSE bug 1209258SUSE bug 1209262SUSE bug 1209287SUSE bug 1209288SUSE bug 1209290SUSE bug 1209291SUSE bug 1209292SUSE bug 1209366SUSE bug 1209367SUSE bug 1209436SUSE bug 1209457SUSE bug 1209504SUSE bug 1209532SUSE bug 1209556SUSE bug 1209600SUSE bug 1209615SUSE bug 1209635SUSE bug 1209636SUSE bug 1209637SUSE bug 1209684SUSE bug 1209687SUSE bug 1209693SUSE bug 1209739SUSE bug 1209779SUSE bug 1209780SUSE bug 1209788SUSE bug 1209798SUSE bug 1209799SUSE bug 1209804SUSE bug 1209805SUSE bug 1209856SUSE bug 1209871SUSE bug 1209927SUSE bug 1209980SUSE bug 1209982SUSE bug 1209999SUSE bug 1210034SUSE bug 1210050SUSE bug 1210158SUSE bug 1210165SUSE bug 1210202SUSE bug 1210203SUSE bug 1210206SUSE bug 1210216SUSE bug 1210230SUSE bug 1210294SUSE bug 1210301SUSE bug 1210329SUSE bug 1210335SUSE bug 1210336SUSE bug 1210337SUSE bug 1210409SUSE bug 1210439SUSE bug 1210449SUSE bug 1210450SUSE bug 1210453SUSE bug 1210454SUSE bug 1210498SUSE bug 1210506SUSE bug 1210533SUSE bug 1210551SUSE bug 1210565SUSE bug 1210584SUSE bug 1210629SUSE bug 1210644SUSE bug 1210647SUSE bug 1210725SUSE bug 1210741SUSE bug 1210762SUSE bug 1210763SUSE bug 1210764SUSE bug 1210765SUSE bug 1210766SUSE bug 1210767SUSE bug 1210768SUSE bug 1210769SUSE bug 1210770SUSE bug 1210771SUSE bug 1210775SUSE bug 1210783SUSE bug 1210791SUSE bug 1210793SUSE bug 1210806SUSE bug 1210816SUSE bug 1210817SUSE bug 1210827SUSE bug 1210853SUSE bug 1210940SUSE bug 1210943SUSE bug 1210947SUSE bug 1210953SUSE bug 1210986SUSE bug 1211014SUSE bug 1211025SUSE bug 1211037SUSE bug 1211043SUSE bug 1211044SUSE bug 1211089SUSE bug 1211105SUSE bug 1211113SUSE bug 1211131SUSE bug 1211205SUSE bug 1211263SUSE bug 1211280SUSE bug 1211281SUSE bug 1211299SUSE bug 1211346SUSE bug 1211387SUSE bug 1211400SUSE bug 1211410SUSE bug 1211414SUSE bug 1211449SUSE bug 1211465SUSE bug 1211519SUSE bug 1211564SUSE bug 1211590SUSE bug 1211592SUSE bug 1211593SUSE bug 1211595SUSE bug 1211654SUSE bug 1211686SUSE bug 1211687SUSE bug 1211688SUSE bug 1211689SUSE bug 1211690SUSE bug 1211691SUSE bug 1211692SUSE bug 1211693SUSE bug 1211714SUSE bug 1211794SUSE bug 1211796SUSE bug 1211804SUSE bug 1211807SUSE bug 1211808SUSE bug 1211820SUSE bug 1211836SUSE bug 1211847SUSE bug 1211852SUSE bug 1211855SUSE bug 1211960SUSE bug 1212051SUSE bug 1212129SUSE bug 1212154SUSE bug 1212155SUSE bug 1212158SUSE bug 1212265SUSE bug 1212350SUSE bug 1212445SUSE bug 1212448SUSE bug 1212456SUSE bug 1212494SUSE bug 1212495SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212556SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212685SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212848SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892SUSE bug 1212961SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213116SUSE bug 1213134CVE-2022-36280 at SUSECVE-2022-36280 at NVDCVE-2022-38096 at SUSECVE-2022-38096 at NVDCVE-2022-4269 at SUSECVE-2022-4269 at NVDCVE-2022-45884 at SUSECVE-2022-45884 at NVDCVE-2022-45885 at SUSECVE-2022-45885 at NVDCVE-2022-45886 at SUSECVE-2022-45886 at NVDCVE-2022-45887 at SUSECVE-2022-45887 at NVDCVE-2022-45919 at SUSECVE-2022-45919 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2023-0045 at SUSECVE-2023-0045 at NVDCVE-2023-0122 at SUSECVE-2023-0122 at NVDCVE-2023-0179 at SUSECVE-2023-0179 at NVDCVE-2023-0394 at SUSECVE-2023-0394 at NVDCVE-2023-0461 at SUSECVE-2023-0461 at NVDCVE-2023-0469 at SUSECVE-2023-0469 at NVDCVE-2023-0590 at SUSECVE-2023-0590 at NVDCVE-2023-0597 at SUSECVE-2023-0597 at NVDCVE-2023-1075 at SUSECVE-2023-1075 at NVDCVE-2023-1076 at SUSECVE-2023-1076 at NVDCVE-2023-1077 at SUSECVE-2023-1077 at NVDCVE-2023-1079 at SUSECVE-2023-1079 at NVDCVE-2023-1095 at SUSECVE-2023-1095 at NVDCVE-2023-1118 at SUSECVE-2023-1118 at NVDCVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1382 at SUSECVE-2023-1382 at NVDCVE-2023-1513 at SUSECVE-2023-1513 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-1583 at SUSECVE-2023-1583 at NVDCVE-2023-1611 at SUSECVE-2023-1611 at NVDCVE-2023-1637 at SUSECVE-2023-1637 at NVDCVE-2023-1652 at SUSECVE-2023-1652 at NVDCVE-2023-1670 at SUSECVE-2023-1670 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-1838 at SUSECVE-2023-1838 at NVDCVE-2023-1855 at SUSECVE-2023-1855 at NVDCVE-2023-1989 at SUSECVE-2023-1989 at NVDCVE-2023-1998 at SUSECVE-2023-1998 at NVDCVE-2023-2002 at SUSECVE-2023-2002 at NVDCVE-2023-21102 at SUSECVE-2023-21102 at NVDCVE-2023-21106 at SUSECVE-2023-21106 at NVDCVE-2023-2124 at SUSECVE-2023-2124 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2162 at SUSECVE-2023-2162 at NVDCVE-2023-2176 at SUSECVE-2023-2176 at NVDCVE-2023-2235 at SUSECVE-2023-2235 at NVDCVE-2023-2269 at SUSECVE-2023-2269 at NVDCVE-2023-22998 at SUSECVE-2023-22998 at NVDCVE-2023-23000 at SUSECVE-2023-23000 at NVDCVE-2023-23001 at SUSECVE-2023-23001 at NVDCVE-2023-23004 at SUSECVE-2023-23004 at NVDCVE-2023-23006 at SUSECVE-2023-23006 at NVDCVE-2023-2430 at SUSECVE-2023-2430 at NVDCVE-2023-2483 at SUSECVE-2023-2483 at NVDCVE-2023-25012 at SUSECVE-2023-25012 at NVDCVE-2023-2513 at SUSECVE-2023-2513 at NVDCVE-2023-26545 at SUSECVE-2023-26545 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-28410 at SUSECVE-2023-28410 at NVDCVE-2023-28464 at SUSECVE-2023-28464 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-3006 at SUSECVE-2023-3006 at NVDCVE-2023-30456 at SUSECVE-2023-30456 at NVDCVE-2023-30772 at SUSECVE-2023-30772 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-31084 at SUSECVE-2023-31084 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3141 at SUSECVE-2023-3141 at NVDCVE-2023-31436 at SUSECVE-2023-31436 at NVDCVE-2023-3161 at SUSECVE-2023-3161 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3220 at SUSECVE-2023-3220 at NVDCVE-2023-32233 at SUSECVE-2023-32233 at NVDCVE-2023-33288 at SUSECVE-2023-33288 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-33951 at SUSECVE-2023-33951 at NVDCVE-2023-33952 at SUSECVE-2023-33952 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDcpe:/o:opensuse:leap:15.5Security update for dbus-1 (Moderate)openSUSE Leap 15.5
This update for dbus-1 fixes the following issues:
- CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126).
ModerateSUSE bug 1212126CVE-2023-34969 at SUSECVE-2023-34969 at NVDcpe:/o:opensuse:leap:15.5Security update for ImageMagick (Moderate)openSUSE Leap 15.5
This update for ImageMagick fixes the following issues:
- CVE-2023-34474: Fixed heap-based buffer overflow in ReadTIM2ImageData() function in coders/tim2.c (bsc#1212237).
ModerateSUSE bug 1212237CVE-2023-34474 at SUSECVE-2023-34474 at NVDcpe:/o:opensuse:leap:15.5Security update for perl (Important)openSUSE Leap 15.5
This update for perl fixes the following issues:
- CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999).
ImportantSUSE bug 1210999CVE-2023-31484 at SUSECVE-2023-31484 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- Make marshalling of `set` and `frozenset` deterministic (bsc#1211765)
python310 was updated to 3.10.12:
- urllib.parse.urlsplit() now strips leading C0
control and space characters following the specification for
URLs defined by WHATWG in response to CVE-2023-24329
(bsc#1208471).
- Fixed a security in flaw in uu.decode() that could
allow for directory traversal based on the input if no
out_file was specified.
- Do not expose the local on-disk
location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- CVE-2007-4559: The extraction methods in tarfile, and
shutil.unpack_archive(), have a new filter argument that
allows limiting tar features than may be surprising or
dangerous, such as creating files outside the destination
directory. See Extraction filters for details (fixing
bsc#1203750).
ImportantSUSE bug 1203750SUSE bug 1208471SUSE bug 1211765CVE-2007-4559 at SUSECVE-2007-4559 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox, MozillaFirefox-branding-SLE (Important)openSUSE Leap 15.5
This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
- Required fields are now highlighted in PDF forms.
- Improved performance on high-refresh rate monitors (120Hz+).
- Buttons in the Tabs toolbar can now be reached with Tab,
Shift+Tab, and Arrow keys. View this article for additional
details.
- Windows' 'Make text bigger' accessibility setting now
affects all the UI and content pages, rather than only
applying to system font sizes.
- Non-breaking spaces are now preserved—preventing automatic
line breaks—when copying text from a form control.
- Fixed WebGL performance issues on NVIDIA binary drivers via
DMA-Buf on Linux.
- Fixed an issue in which Firefox startup could be
significantly slowed down by the processing of Web content
local storage. This had the greatest impact on users with
platter hard drives and significant local storage.
- Removed a configuration option to allow SHA-1 signatures in
certificates: SHA-1 signatures in certificates—long since
determined to no longer be secure enough—are now not
supported.
- Highlight color is preserved correctly after typing `Enter`
in the mail composer of Yahoo Mail and Outlook.
After bypassing the https only error page navigating back
would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was
visited.
- Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
plain text contexts, such as input and text area.
- Added an option to print only the current page from the
print preview dialog.
- Swipe to navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) on Windows is now
enabled.
- Stability on Windows is significantly improved as Firefox
handles low-memory situations much better.
- Touchpad scrolling on macOS was made more accessible by
reducing unintended diagonal scrolling opposite of the
intended scroll axis.
- Firefox is less likely to run out of memory on Linux and
performs more efficiently for the rest of the system when
memory runs low.
- It is now possible to edit PDFs: including writing text,
drawing, and adding signatures.
- Setting Firefox as your default browser now also makes it
the default PDF application on Windows systems.
- Swipe-to-navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) now works for Linux
users on Wayland.
- Text Recognition in images allows users on macOS 10.15 and
higher to extract text from the selected image (such as a
meme or screenshot).
- Firefox View helps you get back to content you previously
discovered. A pinned tab allows you to find and open recently
closed tabs on your current device and access tabs from other
devices (via our “Tab Pickup” feature).
- Import maps, which allow web pages to control the behavior
of JavaScript imports, are now enabled by default.
- Processes used for background tabs now use efficiency mode
on Windows 11 to limit resource use.
- The shift+esc keyboard shortcut now opens the Process
Manager, offering a way to quickly identify processes that
are using too many resources.
- Firefox now supports properly color correcting images
tagged with ICCv4 profiles.
- Support for non-English characters when saving and printing
PDF forms.
- The bookmarks toolbar's default 'Only show on New Tab'
state works correctly for blank new tabs. As before, you can
change the bookmark toolbar's behavior using the toolbar
context menu.
- Manifest Version 3 (MV3) extension support is now enabled
by default (MV2 remains enabled/supported). This major update
also ushers an exciting user interface change in the form of
the new extensions button.
- The Arbitrary Code Guard exploit protection has been
enabled in the media playback utility processes, improving
security for Windows users.
- The native HTML date picker for date and datetime inputs
can now be used with a keyboard alone, improving its
accessibility for screen reader users. Users with limited
mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
- Firefox builds in the Spanish from Spain (es-ES) and
Spanish from Argentina (es-AR) locales now come with a built-
in dictionary for the Firefox spellchecker.
- On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls
the page instead of zooming. This avoids accidental zooming
and matches the behavior of other web browsers on macOS.
- It's now possible to import bookmarks, history and
passwords not only from Edge, Chrome or Safari but also from
Opera, Opera GX, and Vivaldi.
- GPU sandboxing has been enabled on Windows.
- On Windows, third-party modules can now be blocked from
injecting themselves into Firefox, which can be helpful if
they are causing crashes or other undesirable behavior.
- Date, time, and datetime-local input fields can now be
cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on
macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and
Linux.
- GPU-accelerated Canvas2D is enabled by default on macOS and
Linux.
- WebGL performance improvement on Windows, MacOS and Linux.
- Enables overlay of hardware-decoded video with non-Intel
GPUs on Windows 10/11, improving video playback performance
and video scaling quality.
- Windows native notifications are now enabled.
- Firefox Relay users can now opt-in to create Relay email
masks directly from the Firefox credential manager. You must
be signed in with your Firefox Account.
- We’ve added two new locales: Silhe Friulian (fur) and
Sardinian (sc).
- Right-clicking on password fields now shows an option to
reveal the password.
- Private windows and ETP set to strict will now include
email tracking protection. This will make it harder for email
trackers to learn the browsing habits of Firefox users. You
can check the Tracking Content in the sub-panel on the shield
icon panel.
- The deprecated U2F Javascript API is now disabled by
default. The U2F protocol remains usable through the WebAuthn
API. The U2F API can be re-enabled using the
`security.webauth.u2f` preference.
- Say hello to enhanced Picture-in-Picture! Rewind, check
video duration, and effortlessly switch to full-screen mode
on the web's most popular video websites.
- Firefox's address bar is already a great place to search
for what you're looking for. Now you'll always be able to see
your web search terms and refine them while viewing your
search's results - no additional scrolling needed! Also, a
new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest
entries.
- Private windows now protect users even better by blocking
third-party cookies and storage of content trackers.
- Passwords automatically generated by Firefox now include
special characters, giving users more secure passwords by
default.
- Firefox 115 introduces a redesigned accessibility engine
which significantly improves the speed, responsiveness, and
stability of Firefox when used with:
- Screen readers, as well as certain other accessibility
software;
- East Asian input methods;
- Enterprise single sign-on software; and
- Other applications which use accessibility frameworks to
access information.
- Firefox 115 now supports AV1 Image Format files containing
animations (AVIS), improving support for AVIF images across
the web.
- The Windows GPU sandbox first shipped in the Firefox 110
release has been tightened to enhance the security benefits
it provides.
- A 13-year-old feature request was fulfilled and Firefox now
supports files being drag-and-dropped directly from Microsoft
Outlook. A special thanks to volunteer contributor Marco
Spiess for helping to get this across the finish line!
- Users on macOS can now access the Services sub-menu
directly from Firefox context menus.
- On Windows, the elastic overscroll effect has been enabled
by default. When two-finger scrolling on the touchpad or
scrolling on the touchscreen, you will now see a bouncing
animation when scrolling past the edge of a scroll container.
- Firefox is now available in the Tajik (tg) language.
- Added UI to manage the DNS over HTTPS exception list.
- Bookmarks can now be searched from the Bookmarks menu. The
Bookmarks menu is accessible by adding the Bookmarks menu
button to the toolbar.
- Restrict searches to your local browsing history by
selecting Search history from the History, Library or
Application menu buttons.
- Mac users can now capture video from their cameras in all
supported native resolutions. This enables resolutions higher
than 1280x720.
- It is now possible to reorder the extensions listed in the
extensions panel.
- Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator.
- Pocket Recommended content can now be seen in France,
Italy, and Spain.
- DNS over HTTPS settings are now part of the Privacy &
Security section of the Settings page and allow the user to
choose from all the supported modes.
- Migrating from another browser? Now you can bring over
payment methods you've saved in Chrome-based browsers to
Firefox.
- Hardware video decoding enabled for Intel GPUs on Linux.
- The Tab Manager dropdown now features close buttons, so you
can close tabs more quickly.
- Windows Magnifier now follows the text cursor correctly
when the Firefox title bar is visible.
- Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions-
using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3
*_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
[6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows
[9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464)
Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002)
Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711)
Potential use-after-free from compartment mismatch in
SpiderMonkey
* CVE-2023-37203 (bmo#291640)
Drag and Drop API may provide access to local system files
* CVE-2023-37204 (bmo#1832195)
Fullscreen notification obscured via option element
* CVE-2023-37205 (bmo#1704420)
URL spoofing in address bar using RTL characters
* CVE-2023-37206 (bmo#1813299)
Insufficient validation of symlinks in the FileSystem API
* CVE-2023-37207 (bmo#1816287)
Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675)
Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993)
Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886)
Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
bmo#1836550, bmo#1837450)
Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,
bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,
bmo#1838587)
Memory safety bugs fixed in Firefox 115
- Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
ImportantSUSE bug 1212101SUSE bug 1212438CVE-2023-3482 at SUSECVE-2023-3482 at NVDCVE-2023-37201 at SUSECVE-2023-37201 at NVDCVE-2023-37202 at SUSECVE-2023-37202 at NVDCVE-2023-37203 at SUSECVE-2023-37203 at NVDCVE-2023-37204 at SUSECVE-2023-37204 at NVDCVE-2023-37205 at SUSECVE-2023-37205 at NVDCVE-2023-37206 at SUSECVE-2023-37206 at NVDCVE-2023-37207 at SUSECVE-2023-37207 at NVDCVE-2023-37208 at SUSECVE-2023-37208 at NVDCVE-2023-37209 at SUSECVE-2023-37209 at NVDCVE-2023-37210 at SUSECVE-2023-37210 at NVDCVE-2023-37211 at SUSECVE-2023-37211 at NVDCVE-2023-37212 at SUSECVE-2023-37212 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2023-32001: Fixed TOCTOU race condition (bsc#1213237).
ModerateSUSE bug 1213237CVE-2023-32001 at SUSECVE-2023-32001 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-2430: Fixed a possible denial of service via a missing lock in the io_uring subsystem (bsc#1211014).
- CVE-2023-28866: Fixed an out-of-bounds access in net/bluetooth/hci_sync.c because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but did not (bsc#1209780).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3220: Fixed a NULL pointer dereference flaw in dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() (bsc#1212556).
- CVE-2023-3357: Fixed a NULL pointer dereference flaw in the AMD Sensor Fusion Hub driver (bsc#1212605).
- CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504).
- CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494).
- CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513).
- CVE-2023-35829: Fixed a use-after-free flaw in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c (bsc#1212495).
The following non-security bugs were fixed:
- ACPI: CPPC: Add AMD pstate energy performance preference cppc control (bsc#1212445).
- ACPI: CPPC: Add auto select register read/write support (bsc#1212445).
- ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() (git-fixes).
- ALSA: ac97: Fix possible NULL dereference in snd_ac97_mixer (git-fixes).
- ALSA: fireface: make read-only const array for model names static (git-fixes).
- ALSA: hda/realtek: Add 'Intel Reference board' and 'NUC 13' SSID in the ALC256 (git-fixes).
- ALSA: hda/realtek: Add a quirk for Compaq N14JP6 (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G614Jx (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG G634Z (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GA402X (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GV601V (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GX650P (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GZ301V (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NPx0SNx (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS GU604V and GU603V (git-fixes).
- ALSA: hda/realtek: Add quirks for ROG ALLY CS35l41 audio (git-fixes).
- ALSA: hda/realtek: Add quirks for Unis H3C Desktop B760 & Q760 (git-fixes).
- ALSA: hda/realtek: Amend G634 quirk to enable rear speakers (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on EliteBook (git-fixes).
- ALSA: hda/realtek: Whitespace fix (git-fixes).
- ALSA: hda: LNL: add HD Audio PCI ID (git-fixes).
- ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- ALSA: jack: Fix mutex call in snd_jack_report() (git-fixes).
- ALSA: oxfw: make read-only const array models static (git-fixes).
- ALSA: pcm: Fix potential data race at PCM memory allocation helpers (git-fixes).
- ALSA: usb-audio: Add quirk flag for HEM devices to enable native DSD playback (git-fixes).
- ALSA: usb-audio: Fix broken resume due to UAC3 power state (git-fixes).
- ARM: 9295/1: unwind:fix unwind abort for uleb128 case (git-fixes)
- ARM: cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- ARM: dts: Fix erroneous ADS touchscreen polarities (git-fixes).
- ARM: dts: vexpress: add missing cache properties (git-fixes).
- ASoC: dwc: move DMA init to snd_soc_dai_driver probe() (git-fixes).
- ASoC: es8316: Do not set rate constraints for unsupported MCLKs (git-fixes).
- ASoC: es8316: Increment max value for ALC Capture Target Volume control (git-fixes).
- ASoC: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- ASoC: mediatek: mt8173: Fix irq error path (git-fixes).
- ASoC: nau8824: Add quirk to active-high jack-detect (git-fixes).
- ASoC: simple-card: Add missing of_node_put() in case of error (git-fixes).
- ASoC: soc-pcm: test if a BE can be prepared (git-fixes).
- Add MODULE_FIRMWARE() for FIRMWARE_TG357766 (git-fixes).
- Bluetooth: Fix use-after-free in hci_remove_ltk/hci_remove_irk (git-fixes).
- Documentation: ABI: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- Documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- Documentation: devlink: add add devlink-selftests to the table of contents (git-fixes).
- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (git-fixes).
- Documentation: timers: hrtimers: Make hybrid union historical (git-fixes).
- Drop a buggy dvb-core fix patch (bsc#1205758)
- Fix documentation of panic_on_warn (git-fixes).
- Get module prefix from kmod (bsc#1212835).
- HID: logitech-hidpp: add HIDPP_QUIRK_DELAYED_INIT for the T651 (git-fixes).
- HID: wacom: Add error check to wacom_parse_and_register() (git-fixes).
- IB/hfi1: Fix wrong mmu_node used for user SDMA packet after invalidate (git-fixes)
- IB/isert: Fix dead lock in ib_isert (git-fixes)
- IB/isert: Fix incorrect release of isert connection (git-fixes)
- IB/isert: Fix possible list corruption in CMA handler (git-fixes)
- IB/uverbs: Fix to consider event queue closing also upon non-blocking mode (git-fixes)
- Input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- Input: drv260x - fix typo in register value define (git-fixes).
- Input: drv260x - remove unused .reg_defaults (git-fixes).
- Input: drv260x - sleep between polling GO bit (git-fixes).
- Input: psmouse - fix OOB access in Elantech protocol (git-fixes).
- Input: soc_button_array - add invalid acpi_index DMI quirk handling (git-fixes).
- KVM: arm64: Do not hypercall before EL2 init (git-fixes)
- KVM: arm64: Propagate errors from __pkvm_prot_finalize hypercall (git-fixes)
- KVM: arm64: Save PSTATE early on exit (git-fixes)
- KVM: arm64: vgic: Read HW interrupt pending state from the HW (git-fixes)
- NTB: amd: Fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- NTB: ntb_tool: Add check for devm_kcalloc (git-fixes).
- NTB: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free (git-fixes).
- PCI: Add pci_clear_master() stub for non-CONFIG_PCI (git-fixes).
- PCI: Release resource invalidated by coalescing (git-fixes).
- PCI: cadence: Fix Gen2 Link Retraining process (git-fixes).
- PCI: endpoint: Add missing documentation about the MSI/MSI-X range (git-fixes).
- PCI: ftpci100: Release the clock resources (git-fixes).
- PCI: pciehp: Cancel bringup sequence if card is not present (git-fixes).
- PCI: qcom: Disable write access to read only registers for IP v2.3.3 (git-fixes).
- PCI: rockchip: Add poll and timeout to wait for PHY PLLs to be locked (git-fixes).
- PCI: rockchip: Assert PCI Configuration Enable bit after probe (git-fixes).
- PCI: rockchip: Fix legacy IRQ generation for RK3399 PCIe endpoint core (git-fixes).
- PCI: rockchip: Set address alignment for endpoint mode (git-fixes).
- PCI: rockchip: Use u32 variable to access 32-bit registers (git-fixes).
- PCI: rockchip: Write PCI Device ID to correct register (git-fixes).
- PCI: vmd: Reset VMD config register between soft reboots (git-fixes).
- PM: domains: fix integer overflow issues in genpd_parse_state() (git-fixes).
- RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context (git-fixes)
- RDMA/bnxt_re: Disable/kill tasklet only if it is enabled (git-fixes)
- RDMA/bnxt_re: Fix to remove an unnecessary log (git-fixes)
- RDMA/bnxt_re: Fix to remove unnecessary return labels (git-fixes)
- RDMA/bnxt_re: Remove a redundant check inside bnxt_re_update_gid (git-fixes)
- RDMA/bnxt_re: Remove unnecessary checks (git-fixes)
- RDMA/bnxt_re: Return directly without goto jumps (git-fixes)
- RDMA/bnxt_re: Use unique names while registering interrupts (git-fixes)
- RDMA/bnxt_re: wraparound mbox producer index (git-fixes)
- RDMA/cma: Always set static rate to 0 for RoCE (git-fixes)
- RDMA/hns: Fix hns_roce_table_get return value (git-fixes)
- RDMA/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- RDMA/mlx5: Create an indirect flow table for steering anchor (git-fixes)
- RDMA/mlx5: Do not set tx affinity when lag is in hash mode (git-fixes)
- RDMA/mlx5: Fix affinity assignment (git-fixes)
- RDMA/mlx5: Initiate dropless RQ for RAW Ethernet functions (git-fixes)
- RDMA/mlx5: Rely on RoCE fw cap instead of devlink when setting profile (jsc#SLE-19253).
- RDMA/rtrs: Fix rxe_dealloc_pd warning (git-fixes)
- RDMA/rtrs: Fix the last iu->buf leak in err path (git-fixes)
- RDMA/rxe: Fix access checks in rxe_check_bind_mw (git-fixes)
- RDMA/rxe: Fix packet length checks (git-fixes)
- RDMA/rxe: Fix ref count error in check_rkey() (git-fixes)
- RDMA/rxe: Fix rxe_cq_post (git-fixes)
- RDMA/rxe: Fix the use-before-initialization error of resp_pkts (git-fixes)
- RDMA/rxe: Remove dangling declaration of rxe_cq_disable() (git-fixes)
- RDMA/rxe: Remove the unused variable obj (git-fixes)
- RDMA/rxe: Removed unused name from rxe_task struct (git-fixes)
- RDMA/uverbs: Restrict usage of privileged QKEYs (git-fixes)
- RDMA/vmw_pvrdma: Remove unnecessary check on wr->opcode (git-fixes)
- Remove more packaging cruft for SLE < 12 SP3
- Remove orphaned CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT (bsc#1189998 git-fixes).
- Revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- Revert 'mtd: rawnand: arasan: Prevent an unsupported configuration' (git-fixes).
- Revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- SUNRPC: Clean up svc_deferred_class trace events (git-fixes).
- USB: cdns3: fix NCM gadget RX speed 20x slow than expection at iMX8QM (git-fixes).
- USB: dwc3-meson-g12a: Fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- USB: dwc3: fix use-after-free on core driver unbind (git-fixes).
- USB: dwc3: gadget: Propagate core init errors to UDC during pullup (git-fixes).
- USB: dwc3: gadget: Reset num TRBs before giving back the request (git-fixes).
- USB: dwc3: qcom: Fix an error handling path in dwc3_qcom_probe() (git-fixes).
- USB: dwc3: qcom: Fix potential memory leak (git-fixes).
- USB: dwc3: qcom: Release the correct resources in dwc3_qcom_remove() (git-fixes).
- USB: dwc3: qcom: fix NULL-deref on suspend (git-fixes).
- USB: gadget: u_serial: Add null pointer check in gserial_suspend (git-fixes).
- USB: gadget: udc: fix NULL dereference in remove() (git-fixes).
- USB: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- USB: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- USB: serial: option: add Quectel EM061KGL series (git-fixes).
- USB: typec: ucsi: Fix command cancellation (git-fixes).
- USB: xhci: Remove unused udev from xhci_log_ctx trace event (git-fixes).
- Update commit 52b1b46c39ae ('of: Create platform devices for OF framebuffers') (bsc#1212405).
- Update patches.suse/KVM-x86-fix-sending-PV-IPI.patch (git-fixes, bsc#1210853).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64: Add missing Set/Way CMO encodings (git-fixes).
- arm64: Always load shadow stack pointer directly from the task struct (git-fixes)
- arm64: Stash shadow stack pointer in the task struct on interrupt (git-fixes)
- arm64: dts: Move BCM4908 dts to bcmbca folder (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix NAND interrupt name (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: fix procmon nodename (git-fixes)
- arm64: dts: imx8mn-var-som: fix PHY detection bug by adding deassert (git-fixes)
- bnxt_en: Do not issue AP reset during ethtool's reset operation (git-fixes).
- bnxt_en: Implement .set_port / .unset_port UDP tunnel callbacks (git-fixes).
- bnxt_en: Prevent kernel panic when receiving unexpected PHC_UPDATE event (git-fixes).
- bnxt_en: Query default VLAN before VNIC setup on a VF (git-fixes).
- bnxt_en: Skip firmware fatal error recovery if chip is not accessible (git-fixes).
- bonding: Fix negative jump label count on nested bonding (bsc#1212685).
- bpf, arm64: Call build_prologue() first in first JIT pass (git-fixes)
- bpf, arm64: Clear prog->jited_len along prog->jited (git-fixes)
- bpf, arm64: Feed byte-offset into bpf line info (git-fixes)
- bpf, arm64: Use emit_addr_mov_i64() for BPF_PSEUDO_FUNC (git-fixes)
- bpf: Add extra path pointer check to d_path helper (git-fixes).
- bpf: Fix UAF in task local storage (bsc#1212564).
- bus: fsl-mc: fsl-mc-allocator: Drop a write-only variable (git-fixes).
- bus: ti-sysc: Fix dispc quirk masking bool variables (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on TX path (git-fixes).
- can: kvaser_pciefd: Remove handler for unused KVASER_PCIEFD_PACK_TYPE_EFRAME_ACK (git-fixes).
- can: kvaser_pciefd: Remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the RRS field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: fix use-after-free bug for inodes when flushing capsnaps (bsc#1212540).
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (bsc#1212563).
- cgroup: always put cset in cgroup_css_set_put_fork (bsc#1212561).
- cgroup: fix missing cpus_read_{lock,unlock}() in cgroup_transfer_tasks() (bsc#1212563).
- clk: Fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: qcom: camcc-sc7180: Add parent dependency to all camera GDSCs (git-fixes).
- clk: qcom: gcc-ipq6018: Use floor ops for sdcc clocks (git-fixes).
- clk: samsung: Add Exynos4212 compatible to CLKOUT driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: Fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe (git-fixes).
- crypto: marvell/cesa - Fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when DEBUG_FS is not enabled (git-fixes).
- device-dax: Fix duplicate 'hmem' device registration (bsc#1211400).
- disable two x86 PAT related patches (bsc#1212456).
- docs/memory-barriers.txt: Add a missed closing parenthesis (git-fixes).
- docs: networking: Update codeaurora references for rmnet (git-fixes).
- drivers: meson: secure-pwrc: always enable DMA domain (git-fixes).
- drm/amd/display: Add logging for display MALL refresh setting (git-fixes).
- drm/amd/display: Add minimal pipe split transition state (git-fixes).
- drm/amd/display: Add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: Explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: Fix artifacting on eDP panels when engaging freesync video mode (git-fixes).
- drm/amd/display: Use dc_update_planes_and_stream (git-fixes).
- drm/amd/display: add a NULL pointer check (bsc#1212848, bsc#1212961).
- drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: edp do not add non-edid timings (git-fixes).
- drm/amd/display: fix the system hang while disable PSR (git-fixes).
- drm/amd/pm: Fix power context allocation in SMU13 (git-fixes).
- drm/amd/pm: revise the ASPM settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961).
- drm/amd/pm: update the LC_L1_INACTIVITY setting to address possible noise issue (bsc#1212848, bsc#1212961).
- drm/amd: Disable PSR-SU on Parade 0803 TCON (bsc#1212848, bsc#1212961).
- drm/amd: Do not try to enable secure display TA multiple times (bsc#1212848, bsc#1212961).
- drm/amd: Make sure image is written to trigger VBIOS image update flow (git-fixes).
- drm/amd: Tighten permissions on VBIOS flashing attributes (git-fixes).
- drm/amdgpu: Set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: Validate VM ioctl flags (git-fixes).
- drm/amdgpu: add missing radeon secondary PCI ID (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (bsc#1212848, bsc#1212961).
- drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961).
- drm/amdgpu: fix xclk freq on CHIP_STONEY (git-fixes).
- drm/amdkfd: Fix potential deallocation of previously deallocated memory (git-fixes).
- drm/bridge: tc358768: always enable HS video mode (git-fixes).
- drm/bridge: tc358768: fix PLL parameters computation (git-fixes).
- drm/bridge: tc358768: fix PLL target frequency (git-fixes).
- drm/bridge: tc358768: fix TCLK_ZEROCNT computation (git-fixes).
- drm/bridge: tc358768: fix TXTAGOCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi86: Avoid possible buffer overflow (git-fixes).
- drm/exynos: fix race condition UAF in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/psr: Use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915/selftests: Add some missing error propagation (git-fixes).
- drm/i915/selftests: Increase timeout for live_parallel_switch (git-fixes).
- drm/i915/selftests: Stop using kthread_stop() (git-fixes).
- drm/i915: Explain the magic numbers for AUX SYNC/precharge length (git-fixes).
- drm/i915: Use 18 fast wake AUX sync len (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/dp: Free resources after unregistering them (git-fixes).
- drm/msm/dpu: correct MERGE_3D length (git-fixes).
- drm/msm/dpu: do not enable color-management if DSPPs are not available (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm VCO with unprogrammed rate (git-fixes).
- drm/nouveau/dp: check for NULL nv_connector->native_mode (git-fixes).
- drm/nouveau: add nv_encoder pointer check for NULL (git-fixes).
- drm/nouveau: do not detect DSM for non-NVIDIA device (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: fix active size for Ampire AM-480272H3TMQW-T01H (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition UAF in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: vop: Leave vblank enabled in self-refresh (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm:amd:amdgpu: Fix missing buffer object unlock in failure path (git-fixes).
- dt-bindings: i3c: silvaco,i3c-master: fix missing schema restriction (git-fixes).
- dt-bindings: phy: brcm,brcmstb-usb-phy: Fix error in 'compatible' conditional schema (git-fixes).
- elf: correct note name comment (git-fixes).
- ext4: Fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: add EA_INODE checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix WARNING in ext4_update_inline_data (bsc#1213012).
- ext4: fix WARNING in mb_find_extent (bsc#1213099).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling MMP (bsc#1213100).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the MAY_INLINE_DATA flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- extcon: Fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: Fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: Add USB TYPE-C support (git-fixes).
- extcon: usbc-tusb320: Call the Type-C IRQ handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: Unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: Update state on probe even if no IRQ pending (git-fixes).
- fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() (git-fixes).
- firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- hvcs: Fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: Get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: Synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: Use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: Use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: Use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: imx-lpi2c: fix type char overflow issue when calculating the clock cycle (git-fixes).
- i2c: qup: Add missing unwind goto in qup_i2c_probe() (git-fixes).
- iavf: remove mask from iavf_irq_enable_queues() (git-fixes).
- ibmvnic: Do not reset dql stats on NON_FATAL err (bsc#1212603 ltc#202604).
- ice, xsk: Diversify return values from xsk_wakeup call paths (git-fixes).
- ice: Do not double unplug aux on peer initiated reset (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (git-fixes).
- ice: Do not use WQ_MEM_RECLAIM flag for workqueue (jsc#PED-376).
- ice: Fix DSCP PFC TLV creation (git-fixes).
- ice: Fix DSCP PFC TLV creation (jsc#PED-376).
- ice: Fix XDP memory leak when NIC is brought up and down (git-fixes).
- ice: Fix ice VF reset during iavf initialization (jsc#PED-376).
- ice: Fix ice_cfg_rdma_fltr() to only update relevant fields (jsc#PED-376).
- ice: Fix ice_xdp_xmit() when XDP TX queue number is not sufficient (git-fixes).
- ice: Fix memory corruption in VF driver (git-fixes).
- ice: Ignore EEXIST when setting promisc mode (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (git-fixes).
- ice: Prevent set_channel from changing queues while RDMA active (jsc#PED-376).
- ice: Reset FDIR counter in FDIR init stage (git-fixes).
- ice: Reset FDIR counter in FDIR init stage (jsc#PED-376).
- ice: add profile conflict check for AVF FDIR (git-fixes).
- ice: add profile conflict check for AVF FDIR (jsc#PED-376).
- ice: block LAN in case of VF to VF offload (git-fixes).
- ice: block LAN in case of VF to VF offload (jsc#PED-376).
- ice: check if VF exists before mode check (jsc#PED-376).
- ice: config netdev tc before setting queues number (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (git-fixes).
- ice: copy last block omitted in ice_get_module_eeprom() (jsc#PED-376).
- ice: ethtool: Prohibit improper channel config for DCB (git-fixes).
- ice: ethtool: advertise 1000M speeds properly (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (git-fixes).
- ice: fix invalid check for empty list in ice_sched_assoc_vsi_to_agg() (jsc#PED-376).
- ice: fix lost multicast packets in promisc mode (jsc#PED-376).
- ice: fix wrong fallback logic for FDIR (git-fixes).
- ice: fix wrong fallback logic for FDIR (jsc#PED-376).
- ice: handle E822 generic device ID in PLDM header (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (git-fixes).
- ice: switch: fix potential memleak in ice_add_adv_recipe() (jsc#PED-376).
- ice: use bitmap_free instead of devm_kfree (git-fixes).
- ice: xsk: disable txq irq before flushing hw (jsc#PED-376).
- ice: xsk: use Rx ring's XDP ring when picking NAPI context (git-fixes).
- ieee802154: hwsim: Fix possible memory leaks (git-fixes).
- ifcvf/vDPA: fix misuse virtio-net device config size for blk dev (jsc#SLE-19253).
- igb: Fix extts capture value format for 82580/i354/i350 (git-fixes).
- igb: fix bit_shift to be in [1..8] range (git-fixes).
- igb: fix nvm.ops.read() error handling (git-fixes).
- igc: Clean the TX buffer and TX descriptor ring (git-fixes).
- igc: Fix possible system crash when loading module (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for FXLS8962AF (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: Fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: Fix null ad7192_state pointer access (git-fixes).
- init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1212448).
- init: Invoke arch_cpu_finalize_init() earlier (bsc#1212448).
- init: Provide arch_cpu_finalize_init() (bsc#1212448).
- init: Remove check_bugs() leftovers (bsc#1212448).
- inotify: Avoid reporting event with invalid wd (bsc#1213025).
- integrity: Fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: clear TIF_NOTIFY_SIGNAL if set and task_work not available (git-fixes).
- io_uring: do not expose io_fill_cqe_aux() (bsc#1211014).
- io_uring: do not gate task_work run on TIF_NOTIFY_SIGNAL (git-fixes).
- io_uring: fix return value when removing provided buffers (git-fixes).
- io_uring: fix size calculation when registering buf ring (git-fixes).
- irqchip/clps711x: Remove unused clps711x_intc_init() function (git-fixes).
- irqchip/ftintc010: Mark all function static (git-fixes).
- irqchip/jcore-aic: Fix missing allocation of IRQ descriptors (git-fixes).
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: Do not refuse invalidation of already invalidated buffers (bsc#1213014).
- kABI workaround for cpp_acpi extensions for EPP (bsc#1212445).
- kernel-docs: Add buildrequires on python3-base when using python3 The python3 binary is provided by python3-base.
- kernel-docs: Use python3 together with python3-Sphinx (bsc#1212741).
- kprobe: reverse kp->flags when arm_kprobe failed (git-fixes).
- kprobes: Fix check for probe enabled in kill_kprobe() (git-fixes).
- kprobes: Fix to handle forcibly unoptimized kprobes on freeing_list (git-fixes).
- kprobes: Forbid probing on trampoline and BPF code areas (git-fixes).
- kprobes: Prohibit probes in gate area (git-fixes).
- kprobes: Skip clearing aggrprobe's post_handler in kprobe-on-ftrace case (git-fixes).
- kprobes: do not call disarm_kprobe() for disabled kprobes (git-fixes).
- lpfc: Account for fabric domain ctlr device loss recovery (bsc#1211346, bsc#1211852).
- lpfc: Change firmware upgrade logging to KERN_NOTICE instead of TRACE_EVENT (bsc#1211852).
- lpfc: Clean up SLI-4 CQE status handling (bsc#1211852).
- lpfc: Clear NLP_IN_DEV_LOSS flag if already in rediscovery (bsc#1211852).
- lpfc: Copyright updates for 14.2.0.13 patches (bsc#1211852).
- lpfc: Enhance congestion statistics collection (bsc#1211852).
- lpfc: Fix use-after-free rport memory access in lpfc_register_remote_port (bsc#1211852, bsc#1208410, bsc#1211346).
- lpfc: Revise NPIV ELS unsol rcv cmpl logic to drop ndlp based on nlp_state (bsc#1211852).
- lpfc: Update lpfc version to 14.2.0.13 (bsc#1211852).
- mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 (git-fixes).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: cec: i2c: ch7322: also select REGMAP (git-fixes).
- media: i2c: Correct format propagation for st-mipid02 (git-fixes).
- media: usb: Check az6007_read() return value (git-fixes).
- media: usb: siano: Fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: Fix ALIGN() of non power of two (git-fixes).
- media: videodev2.h: Fix struct v4l2_input tuner index comment (git-fixes).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: Add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: Fix module autoloading (git-fixes).
- mfd: rt5033: Drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: Fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: Nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: Only disable the regulators if they are enabled (git-fixes).
- misc: fastrpc: Create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: Free IRQs before removing the device (git-fixes).
- misc: pci_endpoint_test: Re-init completion for every test (git-fixes).
- mlx5: do not use RT_TOS for IPv6 flowlabel (jsc#SLE-19253).
- mlx5: fix possible ptp queue fifo use-after-free (jsc#PED-1549).
- mlx5: fix skb leak while fifo resync and push (jsc#PED-1549).
- mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next() (git-fixes).
- mm/vmalloc: do not output a spurious warning when huge vmalloc() fails (bsc#1211410).
- mm: Move mm_cachep initialization to mm_init() (bsc#1212448).
- mm: vmalloc: avoid warn_alloc noise caused by fatal signal (bsc#1211410).
- mmc: bcm2835: fix deferred probing (git-fixes).
- mmc: meson-gx: remove redundant mmc_request_done() call from irq context (git-fixes).
- mmc: mmci: Set PROBE_PREFER_ASYNCHRONOUS (git-fixes).
- mmc: mmci: stm32: fix max busy timeout calculation (git-fixes).
- mmc: mtk-sd: fix deferred probing (git-fixes).
- mmc: mvsdio: fix deferred probing (git-fixes).
- mmc: omap: fix deferred probing (git-fixes).
- mmc: omap_hsmmc: fix deferred probing (git-fixes).
- mmc: owl: fix deferred probing (git-fixes).
- mmc: sdhci-acpi: fix deferred probing (git-fixes).
- mmc: sdhci-msm: Disable broken 64-bit DMA on MSM8916 (git-fixes).
- mmc: sdhci-spear: fix deferred probing (git-fixes).
- mmc: sh_mmcif: fix deferred probing (git-fixes).
- mmc: sunxi: fix deferred probing (git-fixes).
- mmc: usdhi60rol0: fix deferred probing (git-fixes).
- mtd: rawnand: meson: fix unaligned DMA buffers handling (git-fixes).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#PED-1549).
- net/mlx5: Add forgotten cleanup calls into mlx5_init_once() error path (jsc#SLE-19253).
- net/mlx5: Allow async trigger completion execution on single CPU systems (jsc#SLE-19253).
- net/mlx5: Allow future addition of IPsec object modifiers (jsc#SLE-19253).
- net/mlx5: Avoid false positive lockdep warning by adding lock_class_key (jsc#SLE-19253).
- net/mlx5: Avoid recovery in probe flows (jsc#PED-1549 bsc#1211794).
- net/mlx5: Avoid recovery in probe flows (jsc#SLE-19253).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#PED-1549).
- net/mlx5: Bridge, fix ageing of peer FDB entries (jsc#SLE-19253).
- net/mlx5: Bridge, verify LAG state when adding bond to bridge (jsc#SLE-19253).
- net/mlx5: Collect command failures data only for known commands (jsc#PED-1549).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#PED-1549).
- net/mlx5: DR, Check force-loopback RC QP capability independently from RoCE (jsc#SLE-19253).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#PED-1549).
- net/mlx5: DR, Fix crc32 calculation to work on big-endian (BE) CPUs (jsc#SLE-19253).
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (jsc#SLE-19253).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#PED-1549).
- net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device (jsc#SLE-19253).
- net/mlx5: Devcom, serialize devcom registration (jsc#PED-1549).
- net/mlx5: Disable eswitch before waiting for VF pages (jsc#PED-1549).
- net/mlx5: Do not advertise IPsec netdev support for non-IPsec device (jsc#SLE-19253).
- net/mlx5: Do not use already freed action pointer (jsc#SLE-19253).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#PED-1549).
- net/mlx5: E-Switch, Fix an Oops in error handling code (jsc#SLE-19253).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#PED-1549).
- net/mlx5: E-Switch, properly handle ingress tagged packets on VST (jsc#SLE-19253).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#PED-1549).
- net/mlx5: E-switch, Create per vport table based on devlink encap mode (jsc#SLE-19253).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#PED-1549).
- net/mlx5: E-switch, Do not destroy indirect table in split rule (jsc#SLE-19253).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#PED-1549).
- net/mlx5: E-switch, Fix missing set of split_count when forward to ovs internal port (jsc#SLE-19253).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
- net/mlx5: E-switch, Fix setting of reserved fields on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5: E-switch, Fix switchdev mode after devlink reload (jsc#PED-1549).
- net/mlx5: E-switch, Fix wrong usage of source port rewrite in split rules (jsc#PED-1549).
- net/mlx5: ECPF, wait for VF pages only after disabling host PFs (jsc#PED-1549).
- net/mlx5: Enhance debug print in page allocation failure (jsc#PED-1549).
- net/mlx5: Enhance debug print in page allocation failure (jsc#SLE-19253).
- net/mlx5: Expose SF firmware pages counter (jsc#PED-1549).
- net/mlx5: Fix FW tracer timestamp calculation (jsc#SLE-19253).
- net/mlx5: Fix RoCE setting at HCA level (jsc#PED-1549).
- net/mlx5: Fix RoCE setting at HCA level (jsc#SLE-19253).
- net/mlx5: Fix command stats access after free (jsc#PED-1549).
- net/mlx5: Fix crash during sync firmware reset (jsc#SLE-19253).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#PED-1549).
- net/mlx5: Fix error message when failing to allocate device memory (jsc#SLE-19253).
- net/mlx5: Fix handling of entry refcount when command is not issued to FW (jsc#SLE-19253).
- net/mlx5: Fix io_eq_size and event_eq_size params validation (jsc#PED-1549).
- net/mlx5: Fix possible use-after-free in async command interface (jsc#SLE-19253).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#PED-1549).
- net/mlx5: Fix ptp max frequency adjustment range (jsc#SLE-19253).
- net/mlx5: Fix setting ec_function bit in MANAGE_PAGES (jsc#PED-1549).
- net/mlx5: Fix steering rules cleanup (jsc#PED-1549).
- net/mlx5: Fix steering rules cleanup (jsc#SLE-19253).
- net/mlx5: Fix uninitialized variable bug in outlen_write() (jsc#SLE-19253).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#PED-1549).
- net/mlx5: Geneve, Fix handling of Geneve object id as error code (jsc#SLE-19253).
- net/mlx5: Handle pairing of E-switch via uplink un/load APIs (jsc#PED-1549).
- net/mlx5: Initialize flow steering during driver probe (jsc#SLE-19253).
- net/mlx5: Lag, fix failure to cancel delayed bond work (jsc#PED-1549).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#PED-1549).
- net/mlx5: Read embedded cpu after init bit cleared (jsc#SLE-19253).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#PED-1549).
- net/mlx5: Read the TC mapping of all priorities on ETS query (jsc#SLE-19253).
- net/mlx5: Rearm the FW tracer after each tracer event (jsc#SLE-19253).
- net/mlx5: SF, Drain health before removing device (jsc#PED-1549).
- net/mlx5: SF, Drain health before removing device (jsc#SLE-19253).
- net/mlx5: SF: Fix probing active SFs during driver probe phase (jsc#SLE-19253).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#PED-1549).
- net/mlx5: Serialize module cleanup with reload and remove (jsc#SLE-19253).
- net/mlx5: Set BREAK_FW_WAIT flag first when removing driver (jsc#PED-1549).
- net/mlx5: Store page counters in a single array (jsc#PED-1549).
- net/mlx5: Wait for firmware to enable CRS before pci_restore_state (jsc#SLE-19253).
- net/mlx5: add IFC bits for bypassing port select flow table (git-fixes)
- net/mlx5: check attr pointer validity before dereferencing it (jsc#PED-1549).
- net/mlx5: check attr pointer validity before dereferencing it (jsc#SLE-19253).
- net/mlx5: correct ECE offset in query qp output (jsc#SLE-19253).
- net/mlx5: fix missing mutex_unlock in mlx5_fw_fatal_reporter_err_work() (jsc#SLE-19253).
- net/mlx5: fs, fail conflicting actions (jsc#SLE-19253).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#PED-1549).
- net/mlx5: fw_tracer, Clear load bit when freeing string DBs buffers (jsc#SLE-19253).
- net/mlx5: fw_tracer, Fix event handling (jsc#PED-1549).
- net/mlx5: fw_tracer, Fix event handling (jsc#SLE-19253).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#PED-1549).
- net/mlx5: fw_tracer, Zero consumer index when reloading the tracer (jsc#SLE-19253).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#PED-1549).
- net/mlx5e: Always clear dest encap in neigh-update-del (jsc#SLE-19253).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#PED-1549).
- net/mlx5e: Avoid false lock dependency warning on tc_ht even more (jsc#SLE-19253).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#PED-1549).
- net/mlx5e: Block entering switchdev mode with ns inconsistency (jsc#SLE-19253).
- net/mlx5e: CT: Fix ct debugfs folder name (jsc#PED-1549).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#PED-1549).
- net/mlx5e: Do not attach netdev profile while handling internal error (jsc#SLE-19253).
- net/mlx5e: Do not cache tunnel offloads capability (jsc#PED-1549).
- net/mlx5e: Do not clone flow post action attributes second time (jsc#PED-1549).
- net/mlx5e: Do not increment ESN when updating IPsec ESN state (jsc#SLE-19253).
- net/mlx5e: Do not support encap rules with gbp option (jsc#PED-1549).
- net/mlx5e: Do not support encap rules with gbp option (jsc#SLE-19253).
- net/mlx5e: E-Switch, Fix comparing termination table instance (jsc#SLE-19253).
- net/mlx5e: Extend SKB room check to include PTP-SQ (jsc#SLE-19253).
- net/mlx5e: Fix MPLSoUDP encap to use MPLS action information (jsc#SLE-19253).
- net/mlx5e: Fix RX reporter for XSK RQs (jsc#PED-1549).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#PED-1549).
- net/mlx5e: Fix SQ wake logic in ptp napi_poll context (jsc#SLE-19253).
- net/mlx5e: Fix capability check for updating vnic env counters (jsc#SLE-19253).
- net/mlx5e: Fix cleanup null-ptr deref on encap lock (jsc#PED-1549).
- net/mlx5e: Fix crash unsetting rx-vlan-filter in switchdev mode (jsc#PED-1549).
- net/mlx5e: Fix deadlock in tc route query code (jsc#PED-1549).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#PED-1549).
- net/mlx5e: Fix error handling in mlx5e_refresh_tirs (jsc#SLE-19253).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#PED-1549).
- net/mlx5e: Fix hw mtu initializing at XDP SQ allocation (jsc#SLE-19253).
- net/mlx5e: Fix macsec ASO context alignment (jsc#PED-1549).
- net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) (jsc#PED-1549).
- net/mlx5e: Fix macsec ssci attribute handling in offload path (jsc#PED-1549).
- net/mlx5e: Fix the value of MLX5E_MAX_RQ_NUM_MTTS (jsc#SLE-19253).
- net/mlx5e: Fix use-after-free when reverting termination table (jsc#SLE-19253).
- net/mlx5e: Fix wrong application of the LRO state (jsc#SLE-19253).
- net/mlx5e: Fix wrong tc flag used when set hw-tc-offload off (jsc#SLE-19253).
- net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent (jsc#PED-1549).
- net/mlx5e: IPoIB, Block queue count configuration when sub interfaces are present (jsc#PED-1549).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#PED-1549).
- net/mlx5e: IPoIB, Do not allow CQE compression to be turned on by default (jsc#SLE-19253).
- net/mlx5e: IPoIB, Fix child PKEY interface stats on rx path (jsc#PED-1549).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#PED-1549).
- net/mlx5e: IPoIB, Show unknown speed instead of error (jsc#SLE-19253).
- net/mlx5e: Initialize link speed to zero (jsc#PED-1549).
- net/mlx5e: Modify slow path rules to go to slow fdb (jsc#SLE-19253).
- net/mlx5e: Nullify table pointer when failing to create (jsc#PED-1549).
- net/mlx5e: Overcome slow response for first macsec ASO WQE (jsc#PED-1549).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#PED-1549).
- net/mlx5e: QoS, Fix wrongfully setting parent_element_id on MODIFY_SCHEDULING_ELEMENT (jsc#SLE-19253).
- net/mlx5e: Remove redundant xsk pointer check in mlx5e_mpwrq_validate_xsk (jsc#PED-1549).
- net/mlx5e: Set decap action based on attr for sample (jsc#PED-1549).
- net/mlx5e: Set geneve_tlv_option_0_exist when matching on geneve option (jsc#PED-1549).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#PED-1549).
- net/mlx5e: Set uplink rep as NETNS_LOCAL (jsc#SLE-19253).
- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (jsc#SLE-19253).
- net/mlx5e: TC, Keep mod hdr actions after mod hdr alloc (jsc#PED-1549).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#PED-1549).
- net/mlx5e: Update rx ring hw mtu upon each rx-fcs flag change (jsc#SLE-19253).
- net/mlx5e: Use correct encap attribute during invalidation (jsc#PED-1549).
- net/mlx5e: Verify dev is present for fix features ndo (jsc#PED-1549).
- net/mlx5e: Verify flow_source cap before using it (jsc#PED-1549).
- net/mlx5e: Verify flow_source cap before using it (jsc#SLE-19253).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#PED-1549).
- net/mlx5e: do as little as possible in napi poll when budget is 0 (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in RX (jsc#SLE-19253).
- net/mlx5e: kTLS, Fix build time constant test in TX (jsc#SLE-19253).
- net/net_failover: fix txq exceeding warning (git-fixes).
- net/sched: fix initialization order when updating chain 0 head (git-fixes).
- net/sched: flower: fix possible OOB write in fl_set_geneve_opt() (git-fixes).
- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (git-fixes).
- net: ena: Account for the number of processed bytes in XDP (git-fixes).
- net: ena: Do not register memory info on XDP exchange (git-fixes).
- net: ena: Fix rx_copybreak value update (git-fixes).
- net: ena: Fix toeplitz initial hash value (git-fixes).
- net: ena: Set default value for RX interrupt moderation (git-fixes).
- net: ena: Update NUMA TPH hint register upon NUMA node update (git-fixes).
- net: ena: Use bitmask to indicate packet redirection (git-fixes).
- net: hns3: add interrupts re-initialization while doing VF FLR (git-fixes).
- net: hns3: fix output information incomplete for dumping tx queue info with debugfs (git-fixes).
- net: hns3: fix reset delay time to avoid configuration timeout (git-fixes).
- net: hns3: fix sending pfc frames after reset issue (git-fixes).
- net: hns3: fix tm port shapping of fibre port is incorrect after driver initialization (git-fixes).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#PED-1549).
- net: mlx5: eliminate anonymous module_init & module_exit (jsc#SLE-19253).
- net: sched: fix possible refcount leak in tc_chain_tmplt_add() (git-fixes).
- net: usb: qmi_wwan: add support for Compal RXM-G1 (git-fixes).
- nfcsim.c: Fix error checking for debugfs_create_dir (git-fixes).
- nfp: only report pause frame configuration for physical device (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: fix incomplete buffer cleanup in nilfs_btnode_abort_change_key() (git-fixes).
- nilfs2: fix possible out-of-bounds segment allocation in resize ioctl (git-fixes).
- nouveau: fix client work fence deletion race (git-fixes).
- ntb: idt: Fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: Fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme: double KA polling frequency to avoid KATO with TBKAS on (git-fixes).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: fix defrag path triggering jbd2 ASSERT (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- octeontx2-pf: Avoid use of GFP_KERNEL in atomic context (git-fixes).
- octeontx2-pf: Fix resource leakage in VF driver unbind (git-fixes).
- octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt (git-fixes).
- octeontx2-pf: Recalculate UDP checksum for ptp 1-step sync packet (git-fixes).
- opp: Fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- perf/x86/intel/cstate: Add Emerald Rapids (PED-4396).
- phy: Revert 'phy: Remove SOC_EXYNOS4212 dep. from PHY_EXYNOS4X12_USB' (git-fixes).
- phy: tegra: xusb: Clear the driver reference in usb-phy dev (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: Return correct value if pin in push-pull mode (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/x86: asus-wmi: Ignore WMI events with codes 0x7B, 0xC0 (git-fixes).
- platform/x86: think-lmi: Correct NVME password handling (git-fixes).
- platform/x86: think-lmi: Correct System password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple WMI calls (git-fixes).
- platform/x86: thinkpad_acpi: Fix lkp-tests warnings for platform profiles (git-fixes).
- power: supply: Fix logic checking if system is running from battery (git-fixes).
- power: supply: Ratelimit no data debug output (git-fixes).
- power: supply: ab8500: Fix external_power_changed race (git-fixes).
- power: supply: bq27xxx: Use mod_delayed_work() instead of cancel() + schedule() (git-fixes).
- power: supply: sc27xx: Fix external_power_changed race (git-fixes).
- powerpc/64s/radix: Fix exit lazy tlb mm switch with irqs enabled (bsc#1194869).
- powerpc/iommu: Limit number of TCEs to 512 for H_STUFF_TCE hcall (bsc#1194869 bsc#1212701).
- powerpc/purgatory: remove PGO flags (bsc#1194869).
- powerpc/set_memory: Avoid spinlock recursion in change_page_attr() (bsc#1194869).
- pstore/ram: Add check for kstrdup (git-fixes).
- pwm: ab8500: Fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: Do not apply state to already disabled PWMs (git-fixes).
- qed/qede: Fix scheduling while atomic (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rcu: Fix missing TICK_DEP_MASK_RCU_EXP dependency check (git-fixes).
- regmap: spi-avmm: Fix regmap_bus max_raw_write (git-fixes).
- regulator: Fix error checking for debugfs_create_dir (git-fixes).
- regulator: core: Fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: Streamline debugfs operations (git-fixes).
- regulator: helper: Document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- regulator: pca9450: Fix LDO3OUT and LDO4OUT MASK (git-fixes).
- rpm/check-for-config-changes: ignore also PAHOLE_HAS_* We now also have options like CONFIG_PAHOLE_HAS_LANG_EXCLUDE.
- rtc: efi: Add wakeup support (bsc#1213116).
- rtc: efi: Enable SET/GET WAKEUP services as optional (bsc#1213116).
- rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116).
- rtc: st-lpc: Release some resources in st_rtc_probe() in case of error (git-fixes).
- s390/ap: fix memory leak in ap_init_qci_info() (git-fixes).
- s390/dasd: Use correct lock while counting channel queue length (git-fixes bsc#1212592).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/pkey: zeroize key blobs (git-fixes bsc#1212619).
- s390/vfio-ap: fix an error handling path in vfio_ap_mdev_probe_queue() (git-fixes).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: Fix DEBUG && !SCHEDSTATS warn (git-fixes)
- scsi: core: Decrease scsi_device's iorequest_cnt if dispatch failed (git-fixes).
- scsi: stex: Fix gcc 13 warnings (git-fixes).
- selftests/ptp: Fix timestamp printf format for PTP_SYS_OFFSET (git-fixes).
- selftests: mptcp: depend on SYN_COOKIES (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- serial: 8250: lock port for UART_IER access in omap8250_irq() (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: omap: Fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: Use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable IRQs prematurely (git-fixes).
- serial: lantiq: add missing interrupt ack (git-fixes).
- signal/s390: Use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: Re-introduce Exynos4212 support (git-fixes).
- soundwire: dmi-quirks: add new mapping for HP Spectre x360 (git-fixes).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: dw: Round of n_bytes to power of 2 (git-fixes).
- spi: fsl-dspi: avoid SCK glitches with continuous transfers (git-fixes).
- spi: lpspi: disable lpspi module irq in DMA mode (git-fixes).
- spi: spi-geni-qcom: Correct CS_TOGGLE bit in SPI_TRANS_CFG (git-fixes).
- spi: tegra210-quad: Fix combined sequence (bsc#1212584)
- spi: tegra210-quad: Fix iterator outside loop (git-fixes).
- spi: tegra210-quad: Multi-cs support (bsc#1212584)
- supported.conf: Move bt878 and bttv modules to kernel-*-extra (jsc#PED-3931)
- task_work: Decouple TIF_NOTIFY_SIGNAL and task_work (git-fixes).
- task_work: Introduce task_work_pending (git-fixes).
- test_firmware: Use kstrtobool() instead of strtobool() (git-fixes).
- test_firmware: prevent race conditions by a correct implementation of locking (git-fixes).
- test_firmware: return ENOMEM instead of ENOSPC on failed memory allocation (git-fixes).
- thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() (git-fixes).
- thunderbolt: dma_test: Use correct value for absent rings when creating paths (git-fixes).
- tls: Skip tls_append_frag on zero copy size (git-fixes).
- tools: bpftool: Remove invalid \' json escape (git-fixes).
- tracing/histograms: Allow variables to have some modifiers (git-fixes).
- tracing/probe: trace_probe_primary_from_call(): checked list_first_entry (git-fixes).
- tracing/timer: Add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tracing: Have event format check not flag %p* on __get_dynamic_array() (git-fixes, bsc#1212350).
- tracing: Introduce helpers to safely handle dynamic-sized sockaddrs (git-fixes).
- tracing: Update print fmt check to handle new __get_sockaddr() macro (git-fixes, bsc#1212350).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- ubi: Fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that VID header offset + VID header size <= alloc, size (bsc#1210584).
- udf: Avoid double brelse() in udf_rename() (bsc#1213032).
- udf: Define EFSCORRUPTED error code (bsc#1213038).
- udf: Detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: Discard preallocation before extending file with a hole (bsc#1213036).
- udf: Do not bother looking for prealloc extents if i_lenExtents matches i_size (bsc#1213035).
- udf: Do not bother merging very long extents (bsc#1213040).
- udf: Do not update file length for failed writes to inline files (bsc#1213041).
- udf: Fix error handling in udf_new_inode() (bsc#1213112).
- udf: Fix extending file within last block (bsc#1213037).
- udf: Fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: Preserve link count of system files (bsc#1213113).
- udf: Truncate added extents on failed expansion (bsc#1213039).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
- vDPA: check VIRTIO_NET_F_RSS for max_virtqueue_paris's presence (jsc#PED-1549).
- vDPA: check virtio device features to detect MQ (jsc#PED-1549).
- vDPA: fix 'cast to restricted le16' warnings in vdpa.c (jsc#PED-1549).
- vdpa/ifcvf: fix the calculation of queuepair (jsc#PED-1549).
- vdpa/mlx5: Directly assign memory key (jsc#PED-1549).
- vdpa/mlx5: Directly assign memory key (jsc#SLE-19253).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#PED-1549).
- vdpa/mlx5: Do not clear mr struct on destroy MR (jsc#SLE-19253).
- vdpa/mlx5: Fix rule forwarding VLAN to TIR (jsc#PED-1549).
- vdpa/mlx5: Fix wrong configuration of virtio_version_1_0 (jsc#SLE-19253).
- vdpa/mlx5: Fix wrong mac address deletion (jsc#PED-1549).
- vdpa/mlx5: Initialize CVQ iotlb spinlock (jsc#PED-1549).
- vdpa/mlx5: should not activate virtq object when suspended (jsc#PED-1549).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#PED-1549).
- vdpa: Fix error logic in vdpa_nl_cmd_dev_get_doit (jsc#SLE-19253).
- vdpa: Use BIT_ULL for bit operations (jsc#PED-1549).
- vdpa: conditionally fill max max queue pair for stats (jsc#PED-1549).
- vduse: Fix NULL pointer dereference on sysfs access (jsc#PED-1549).
- vduse: Fix returning wrong type in vduse_domain_alloc_iova() (jsc#PED-1549).
- vduse: avoid empty string for dev name (jsc#PED-1549).
- vduse: check that offset is within bounds in get_config() (jsc#PED-1549).
- vduse: fix memory corruption in vduse_dev_ioctl() (jsc#PED-1549).
- vduse: prevent uninitialized memory accesses (jsc#PED-1549).
- vhost-vdpa: fix an iotlb memory leak (jsc#PED-1549).
- vhost-vdpa: free iommu domain after last use during cleanup (jsc#PED-1549).
- vhost_vdpa: fix the crash in unmap a large memory (jsc#PED-1549).
- vhost_vdpa: fix unmap process in no-batch mode (jsc#PED-1549).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#PED-1549).
- vhost_vdpa: support PACKED when setting-getting vring_base (jsc#SLE-19253).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- wifi: ath9k: Fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite ENDPOINT0 attributes (git-fixes).
- wifi: ath9k: fix AR9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: atmel: Fix an error handling path in atmel_probe() (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate HW decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix NULL pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from TXQs with softirqs disabled (git-fixes).
- wifi: mwifiex: Fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: Fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: Fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: rsi: Do not configure WoWlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: Do not set MMC_PM_KEEP_POWER in shutdown (git-fixes).
- wifi: wilc1000: fix for absent RSN capabilities WFA testcase (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (git-fixes).
- x86/build: Avoid relocation information in final vmlinux (bsc#1187829).
- x86/cpu: Switch to arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Mark init functions __init (bsc#1212448).
- x86/fpu: Move FPU initialization into arch_cpu_finalize_init() (bsc#1212448).
- x86/fpu: Remove cpuinfo argument from init functions (bsc#1212448).
- x86/init: Initialize signal frame size late (bsc#1212448).
- x86/kprobes: Fix __recover_optprobed_insn check optimizing logic (git-fixes).
- x86/kprobes: Fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter (git-fixes).
- x86/microcode: Print previous version of microcode after reload (git-fixes).
- x86/mm: Fix RESERVE_BRK() for older binutils (git-fixes).
- x86/mm: Fix use of uninitialized buffer in sme_enable() (git-fixes).
- x86/mm: Initialize text poking earlier (bsc#1212448).
- x86/mm: Use mm_alloc() in poking_init() (bsc#1212448).
- x86/mm: fix poking_init() for Xen PV guests (git-fixes).
- x86/msr: Add AMD CPPC MSR definitions (bsc#1212445).
- x86/sgx: Fix race between reclaimer and page fault handler (git-fixes).
- x86/sgx: Mark PCMD page as dirty when modifying contents (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
ImportantSUSE bug 1187829SUSE bug 1189998SUSE bug 1194869SUSE bug 1205758SUSE bug 1208410SUSE bug 1209039SUSE bug 1209780SUSE bug 1210335SUSE bug 1210565SUSE bug 1210584SUSE bug 1210853SUSE bug 1211014SUSE bug 1211346SUSE bug 1211400SUSE bug 1211410SUSE bug 1211794SUSE bug 1211852SUSE bug 1212051SUSE bug 1212265SUSE bug 1212350SUSE bug 1212405SUSE bug 1212445SUSE bug 1212448SUSE bug 1212456SUSE bug 1212494SUSE bug 1212495SUSE bug 1212504SUSE bug 1212513SUSE bug 1212540SUSE bug 1212556SUSE bug 1212561SUSE bug 1212563SUSE bug 1212564SUSE bug 1212584SUSE bug 1212592SUSE bug 1212603SUSE bug 1212605SUSE bug 1212606SUSE bug 1212619SUSE bug 1212685SUSE bug 1212701SUSE bug 1212741SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212848SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892SUSE bug 1212961SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213116SUSE bug 1213134CVE-2023-1249 at SUSECVE-2023-1249 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-2430 at SUSECVE-2023-2430 at NVDCVE-2023-28866 at SUSECVE-2023-28866 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3220 at SUSECVE-2023-3220 at NVDCVE-2023-3357 at SUSECVE-2023-3357 at NVDCVE-2023-3358 at SUSECVE-2023-3358 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-35788 at SUSECVE-2023-35788 at NVDCVE-2023-35823 at SUSECVE-2023-35823 at NVDCVE-2023-35828 at SUSECVE-2023-35828 at NVDCVE-2023-35829 at SUSECVE-2023-35829 at NVDcpe:/o:opensuse:leap:15.5Security update for python-azure-core, python-azure-storage-blob (Critical)openSUSE Leap 15.5
This update for python-azure-core, python-azure-storage-blob fixes the following issues:
Security fixes:
- CVE-2022-30187: Fixed information disclosure vulnerability (bsc#1202088).
Recommended fixes:
- New upstream release version 1.23.1 to SLE 15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629).
CriticalSUSE bug 1199282SUSE bug 1202088CVE-2022-30187 at SUSECVE-2022-30187 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Critical)openSUSE Leap 15.5
This update fixes the following issues:
grafana:
- Update to version 9.5.5:
* CVE-2023-3128: Fix authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694)
* Bug fixes:
* Auth: Show invite button if disable login form is set to false.
* Azure: Fix Kusto auto-completion for Azure datasources.
* RBAC: Remove legacy AC editor and admin role on new dashboard route.
* API: Revert allowing editors to access GET /datasources.
* Settings: Add ability to override skip_org_role_sync with Env variables.
- Update to version 9.5.3:
* CVE-2023-2801: Query: Prevent crash while executing concurrent mixed queries (bsc#1212099)
* CVE-2023-2183: Alerting: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100)
- Update to version 9.5.2:
Alerting: Scheduler use rule fingerprint instead of version.
Explore: Update table min height.
DataLinks: Encoded URL fixed.
TimeSeries: Fix leading null-fill for missing intervals.
Dashboard: Revert fixed header shown on mobile devices in the new panel header.
PostgreSQL: Fix TLS certificate issue by downgrading lib/pq.
Provisioning: Fix provisioning issues with legacy alerting and data source permissions.
Alerting: Fix misleading status code in provisioning API.
Loki: Fix log samples using `instant` queries.
Panel Header: Implement new Panel Header on Angular Panels.
Azure Monitor: Fix bug that was not showing resources for certain locations.
Alerting: Fix panic when reparenting receivers to groups following an attempted rename via Provisioning.
Cloudwatch Logs: Clarify Cloudwatch Logs Limits.
- Update to 9.5.1
Loki Variable Query Editor: Fix bug when the query is updated
Expressions: Fix expression load with legacy UID -100
CriticalSUSE bug 1212099SUSE bug 1212100SUSE bug 1212641CVE-2023-2183 at SUSECVE-2023-2183 at NVDCVE-2023-2801 at SUSECVE-2023-2801 at NVDCVE-2023-3128 at SUSECVE-2023-3128 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Important)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).
- CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption.
The previous fix for this timing side channel turned out to cause a
severe 2-3x performance regression in the typical use case (bsc#1207534).
- Update further expiring certificates that affect tests (bsc#1201627)
ImportantSUSE bug 1201627SUSE bug 1207534SUSE bug 1211430CVE-2022-4304 at SUSECVE-2022-4304 at NVDCVE-2023-2650 at SUSECVE-2023-2650 at NVDcpe:/o:opensuse:leap:15.5Security update for redis (Important)openSUSE Leap 15.5
This update for redis fixes the following issues:
- CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193).
ImportantSUSE bug 1213193CVE-2022-24834 at SUSECVE-2022-24834 at NVDcpe:/o:opensuse:leap:15.5Security update for redis7 (Important)openSUSE Leap 15.5
This update for redis7 fixes the following issues:
- CVE-2022-24834: Fixed heap overflow in the cjson and cmsgpack libraries (bsc#1213193).
- CVE-2023-28856: Fixed HINCRBYFLOAT invalid key crash (bsc#1210548).
- CVE-2022-36021: Fixed integer overflow via Specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD (bsc#1208790).
- CVE-2023-25155: Fixed Integer Overflow in RAND commands (bsc#1208793).
- CVE-2023-28425: Fixed denial-of-service via Specially crafted MSETNX command (bsc#1209528).
- CVE-2023-36824: Fixed heap overflow in COMMAND GETKEYS and ACL evaluation (bsc#1213249).
ImportantSUSE bug 1208790SUSE bug 1208793SUSE bug 1209528SUSE bug 1210548SUSE bug 1213193SUSE bug 1213249CVE-2022-24834 at SUSECVE-2022-24834 at NVDCVE-2022-36021 at SUSECVE-2022-36021 at NVDCVE-2023-25155 at SUSECVE-2023-25155 at NVDCVE-2023-28425 at SUSECVE-2023-28425 at NVDCVE-2023-28856 at SUSECVE-2023-28856 at NVDCVE-2023-36824 at SUSECVE-2023-36824 at NVDcpe:/o:opensuse:leap:15.5Security update for samba (Important)openSUSE Leap 15.5
This update for samba fixes the following issues:
samba was updated to version 4.17.9:
- CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174).
- CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173).
- CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172).
- CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171).
- CVE-2023-3347: Fixed issue where SMB2 packet signing not enforced (bsc#1213170).
- CVE-2020-25720: Fixed issue where creating child permission allowed full write to all attributes (bsc#1213386).
Bugfixes:
- Fixed trust relationship failure (bsc#1213384).
- Backported --pidl-developer fixes.
- Fixed smbd_scavenger crash when service smbd is stopped.
- Fixed issue where vfs_fruit might cause a failing open for delete.
- Fixed named crashes on DLZ zone update.
- Fixed issue where winbind recurses into itself via rpcd_lsad.
- Fixed cli_list looping 100% CPU against pre-lanman2 servers.
- Fixed smbclient leaks fds with showacls.
- Fixed aes256 smb3 encryption algorithms not allowed in smb3_sid_parse().
- Fixed winbindd getting stuck on NT_STATUS_RPC_SEC_PKG_ERROR.
- Fixed smbget memory leak if failed to download files recursively.
- Fixed log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower.
- Fixed floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c.
- Fixed test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners.
- Reduce flapping of ridalloc test.
- Fixed unreliable large_ldap test.
- Fixed filename parser not checking veto files smb.conf parameter.
- Fixed mdssvc may crash when initializing.
- Fixed broken large directory optimization for non-lcomp path elements
- Fixed streams_depot failing to create streams.
- Fixed shadow_copy2 and streams_depot issues.
- Fixed wbinfo -u fails on ad dc with >1000 users.
- Fixed winbindd idmap child contacting the domain controller without a need.
- Fixed idmap_autorid may fail to map sids of trusted domains for the first time.
- Fixed idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings.
- Fixed net ads search -P doesn't work against servers in other domains.
- Fixed DS ACEs might be inherited to unrelated object classes.
- Fixed temporary smbXsrv_tcon_global.tdb can't be parsed.
- Fixed setting veto files = /.*/ breaking listing directories (bsc#1212375).
- Fixed dsgetdcname assuming local system uses IPv4.
ImportantSUSE bug 1212375SUSE bug 1213170SUSE bug 1213171SUSE bug 1213172SUSE bug 1213173SUSE bug 1213174SUSE bug 1213384SUSE bug 1213386CVE-2020-25720 at SUSECVE-2020-25720 at NVDCVE-2022-2127 at SUSECVE-2022-2127 at NVDCVE-2023-3347 at SUSECVE-2023-3347 at NVDCVE-2023-34966 at SUSECVE-2023-34966 at NVDCVE-2023-34967 at SUSECVE-2023-34967 at NVDCVE-2023-34968 at SUSECVE-2023-34968 at NVDcpe:/o:opensuse:leap:15.5Security update for python-pip (Low)openSUSE Leap 15.5
This update for python-pip fixes the following issues:
- Removed .exe files from the RPM package, to prevent issues with security scanners (bsc#1212015).
LowSUSE bug 1212015cpe:/o:opensuse:leap:15.5Security update for python311 (Important)openSUSE Leap 15.5
This update for python311 fixes the following issues:
python was updated to version 3.11.4:
- CVE-2023-24329: Fixed blocklist bypass via the urllib.parse component when supplying a URL that starts with blank characters (bsc#1208471).
- CVE-2007-4559: Fixed python tarfile module directory traversal (bsc#1203750).
- Fixed a security in flaw in uu.decode() that could allow for directory traversal based on the input if no out_file was specified.
- Do not expose the local on-disk location in directory indexes produced by http.client.SimpleHTTPRequestHandler.
Bugfixes:
- trace.__main__ now uses io.open_code() for files to be executed instead of raw open().
ImportantSUSE bug 1203750SUSE bug 1208471CVE-2007-4559 at SUSECVE-2007-4559 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:opensuse:leap:15.5Security update for openssh (Important)openSUSE Leap 15.5
This update for openssh fixes the following issues:
- CVE-2023-38408: Fixed a condition where specific libaries loaded via
ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code
execution via a forwarded agent socket if those libraries were present on the
victim's system and if the agent was forwarded to an attacker-controlled
system. [bsc#1213504, CVE-2023-38408]
- Close the right filedescriptor and also close fdh in read_hmac to avoid file
descriptor leaks. [bsc#1209536]
- Attempts to mitigate instances of secrets lingering in memory after a session
exits. [bsc#1186673, bsc#1213004, bsc#1213008]
ImportantSUSE bug 1186673SUSE bug 1209536SUSE bug 1213004SUSE bug 1213008SUSE bug 1213504CVE-2023-38408 at SUSECVE-2023-38408 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Important)openSUSE Leap 15.5
This update for python39 fixes the following issues:
Update to 3.9.17:
- urllib.parse.urlsplit() now strips leading C0 control and space
characters following the specification for URLs defined by WHATWG in
response to CVE-2023-24329 (bsc#1208471).
- Fixed a security in flaw in uu.decode() that could allow for directory
traversal based on the input if no out_file was specified.
- Do not expose the local on-disk location in directory indexes produced by
http.client.SimpleHTTPRequestHandler.
- trace.__main__ now uses io.open_code() for files
to be executed instead of raw open().
- CVE-2007-4559: The extraction methods in tarfile, and shutil.unpack_archive(), have
a new filter argument that allows limiting tar features than may be
surprising or dangerous, such as creating files outside the destination
directory. See Extraction filters for details (fixing bsc#1203750).
- Fixed a deadlock at shutdown when clearing thread states if any
finalizer tries to acquire the runtime head lock.
- Fixed a crash due to a race while iterating over thread states in
clearing threading.local.
ImportantSUSE bug 1203750SUSE bug 1208471CVE-2007-4559 at SUSECVE-2007-4559 at NVDCVE-2023-24329 at SUSECVE-2023-24329 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Firefox was updated to version 115.0.2 ESR (bsc#1213230):
- CVE-2023-3600: Fixed Use-after-free in workers (bmo#1839703).
Bugfixes:
- Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751).
- Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804).
- Fixed a bug with broken audio rendering on some websites (bmo#1841982).
- Fixed a bug with patternTransform translate using the wrong units (bmo#1840746).
- Fixed a crash affecting Windows 7 users related to the DLL blocklist.
- Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242).
ImportantSUSE bug 1213230CVE-2023-3600 at SUSECVE-2023-3600 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Moderate)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
ModerateSUSE bug 1213487CVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtsvg (Moderate)openSUSE Leap 15.5
This update for libqt5-qtsvg fixes the following issues:
- CVE-2021-45930: Fixed an out-of-bounds write that may have lead to a denial-of-service (bsc#1196654).
- CVE-2023-32573: Fixed missing initialization of QtSvg QSvgFont m_unitsPerEm variable (bsc#1211298).
ModerateSUSE bug 1196654SUSE bug 1211298CVE-2021-45930 at SUSECVE-2021-45930 at NVDCVE-2023-32573 at SUSECVE-2023-32573 at NVDcpe:/o:opensuse:leap:15.5Security update for python-scipy (Moderate)openSUSE Leap 15.5
This update for python-scipy fixes the following issues:
- CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062).
- CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137).
ModerateSUSE bug 1213062SUSE bug 1213137CVE-2023-25399 at SUSECVE-2023-25399 at NVDCVE-2023-29824 at SUSECVE-2023-29824 at NVDcpe:/o:opensuse:leap:15.5Security update for netty, netty-tcnative (Moderate)openSUSE Leap 15.5
This update for netty, netty-tcnative fixes the following issues:
Upgrade to upstream version 4.1.94:
- CVE-2023-34462: Allow to limit the maximum lenght of the ClientHello (bsc#1212637).
ModerateSUSE bug 1212637CVE-2023-34462 at SUSECVE-2023-34462 at NVDcpe:/o:opensuse:leap:15.5Security update for mysql-connector-java (Moderate)openSUSE Leap 15.5
This update for mysql-connector-java fixes the following issues:
- CVE-2023-21971: Fixed a denial-of-service vulnerability in the java.sql.DriverManager.getConnection() method when used with untrusted inputs (bsc#1211247).
ModerateSUSE bug 1211247CVE-2023-21971 at SUSECVE-2023-21971 at NVDcpe:/o:opensuse:leap:15.5Security update for iperf (Important)openSUSE Leap 15.5
This update for iperf fixes the following issues:
- CVE-2023-38403: Fixed integer overflow leading to heap buffer overflow (bsc#1213430).
ImportantSUSE bug 1213430CVE-2023-38403 at SUSECVE-2023-38403 at NVDcpe:/o:opensuse:leap:15.5Security update for conmon (Important)openSUSE Leap 15.5
This update for conmon fixes the following issues:
conmon was updated to version 2.1.7:
- Bumped go version to 1.19 (bsc#1209307).
Bugfixes:
- Fixed leaking symbolic links in the opt_socket_path directory
- Fixed oom handling issues (bsc#1208737).
- Fixed OOM watcher for cgroupv2 `oom_kill` events
ImportantSUSE bug 1208737SUSE bug 1209307cpe:/o:opensuse:leap:15.5Security update for go1.20-openssl (Moderate)openSUSE Leap 15.5
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.6.1 (bsc#1206346):
- CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229).
ModerateSUSE bug 1206346SUSE bug 1213229CVE-2023-29406 at SUSECVE-2023-29406 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-2975: Fixed AES-SIV implementation ignores empty associated data entries (bsc#1213383).
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
ModerateSUSE bug 1213383SUSE bug 1213487CVE-2023-2975 at SUSECVE-2023-2975 at NVDCVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtbase (Important)openSUSE Leap 15.5
This update for libqt5-qtbase fixes the following issues:
- CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994).
- CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).
- CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security (HSTS) header (bsc#1211797).
- CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).
- CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).
ImportantSUSE bug 1209616SUSE bug 1211642SUSE bug 1211797SUSE bug 1211994SUSE bug 1213326CVE-2023-24607 at SUSECVE-2023-24607 at NVDCVE-2023-32762 at SUSECVE-2023-32762 at NVDCVE-2023-33285 at SUSECVE-2023-33285 at NVDCVE-2023-34410 at SUSECVE-2023-34410 at NVDCVE-2023-38197 at SUSECVE-2023-38197 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware (Moderate)openSUSE Leap 15.5
This update for kernel-firmware fixes the following issues:
Updated to version 20230724 (git commit 59fbffa9ec8e):
- CVE-2023-20593: Fixed AMD ucode for ZenBleed vulnerability (bsc#1213286).
Bugfixes:
- Fix qcom ASoC tglp WHENCE entry
- Group all Conexant V4L devices together
- Makefile, copy-firmware: support xz/zstd compressed firmware
- Updated NXP SR150 UWB firmware
- WHENCE: Cleanup Realtek BT firmware provenance
- WHENCE: comment out duplicate MediaTek firmware
- amdgpu: Add GC 11.0.4 firmware
- amdgpu: Add PSP 13.0.11 firmware
- amdgpu: DMCUB updates for DCN 3.1.4 and 3.1.5
- amdgpu: DMCUB updates for various AMDGPU asics
- amdgpu: Update DCN 3.1.4 firmware
- amdgpu: Update GC 11.0.1 and 11.0.4
- amdgpu: Update GC 11.0.1 firmware
- amdgpu: Update PSP 13.0.4 firmware
- amdgpu: Update SDMA 6.0.1 firmware
- amdgpu: add initial GC 11.0.3 firmware
- amdgpu: add initial PSP 13.0.10 firmware
- amdgpu: add initial SDMA 6.0.3 firmware
- amdgpu: add initial SMU 13.0.10 firmware
- amdgpu: update 13.0.8 firmware for amd.5.5 release
- amdgpu: update DCN 3.1.6 DMCUB firmware
- amdgpu: update DMCUB to v0.0.172.0 for various AMDGPU ASICs
- amdgpu: update DMCUB to v0.0.175.0 for various AMDGPU ASICs
- amdgpu: update GC 10.3.6 firmware for amd.5.5 release
- amdgpu: update GC 10.3.7 firmware for amd.5.5 release
- amdgpu: update GC 11.0.0 firmware for amd.5.5 release
- amdgpu: update GC 11.0.1 firmware for amd.5.5 release
- amdgpu: update GC 11.0.2 firmware for amd.5.5 release
- amdgpu: update GC 11.0.4 firmware for amd.5.5 release
- amdgpu: update PSP 13.0.0 firmware for amd.5.5 release
- amdgpu: update PSP 13.0.11 firmware for amd.5.5 release
- amdgpu: update PSP 13.0.4 firmware for amd.5.5 release
- amdgpu: update PSP 13.0.7 firmware for amd.5.5 release
- amdgpu: update Picasso VCN firmware
- amdgpu: update SDMA 6.0.1 firmware for amd.5.5 release
- amdgpu: update SMU 13.0.0 firmware for amd.5.5 release
- amdgpu: update SMU 13.0.7 firmware for amd.5.5 release
- amdgpu: update VCN 4.0.0 firmware
- amdgpu: update VCN 4.0.0 firmware for amd.5.5 release
- amdgpu: update VCN 4.0.4 firmware for amd.5.5 release
- amdgpu: update aldebaran firmware for amd.5.5 release
- amdgpu: update arcturus firmware for amd.5.5 release
- amdgpu: update beige goby firmware for amd.5.5 release
- amdgpu: update dimgrey cavefish firmware for amd.5.5 release
- amdgpu: update green sardine VCN firmware
- amdgpu: update green sardine firmware for amd.5.5 release
- amdgpu: update navi10 firmware for amd.5.5 release
- amdgpu: update navi12 firmware for amd.5.5 release
- amdgpu: update navi14 firmware for amd.5.5 release
- amdgpu: update navy flounder firmware for amd.5.5 release
- amdgpu: update psp 13.0.5 firmware for amd.5.5 release
- amdgpu: update raven VCN firmware
- amdgpu: update raven2 VCN firmware
- amdgpu: update renoir VCN firmware
- amdgpu: update renoir firmware for amd.5.5 release
- amdgpu: update sienna cichlid firmware for amd.5.5 release
- amdgpu: update vangogh firmware for amd.5.5 release
- amdgpu: update vcn 3.1.2 firmware for amd.5.5 release
- amdgpu: update vega10 firmware for amd.5.5 release
- amdgpu: update vega12 firmware for amd.5.5 release
- amdgpu: update vega20 firmware for amd.5.5 release
- amdgpu: update yellow carp firmware for amd.5.5 release
- ath10k: QCA4019 hw1.0: update board-2.bin
- ath10k: QCA6174 hw3.0: update board-2.bin
- ath10k: QCA9888 hw2.0: update board-2.bin
- ath10k: QCA9984 hw1.0: update board-2.bin
- ath10k: QCA99X0 hw2.0: update board-2.bin
- ath11k: IPQ6018 hw1.0: update board-2.bin
- ath11k: IPQ6018 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
- ath11k: IPQ8074 hw2.0: update board-2.bin
- ath11k: IPQ8074 hw2.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
- ath11k: QCN9074 hw1.0: update to WLAN.HK.2.7.0.1-01744-QCAHKSWPL_SILICONZ-1
- ath11k: WCN6750 hw1.0: update to WLAN.MSL.1.0.1-01160-QCAMSLSWPLZ-1
- ath11k: WCN6855 hw2.0: update board-2.bin
- brcm: Add symlinks from Pine64 devices to AW-CM256SM.txt
- check_whence: Check link targets are valid
- check_whence: error if File: is actually a link
- check_whence: error if symlinks are in-tree
- check_whence: error on directory listed as File
- check_whence: error on duplicate file entries
- check_whence: strip quotation marks
- cirrus: Add CS35L41 firmware for ASUS ROG 2023 Models
- cirrus: Add firmware and tuning files for HP G10 series laptops
- cirrus: Add firmware and tuning files for Lenovo ThinkPad P1 Gen 6
- cirrus: Add firmware for new Asus ROG Laptops
- cnm: update chips&media wave521c firmware.
- copy-firmware: drop obsolete backticks, quote
- copy-firmware: quote deskdir and dirname
- copy-firmware: silence the last shellcheck warnings
- copy-firmware: tweak sed invocation
- cxgb4: Update firmware to revision 1.27.3.0
- fix broken cirrus firmware symlinks
- i915: Add GuC v70.6.6 for MTL
- i915: Add HuC v8.5.0 for MTL
- i915: update DG2 GuC to v70.8.0
- i915: update to GuC 70.8.0 and HuC 8.5.1 for MTL
- ice: update ice DDP comms package to 1.3.40.0
- ice: update ice DDP wireless_edge package to 1.3.10.0
- iwlwifi: add new FWs from core78-32 release
- iwlwifi: add new FWs from core80-39 release
- iwlwifi: update 9000-family firmwares to core78-32
- iwlwifi: update cc/Qu/QuZ firmwares for core80-39 release
- linux-firmware: Add firmware for Cirrus CS35L41 on Lenovo Laptops
- linux-firmware: Amphion: Update vpu firmware
- linux-firmware: Update AMD cpu microcode
- linux-firmware: Update AMD cpu microcode
- linux-firmware: Update AMD fam17h cpu microcode
- linux-firmware: Update firmware file for Intel Bluetooth AX200
- linux-firmware: Update firmware file for Intel Bluetooth AX201
- linux-firmware: Update firmware file for Intel Bluetooth AX203
- linux-firmware: Update firmware file for Intel Bluetooth AX210
- linux-firmware: Update firmware file for Intel Bluetooth AX211
- linux-firmware: add firmware for MT7981
- linux-firmware: update firmware for MT7916
- linux-firmware: update firmware for MT7921 WiFi device
- linux-firmware: update firmware for MT7922 WiFi device
- linux-firmware: update firmware for MT7981
- linux-firmware: update firmware for mediatek bluetooth chip (MT7921)
- linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
- linux-firmware: update firmware for mediatek bluetooth chip (MT7922)
- linux-firmware: update qat firmware
- linux-firmware: wilc1000: update WILC1000 firmware to v16.0
- mediatek: Update mt8195 SCP firmware to support 10bit mode
- mediatek: Update mt8195 SCP firmware to support hevc
- mt76xx: Move the old Mediatek WiFi firmware to mediatek
- nvidia: update Tu10x and Tu11x signed firmware to support newer Turing HW
- qca: Update firmware files for BT chip WCN6750
- qcom: Add Audio firmware for SC8280XP X13s
- qcom: Update the microcode files for Adreno a630 GPUs.
- qcom: apq8016: add Dragonboard 410c WiFi and modem firmware
- qcom: sdm845: rename the modem firmware
- qcom: sdm845: update remoteproc firmware
- rtl_bt: Add firmware and config files for RTL8851B
- rtl_bt: Update RTL8761B BT UART firmware to 0x9DC6_D922
- rtl_bt: Update RTL8761B BT USB firmware to 0xDFC6_D922
- rtl_bt: Update RTL8852A BT USB firmware to 0xDAC7_480D
- rtl_bt: Update RTL8852B BT USB firmware to 0xDBC6_B20F
- rtl_bt: Update RTL8852C BT USB firmware to 0x040D_7225
- rtl_nic: update firmware of USB devices
- rtlwifi: Add firmware v6.0 for RTL8192FU
- rtlwifi: Update firmware for RTL8188EU to v28.0
- rtw88: 8822c: Update normal firmware to v9.9.15
- rtw89: 8851b: add firmware v0.29.41.0
- rtw89: 8852b: update format-1 fw to v0.29.29.1
- rtw89: 8852c: update fw to v0.27.56.13
- wfx: update to firmware 3.16.1
ModerateSUSE bug 1213286CVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:opensuse:leap:15.5Security update for librsvg (Important)openSUSE Leap 15.5
This update for librsvg fixes the following issues:
librsvg was updated to version 2.52.10:
- CVE-2023-38633: Fixed directory traversal in URI decoder (bsc#1213502).
ImportantSUSE bug 1213502CVE-2023-38633 at SUSECVE-2023-38633 at NVDcpe:/o:opensuse:leap:15.5Security update for java-17-openjdk (Important)openSUSE Leap 15.5
This update for java-17-openjdk fixes the following issues:
Updated to version jdk-17.0.8+7 (July 2023 CPU):
- CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).
- CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).
- CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).
- CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).
- CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).
- CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482).
- CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922).
- JDK-8294323: Improve Shared Class Data
- JDK-8296565: Enhanced archival support
- JDK-8298676, JDK-8300891: Enhanced Look and Feel
- JDK-8300285: Enhance TLS data handling
- JDK-8300596: Enhance Jar Signature validation
- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
- JDK-8302475: Enhance HTTP client file downloading
- JDK-8302483: Enhance ZIP performance
- JDK-8303376: Better launching of JDI
- JDK-8304460: Improve array usages
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
- JDK-8308682: Enhance AES performance
Bugfixes:
- JDK-8178806: Better exception logging in crypto code
- JDK-8201516: DebugNonSafepoints generates incorrect
information
- JDK-8224768: Test ActalisCA.java fails
- JDK-8227060: Optimize safepoint cleanup subtask order
- JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java
fails with AssertionError
- JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
- JDK-8244976: vmTestbase/nsk/jdi/Event/request/request001.java
doesn' initialize eName
- JDK-8245877: assert(_value != __null) failed: resolving NULL
_value in JvmtiExport::post_compiled_method_load
- JDK-8248001: javadoc generates invalid HTML pages whose
ftp:// links are broken
- JDK-8252990: Intrinsify Unsafe.storeStoreFence
- JDK-8254711: Add java.security.Provider.getService JFR Event
- JDK-8257856: Make ClassFileVersionsTest.java robust to JDK
version updates
- JDK-8261495: Shenandoah: reconsider update references memory
ordering
- JDK-8268288: jdk/jfr/api/consumer/streaming/
/TestOutOfProcessMigration.java fails with 'Error:
ShouldNotReachHere()'
- JDK-8268298: jdk/jfr/api/consumer/log/TestVerbosity.java
fails: unexpected log message
- JDK-8268582: javadoc throws NPE with --ignore-source-errors
option
- JDK-8269821: Remove is-queue-active check in inner loop of
write_ref_array_pre_work
- JDK-8270434: JDI+UT: Unexpected event in JDI tests
- JDK-8270859: Post JEP 411 refactoring: client libs with
maximum covering > 10K
- JDK-8270869: G1ServiceThread may not terminate
- JDK-8271519: java/awt/event/SequencedEvent/
/MultipleContextsFunctionalTest.java failed with 'Total [200]
- Expected [400]'
- JDK-8273909: vmTestbase/nsk/jdi/Event/request/request001 can
still fail with 'ERROR: new event is not ThreadStartEvent'
- JDK-8274243: Implement fast-path for ASCII-compatible
CharsetEncoders on aarch64
- JDK-8274615: Support relaxed atomic add for linux-aarch64
- JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
- JDK-8275233: Incorrect line number reported in exception
stack trace thrown from a lambda expression
- JDK-8275287: Relax memory ordering constraints on updating
instance class and array class counters
- JDK-8275721: Name of UTC timezone in a locale changes
depending on previous code
- JDK-8275735: [linux] Remove deprecated Metrics api (kernel
memory limit)
- JDK-8276058: Some swing test fails on specific CI macos system
- JDK-8277407: javax/swing/plaf/synth/SynthButtonUI/6276188/
/bug6276188.java fails to compile after JDK-8276058
- JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -
add 4357905
- JDK-8278146: G1: Rework VM_G1Concurrent VMOp to clearly
identify it as pause
- JDK-8278434: timeouts in test java/time/test/java/time/
/format/TestZoneTextPrinterParser.java
- JDK-8278834: Error 'Cannot read field 'sym' because
'this.lvar[od]' is null' when compiling
- JDK-8282077: PKCS11 provider C_sign() impl should handle
CKR_BUFFER_TOO_SMALL error
- JDK-8282201: Consider removal of expiry check in
VerifyCACerts.java test
- JDK-8282227: Locale information for nb is not working properly
- JDK-8282704: runtime/Thread/StopAtExit.java may leak memory
- JDK-8283057: Update GCC to version 11.2.0 for Oracle builds
on Linux
- JDK-8283062: Uninitialized warnings in libgtest with GCC 11.2
- JDK-8283520: JFR: Memory leak in dcmd_arena
- JDK-8283566: G1: Improve G1BarrierSet::enqueue performance
- JDK-8284331: Add sanity check for signal handler modification
warning.
- JDK-8285635: javax/swing/JRootPane/DefaultButtonTest.java
failed with Default Button not pressed for L&F:
com.sun.java.swing.plaf.motif.MotifLookAndFeel
- JDK-8285987: executing shell scripts without #! fails on
Alpine linux
- JDK-8286191: misc tests fail due to JDK-8285987
- JDK-8286287: Reading file as UTF-16 causes Error which
'shouldn't happen'
- JDK-8286331: jni_GetStringUTFChars() uses wrong heap allocator
- JDK-8286346: 3-parameter version of AllocateHeap should not
ignore AllocFailType
- JDK-8286398: Address possibly lossy conversions in
jdk.internal.le
- JDK-8287007: [cgroups] Consistently use stringStream
throughout parsing code
- JDK-8287246: DSAKeyValue should check for missing params
instead of relying on KeyFactory provider
- JDK-8287541: Files.writeString fails to throw IOException for
charset 'windows-1252'
- JDK-8287854: Dangling reference in ClassVerifier::verify_class
- JDK-8287876: The recently de-problemlisted
TestTitledBorderLeak test is unstable
- JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md
with information on 4th party dependencies
- JDK-8288589: Files.readString ignores encoding errors for
UTF-16
- JDK-8289509: Improve test coverage for XPath Axes:
descendant, descendant-or-self, following, following-sibling
- JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
- JDK-8289949: Improve test coverage for XPath: operators
- JDK-8290822: C2: assert in PhaseIdealLoop::do_unroll() is
subject to undefined behavior
- JDK-8291226: Create Test Cases to cover scenarios for
JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not
followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection
immediately
- JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage()
is lower than expected
- JDK-8292301: [REDO v2] C2 crash when allocating array of size
too large
- JDK-8292407: Improve Weak CAS VarHandle/Unsafe tests
resilience under spurious failures
- JDK-8292713: Unsafe.allocateInstance should be intrinsified
without UseUnalignedAccesses
- JDK-8292755: Non-default method in interface leads to a stack
overflow in JShell
- JDK-8292990: Improve test coverage for XPath Axes: parent
- JDK-8293295: Add type check asserts to
java_lang_ref_Reference accessors
- JDK-8293492: ShenandoahControlThread missing from hs-err log
and thread dump
- JDK-8293858: Change PKCS7 code to use default SecureRandom
impl instead of SHA1PRNG
- JDK-8293887: AArch64 build failure with GCC 12 due to
maybe-uninitialized warning in libfdlibm k_rem_pio2.c
- JDK-8294183: AArch64: Wrong macro check in
SharedRuntime::generate_deopt_blob
- JDK-8294281: Allow warnings to be disabled on a per-file basis
- JDK-8294673: JFR: Add SecurityProviderService#threshold to
TestActiveSettingEvent.java
- JDK-8294717: (bf) DirectByteBuffer constructor will leak if
allocating Deallocator or Cleaner fails with OOME
- JDK-8294906: Memory leak in PKCS11 NSS TLS server
- JDK-8295564: Norwegian Nynorsk Locale is missing formatting
- JDK-8295974: jni_FatalError and Xcheck:jni warnings should
print the native stack when there are no Java frames
- JDK-8296084: javax/swing/JSpinner/4788637/bug4788637.java
fails intermittently on a VM
- JDK-8296318: use-def assert: special case undetected loops
nested in infinite loops
- JDK-8296343: CPVE thrown on missing content-length in OCSP
response
- JDK-8296412: Special case infinite loops with unmerged
backedges in IdealLoopTree::check_safepts
- JDK-8296545: C2 Blackholes should allow load optimizations
- JDK-8296934: Write a test to verify whether Undecorated Frame
can be iconified or not
- JDK-8297000: [jib] Add more friendly warning for proxy issues
- JDK-8297154: Improve safepoint cleanup logging
- JDK-8297450: ScaledTextFieldBorderTest.java fails when run
with -show parameter
- JDK-8297587: Upgrade JLine to 3.22.0
- JDK-8297730: C2: Arraycopy intrinsic throws incorrect
exception
- JDK-8297955: LDAP CertStore should use LdapName and not
String for DNs
- JDK-8298488: [macos13] tools/jpackage tests failing with
'Exit code: 137' on macOS
- JDK-8298887: On the latest macOS+XCode the Robot API may
report wrong colors
- JDK-8299179: ArrayFill with store on backedge needs to reduce
length by 1
- JDK-8299259: C2: Div/Mod nodes without zero check could be
split through iv phi of loop resulting in SIGFPE
- JDK-8299544: Improve performance of CRC32C intrinsics
(non-AVX-512) for small inputs
- JDK-8299570: [JVMCI] Insufficient error handling when
CodeBuffer is exhausted
- JDK-8299959: C2: CmpU::Value must filter overflow computation
against local sub computation
- JDK-8300042: Improve CPU related JFR events descriptions
- JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy
due to constant NULL src argument
- JDK-8300823: UB: Compile::_phase_optimize_finished is
initialized too late
- JDK-8300939: sun/security/provider/certpath/OCSP/
/OCSPNoContentLength.java fails due to network errors
- JDK-8301050: Detect Xen Virtualization on Linux aarch64
- JDK-8301119: Support for GB18030-2022
- JDK-8301123: Enable Symbol refcounting underflow checks in
PRODUCT
- JDK-8301190: [vectorapi] The typeChar of LaneType is
incorrect when default locale is tr
- JDK-8301216: ForkJoinPool invokeAll() ignores timeout
- JDK-8301338: Identical branch conditions in
CompileBroker::print_heapinfo
- JDK-8301491: C2: java.lang.StringUTF16::indexOfChar intrinsic
called with negative character argument
- JDK-8301637: ThreadLocalRandom.current().doubles().parallel()
contention
- JDK-8301661: Enhance os::pd_print_cpu_info on macOS and
Windows
- JDK-8302151: BMPImageReader throws an exception reading BMP
images
- JDK-8302172: [JVMCI] HotSpotResolvedJavaMethodImpl.canBeInlined
must respect ForceInline
- JDK-8302320: AsyncGetCallTrace obtains too few frames in
sanity test
- JDK-8302491: NoClassDefFoundError omits the original cause of
an error
- JDK-8302508: Add timestamp to the output TraceCompilerThreads
- JDK-8302594: use-after-free in Node::destruct
- JDK-8302595: use-after-free related to GraphKit::clone_map
- JDK-8302791: Add specific ClassLoader object to Proxy
IllegalArgumentException message
- JDK-8302849: SurfaceManager might expose partially
constructed object
- JDK-8303069: Memory leak in CompilerOracle::parse_from_line
- JDK-8303102: jcmd: ManagementAgent.status truncates the text
longer than O_BUFLEN
- JDK-8303130: Document required Accessibility permissions on
macOS
- JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m
needs CFRelease call in early potential CHECK_NULL return
- JDK-8303433: Bump update version for OpenJDK: jdk-17.0.8
- JDK-8303440: The 'ZonedDateTime.parse' may not accept the
'UTC+XX' zone id
- JDK-8303465: KeyStore of type KeychainStore, provider Apple
does not show all trusted certificates
- JDK-8303476: Add the runtime version in the release file of a
JDK image
- JDK-8303482: Update LCMS to 2.15
- JDK-8303508: Vector.lane() gets wrong value on x86
- JDK-8303511: C2: assert(get_ctrl(n) == cle_out) during
unrolling
- JDK-8303564: C2: 'Bad graph detected in build_loop_late'
after a CMove is wrongly split thru phi
- JDK-8303575: adjust Xen handling on Linux aarch64
- JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs
CFRelease call in early potential CHECK_NULL return
- JDK-8303588: [JVMCI] make JVMCI source directories conform
with standard layout
- JDK-8303809: Dispose context in SPNEGO NegotiatorImpl
- JDK-8303822: gtestMain should give more helpful output
- JDK-8303861: Error handling step timeouts should never be
blocked by OnError and others
- JDK-8303937: Corrupted heap dumps due to missing retries for
os::write()
- JDK-8303949: gcc10 warning Linux ppc64le - note: the layout
of aggregates containing vectors with 8-byte alignment has
changed in GCC 5
- JDK-8304054: Linux: NullPointerException from
FontConfiguration.getVersion in case no fonts are installed
- JDK-8304063: tools/jpackage/share/AppLauncherEnvTest.java
fails when checking LD_LIBRARY_PATH
- JDK-8304134: jib bootstrapper fails to quote filename when
checking download filetype
- JDK-8304291: [AIX] Broken build after JDK-8301998
- JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
- JDK-8304350: Font.getStringBounds calculates wrong width for
TextAttribute.TRACKING other than 0.0
- JDK-8304671: javac regression: Compilation with --release 8
fails on underscore in enum identifiers
- JDK-8304683: Memory leak in WB_IsMethodCompatible
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8304867: Explicitly disable dtrace for ppc builds
- JDK-8304880: [PPC64] VerifyOops code in C1 doesn't work with
ZGC
- JDK-8305088: SIGSEGV in Method::is_method_handle_intrinsic
- JDK-8305113: (tz) Update Timezone Data to 2023c
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305403: Shenandoah evacuation workers may deadlock
- JDK-8305481: gtest is_first_C_frame failing on ARM
- JDK-8305690: [X86] Do not emit two REX prefixes in
Assembler::prefix
- JDK-8305711: Arm: C2 always enters slowpath for monitorexit
- JDK-8305721: add `make compile-commands` artifacts to
.gitignore
- JDK-8305975: Add TWCA Global Root CA
- JDK-8305993: Add handleSocketErrorWithMessage to extend nio
Net.c exception message
- JDK-8305994: Guarantee eventual async monitor deflation
- JDK-8306072: Open source several AWT MouseInfo related tests
- JDK-8306133: Open source few AWT Drag & Drop related tests
- JDK-8306409: Open source AWT KeyBoardFocusManger,
LightWeightComponent related tests
- JDK-8306432: Open source several AWT Text Component related
tests
- JDK-8306466: Open source more AWT Drag & Drop related tests
- JDK-8306489: Open source AWT List related tests
- JDK-8306543: GHA: MSVC installation is failing
- JDK-8306640: Open source several AWT TextArea related tests
- JDK-8306652: Open source AWT MenuItem related tests
- JDK-8306658: GHA: MSVC installation could be optional since
it might already be pre-installed
- JDK-8306664: GHA: Update MSVC version to latest stepping
- JDK-8306681: Open source more AWT DnD related tests
- JDK-8306683: Open source several clipboard and color AWT tests
- JDK-8306752: Open source several container and component AWT
tests
- JDK-8306753: Open source several container AWT tests
- JDK-8306755: Open source few Swing JComponent and
AbstractButton tests
- JDK-8306768: CodeCache Analytics reports wrong threshold
- JDK-8306774: Make runtime/Monitor/
/GuaranteedAsyncDeflationIntervalTest.java more reliable
- JDK-8306825: Monitor deflation might be accidentally disabled
by zero intervals
- JDK-8306850: Open source AWT Modal related tests
- JDK-8306871: Open source more AWT Drag & Drop tests
- JDK-8306883: Thread stacksize is reported with wrong units in
os::create_thread logging
- JDK-8306941: Open source several datatransfer and dnd AWT
tests
- JDK-8306943: Open source several dnd AWT tests
- JDK-8306954: Open source five Focus related tests
- JDK-8306955: Open source several JComboBox jtreg tests
- JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
- JDK-8306996: Open source Swing MenuItem related tests
- JDK-8307080: Open source some more JComboBox jtreg tests
- JDK-8307128: Open source some drag and drop tests 4
- JDK-8307130: Open source few Swing JMenu tests
- JDK-8307133: Open source some JTable jtreg tests
- JDK-8307134: Add GTS root CAs
- JDK-8307135: java/awt/dnd/NotReallySerializableTest/
/NotReallySerializableTest.java failed
- JDK-8307331: Correctly update line maps when class redefine
rewrites bytecodes
- JDK-8307346: Add missing gc+phases logging for
ObjectCount(AfterGC) JFR event collection code
- JDK-8307347: serviceability/sa/ClhsdbDumpclass.java could
leave files owned by root on macOS
- JDK-8307378: Allow collectors to provide specific values for
GC notifications' actions
- JDK-8307381: Open Source JFrame, JIF related Swing Tests
- JDK-8307425: Socket input stream read burns CPU cycles with
back-to-back poll(0) calls
- JDK-8307799: Newly added java/awt/dnd/MozillaDnDTest.java has
invalid jtreg `@requires` clause
- JDK-8308554: [17u] Fix commit of 8286191. vm.musl was not
removed from ExternalEditorTest
- JDK-8308880: [17u] micro bench ZoneStrings missed in backport
of 8278434
- JDK-8308884: [17u/11u] Backout JDK-8297951
- JDK-8311467: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.8
ImportantSUSE bug 1207922SUSE bug 1213473SUSE bug 1213474SUSE bug 1213475SUSE bug 1213479SUSE bug 1213481SUSE bug 1213482CVE-2023-22006 at SUSECVE-2023-22006 at NVDCVE-2023-22036 at SUSECVE-2023-22036 at NVDCVE-2023-22041 at SUSECVE-2023-22041 at NVDCVE-2023-22044 at SUSECVE-2023-22044 at NVDCVE-2023-22045 at SUSECVE-2023-22045 at NVDCVE-2023-22049 at SUSECVE-2023-22049 at NVDCVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:opensuse:leap:15.5Security update for libvirt (Moderate)openSUSE Leap 15.5
This update for libvirt fixes the following issues:
Security fixes:
- CVE-2023-3750: Fixed mproper locking in virStoragePoolObjListSearch that may lead to denial of service (bsc#1213447).
Other fixes:
- build library with support for modular daemons (bsc#1213352).
ModerateSUSE bug 1213352SUSE bug 1213447CVE-2023-3750 at SUSECVE-2023-3750 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird was updated to version 115.0.1 (bsc#1212438):
- CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703).
- CVE-2023-3417: Fixed File Extension Spoofing using the Text Direction Override Character (bmo#1835582).
Bugfixes:
- changed: Added Thunderbird Supernova branding to about:dialog
(bmo#1842102)
- fixed: Message list was not updated when message was deleted
from server outside of Thunderbird (bmo#1837041)
- fixed: Scrolling behaved unexpectedly when moving to next
message unread message in another folder (bmo#1841711)
- fixed: Scrolling animation was unnecessarily used when
switching or toggling the sort column in message list
(bmo#1838522)
- fixed: Attempting to delete a message and then cancelling the
action still marked the message as read (bmo#793353)
- fixed: Unified Toolbar could not be customized under certain
tabs (bmo#1841480)
- fixed: Selecting a folder with one or more subfolders and
pressing enter did not expand folder (bmo#1841200)
- fixed: Tooltips did not appear when hovering over folders
(bmo#1839780)
- fixed: Deleting large amounts of messages from Trash folder
consumed excessive time and memory (bmo#1833665)
- fixed: Message Summary header buttons were not keyboard
accessible (bmo#1827199)
- fixed: 'New' button in Message Filters dialog was not
keyboard accessible (bmo#1841477)
- fixed: Backing up secret keys from OpenPGP Key Manager dialog
silently failed (bmo#1839415)
- fixed: Various visual and UX improvements
(bmo#1843172,bmo#1831422,bmo#1838360,bmo#1842319)
ImportantSUSE bug 1212438CVE-2023-3417 at SUSECVE-2023-3417 at NVDCVE-2023-3600 at SUSECVE-2023-3600 at NVDcpe:/o:opensuse:leap:15.5Security update for qemu (Important)openSUSE Leap 15.5
This update for qemu fixes the following issues:
- CVE-2023-3301: Fixed incorrect cleanup of the vdpa/vhost-net structures if peer nic is present (bsc#1213414).
- CVE-2023-0330: Fixed reentrancy issues in the LSI controller (bsc#1207205).
- CVE-2023-2861: Fixed opening special files in 9pfs (bsc#1212968).
- CVE-2023-3255: Fixed infinite loop in inflate_buffer() leads to denial of service (bsc#1213001).
Bugfixes:
- hw/ide/piix: properly initialize the BMIBA register (bsc#bsc#1179993)
- Fixed issue where Guest did not run on XEN SLES15SP2 (bsc#1181740).
ImportantSUSE bug 1179993SUSE bug 1181740SUSE bug 1207205SUSE bug 1212968SUSE bug 1213001SUSE bug 1213414CVE-2023-0330 at SUSECVE-2023-0330 at NVDCVE-2023-2861 at SUSECVE-2023-2861 at NVDCVE-2023-3255 at SUSECVE-2023-3255 at NVDCVE-2023-3301 at SUSECVE-2023-3301 at NVDcpe:/o:opensuse:leap:15.5Security update for xmltooling (Moderate)openSUSE Leap 15.5
This update for xmltooling fixes the following issues:
- CVE-2023-36661: Fix server-side request forgery vulnerability (bsc#1212359)
ModerateSUSE bug 1212359CVE-2023-36661 at SUSECVE-2023-36661 at NVDcpe:/o:opensuse:leap:15.5Security update for guava (Moderate)openSUSE Leap 15.5
This update for guava fixes the following issues:
Upgrade to guava 32.0.1:
- CVE-2020-8908: Fixed predictable temporary files and directories used in FileBackedOutputStream (bsc#1179926).
- CVE-2023-2976: Fixed a temp directory creation vulnerability (bsc#1212401).
ModerateSUSE bug 1179926SUSE bug 1212401CVE-2020-8908 at SUSECVE-2020-8908 at NVDCVE-2023-2976 at SUSECVE-2023-2976 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Moderate)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487).
ModerateSUSE bug 1213487CVE-2023-3446 at SUSECVE-2023-3446 at NVDcpe:/o:opensuse:leap:15.5Security update for salt (Moderate)openSUSE Leap 15.5
This update for salt fixes the following issues:
Security fixes:
- CVE-2023-28370: Fix an open redirect vulnerability in 'StaticFileHandler' under certain configurations (bsc#1211741)
Bug fixes:
- Prevent error loading 'known_hosts' when '$HOME' is not set (bsc#1210994)
- Fix ModuleNotFoundError and other issues raised by salt-support module (bsc#1211591)
ModerateSUSE bug 1210994SUSE bug 1211591SUSE bug 1211741CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Moderate)openSUSE Leap 15.5
This update fixes the following issues:
python-tornado:
- Security fixes:
* CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)
prometheus-blackbox_exporter:
- Use obscpio for go modules service
- Set version number
- Set build date from SOURCE_DATE_EPOCH
- Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
* Requires go1.19
- Avoid empty validation script
- Add rc symlink for backwards compatibility
spacecmd:
- Version 4.3.22-1
* Bypass traditional systems check on older SUMA instances (bsc#1208612)
ModerateSUSE bug 1208612SUSE bug 1211741SUSE bug 1212279CVE-2023-28370 at SUSECVE-2023-28370 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following security issues:
Firefox was updated to Extended Support Release 115.1.0 ESR (bsc#1213746):
- CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876).
- CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686).
- CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073).
- CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368).
- CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658).
- CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038).
- CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420).
- CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777).
- CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561).
- CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847).
- CVE-2023-4057: Fixed memory safety bugs (bmo#1841682).
Bugfixes:
- Remove bashisms from startup-script (bsc#1213657)
ImportantSUSE bug 1213657SUSE bug 1213746CVE-2023-4045 at SUSECVE-2023-4045 at NVDCVE-2023-4046 at SUSECVE-2023-4046 at NVDCVE-2023-4047 at SUSECVE-2023-4047 at NVDCVE-2023-4048 at SUSECVE-2023-4048 at NVDCVE-2023-4049 at SUSECVE-2023-4049 at NVDCVE-2023-4050 at SUSECVE-2023-4050 at NVDCVE-2023-4052 at SUSECVE-2023-4052 at NVDCVE-2023-4054 at SUSECVE-2023-4054 at NVDCVE-2023-4055 at SUSECVE-2023-4055 at NVDCVE-2023-4056 at SUSECVE-2023-4056 at NVDCVE-2023-4057 at SUSECVE-2023-4057 at NVDcpe:/o:opensuse:leap:15.5Security update for jtidy (Moderate)openSUSE Leap 15.5
This update for jtidy fixes the following issues:
- CVE-2023-34623: Prevent crash when parsing documents with excessive nesting (bsc#1212404).
ModerateSUSE bug 1212404CVE-2023-34623 at SUSECVE-2023-34623 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
The following non-security bugs were fixed:
- Dropped patch that caused issues with k3s (bsc#1213705).
- ASoC: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-fixes).
- ASoC: SOF: topology: Fix logic for copying tuples (git-fixes).
- Bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-fixes).
- Bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes).
- Bluetooth: ISO: fix iso_conn related locking and validity issues (git-fixes).
- Bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes).
- Bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
- Bluetooth: fix use-bdaddr-property quirk (git-fixes).
- Bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
- Bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes).
- Bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-fixes).
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758)
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525).
- PCI: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-fixes).
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/i915: Disable DSB usage for now' (git-fixes).
- USB: dwc2: Fix some error handling paths (git-fixes).
- USB: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- USB: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- USB: typec: Fix fast_role_swap_current show function (git-fixes).
- Update config and supported.conf files due to renaming.
- acpi: Fix suspend with Xen PV (git-fixes).
- adreno: Shutdown the GPU properly (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- ceph: add a dedicated private data for netfs rreq (bsc#1213205).
- ceph: fix blindly expanding the readahead windows (bsc#1213206).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- codel: fix kernel-doc notation warnings (git-fixes).
- cpufreq: tegra194: Fix module loading (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes).
- drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
- drm/amd/amdgpu: limit one queue per gang (git-fixes).
- drm/amd/amdgpu: update mes11 api def (git-fixes).
- drm/amd/display (gcc13): fix enum mismatch (git-fixes).
- drm/amd/display: Add Z8 allow states to z-state support list (git-fixes).
- drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes).
- drm/amd/display: Add minimum Z8 residency debug option (git-fixes).
- drm/amd/display: Add missing WA and MCLK validation (git-fixes).
- drm/amd/display: Change default Z8 watermark values (git-fixes).
- drm/amd/display: Correct DML calculation to align HW formula (git-fixes).
- drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes).
- drm/amd/display: Do not update DRR while BW optimizations pending (git-fixes).
- drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes).
- drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes).
- drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes).
- drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes).
- drm/amd/display: Fix Z8 support configurations (git-fixes).
- drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes).
- drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
- drm/amd/display: Have Payload Properly Created After Resume (git-fixes).
- drm/amd/display: Lowering min Z8 residency time (git-fixes).
- drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes).
- drm/amd/display: Refactor eDP PSR codes (git-fixes).
- drm/amd/display: Remove FPU guards from the DML folder (git-fixes).
- drm/amd/display: Remove optimization for VRR updates (git-fixes).
- drm/amd/display: Remove stutter only configurations (git-fixes).
- drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes).
- drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes).
- drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes).
- drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
- drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes).
- drm/amd/display: fix a divided-by-zero error (git-fixes).
- drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
- drm/amd/display: limit timing for single dimm memory (git-fixes).
- drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
- drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
- drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes).
- drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes).
- drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes).
- drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-fixes).
- drm/amd/pm: resolve reboot exception for si oland (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes).
- drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes).
- drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
- drm/amd: Add a new helper for loading/validating microcode (git-fixes).
- drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes).
- drm/amd: Load MES microcode during early_init (git-fixes).
- drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes).
- drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-fixes).
- drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
- drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
- drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
- drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes).
- drm/amdgpu/mes11: enable reg active poll (git-fixes).
- drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes).
- drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes).
- drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes).
- drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes).
- drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes).
- drm/amdgpu: Fix sdma v4 sw fini error (git-fixes).
- drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes).
- drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-fixes).
- drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
- drm/amdgpu: change reserved vram info print (git-fixes).
- drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes).
- drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
- drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
- drm/amdgpu: refine get gpu clock counter method (git-fixes).
- drm/amdgpu: remove deprecated MES version vars (git-fixes).
- drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
- drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes).
- drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
- drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes).
- drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes).
- drm/bridge: anx7625: Prevent endless probe loop (git-fixes).
- drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes).
- drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes).
- drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes).
- drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes).
- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes).
- drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes).
- drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
- drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes).
- drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493).
- drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
- drm/i915/gt: Cleanup partial engine discovery failures (git-fixes).
- drm/i915/guc: Add error-capture init warnings when needed (git-fixes).
- drm/i915/guc: Fix missing ecodes (git-fixes).
- drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes).
- drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes).
- drm/i915/mtl: update scaler source and destination limits for MTL (git-fixes).
- drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-fixes).
- drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes).
- drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-fixes).
- drm/i915: Allow panel fixed modes to have differing sync polarities (git-fixes).
- drm/i915: Check pipe source size when using skl+ scalers (git-fixes).
- drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes).
- drm/i915: Fix TypeC mode initialization during system resume (git-fixes).
- drm/i915: Fix a memory leak with reused mmap_offset (git-fixes).
- drm/i915: Fix negative value passed as remaining time (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/i915: Introduce intel_panel_init_alloc() (git-fixes).
- drm/i915: Never return 0 if not all requests retired (git-fixes).
- drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes).
- drm/i915: Print return value on error (git-fixes).
- drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes).
- drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
- drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes).
- drm/msm/adreno: Simplify read64/write64 helpers (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes).
- drm/msm/dpu: Assign missing writeback log_mask (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
- drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-fixes).
- drm/msm/hdmi: use devres helper for runtime PM management (git-fixes).
- drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes).
- drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-fixes).
- drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes).
- drm/vmwgfx: Remove ttm object hashtable (git-fixes).
- drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes).
- drm/vmwgfx: Write the driver id registers (git-fixes).
- drm: Add fixed-point helper to get rounded integer values (git-fixes).
- drm: Add missing DP DSC extended capability definitions (git-fixes).
- drm: Optimize drm buddy top-down allocation method (git-fixes).
- drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-fixes).
- drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes).
- drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes).
- drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes).
- drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226).
- irqchip/gic-v3: Claim iomem resources (bsc#1213533)
- irqchip/gicv3: Handle resource request failure consistently (bsc#1213533)
- irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533)
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi/severities: ignore kABI of i915 module It's exported only for its sub-module, not really used by externals
- kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes.
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-fixes).
- net: qrtr: start MHI channel after endpoit creation (git-fixes).
- nilfs2: reject devices with insufficient block count (git-fixes).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- perf/x86/amd/core: Always clear status for idx (bsc#1213233).
- pie: fix kernel-doc notation warning (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/pci: clean up left over special treatment for function zero (bsc#1212525).
- s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
- s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- security: keys: Modify mismatched function name (git-fixes).
- selftests/ir: fix build with ancient kernel headers (git-fixes).
- selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
- selftests: forwarding: Fix packet matching in mirroring selftests (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes).
- soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes).
- soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes).
- wifi: ath11k: Add missing check for ioremap (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes).
- x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1207894SUSE bug 1208788SUSE bug 1211243SUSE bug 1211867SUSE bug 1212256SUSE bug 1212301SUSE bug 1212525SUSE bug 1212846SUSE bug 1212905SUSE bug 1213059SUSE bug 1213061SUSE bug 1213205SUSE bug 1213206SUSE bug 1213226SUSE bug 1213233SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213286SUSE bug 1213493SUSE bug 1213523SUSE bug 1213524SUSE bug 1213533SUSE bug 1213543SUSE bug 1213705CVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
The following non-security bugs were fixed:
- Enable NXP SNVS RTC driver for i.MX 8MQ/8MP (jsc#PED-4758).
- Support sub-NUMA clustering on UV (jsc#PED-4718).
- Fixed multipath not supported error (bsc#1213311).
- Revert 'arm64: dts: zynqmp: Add address-cells property to interrupt (git-fixes)
- Revert 'drm/i915: Disable DSB usage for now' (git-fixes).
- acpi: Fix suspend with Xen PV (git-fixes).
- adreno: Shutdown the GPU properly (git-fixes).
- arm64/mm: mark private VM_FAULT_X defines as vm_fault_t (git-fixes)
- arm64: dts: microchip: sparx5: do not use PSCI on reference boards (git-fixes)
- arm64: vdso: Pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- asoc: Intel: sof_sdw: remove SOF_SDW_TGL_HDMI for MeteorLake devices (git-fixes).
- asoc: SOF: topology: Fix logic for copying tuples (git-fixes).
- bluetooth: ISO: Fix CIG auto-allocation to select configurable CIG (git-fixes).
- bluetooth: ISO: consider right CIS when removing CIG at cleanup (git-fixes).
- bluetooth: ISO: fix iso_conn related locking and validity issues (git-fixes).
- bluetooth: ISO: use hci_sync for setting CIG parameters (git-fixes).
- bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
- bluetooth: fix use-bdaddr-property quirk (git-fixes).
- bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
- bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes).
- bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes).
- bluetooth: use RCU for hci_conn_params and iterate safely in hci_sync (git-fixes).
- can: bcm: Fix UAF in bcm_proc_show() (git-fixes).
- ceph: add a dedicated private data for netfs rreq (bsc#1213205).
- ceph: fix blindly expanding the readahead windows (bsc#1213206).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in DebugData (bsc#1193629).
- cifs: print client_guid in DebugData (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- codel: fix kernel-doc notation warnings (git-fixes).
- cpufreq: tegra194: Fix module loading (git-fixes).
- devlink: fix kernel-doc notation warnings (git-fixes).
- dma-buf/dma-resv: Stop leaking on krealloc() failure (git-fixes).
- drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
- drm/amd/amdgpu: limit one queue per gang (git-fixes).
- drm/amd/amdgpu: update mes11 api def (git-fixes).
- drm/amd/display (gcc13): fix enum mismatch (git-fixes).
- drm/amd/display: Add Z8 allow states to z-state support list (git-fixes).
- drm/amd/display: Add debug option to skip PSR CRTC disable (git-fixes).
- drm/amd/display: Add minimum Z8 residency debug option (git-fixes).
- drm/amd/display: Add missing WA and MCLK validation (git-fixes).
- drm/amd/display: Change default Z8 watermark values (git-fixes).
- drm/amd/display: Correct DML calculation to align HW formula (git-fixes).
- drm/amd/display: Correct DML calculation to follow HW SPEC (git-fixes).
- drm/amd/display: Do not update DRR while BW optimizations pending (git-fixes).
- drm/amd/display: Enable HostVM based on rIOMMU active (git-fixes).
- drm/amd/display: Enforce 60us prefetch for 200Mhz DCFCLK modes (git-fixes).
- drm/amd/display: Ensure vmin and vmax adjust for DCE (git-fixes).
- drm/amd/display: Fix 4to1 MPC black screen with DPP RCO (git-fixes).
- drm/amd/display: Fix Z8 support configurations (git-fixes).
- drm/amd/display: Fix a test CalculatePrefetchSchedule() (git-fixes).
- drm/amd/display: Fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
- drm/amd/display: Have Payload Properly Created After Resume (git-fixes).
- drm/amd/display: Lowering min Z8 residency time (git-fixes).
- drm/amd/display: Reduce sdp bw after urgent to 90% (git-fixes).
- drm/amd/display: Refactor eDP PSR codes (git-fixes).
- drm/amd/display: Remove FPU guards from the DML folder (git-fixes).
- drm/amd/display: Remove optimization for VRR updates (git-fixes).
- drm/amd/display: Remove stutter only configurations (git-fixes).
- drm/amd/display: Update Z8 SR exit/enter latencies (git-fixes).
- drm/amd/display: Update Z8 watermarks for DCN314 (git-fixes).
- drm/amd/display: Update minimum stutter residency for DCN314 Z8 (git-fixes).
- drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
- drm/amd/display: fix PSR-SU/DSC interoperability support (git-fixes).
- drm/amd/display: fix a divided-by-zero error (git-fixes).
- drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
- drm/amd/display: limit timing for single dimm memory (git-fixes).
- drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
- drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
- drm/amd/pm: add missing NotifyPowerSource message mapping for SMU13.0.7 (git-fixes).
- drm/amd/pm: avoid potential UBSAN issue on legacy asics (git-fixes).
- drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid SKUs (git-fixes).
- drm/amd/pm: fix possible power mode mismatch between driver and PMFW (git-fixes).
- drm/amd/pm: resolve reboot exception for si oland (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for SMU v13.0.4 (git-fixes).
- drm/amd/pm: reverse mclk clocks levels for SMU v13.0.5 (git-fixes).
- drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
- drm/amd: Add a new helper for loading/validating microcode (git-fixes).
- drm/amd: Do not allow s0ix on APUs older than Raven (git-fixes).
- drm/amd: Load MES microcode during early_init (git-fixes).
- drm/amd: Use `amdgpu_ucode_*` helpers for MES (git-fixes).
- drm/amdgpu/gfx11: Adjust gfxoff before powergating on gfx11 as well (git-fixes).
- drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
- drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
- drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
- drm/amdgpu/jpeg: Remove harvest checking for JPEG3 (git-fixes).
- drm/amdgpu/mes11: enable reg active poll (git-fixes).
- drm/amdgpu/vcn: Disable indirect SRAM on Vangogh broken BIOSes (git-fixes).
- drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes).
- drm/amdgpu: Do not set struct drm_driver.output_poll_changed (git-fixes).
- drm/amdgpu: Fix desktop freezed after gpu-reset (git-fixes).
- drm/amdgpu: Fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes).
- drm/amdgpu: Fix sdma v4 sw fini error (git-fixes).
- drm/amdgpu: Fix usage of UMC fill record in RAS (git-fixes).
- drm/amdgpu: Force signal hw_fences that are embedded in non-sched jobs (git-fixes).
- drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
- drm/amdgpu: change reserved vram info print (git-fixes).
- drm/amdgpu: declare firmware for new MES 11.0.4 (git-fixes).
- drm/amdgpu: enable tmz by default for GC 11.0.1 (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
- drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
- drm/amdgpu: refine get gpu clock counter method (git-fixes).
- drm/amdgpu: remove deprecated MES version vars (git-fixes).
- drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
- drm/amdgpu: set gfx9 onwards APU atomics support to be true (git-fixes).
- drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
- drm/bridge: anx7625: Convert to i2c's .probe_new() (git-fixes).
- drm/bridge: anx7625: Fix refcount bug in anx7625_parse_dt() (git-fixes).
- drm/bridge: anx7625: Prevent endless probe loop (git-fixes).
- drm/bridge: it6505: Move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes).
- drm/bridge: tc358767: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi83: Fix enable error path (git-fixes).
- drm/client: Fix memory leak in drm_client_target_cloned (git-fixes).
- drm/display/dp_mst: Fix payload addition on a disconnected sink (git-fixes).
- drm/display: Do not block HDR_OUTPUT_METADATA on unknown EOTF (git-fixes).
- drm/drm_vma_manager: Add drm_vma_node_allow_once() (git-fixes).
- drm/dsc: fix DP_DSC_MAX_BPP_DELTA_* macro values (git-fixes).
- drm/dsc: fix drm_edp_dsc_sink_output_bpp() DPCD high byte usage (git-fixes).
- drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
- drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes).
- drm/i915/dp_mst: Add the MST topology state for modesetted CRTCs (bsc#1213493).
- drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
- drm/i915/gt: Cleanup partial engine discovery failures (git-fixes).
- drm/i915/guc: Add error-capture init warnings when needed (git-fixes).
- drm/i915/guc: Fix missing ecodes (git-fixes).
- drm/i915/guc: Limit scheduling properties to avoid overflow (git-fixes).
- drm/i915/guc: Rename GuC register state capture node to be more obvious (git-fixes).
- drm/i915/mtl: update scaler source and destination limits for MTL (git-fixes).
- drm/i915/sdvo: Grab mode_config.mutex during LVDS init to avoid WARNs (git-fixes).
- drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes).
- drm/i915/tc: Fix TC port link ref init for DP MST during HW readout (git-fixes).
- drm/i915: Allow panel fixed modes to have differing sync polarities (git-fixes).
- drm/i915: Check pipe source size when using skl+ scalers (git-fixes).
- drm/i915: Do panel VBT init early if the VBT declares an explicit panel type (git-fixes).
- drm/i915: Fix TypeC mode initialization during system resume (git-fixes).
- drm/i915: Fix a memory leak with reused mmap_offset (git-fixes).
- drm/i915: Fix negative value passed as remaining time (git-fixes).
- drm/i915: Fix one wrong caching mode enum usage (git-fixes).
- drm/i915: Introduce intel_panel_init_alloc() (git-fixes).
- drm/i915: Never return 0 if not all requests retired (git-fixes).
- drm/i915: Populate encoder->devdata for DSI on icl+ (git-fixes).
- drm/i915: Print return value on error (git-fixes).
- drm/i915: Use _MMIO_PIPE() for SKL_BOTTOM_COLOR (git-fixes).
- drm/meson: Fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
- drm/msm/a5xx: really check for A510 in a5xx_gpu_init (git-fixes).
- drm/msm/adreno: Simplify read64/write64 helpers (git-fixes).
- drm/msm/adreno: fix runtime PM imbalance at unbind (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: Add DSC hardware blocks to register snapshot (git-fixes).
- drm/msm/dpu: Assign missing writeback log_mask (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
- drm/msm/dpu: set DSC flush bit correctly at MDP CTL flush register (git-fixes).
- drm/msm/hdmi: use devres helper for runtime PM management (git-fixes).
- drm/panel: boe-tv101wum-nl6: Ensure DSI writes succeed during disable (git-fixes).
- drm/panel: simple: Add Powertip PH800480T013 drm_display_mode flags (git-fixes).
- drm/panel: simple: Add connector_type for innolux_at043tn24 (git-fixes).
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
- drm/ttm: Do not leak a resource on swapout move error (git-fixes).
- drm/virtio: Fix memory leak in virtio_gpu_object_create() (git-fixes).
- drm/virtio: Simplify error handling of virtio_gpu_object_create() (git-fixes).
- drm/vmwgfx: Refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Refactor resource validation hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: Refactor ttm reference object hashtable to use linux/hashtable (git-fixes).
- drm/vmwgfx: Remove ttm object hashtable (git-fixes).
- drm/vmwgfx: Remove vmwgfx_hashtab (git-fixes).
- drm/vmwgfx: Write the driver id registers (git-fixes).
- drm: Add fixed-point helper to get rounded integer values (git-fixes).
- drm: Add missing DP DSC extended capability definitions (git-fixes).
- drm: Optimize drm buddy top-down allocation method (git-fixes).
- drm: buddy_allocator: Fix buddy allocator init on 32-bit systems (git-fixes).
- drm: panel-orientation-quirks: Add quirk for DynaBook K50 (git-fixes).
- drm: rcar-du: Add quirk for H3 ES1.x pclk workaround (git-fixes).
- drm: rcar-du: Fix setting a reserved bit in DPLLCR (git-fixes).
- drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
- fuse: ioctl: translate ENOSYS in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- i2c: tegra: Set ACPI node as primary fwnode (bsc#1213226).
- irqchip/gic-v3: Claim iomem resources (bsc#1213533)
- irqchip/gicv3: Handle resource request failure consistently (bsc#1213533)
- irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 (bsc#1213533)
- kABI: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kabi/severities: Add VAS symbols changed due to recent fix VAS accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi/severities: ignore kABI of i915 module It's exported only for its sub-module, not really used by externals
- kabi/severities: ignore kABI of vmwgfx The driver exports a function unnecessarily without used by anyone else. Ignore the kABI changes.
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- net: mana: Add support for vlan tagging (bsc#1212301).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() (git-fixes).
- net: qrtr: start MHI channel after endpoit creation (git-fixes).
- nilfs2: reject devices with insufficient block count (git-fixes).
- ocfs2: Switch to security_inode_init_security() (git-fixes).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- pci: s390: Fix use-after-free of PCI resources with per-function hotplug (bsc#1212525).
- pci: vmd: Fix uninitialized variable usage in vmd_enable_domain() (git-fixes).
- perf/x86/amd/core: Always clear status for idx (bsc#1213233).
- pie: fix kernel-doc notation warning (git-fixes).
- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: Fix VAS mm use after free (bsc#1194869).
- powerpc/book3s64/mm: Fix DirectMap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: Fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: Do not read MSR from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: Switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: Assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: Fix kernel config grep (bsc#1194869).
- powerpc/pseries/vas: Hold mmap_mutex after mmap lock during window close (jsc#PED-542 git-fixes).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- rpm/check-for-config-changes: ignore also RISCV_ISA_* and DYNAMIC_SIGFRAME They depend on CONFIG_TOOLCHAIN_HAS_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/debug: add _ASM_S390_ prefix to header guard (git-fixes bsc#1213263).
- s390/pci: clean up left over special treatment for function zero (bsc#1212525).
- s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
- s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
- s390/percpu: add READ_ONCE() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390: define RUNTIME_DISCARD_EXIT to fix link error with GNU ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- security: keys: Modify mismatched function name (git-fixes).
- selftests/ir: fix build with ancient kernel headers (git-fixes).
- selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
- selftests: forwarding: Fix packet matching in mirroring selftests (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add ConnTrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- signal/powerpc: On swapcontext failure force SIGSEGV (bsc#1194869).
- signal: Replace force_sigsegv(SIGSEGV) with force_fatal_sig(SIGSEGV) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in SMB2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared DFS root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in CIFSFindFirst() (bsc#1193629).
- smb: client: fix warning in CIFSFindNext() (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve DFS mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soundwire: bus_type: Avoid lockdep assert in sdw_drv_probe() (git-fixes).
- soundwire: cadence: Drain the RX FIFO after an IO timeout (git-fixes).
- soundwire: stream: Add missing clear of alloc_slave_rt (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- swsmu/amdgpu_smu: Fix the wrong if-condition (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- usb: dwc2: Fix some error handling paths (git-fixes).
- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- usb: typec: Fix fast_role_swap_current show function (git-fixes).
- usb: typec: Fix fast_role_swap_current show function (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ath10k: Trigger STA disconnect after reconfig complete on hardware restart (git-fixes).
- wifi: ath11k: Add missing check for ioremap (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- x86/amd_nb: Add PCI ID for family 19h model 78h (git-fixes).
- x86/platform/uv: Add platform resolving #defines for misc GAM_MMIOH_REDIRECT* (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Fix printed information in calc_mmioh_map (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Remove remaining BUG_ON() and BUG() calls (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: UV support for sub-NUMA clustering (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: Update UV platform code for SNC (bsc#1212256 jsc#PED-4718).
- x86/platform/uv: When searching for minimums, start at INT_MAX not 99999 (bsc#1212256 jsc#PED-4718).
- x86: Fix .brk attribute in linker script (git-fixes).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk AIL insertion (git-fixes).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1193629SUSE bug 1194869SUSE bug 1207894SUSE bug 1208788SUSE bug 1211243SUSE bug 1211867SUSE bug 1212256SUSE bug 1212301SUSE bug 1212525SUSE bug 1212846SUSE bug 1212905SUSE bug 1213059SUSE bug 1213061SUSE bug 1213205SUSE bug 1213206SUSE bug 1213226SUSE bug 1213233SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213286SUSE bug 1213311SUSE bug 1213493SUSE bug 1213523SUSE bug 1213524SUSE bug 1213533SUSE bug 1213543SUSE bug 1213705CVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Important)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
- Update to go v1.20.7 (released 2023-08-01) (bsc#1206346)
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880)
ImportantSUSE bug 1206346SUSE bug 1213880CVE-2023-29409 at SUSECVE-2023-29409 at NVDcpe:/o:opensuse:leap:15.5Security update for xtrans (Low)openSUSE Leap 15.5
This update for xtrans fixes the following issues:
- CVE-2020-25697: Fixed local privilege escalation via TRANS_ABSTRACT on the client side (bsc#1178613).
LowSUSE bug 1178613CVE-2020-25697 at SUSECVE-2020-25697 at NVDcpe:/o:opensuse:leap:15.5Security update for qt6-base (Important)openSUSE Leap 15.5
This update for qt6-base fixes the following issues:
- CVE-2023-34410: Fixed certificate validation does not always consider whether the root of a chain is a configured CA certificate (bsc#1211994).
- CVE-2023-33285: Fixed buffer overflow in QDnsLookup (bsc#1211642).
- CVE-2023-32762: Fixed Qt Network incorrectly parses the strict-transport-security (HSTS) header (bsc#1211797).
- CVE-2023-38197: Fixed infinite loops in QXmlStreamReader(bsc#1213326).
- CVE-2023-24607: Fixed Qt SQL ODBC driver plugin DOS (bsc#1209616).
ImportantSUSE bug 1209616SUSE bug 1211642SUSE bug 1211797SUSE bug 1211994SUSE bug 1213326CVE-2023-24607 at SUSECVE-2023-24607 at NVDCVE-2023-32762 at SUSECVE-2023-32762 at NVDCVE-2023-33285 at SUSECVE-2023-33285 at NVDCVE-2023-34410 at SUSECVE-2023-34410 at NVDCVE-2023-38197 at SUSECVE-2023-38197 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update Mozilla Thunderbird 115.1.0 (bsc#1213746):
- CVE-2023-4045: Fixed cross-origin restrictions bypass with Offscreen Canvas (bmo#1833876).
- CVE-2023-4046: Fixed incorrect value used during WASM compilation (bmo#1837686).
- CVE-2023-4047: Fixed potential permissions request bypass via clickjacking (bmo#1839073).
- CVE-2023-4048: Fixed crash in DOMParser due to out-of-memory conditions (bmo#1841368).
- CVE-2023-4049: Fixed potential race conditions when releasing platform objects (bmo#1842658).
- CVE-2023-4050: Fixed stack buffer overflow in StorageManager (bmo#1843038).
- CVE-2023-4052: Fixed file deletion and privilege escalation through Firefox uninstaller (bmo#1824420).
- CVE-2023-4054: Fixed lack of warning when opening appref-ms files (bmo#1840777).
- CVE-2023-4055: Fixed cookie jar overflow caused unexpected cookie jar state (bmo#1782561).
- CVE-2023-4056: Fixed memory safety bugs (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847).
- CVE-2023-4057: Fixed memory safety bugs (bmo#1841682).
Bugfixes:
- Remove bashisms from startup-script (bsc#1213657).
ImportantSUSE bug 1213657SUSE bug 1213746CVE-2023-4045 at SUSECVE-2023-4045 at NVDCVE-2023-4046 at SUSECVE-2023-4046 at NVDCVE-2023-4047 at SUSECVE-2023-4047 at NVDCVE-2023-4048 at SUSECVE-2023-4048 at NVDCVE-2023-4049 at SUSECVE-2023-4049 at NVDCVE-2023-4050 at SUSECVE-2023-4050 at NVDCVE-2023-4052 at SUSECVE-2023-4052 at NVDCVE-2023-4054 at SUSECVE-2023-4054 at NVDCVE-2023-4055 at SUSECVE-2023-4055 at NVDCVE-2023-4056 at SUSECVE-2023-4056 at NVDCVE-2023-4057 at SUSECVE-2023-4057 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-actionpack-5_1 (Important)openSUSE Leap 15.5
This update for rubygem-actionpack-5_1 fixes the following issues:
- CVE-2023-28362: Fixed possible XSS via User Supplied Values to redirect_to (bsc#1213312).
ImportantSUSE bug 1213312CVE-2023-28362 at SUSECVE-2023-28362 at NVDcpe:/o:opensuse:leap:15.5Security update for cjose (Important)openSUSE Leap 15.5
This update for cjose fixes the following issues:
- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).
ImportantSUSE bug 1213385CVE-2023-37464 at SUSECVE-2023-37464 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Moderate)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:opensuse:leap:15.5Security update for keylime (Important)openSUSE Leap 15.5
This update for keylime fixes the following issues:
- CVE-2023-38200: Fixed a DoS attack against it's SSL connections. (bsc#1213310)
ImportantSUSE bug 1213310CVE-2023-38200 at SUSECVE-2023-38200 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-ugly (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-ugly fixes the following issues:
- CVE-2023-38103: Fixed an integer overflows when calculating the size of SIPR audio buffers. (bsc#1213751)
- CVE-2023-38104: Fixed an integer overflow when calculation audio packet size . (bsc#1213750)
ImportantSUSE bug 1213750SUSE bug 1213751CVE-2023-38103 at SUSECVE-2023-38103 at NVDCVE-2023-38104 at SUSECVE-2023-38104 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-good (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-good fixes the following issues:
- CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. (bsc#1213128)
ImportantSUSE bug 1213128CVE-2023-37327 at SUSECVE-2023-37327 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-base (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2023-37327: Fixed FLAC file parsing integer overflow remote code execution vulnerability. (bsc#1213128)
- CVE-2023-37328: Fixed PGS file parsing heap-based buffer overflow remote code execution vulnerability. (bsc#1213131)
ImportantSUSE bug 1213128SUSE bug 1213131CVE-2023-37327 at SUSECVE-2023-37327 at NVDCVE-2023-37328 at SUSECVE-2023-37328 at NVDcpe:/o:opensuse:leap:15.5Security update for rust1.71 (Important)openSUSE Leap 15.5
This update for rust1.71 fixes the following issues:
Update to version 1.71.1:
- CVE-2023-38497: Fixed privilege escalation with Cargo not respecting umask when extracting dependencies (bsc#1213817).
ImportantSUSE bug 1213817CVE-2023-38497 at SUSECVE-2023-38497 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Moderate)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
Update to Wireshark 3.6.15:
- Further features, bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-3.6.15.html
Security fixes:
- CVE-2023-0667: Fixed failure to validate MS-MMS packet length (bsc#1212084).
- CVE-2023-0668: Fixed IEEE C37.118 Synchrophasor dissector crash (bsc#1211710).
- CVE-2023-2855: Fixed Candump log file parser crash (bsc#1211703).
- CVE-2023-2856: Fixed VMS TCPIPtrace file parser crash (bsc#1211707).
- CVE-2023-2857: Fixed BLF file parser crash (bsc#1211705).
- CVE-2023-2858: Fixed NetScaler file parser crash (bsc#1211706).
- CVE-2023-2879: Fixed GDSDB dissector infinite loop (bsc#1211793).
- CVE-2023-2952: Fixed XRA dissector infinite loop (bsc#1211844).
- CVE-2023-3648: Fixed Kafka dissector crash (bsc#1213319).
ModerateSUSE bug 1211703SUSE bug 1211705SUSE bug 1211706SUSE bug 1211707SUSE bug 1211710SUSE bug 1211793SUSE bug 1211844SUSE bug 1212084SUSE bug 1213319CVE-2023-0667 at SUSECVE-2023-0667 at NVDCVE-2023-0668 at SUSECVE-2023-0668 at NVDCVE-2023-2855 at SUSECVE-2023-2855 at NVDCVE-2023-2856 at SUSECVE-2023-2856 at NVDCVE-2023-2857 at SUSECVE-2023-2857 at NVDCVE-2023-2858 at SUSECVE-2023-2858 at NVDCVE-2023-2879 at SUSECVE-2023-2879 at NVDCVE-2023-2952 at SUSECVE-2023-2952 at NVDCVE-2023-3648 at SUSECVE-2023-3648 at NVDcpe:/o:opensuse:leap:15.5Security update for pipewire (Moderate)openSUSE Leap 15.5
This update for pipewire fixes the following security issues:
- Fixed issue where an app which only has permission to access one stream can also access other streams (bsc#1213682).
Bugfixes:
- Fixed division by 0 and other issues with invalid values (glfo#pipewire/pipewire#2953)
- Fixed an overflow resulting in choppy sound in some cases (glfo#pipewire/pipewire#2680)
ModerateSUSE bug 1213682cpe:/o:opensuse:leap:15.5Security update for go1.19 (Important)openSUSE Leap 15.5
This update for go1.19 fixes the following issues:
- Update to go v1.19.12 (released 2023-08-01) (bsc#1200441)
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server while validating signatures for extremely large RSA keys. (bsc#1213880)
ImportantSUSE bug 1200441SUSE bug 1213880CVE-2023-29409 at SUSECVE-2023-29409 at NVDcpe:/o:opensuse:leap:15.5Security update for python-scipy (Moderate)openSUSE Leap 15.5
This update for python-scipy fixes the following issues:
- CVE-2023-25399: Fixed minor refcounting issue in Py_FindObjects (bsc#1213062).
- CVE-2023-29824: Fixed use-after-free in Py_FindObjects (bsc#1213137).
ModerateSUSE bug 1213062SUSE bug 1213137CVE-2023-25399 at SUSECVE-2023-25399 at NVDCVE-2023-29824 at SUSECVE-2023-29824 at NVDcpe:/o:opensuse:leap:15.5Feature update for cloud-init (Moderate)openSUSE Leap 15.5
This update for cloud-init fixes the following issues:
- Default route is not configured (bsc#1212879)
- cloud-final service failing in powerVS (bsc#1210273)
- Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429)
ModerateSUSE bug 1184758SUSE bug 1210273SUSE bug 1212879CVE-2021-3429 at SUSECVE-2021-3429 at NVDCVE-2023-1786 at SUSECVE-2023-1786 at NVDcpe:/o:opensuse:leap:15.5Security update for java-11-openjdk (Important)openSUSE Leap 15.5
This update for java-11-openjdk fixes the following issues:
Updated to jdk-11.0.20+8 (July 2023 CPU):
- CVE-2023-22006: Fixed vulnerability in the network component (bsc#1213473).
- CVE-2023-22036: Fixed vulnerability in the utility component (bsc#1213474).
- CVE-2023-22041: Fixed vulnerability in the hotspot component (bsc#1213475).
- CVE-2023-22044: Fixed vulnerability in the hotspot component (bsc#1213479).
- CVE-2023-22045: Fixed vulnerability in the hotspot component (bsc#1213481).
- CVE-2023-22049: Fixed vulnerability in the libraries component (bsc#1213482).
- CVE-2023-25193: Fixed vulnerability in the embedded harfbuzz module (bsc#1207922).
- JDK-8298676: Enhanced Look and Feel
- JDK-8300285: Enhance TLS data handling
- JDK-8300596: Enhance Jar Signature validation
- JDK-8301998, JDK-8302084: Update HarfBuzz to 7.0.1
- JDK-8302475: Enhance HTTP client file downloading
- JDK-8302483: Enhance ZIP performance
- JDK-8303376: Better launching of JDI
- JDK-8304468: Better array usages
- JDK-8305312: Enhanced path handling
- JDK-8308682: Enhance AES performance
Bugfixes:
- JDK-8171426: java/lang/ProcessBuilder/Basic.java failed with
Stream closed
- JDK-8178806: Better exception logging in crypto code
- JDK-8187522: test/sun/net/ftp/FtpURLConnectionLeak.java timed
out
- JDK-8209167: Use CLDR's time zone mappings for Windows
- JDK-8209546: Make sun/security/tools/keytool/autotest.sh to
support macosx
- JDK-8209880: tzdb.dat is not reproducibly built
- JDK-8213531: Test javax/swing/border/TestTitledBorderLeak.java
fails
- JDK-8214459: NSS source should be removed
- JDK-8214807: Improve handling of very old class files
- JDK-8215015: [TESTBUG] remove unneeded -Xfuture option from
tests
- JDK-8215575: C2 crash: assert(get_instanceKlass()->is_loaded())
failed: must be at least loaded
- JDK-8220093: Change to GCC 8.2 for building on Linux at Oracle
- JDK-8227257: javax/swing/JFileChooser/4847375/bug4847375.java
fails with AssertionError
- JDK-8232853: AuthenticationFilter.Cache::remove may throw
ConcurrentModificationException
- JDK-8243936: NonWriteable system properties are actually
writeable
- JDK-8246383: NullPointerException in
JceSecurity.getVerificationResult when using Entrust provider
- JDK-8248701: On Windows generated modules-deps.gmk can
contain backslash-r (CR) characters
- JDK-8257856: Make ClassFileVersionsTest.java robust to JDK
version updates
- JDK-8259530: Generated docs contain MIT/GPL-licenced works
without reproducing the licence
- JDK-8263420: Incorrect function name in
NSAccessibilityStaticText native peer implementation
- JDK-8264290: Create implementation for
NSAccessibilityComponentGroup protocol peer
- JDK-8264304: Create implementation for NSAccessibilityToolbar
protocol peer
- JDK-8265486: ProblemList javax/sound/midi/Sequencer/
/Recording.java on macosx-aarch64
- JDK-8268558: [TESTBUG] Case 2 in
TestP11KeyFactoryGetRSAKeySpec is skipped
- JDK-8269746: C2: assert(!in->is_CFG()) failed: CFG Node with
no controlling input?
- JDK-8274864: Remove Amman/Cairo hacks in ZoneInfoFile
- JDK-8275233: Incorrect line number reported in exception
stack trace thrown from a lambda expression
- JDK-8275721: Name of UTC timezone in a locale changes
depending on previous code
- JDK-8275735: [linux] Remove deprecated Metrics api (kernel
memory limit)
- JDK-8276880: Remove java/lang/RuntimeTests/exec/ExecWithDir
as unnecessary
- JDK-8277775: Fixup bugids in RemoveDropTargetCrashTest.java -
add 4357905
- JDK-8278434: timeouts in test java/time/test/java/time/format/
/TestZoneTextPrinterParser.java
- JDK-8280703: CipherCore.doFinal(...) causes potentially
massive byte[] allocations during decryption
- JDK-8282077: PKCS11 provider C_sign() impl should handle
CKR_BUFFER_TOO_SMALL error
- JDK-8282201: Consider removal of expiry check in
VerifyCACerts.java test
- JDK-8282467: add extra diagnostics for JDK-8268184
- JDK-8282600: SSLSocketImpl should not use user_canceled
workaround when not necessary
- JDK-8283059: Uninitialized warning in check_code.c with GCC
11.2
- JDK-8285497: Add system property for Java SE specification
maintenance version
- JDK-8286398: Address possibly lossy conversions in
jdk.internal.le
- JDK-8287007: [cgroups] Consistently use stringStream
throughout parsing code
- JDK-8287246: DSAKeyValue should check for missing params
instead of relying on KeyFactory provider
- JDK-8287876: The recently de-problemlisted
TestTitledBorderLeak test is unstable
- JDK-8287897: Augment src/jdk.internal.le/share/legal/jline.md
with information on 4th party dependencies
- JDK-8289301: P11Cipher should not throw out of bounds
exception during padding
- JDK-8289735: UTIL_LOOKUP_PROGS fails on pathes with space
- JDK-8291226: Create Test Cases to cover scenarios for
JDK-8278067
- JDK-8291637: HttpClient default keep alive timeout not
followed if server sends invalid value
- JDK-8291638: Keep-Alive timeout of 0 should close connection
immediately
- JDK-8292206: TestCgroupMetrics.java fails as getMemoryUsage()
is lower than expected
- JDK-8293232: Fix race condition in pkcs11 SessionManager
- JDK-8293815: P11PSSSignature.engineUpdate should not print
debug messages during normal operation
- JDK-8294548: Problem list SA core file tests on macosx-x64
due to JDK-8294316
- JDK-8294906: Memory leak in PKCS11 NSS TLS server
- JDK-8295974: jni_FatalError and Xcheck:jni warnings should
print the native stack when there are no Java frames
- JDK-8296934: Write a test to verify whether Undecorated Frame
can be iconified or not
- JDK-8297000: [jib] Add more friendly warning for proxy issues
- JDK-8297450: ScaledTextFieldBorderTest.java fails when run
with -show parameter
- JDK-8298887: On the latest macOS+XCode the Robot API may
report wrong colors
- JDK-8299259: C2: Div/Mod nodes without zero check could be
split through iv phi of loop resulting in SIGFPE
- JDK-8300079: SIGSEGV in LibraryCallKit::inline_string_copy
due to constant NULL src argument
- JDK-8300205: Swing test bug8078268 make latch timeout
configurable
- JDK-8300490: Spaces in name of MacOS Code Signing Identity
are not correctly handled after JDK-8293550
- JDK-8301119: Support for GB18030-2022
- JDK-8301170: perfMemory_windows.cpp add free_security_attr to
early returns
- JDK-8301401: Allow additional characters for GB18030-2022
support
- JDK-8302151: BMPImageReader throws an exception reading BMP
images
- JDK-8302791: Add specific ClassLoader object to Proxy
IllegalArgumentException message
- JDK-8303102: jcmd: ManagementAgent.status truncates the text
longer than O_BUFLEN
- JDK-8303354: addCertificatesToKeystore in KeystoreImpl.m
needs CFRelease call in early potential CHECK_NULL return
- JDK-8303432: Bump update version for OpenJDK: jdk-11.0.20
- JDK-8303440: The 'ZonedDateTime.parse' may not accept the
'UTC+XX' zone id
- JDK-8303465: KeyStore of type KeychainStore, provider Apple
does not show all trusted certificates
- JDK-8303476: Add the runtime version in the release file of a
JDK image
- JDK-8303482: Update LCMS to 2.15
- JDK-8303564: C2: 'Bad graph detected in build_loop_late'
after a CMove is wrongly split thru phi
- JDK-8303576: addIdentitiesToKeystore in KeystoreImpl.m needs
CFRelease call in early potential CHECK_NULL return
- JDK-8303822: gtestMain should give more helpful output
- JDK-8303861: Error handling step timeouts should never be
blocked by OnError and others
- JDK-8303937: Corrupted heap dumps due to missing retries for
os::write()
- JDK-8304134: jib bootstrapper fails to quote filename when
checking download filetype
- JDK-8304291: [AIX] Broken build after JDK-8301998
- JDK-8304295: harfbuzz build fails with GCC 7 after JDK-8301998
- JDK-8304350: Font.getStringBounds calculates wrong width for
TextAttribute.TRACKING other than 0.0
- JDK-8304760: Add 2 Microsoft TLS roots
- JDK-8305113: (tz) Update Timezone Data to 2023c
- JDK-8305400: ISO 4217 Amendment 175 Update
- JDK-8305528: [11u] Backport of JDK-8259530 breaks build with
JDK10 bootstrap VM
- JDK-8305682: Update the javadoc in the Character class to
state support for GB 18030-2022 Implementation Level 2
- JDK-8305711: Arm: C2 always enters slowpath for monitorexit
- JDK-8305721: add `make compile-commands` artifacts to
.gitignore
- JDK-8305975: Add TWCA Global Root CA
- JDK-8306543: GHA: MSVC installation is failing
- JDK-8306658: GHA: MSVC installation could be optional since
it might already be pre-installed
- JDK-8306664: GHA: Update MSVC version to latest stepping
- JDK-8306768: CodeCache Analytics reports wrong threshold
- JDK-8306976: UTIL_REQUIRE_SPECIAL warning on grep
- JDK-8307134: Add GTS root CAs
- JDK-8307811: [TEST] compilation of TimeoutInErrorHandlingTest
fails after backport of JDK-8303861
- JDK-8308006: Missing NMT memory tagging in CMS
- JDK-8308884: [17u/11u] Backout JDK-8297951
- JDK-8309476: [11u] tools/jmod/hashes/HashesOrderTest.java
fails intermittently
- JDK-8311465: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.20
ImportantSUSE bug 1207922SUSE bug 1213473SUSE bug 1213474SUSE bug 1213475SUSE bug 1213479SUSE bug 1213481SUSE bug 1213482CVE-2023-22006 at SUSECVE-2023-22006 at NVDCVE-2023-22036 at SUSECVE-2023-22036 at NVDCVE-2023-22041 at SUSECVE-2023-22041 at NVDCVE-2023-22044 at SUSECVE-2023-22044 at NVDCVE-2023-22045 at SUSECVE-2023-22045 at NVDCVE-2023-22049 at SUSECVE-2023-22049 at NVDCVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware (Moderate)openSUSE Leap 15.5
This update for kernel-firmware fixes the following issues:
- CVE-2023-20569: Fixed AMD 19h ucode to mitigate a side channel vulnerability in some of the AMD CPUs. (bsc#1213287)
ModerateSUSE bug 1213287CVE-2023-20569 at SUSECVE-2023-20569 at NVDcpe:/o:opensuse:leap:15.5Security update for libyajl (Moderate)openSUSE Leap 15.5
This update for libyajl fixes the following issues:
- CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928).
ModerateSUSE bug 1212928CVE-2023-33460 at SUSECVE-2023-33460 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-2430: Fixed amissing lock for IOPOLL in io_cqring_event_overflow() in io_uring.c that could allow a privileged user to cause a denial of service (bsc#1211014).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3212: Fixed a NULL pointer dereference flaw in the gfs2 file system (bsc#1212265).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3389: Fixed a use-after-free vulnerability in the io_uring subsystem (bsc#1212838).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-38409: Fixed a use-after-free in drivers/video/fbdev/core/fbcon.c (bsc#1213417).
- CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC (bsc#1213601).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- acpi/iort: remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes).
- acpi: cppc: add acpi disabled check to acpi_cpc_valid() (bsc#1212445).
- acpi: cppc: add definition for undefined fadt preferred pm profile value (bsc#1212445).
- acpi: fix suspend with xen pv (git-fixes).
- acpi: utils: fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- add module_firmware() for firmware_tg357766 (git-fixes).
- adreno: shutdown the gpu properly (git-fixes).
- afs: adjust ack interpretation to try and cope with nat (git-fixes).
- afs: fix access after dec in put functions (git-fixes).
- afs: fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: fix dynamic root getattr (git-fixes).
- afs: fix fileserver probe rtt handling (git-fixes).
- afs: fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: fix lost servers_outstanding count (git-fixes).
- afs: fix server->active leak in afs_put_server (git-fixes).
- afs: fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: fix updating of i_size with dv jump from server (git-fixes).
- afs: fix vlserver probe rtt handling (git-fixes).
- afs: return -eagain, not -eremoteio, when a file already locked (git-fixes).
- afs: use refcount_t rather than atomic_t (git-fixes).
- afs: use the operation issue time instead of the reply time for callbacks (git-fixes).
- alsa: ac97: fix possible null dereference in snd_ac97_mixer (git-fixes).
- alsa: emu10k1: roll up loops in dsp setup code for audigy (git-fixes).
- alsa: fireface: make read-only const array for model names static (git-fixes).
- alsa: hda/realtek - remove 3k pull low procedure (git-fixes).
- alsa: hda/realtek: add quirk for asus rog g614jx (git-fixes).
- alsa: hda/realtek: add quirk for asus rog ga402x (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gx650p (git-fixes).
- alsa: hda/realtek: add quirk for asus rog gz301v (git-fixes).
- alsa: hda/realtek: add quirk for clevo npx0snx (git-fixes).
- alsa: hda/realtek: add quirk for clevo ns70au (git-fixes).
- alsa: hda/realtek: add quirks for rog ally cs35l41 audio (git-fixes).
- alsa: hda/realtek: add quirks for unis h3c desktop b760 & q760 (git-fixes).
- alsa: hda/realtek: add support for dell oasis 13/14/16 laptops (git-fixes).
- alsa: hda/realtek: amend g634 quirk to enable rear speakers (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 15s-eq2xxx (git-fixes).
- alsa: hda/realtek: enable mute/micmute leds and limit mic boost on elitebook (git-fixes).
- alsa: hda/realtek: fix generic fixup definition for cs35l41 amp (git-fixes).
- alsa: hda/realtek: support asus g713pv laptop (git-fixes).
- alsa: hda/realtek: whitespace fix (git-fixes).
- alsa: hda/relatek: enable mute led on hp 250 g8 (git-fixes).
- alsa: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() (git-fixes).
- alsa: hda: lnl: add hd audio pci id (git-fixes).
- alsa: jack: fix mutex call in snd_jack_report() (git-fixes).
- alsa: oxfw: make read-only const array models static (git-fixes).
- alsa: pcm: fix potential data race at pcm memory allocation helpers (git-fixes).
- alsa: usb-audio: add fixed_rate quirk for jbl quantum610 wireless (git-fixes).
- alsa: usb-audio: add new quirk fixed_rate for jbl quantum810 wireless (git-fixes).
- alsa: usb-audio: add quirk for microsoft modern wireless headset (bsc#1207129).
- alsa: usb-audio: always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes).
- alsa: usb-audio: apply mutex around snd_usb_endpoint_set_params() (git-fixes).
- alsa: usb-audio: avoid superfluous endpoint setup (git-fixes).
- alsa: usb-audio: avoid unnecessary interface change at ep close (git-fixes).
- alsa: usb-audio: clear fixed clock rate at closing ep (git-fixes).
- alsa: usb-audio: correct the return code from snd_usb_endpoint_set_params() (git-fixes).
- alsa: usb-audio: drop superfluous interface setup at parsing (git-fixes).
- alsa: usb-audio: fix possible null pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes).
- alsa: usb-audio: fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes).
- alsa: usb-audio: more refactoring of hw constraint rules (git-fixes).
- alsa: usb-audio: properly refcounting clock rate (git-fixes).
- alsa: usb-audio: rate limit usb_set_interface error reporting (git-fixes).
- alsa: usb-audio: refcount multiple accesses on the single clock (git-fixes).
- alsa: usb-audio: split endpoint setups for hw_params and prepare (take#2) (git-fixes).
- alsa: usb-audio: update for native dsd support quirks (git-fixes).
- alsa: usb-audio: use atomic_try_cmpxchg in ep_state_update (git-fixes).
- alsa: usb-audio: workaround for xrun at prepare (git-fixes).
- amd-pstate: fix amd_pstate mode switch (git-fixes).
- amdgpu: validate offset_in_bo of drm_amdgpu_gem_va (git-fixes).
- apparmor: fix missing error check for rhashtable_insert_fast (git-fixes).
- arm64/mm: mark private vm_fault_x defines as vm_fault_t (git-fixes)
- arm64: add missing set/way cmo encodings (git-fixes).
- arm64: dts: microchip: sparx5: do not use psci on reference boards (git-fixes)
- arm64: vdso: pass (void *) to virt_to_page() (git-fixes)
- arm64: xor-neon: mark xor_arm64_neon_*() static (git-fixes)
- arm: dts: fix erroneous ads touchscreen polarities (git-fixes).
- asoc: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes).
- asoc: atmel: fix the 8k sample parameter in i2sc master (git-fixes).
- asoc: codecs: es8316: fix dmic config (git-fixes).
- asoc: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- asoc: codecs: wcd938x: fix codec initialisation race (git-fixes).
- asoc: codecs: wcd938x: fix db range for hphl and hphr (git-fixes).
- asoc: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- asoc: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- asoc: da7219: check for failure reading aad irq events (git-fixes).
- asoc: da7219: flush pending aad irq when suspending (git-fixes).
- asoc: es8316: do not set rate constraints for unsupported mclks (git-fixes).
- asoc: es8316: increment max value for alc capture target volume control (git-fixes).
- asoc: fsl_sai: disable bit clock with transmitter (git-fixes).
- asoc: fsl_spdif: silence output on stop (git-fixes).
- asoc: imx-audmix: check return value of devm_kasprintf() (git-fixes).
- asoc: intel: sof_sdw: remove sof_sdw_tgl_hdmi for meteorlake devices (git-fixes).
- asoc: mediatek: mt8173: fix irq error path (git-fixes).
- asoc: nau8824: add quirk to active-high jack-detect (git-fixes).
- asoc: rt5640: fix sleep in atomic context (git-fixes).
- asoc: rt5682-sdw: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711-sdca: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: rt711: fix for jd event handling in clockstop mode0 (git-fixes).
- asoc: simple-card: add missing of_node_put() in case of error (git-fixes).
- asoc: sof: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes).
- asoc: sof: topology: fix logic for copying tuples (git-fixes).
- asoc: tegra: fix adx byte map (git-fixes).
- asoc: tegra: fix amx byte map (git-fixes).
- asoc: wm8904: fill the cache for wm8904_adc_test_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- block: fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- bluetooth: fix invalid-bdaddr quirk for non-persistent setup (git-fixes).
- bluetooth: fix use-bdaddr-property quirk (git-fixes).
- bluetooth: hci_bcm: do not mark valid bd_addr as invalid (git-fixes).
- bluetooth: hci_event: call disconnect callback before deleting conn (git-fixes).
- bluetooth: hci_sync: avoid use-after-free in dbg for hci_remove_adv_monitor() (git-fixes).
- bluetooth: iso: consider right cis when removing cig at cleanup (git-fixes).
- bluetooth: iso: fix cig auto-allocation to select configurable cig (git-fixes).
- bluetooth: iso: fix iso_conn related locking and validity issues (git-fixes).
- bluetooth: iso: use hci_sync for setting cig parameters (git-fixes).
- bluetooth: use rcu for hci_conn_params and iterate safely in hci_sync (git-fixes).
- bonding: fix negative jump label count on nested bonding (bsc#1212685).
- bus: fsl-mc: fsl-mc-allocator: drop a write-only variable (git-fixes).
- bus: mhi: add new interfaces to handle mhi channels directly (bsc#1207948).
- bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948).
- bus: ti-sysc: fix dispc quirk masking bool variables (git-fixes).
- can: bcm: fix uaf in bcm_proc_show() (git-fixes).
- can: gs_usb: gs_can_close(): add missing set of can state to can_state_stopped (git-fixes).
- can: isotp: isotp_sendmsg(): fix return error fix on tx path (git-fixes).
- can: kvaser_pciefd: remove handler for unused kvaser_pciefd_pack_type_eframe_ack (git-fixes).
- can: kvaser_pciefd: remove useless write to interrupt register (git-fixes).
- can: length: fix bitstuffing count (git-fixes).
- can: length: fix description of the rrs field (git-fixes).
- can: length: make header self contained (git-fixes).
- ceph: add a dedicated private data for netfs rreq (bsc#1213205).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- ceph: fix blindly expanding the readahead windows (bsc#1213206).
- cifs: add a warning when the in-flight count goes negative (bsc#1193629).
- cifs: address unused variable warning (bsc#1193629).
- cifs: do all necessary checks for credits within or before locking (bsc#1193629).
- cifs: fix lease break oops in xfstest generic/098 (bsc#1193629).
- cifs: fix max_credits implementation (bsc#1193629).
- cifs: fix session state check in reconnect to avoid use-after-free issue (bsc#1193629).
- cifs: fix session state check in smb2_find_smb_ses (bsc#1193629).
- cifs: fix session state transition to avoid use-after-free issue (bsc#1193629).
- cifs: fix sockaddr comparison in iface_cmp (bsc#1193629).
- cifs: fix status checks in cifs_tree_connect (bsc#1193629).
- cifs: log session id when a matching ses is not found (bsc#1193629).
- cifs: new dynamic tracepoint to track ses not found errors (bsc#1193629).
- cifs: prevent use-after-free by freeing the cfile later (bsc#1193629).
- cifs: print all credit counters in debugdata (bsc#1193629).
- cifs: print client_guid in debugdata (bsc#1193629).
- cifs: print more detail when invalidate_inode_mapping fails (bsc#1193629).
- cifs: print nosharesock value while dumping mount options (bsc#1193629).
- clk: cdce925: check return value of kasprintf() (git-fixes).
- clk: fix memory leak in devm_clk_notifier_register() (git-fixes).
- clk: imx: clk-imx8mn: fix memory leak in imx8mn_clocks_probe (git-fixes).
- clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() (git-fixes).
- clk: imx: scu: use _safe list iterator to avoid a use after free (git-fixes).
- clk: keystone: sci-clk: check return value of kasprintf() (git-fixes).
- clk: qcom: camcc-sc7180: add parent dependency to all camera gdscs (git-fixes).
- clk: qcom: gcc-ipq6018: use floor ops for sdcc clocks (git-fixes).
- clk: samsung: add exynos4212 compatible to clkout driver (git-fixes).
- clk: si5341: check return value of {devm_}kasprintf() (git-fixes).
- clk: si5341: free unused memory on probe failure (git-fixes).
- clk: si5341: return error if one synth clock registration fails (git-fixes).
- clk: tegra: tegra124-emc: fix potential memory leak (git-fixes).
- clk: ti: clkctrl: check return value of kasprintf() (git-fixes).
- clk: vc5: check memory returned by kasprintf() (git-fixes).
- coda: avoid partial allocation of sig_inputargs (git-fixes).
- codel: fix kernel-doc notation warnings (git-fixes).
- cpufreq: amd-pstate: add ->fast_switch() callback (bsc#1212445).
- cpufreq: amd-pstate: add amd p-state frequencies attributes (bsc#1212445).
- cpufreq: amd-pstate: add amd p-state performance attributes (bsc#1212445).
- cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445).
- cpufreq: amd-pstate: add boost mode support for amd p-state (bsc#1212445).
- cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
- cpufreq: amd-pstate: add fast switch function for amd p-state (bsc#1212445).
- cpufreq: amd-pstate: add guided autonomous mode (bsc#1212445).
- cpufreq: amd-pstate: add guided mode control support via sysfs (bsc#1212445).
- cpufreq: amd-pstate: add more tracepoint for amd p-state module (bsc#1212445).
- cpufreq: amd-pstate: add resume and suspend callbacks (bsc#1212445).
- cpufreq: amd-pstate: add trace for amd p-state module (bsc#1212445).
- cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
- cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445).
- cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
- cpufreq: amd-pstate: cpufreq: amd-pstate: reset msr_amd_perf_ctl register at init (bsc#1212445).
- cpufreq: amd-pstate: expose struct amd_cpudata (bsc#1212445).
- cpufreq: amd-pstate: fix initial highest_perf value (bsc#1212445).
- cpufreq: amd-pstate: fix invalid write to msr_amd_cppc_req (bsc#1212445).
- cpufreq: amd-pstate: fix kconfig dependencies for amd p-state (bsc#1212445).
- cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445).
- cpufreq: amd-pstate: fix struct amd_cpudata kernel-doc comment (bsc#1212445).
- cpufreq: amd-pstate: fix white-space (bsc#1212445).
- cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445).
- cpufreq: amd-pstate: implement pstate epp support for the amd processors (bsc#1212445).
- cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
- cpufreq: amd-pstate: introduce a new amd p-state driver to support future processors (bsc#1212445).
- cpufreq: amd-pstate: introduce the support for the processors with shared memory solution (bsc#1212445).
- cpufreq: amd-pstate: let user know amd-pstate is disabled (bsc#1212445).
- cpufreq: amd-pstate: make amd-pstate epp driver name hyphenated (bsc#1212445).
- cpufreq: amd-pstate: make varaiable mode_state_machine static (bsc#1212445).
- cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445).
- cpufreq: amd-pstate: remove fast_switch_possible flag from active driver (bsc#1212445).
- cpufreq: amd-pstate: remove module_license in non-modules (bsc#1212445).
- cpufreq: amd-pstate: set a fallback policy based on preferred_profile (bsc#1212445).
- cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
- cpufreq: amd-pstate: update policy->cur in amd_pstate_adjust_perf() (bsc#1212445).
- cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445).
- cpufreq: amd-pstate: write cppc enable bit per-socket (bsc#1212445).
- cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
- cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445).
- cpufreq: tegra194: fix module loading (git-fixes).
- crypto: kpp - add helper to set reqsize (git-fixes).
- crypto: marvell/cesa - fix type mismatch warning (git-fixes).
- crypto: nx - fix build warnings when debug_fs is not enabled (git-fixes).
- crypto: qat - use helper to set reqsize (git-fixes).
- delete suse/memcg-drop-kmem-limit_in_bytes. drop the patch in order to fix bsc#1213705.
- devlink: fix kernel-doc notation warnings (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- dma-buf/dma-resv: stop leaking on krealloc() failure (git-fixes).
- docs: networking: update codeaurora references for rmnet (git-fixes).
- documentation: abi: sysfs-class-net-qmi: pass_through contact update (git-fixes).
- documentation: bonding: fix the doc of peer_notif_delay (git-fixes).
- documentation: cpufreq: amd-pstate: move amd_pstate param to alphabetical order (bsc#1212445).
- documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- documentation: timers: hrtimers: make hybrid union historical (git-fixes).
- drivers: meson: secure-pwrc: always enable dma domain (git-fixes).
- drm/amd/amdgpu: introduce gc_*_mes_2.bin v2 (git-fixes).
- drm/amd/amdgpu: limit one queue per gang (git-fixes).
- drm/amd/amdgpu: update mes11 api def (git-fixes).
- drm/amd/display (gcc13): fix enum mismatch (git-fixes).
- drm/amd/display: add a null pointer check (bsc#1212848, bsc#1212961).
- drm/amd/display: add debug option to skip psr crtc disable (git-fixes).
- drm/amd/display: add logging for display mall refresh setting (git-fixes).
- drm/amd/display: add minimal pipe split transition state (git-fixes).
- drm/amd/display: add minimum z8 residency debug option (git-fixes).
- drm/amd/display: add missing wa and mclk validation (git-fixes).
- drm/amd/display: add monitor specific edid quirk (git-fixes).
- drm/amd/display: add polling method to handle mst reply packet (bsc#1213578).
- drm/amd/display: add wrapper to call planes and stream update (git-fixes).
- drm/amd/display: add z8 allow states to z-state support list (git-fixes).
- drm/amd/display: change default z8 watermark values (git-fixes).
- drm/amd/display: check tg is non-null before checking if enabled (git-fixes).
- drm/amd/display: correct `dmub_fw_version` macro (git-fixes).
- drm/amd/display: correct dml calculation to align hw formula (git-fixes).
- drm/amd/display: correct dml calculation to follow hw spec (git-fixes).
- drm/amd/display: disable mpc split by default on special asic (git-fixes).
- drm/amd/display: disable seamless boot if force_odm_combine is enabled (bsc#1212848, bsc#1212961).
- drm/amd/display: do not update drr while bw optimizations pending (git-fixes).
- drm/amd/display: drop redundant memset() in get_available_dsc_slices() (git-fixes).
- drm/amd/display: enable hostvm based on riommu active (git-fixes).
- drm/amd/display: enforce 60us prefetch for 200mhz dcfclk modes (git-fixes).
- drm/amd/display: ensure vmin and vmax adjust for dce (git-fixes).
- drm/amd/display: explicitly specify update type per plane info change (git-fixes).
- drm/amd/display: filter out invalid bits in pipe_fuses (git-fixes).
- drm/amd/display: fix 4to1 mpc black screen with dpp rco (git-fixes).
- drm/amd/display: fix a divided-by-zero error (git-fixes).
- drm/amd/display: fix a test calculateprefetchschedule() (git-fixes).
- drm/amd/display: fix a test dml32_rq_dlg_get_rq_reg() (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix artifacting on edp panels when engaging freesync video mode (git-fixes).
- drm/amd/display: fix psr-su/dsc interoperability support (git-fixes).
- drm/amd/display: fix seamless odm transitions (git-fixes).
- drm/amd/display: fix the system hang while disable psr (git-fixes).
- drm/amd/display: fix z8 support configurations (git-fixes).
- drm/amd/display: fixed dcn30+ underflow issue (git-fixes).
- drm/amd/display: have payload properly created after resume (git-fixes).
- drm/amd/display: keep phy active for dp displays on dcn31 (git-fixes).
- drm/amd/display: limit timing for single dimm memory (git-fixes).
- drm/amd/display: lowering min z8 residency time (git-fixes).
- drm/amd/display: only update link settings after successful mst link train (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: populate subvp cmd info only for the top pipe (git-fixes).
- drm/amd/display: reduce sdp bw after urgent to 90% (git-fixes).
- drm/amd/display: refactor edp psr codes (git-fixes).
- drm/amd/display: remove fpu guards from the dml folder (git-fixes).
- drm/amd/display: remove optimization for vrr updates (git-fixes).
- drm/amd/display: remove phantom pipe check when calculating k1 and k2 (git-fixes).
- drm/amd/display: remove stutter only configurations (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: set dcn315 lb bpp to 48 (git-fixes).
- drm/amd/display: unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes).
- drm/amd/display: update minimum stutter residency for dcn314 z8 (git-fixes).
- drm/amd/display: update z8 sr exit/enter latencies (git-fixes).
- drm/amd/display: update z8 watermarks for dcn314 (git-fixes).
- drm/amd/display: use dc_update_planes_and_stream (git-fixes).
- drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
- drm/amd/pm: add missing notifypowersource message mapping for smu13.0.7 (git-fixes).
- drm/amd/pm: avoid potential ubsan issue on legacy asics (git-fixes).
- drm/amd/pm: conditionally disable pcie lane switching for some sienna_cichlid skus (git-fixes).
- drm/amd/pm: conditionally disable pcie lane/speed switching for smu13 (git-fixes).
- drm/amd/pm: fix possible power mode mismatch between driver and pmfw (git-fixes).
- drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
- drm/amd/pm: resolve reboot exception for si oland (git-fixes).
- drm/amd/pm: reverse mclk and fclk clocks levels for smu v13.0.4 (git-fixes).
- drm/amd/pm: reverse mclk clocks levels for smu v13.0.5 (git-fixes).
- drm/amd/pm: revise the aspm settings for thunderbolt attached scenario (bsc#1212848, bsc#1212961).
- drm/amd/pm: share the code around smu13 pcie parameters update (git-fixes).
- drm/amd/pm: update the lc_l1_inactivity setting to address possible noise issue (bsc#1212848, bsc#1212961).
- drm/amd/pm: workaround for compute workload type on some skus (git-fixes).
- drm/amd: add a new helper for loading/validating microcode (git-fixes).
- drm/amd: disable psr-su on parade 0803 tcon (bsc#1212848, bsc#1212961).
- drm/amd: do not allow s0ix on apus older than raven (git-fixes).
- drm/amd: do not try to enable secure display ta multiple times (bsc#1212848, bsc#1212961).
- drm/amd: fix an error handling mistake in psp_sw_init() (git-fixes).
- drm/amd: load mes microcode during early_init (git-fixes).
- drm/amd: use `amdgpu_ucode_*` helpers for mes (git-fixes).
- drm/amdgpu/gfx11: adjust gfxoff before powergating on gfx11 as well (git-fixes).
- drm/amdgpu/gfx11: update gpu_clock_counter logic (git-fixes).
- drm/amdgpu/gfx: set cg flags to enter/exit safe mode (git-fixes).
- drm/amdgpu/gmc11: implement get_vbios_fb_size() (git-fixes).
- drm/amdgpu/jpeg: remove harvest checking for jpeg3 (git-fixes).
- drm/amdgpu/mes11: enable reg active poll (git-fixes).
- drm/amdgpu/vcn: disable indirect sram on vangogh broken bioses (git-fixes).
- drm/amdgpu/vkms: relax timer deactivation by hrtimer_try_to_cancel (git-fixes).
- drm/amdgpu: add mes resume when do gfx post soft reset (git-fixes).
- drm/amdgpu: add the fan abnormal detection feature (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: change reserved vram info print (git-fixes).
- drm/amdgpu: declare firmware for new mes 11.0.4 (git-fixes).
- drm/amdgpu: do not set struct drm_driver.output_poll_changed (git-fixes).
- drm/amdgpu: enable tmz by default for gc 11.0.1 (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v10_0_hw_fini (git-fixes).
- drm/amdgpu: fix amdgpu_irq_put call trace in gmc_v11_0_hw_fini (git-fixes).
- drm/amdgpu: fix an amdgpu_irq_put() issue in gmc_v9_0_hw_fini() (git-fixes).
- drm/amdgpu: fix clearing mappings for bos that are always valid in vm (bsc#1212848, bsc#1212961).
- drm/amdgpu: fix clearing mappings for bos that are always valid in vm (git-fixes).
- drm/amdgpu: fix desktop freezed after gpu-reset (git-fixes).
- drm/amdgpu: fix memcpy() in sienna_cichlid_append_powerplay_table function (git-fixes).
- drm/amdgpu: fix minmax warning (git-fixes).
- drm/amdgpu: fix number of fence calculations (bsc#1212848, bsc#1212961).
- drm/amdgpu: fix sdma v4 sw fini error (git-fixes).
- drm/amdgpu: fix usage of umc fill record in ras (git-fixes).
- drm/amdgpu: force signal hw_fences that are embedded in non-sched jobs (git-fixes).
- drm/amdgpu: refine get gpu clock counter method (git-fixes).
- drm/amdgpu: remove deprecated mes version vars (git-fixes).
- drm/amdgpu: reserve the old gc_11_0_*_mes.bin (git-fixes).
- drm/amdgpu: set gfx9 onwards apu atomics support to be true (git-fixes).
- drm/amdgpu: set vmbo destroy after pt bo is created (git-fixes).
- drm/amdgpu: validate vm ioctl flags (git-fixes).
- drm/amdgpu: vcn_4_0 set instance 0 init sched score to 1 (git-fixes).
- drm/amdkfd: fix potential deallocation of previously deallocated memory (git-fixes).
- drm/atomic: fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: anx7625: convert to i2c's .probe_new() (git-fixes).
- drm/bridge: anx7625: fix refcount bug in anx7625_parse_dt() (git-fixes).
- drm/bridge: anx7625: prevent endless probe loop (git-fixes).
- drm/bridge: it6505: move a variable assignment behind a null pointer check in receive_timing_debugfs_show() (git-fixes).
- drm/bridge: tc358767: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: tc358768: add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: always enable hs video mode (git-fixes).
- drm/bridge: tc358768: fix pll parameters computation (git-fixes).
- drm/bridge: tc358768: fix pll target frequency (git-fixes).
- drm/bridge: tc358768: fix tclk_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix tclk_zerocnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_trailcnt computation (git-fixes).
- drm/bridge: tc358768: fix ths_zerocnt computation (git-fixes).
- drm/bridge: tc358768: fix txtagocnt computation (git-fixes).
- drm/bridge: ti-sn65dsi83: fix enable error path (git-fixes).
- drm/bridge: ti-sn65dsi86: fix auxiliary bus lifetime (git-fixes).
- drm/client: fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/client: fix memory leak in drm_client_target_cloned (git-fixes).
- drm/display/dp_mst: fix payload addition on a disconnected sink (git-fixes).
- drm/display: do not block hdr_output_metadata on unknown eotf (git-fixes).
- drm/dp_mst: clear msg_rdy flag before sending new message (bsc#1213578).
- drm/drm_vma_manager: add drm_vma_node_allow_once() (git-fixes).
- drm/dsc: fix dp_dsc_max_bpp_delta_* macro values (git-fixes).
- drm/dsc: fix drm_edp_dsc_sink_output_bpp() dpcd high byte usage (git-fixes).
- drm/etnaviv: move idle mapping reaping into separate function (git-fixes).
- drm/etnaviv: reap idle mapping if it does not match the softpin address (git-fixes).
- drm/exynos: fix race condition uaf in exynos_g2d_exec_ioctl (git-fixes).
- drm/exynos: vidi: fix a wrong error return (git-fixes).
- drm/i915/dp_mst: add the mst topology state for modesetted crtcs (bsc#1213493).
- drm/i915/dpt: use shmem for dpt objects (git-fixes).
- drm/i915/fbdev: lock the fbdev obj before vma pin (git-fixes).
- drm/i915/gt: cleanup partial engine discovery failures (git-fixes).
- drm/i915/guc: add error-capture init warnings when needed (git-fixes).
- drm/i915/guc: fix missing ecodes (git-fixes).
- drm/i915/guc: limit scheduling properties to avoid overflow (git-fixes).
- drm/i915/guc: rename guc register state capture node to be more obvious (git-fixes).
- drm/i915/gvt: remove unused variable gma_bottom in command parser (git-fixes).
- drm/i915/mtl: update scaler source and destination limits for mtl (git-fixes).
- drm/i915/psr: use hw.adjusted mode when calculating io/fast wake times (git-fixes).
- drm/i915/sdvo: grab mode_config.mutex during lvds init to avoid warns (git-fixes).
- drm/i915/sseu: fix max_subslices array-index-out-of-bounds access (git-fixes).
- drm/i915/tc: fix system resume mst mode restore for dp-alt sinks (git-fixes).
- drm/i915/tc: fix tc port link ref init for dp mst during hw readout (git-fixes).
- drm/i915: allow panel fixed modes to have differing sync polarities (git-fixes).
- drm/i915: check pipe source size when using skl+ scalers (git-fixes).
- drm/i915: do not preserve dpll_hw_state for slave crtc in bigjoiner (git-fixes).
- drm/i915: do panel vbt init early if the vbt declares an explicit panel type (git-fixes).
- drm/i915: fix a memory leak with reused mmap_offset (git-fixes).
- drm/i915: fix an error handling path in igt_write_huge() (git-fixes).
- drm/i915: fix negative value passed as remaining time (git-fixes).
- drm/i915: fix one wrong caching mode enum usage (git-fixes).
- drm/i915: fix typec mode initialization during system resume (git-fixes).
- drm/i915: introduce intel_panel_init_alloc() (git-fixes).
- drm/i915: never return 0 if not all requests retired (git-fixes).
- drm/i915: populate encoder->devdata for dsi on icl+ (git-fixes).
- drm/i915: print return value on error (git-fixes).
- drm/i915: use _mmio_pipe() for skl_bottom_color (git-fixes).
- drm/meson: fix return type of meson_encoder_cvbs_mode_valid() (git-fixes).
- drm/msm/a5xx: really check for a510 in a5xx_gpu_init (git-fixes).
- drm/msm/adreno: fix runtime pm imbalance at unbind (git-fixes).
- drm/msm/adreno: fix snapshot bindless_data size (git-fixes).
- drm/msm/adreno: fix sparse warnings in a6xx code (git-fixes).
- drm/msm/adreno: simplify read64/write64 helpers (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dp: free resources after unregistering them (git-fixes).
- drm/msm/dpu: add dsc hardware blocks to register snapshot (git-fixes).
- drm/msm/dpu: assign missing writeback log_mask (git-fixes).
- drm/msm/dpu: clean up dpu_kms_get_clk_rate() returns (git-fixes).
- drm/msm/dpu: correct merge_3d length (git-fixes).
- drm/msm/dpu: do not enable color-management if dspps are not available (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: set dpu_data_hctl_en for in intf_sc7180_mask (git-fixes).
- drm/msm/dpu: set dsc flush bit correctly at mdp ctl flush register (git-fixes).
- drm/msm/dsi: do not allow enabling 14nm vco with unprogrammed rate (git-fixes).
- drm/msm/hdmi: use devres helper for runtime pm management (git-fixes).
- drm/msm: fix is_err_or_null() vs null check in a5xx_submit_in_rb() (git-fixes).
- drm/panel: boe-tv101wum-nl6: ensure dsi writes succeed during disable (git-fixes).
- drm/panel: sharp-ls043t1le01: adjust mode settings (git-fixes).
- drm/panel: simple: add connector_type for innolux_at043tn24 (git-fixes).
- drm/panel: simple: add powertip ph800480t013 drm_display_mode flags (git-fixes).
- drm/panel: simple: fix active size for ampire am-480272h3tmqw-t01h (git-fixes).
- drm/radeon: fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/radeon: fix possible division-by-zero errors (git-fixes).
- drm/radeon: fix race condition uaf in radeon_gem_set_domain_ioctl (git-fixes).
- drm/rockchip: dw_hdmi: cleanup drm encoder during unbind (git-fixes).
- drm/rockchip: vop: leave vblank enabled in self-refresh (git-fixes).
- drm/ttm: do not leak a resource on swapout move error (git-fixes).
- drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
- drm/ttm: fix warning that we shouldn't mix && and || (git-fixes).
- drm/virtio: fix memory leak in virtio_gpu_object_create() (git-fixes).
- drm/virtio: simplify error handling of virtio_gpu_object_create() (git-fixes).
- drm/vmwgfx: fix legacy display unit atomic drm support (bsc#1213632).
- drm/vmwgfx: refactor resource manager's hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: refactor resource validation hashtable to use linux/hashtable implementation (git-fixes).
- drm/vmwgfx: refactor ttm reference object hashtable to use linux/hashtable (git-fixes).
- drm/vmwgfx: remove explicit and broken vblank handling (bsc#1213632).
- drm/vmwgfx: remove rcu locks from user resources (bsc#1213632).
- drm/vmwgfx: remove ttm object hashtable (git-fixes).
- drm/vmwgfx: remove vmwgfx_hashtab (git-fixes).
- drm/vmwgfx: write the driver id registers (git-fixes).
- drm/vram-helper: fix function names in vram helper doc (git-fixes).
- drm: add fixed-point helper to get rounded integer values (git-fixes).
- drm: add missing dp dsc extended capability definitions (git-fixes).
- drm: buddy_allocator: fix buddy allocator init on 32-bit systems (git-fixes).
- drm: optimize drm buddy top-down allocation method (git-fixes).
- drm: panel-orientation-quirks: add quirk for dynabook k50 (git-fixes).
- drm: rcar-du: add quirk for h3 es1.x pclk workaround (git-fixes).
- drm: rcar-du: fix setting a reserved bit in dpllcr (git-fixes).
- drm: sun4i_tcon: use devm_clk_get_enabled in `sun4i_tcon_init_clocks` (git-fixes).
- drm: use mgr->dev in drm_dbg_kms in drm_dp_add_payload_part2 (git-fixes).
- drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777).
- dt-bindings: phy: brcm,brcmstb-usb-phy: fix error in 'compatible' conditional schema (git-fixes).
- elf: correct note name comment (git-fixes).
- enable nxp snvs rtc driver for i.mx 8mq/8mp (jsc#ped-4758)
- ext4: add ea_inode checking to ext4_iget() (bsc#1213106).
- ext4: add ext4_sb_block_valid() refactored out of ext4_inode_block_valid() (bsc#1213088).
- ext4: add lockdep annotations for i_data_sem for ea_inode's (bsc#1213109).
- ext4: add strict range checks while freeing blocks (bsc#1213089).
- ext4: avoid deadlock in fs reclaim with page writeback (bsc#1213016).
- ext4: bail out of ext4_xattr_ibody_get() fails for any reason (bsc#1213018).
- ext4: block range must be validated before use in ext4_mb_clear_bb() (bsc#1213090).
- ext4: check iomap type only if ext4_iomap_begin() does not fail (bsc#1213103).
- ext4: disallow ea_inodes with extended attributes (bsc#1213108).
- ext4: fail ext4_iget if special inode unallocated (bsc#1213010).
- ext4: fix bug_on in __es_tree_search caused by bad quota inode (bsc#1213111).
- ext4: fix data races when using cached status extents (bsc#1213102).
- ext4: fix deadlock when converting an inline directory in nojournal mode (bsc#1213105).
- ext4: fix i_disksize exceeding i_size problem in paritally written case (bsc#1213015).
- ext4: fix lockdep warning when enabling mmp (bsc#1213100).
- ext4: fix reusing stale buffer heads from last failed mounting (bsc#1213020).
- ext4: fix task hung in ext4_xattr_delete_inode (bsc#1213096).
- ext4: fix to check return value of freeze_bdev() in ext4_shutdown() (bsc#1213021).
- ext4: fix use-after-free read in ext4_find_extent for bigalloc + inline (bsc#1213098).
- ext4: fix warning in ext4_update_inline_data (bsc#1213012).
- ext4: fix warning in mb_find_extent (bsc#1213099).
- ext4: improve error handling from ext4_dirhash() (bsc#1213104).
- ext4: improve error recovery code paths in __ext4_remount() (bsc#1213017).
- ext4: move where set the may_inline_data flag is set (bsc#1213011).
- ext4: only update i_reserved_data_blocks on successful block allocation (bsc#1213019).
- ext4: refactor ext4_free_blocks() to pull out ext4_mb_clear_bb() (bsc#1213087).
- ext4: refuse to create ea block when umounted (bsc#1213093).
- ext4: set lockdep subclass for the ea_inode in ext4_xattr_inode_cache_find() (bsc#1213107).
- ext4: turn quotas off if mount failed after enabling quotas (bsc#1213110).
- ext4: update s_journal_inum if it changes after journal replay (bsc#1213094).
- ext4: use ext4_fc_tl_mem in fast-commit replay path (bsc#1213092).
- ext4: zero i_disksize when initializing the bootloader inode (bsc#1213013).
- extcon: fix kernel doc of property capability fields to avoid warnings (git-fixes).
- extcon: fix kernel doc of property fields to avoid warnings (git-fixes).
- extcon: usbc-tusb320: add usb type-c support (git-fixes).
- extcon: usbc-tusb320: call the type-c irq handler only if a port is registered (git-fixes).
- extcon: usbc-tusb320: unregister typec port on driver removal (git-fixes).
- extcon: usbc-tusb320: update state on probe even if no irq pending (git-fixes).
- fbdev: au1200fb: fix missing irq check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: removed unneeded release_mem_region (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- fbdev: omapfb: lcd_mipid: fix an error handling path in mipid_spi_probe() (git-fixes).
- file: always lock position for fmode_atomic_pos (bsc#1213759).
- firmware: stratix10-svc: fix a potential resource leak in svc_create_memory_pool() (git-fixes).
- fix documentation of panic_on_warn (git-fixes).
- fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -ebusy first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -eagain or error returns (git-fixes).
- fs: dlm: return positive pid value for f_getlk (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove warn_on() from hfsplus_cat_{read,write}_inode() (git-fixes).
- fs: jfs: check for read-only mounted filesystem in txbegin (git-fixes).
- fs: jfs: fix null-ptr-deref read in txbegin (git-fixes).
- fs: jfs: fix ubsan: array-index-out-of-bounds in dballocdmaplev (git-fixes).
- fuse: ioctl: translate enosys in outarg (bsc#1213524).
- fuse: revalidate: do not invalidate if interrupted (bsc#1213523).
- get module prefix from kmod (bsc#1212835).
- gve: set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hid: logitech-hidpp: add hidpp_quirk_delayed_init for the t651 (git-fixes).
- hid: wacom: add error check to wacom_parse_and_register() (git-fixes).
- hvcs: fix hvcs port reference counting (bsc#1213134 ltc#202861).
- hvcs: get reference to tty in remove (bsc#1213134 ltc#202861).
- hvcs: synchronize hotplug remove with port free (bsc#1213134 ltc#202861).
- hvcs: use dev_groups to manage hvcs device attributes (bsc#1213134 ltc#202861).
- hvcs: use driver groups to manage driver attributes (bsc#1213134 ltc#202861).
- hvcs: use vhangup in hotplug remove (bsc#1213134 ltc#202861).
- hwmon: (adm1275) allow setting sample averaging (git-fixes).
- hwmon: (gsc-hwmon) fix fan pwm temperature scaling (git-fixes).
- hwmon: (k10temp) enable amd3255 proc to show negative temperature (git-fixes).
- hwmon: (nct7802) fix for temp6 (peci1) processed even if peci1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) fix problems with temperature monitoring on adm1272 (git-fixes).
- hwrng: imx-rngc - fix the timeout for init and self check (git-fixes).
- hwrng: st - keep clock enabled while hwrng is registered (git-fixes).
- i2c: tegra: set acpi node as primary fwnode (bsc#1213226).
- i2c: xiic: defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: do not try to handle more interrupt events after error (git-fixes).
- iavf: check for removal state before iavf_flag_pf_comms_failed (git-fixes).
- iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes).
- iavf: fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix potential deadlock on allocation failure (git-fixes).
- iavf: fix reset task race with iavf_remove() (git-fixes).
- iavf: fix use-after-free in free_netdev (git-fixes).
- iavf: move netdev_update_features() into watchdog task (git-fixes).
- iavf: use internal state to free traffic irqs (git-fixes).
- iavf: wait for reset in callbacks which trigger it (git-fixes).
- ib/hfi1: fix wrong mmu_node used for user sdma packet after invalidate (git-fixes)
- ib/hfi1: use bitmap_zalloc() when applicable (git-fixes)
- ib/isert: fix dead lock in ib_isert (git-fixes)
- ib/isert: fix incorrect release of isert connection (git-fixes)
- ib/isert: fix possible list corruption in cma handler (git-fixes)
- ib/uverbs: fix to consider event queue closing also upon non-blocking mode (git-fixes)
- ibmvnic: do not reset dql stats on non_fatal err (bsc#1212603 ltc#202604).
- ice: fix max_rate check while configuring tx rate limits (git-fixes).
- ice: fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: handle extts in the miscellaneous interrupt thread (git-fixes).
- igc: check if hardware tx timestamping is enabled earlier (git-fixes).
- igc: enable and fix rx hash usage by netstack (git-fixes).
- igc: fix inserting of empty frame for launchtime (git-fixes).
- igc: fix kernel panic during ndo_tx_timeout callback (git-fixes).
- igc: fix launchtime before start of cycle (git-fixes).
- igc: fix race condition in ptp tx code (git-fixes).
- igc: handle pps start time programming for past time values (git-fixes).
- igc: prevent garbled tx queue with xdp zerocopy (git-fixes).
- igc: remove delay during tx ring configuration (git-fixes).
- igc: set tp bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: work around hw bug causing missing timestamps (git-fixes).
- iio: accel: fxls8962af: errata bug only applicable for fxls8962af (git-fixes).
- iio: accel: fxls8962af: fixup buffer scan element type (git-fixes).
- iio: adc: ad7192: fix internal/external clock selection (git-fixes).
- iio: adc: ad7192: fix null ad7192_state pointer access (git-fixes).
- inotify: avoid reporting event with invalid wd (bsc#1213025).
- input: adxl34x - do not hardcode interrupt trigger type (git-fixes).
- input: drv260x - fix typo in register value define (git-fixes).
- input: drv260x - remove unused .reg_defaults (git-fixes).
- input: drv260x - sleep between polling go bit (git-fixes).
- input: i8042 - add clevo pcx0dx to i8042 quirk table (git-fixes).
- input: iqs269a - do not poll during ati (git-fixes).
- input: iqs269a - do not poll during suspend or resume (git-fixes).
- input: soc_button_array - add invalid acpi_index dmi quirk handling (git-fixes).
- integrity: fix possible multiple allocation in integrity_inode_get() (git-fixes).
- io_uring: do not expose io_fill_cqe_aux() (bsc#1211014).
- irqchip/gic-v3: claim iomem resources (bsc#1213533)
- irqchip/gicv3: handle resource request failure consistently (bsc#1213533)
- irqchip/gicv3: workaround for nvidia erratum t241-fabric-4 (bsc#1213533)
- jbd2: fix data missing when reusing bh which is ready to be checkpointed (bsc#1213095).
- jdb2: do not refuse invalidation of already invalidated buffers (bsc#1213014).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: gc deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: validate db_l2nbperpage while mounting (git-fixes).
- kabi fix after restore kabi for nvidia vgpu driver (bsc#1210825).
- kabi/severities: add vas symbols changed due to recent fix vas accelerators are directly tied to the architecture, there is no reason to have out-of-tree production drivers
- kabi/severities: ignore kabi of i915 module it's exported only for its sub-module, not really used by externals
- kabi/severities: ignore kabi of vmwgfx the driver exports a function unnecessarily without used by anyone else. ignore the kabi changes.
- kabi/severities: relax kabi for ath11k local symbols (bsc#1207948)
- kabi: do not check external trampolines for signature (kabi bsc#1207894 bsc#1211243).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kselftest: vdso: fix accumulation of uninitialized ret when clock_realtime is undefined (git-fixes).
- kvm: arm64: do not read a hw interrupt pending state in user context (git-fixes)
- kvm: arm64: warn if accessing timer pending state outside of vcpu (bsc#1213620)
- kvm: do not null dereference ops->destroy (git-fixes)
- kvm: downgrade two bug_ons to warn_on_once (git-fixes)
- kvm: initialize debugfs_dentry when a vm is created to avoid null (git-fixes)
- kvm: s390: pv: fix index value of replaced asce (git-fixes bsc#1213867).
- kvm: vmx: inject #gp on encls if vcpu has paging disabled (cr0.pg==0) (git-fixes).
- kvm: vmx: inject #gp, not #ud, if sgx2 encls leafs are unsupported (git-fixes).
- kvm: vmx: restore vmx_vmexit alignment (git-fixes).
- kvm: x86: account fastpath-only vm-exits in vcpu stats (git-fixes).
- leds: trigger: netdev: recheck netdev_led_mode_linkup on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- m alsa: usb-audio: add quirk for tascam model 12 (git-fixes).
- mailbox: ti-msgmgr: fill non-message tx data fields with 0x0 (git-fixes).
- maintainers: add amd p-state driver maintainer entry (bsc#1212445).
- md: add error_handlers for raid0 and linear (bsc#1212766).
- media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() (git-fixes).
- media: cec: core: do not set last_initiator if tx in progress (git-fixes).
- media: cec: i2c: ch7322: also select regmap (git-fixes).
- media: i2c: correct format propagation for st-mipid02 (git-fixes).
- media: staging: atomisp: select v4l2_fwnode (git-fixes).
- media: usb: check az6007_read() return value (git-fixes).
- media: usb: siano: fix warning due to null work_func_t function pointer (git-fixes).
- media: venus: helpers: fix align() of non power of two (git-fixes).
- media: videodev2.h: fix struct v4l2_input tuner index comment (git-fixes).
- memcg: drop kmem.limit_in_bytes (bsc#1208788, bsc#1212905).
- memory: brcmstb_dpfe: fix testing array offset after use (git-fixes).
- meson saradc: fix clock divider mask length (git-fixes).
- mfd: intel-lpss: add missing check for platform_get_resource (git-fixes).
- mfd: pm8008: fix module autoloading (git-fixes).
- mfd: rt5033: drop rt5033-battery sub-device (git-fixes).
- mfd: stmfx: fix error path in stmfx_chip_init (git-fixes).
- mfd: stmfx: nullify stmfx->vdd in case of error (git-fixes).
- mfd: stmpe: only disable the regulators if they are enabled (git-fixes).
- mhi_power_down() kabi workaround (bsc#1207948).
- misc: fastrpc: create fastrpc scalar with correct buffer count (git-fixes).
- misc: pci_endpoint_test: free irqs before removing the device (git-fixes).
- misc: pci_endpoint_test: re-init completion for every test (git-fixes).
- mmc: core: disable trim on kingston emmc04g-m627 (git-fixes).
- mmc: mmci: set probe_prefer_asynchronous (git-fixes).
- mmc: sdhci-msm: disable broken 64-bit dma on msm8916 (git-fixes).
- mmc: sdhci: fix dma configure compatibility issue when 64bit dma mode is used (git-fixes).
- mtd: rawnand: meson: fix unaligned dma buffers handling (git-fixes).
- net/mlx5: add ifc bits for bypassing port select flow table (git-fixes)
- net/mlx5: dr, support sw created encap actions for fw table (git-fixes).
- net/mlx5e: check for not_ready flag state after locking (git-fixes).
- net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
- net/mlx5e: xdp, allow growing tail for xdp multi buffer (git-fixes).
- net/mlx5e: xsk: set napi_id to support busy polling on xsk rq (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for mtu (bsc#1213585).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: add support for vlan tagging (bsc#1212301).
- net: mana: batch ringing rx queue doorbell on receiving packets (bsc#1212901).
- net: mana: use the correct wqe count for ringing rq doorbell (bsc#1212901).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net: phy: prevent stale pointer dereference in phy_init() (git-fixes).
- net: qrtr: fix an uninit variable access bug in qrtr_tx_resume() (git-fixes).
- net: qrtr: start mhi channel after endpoit creation (git-fixes).
- nfcsim.c: fix error checking for debugfs_create_dir (git-fixes).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: fix sparse warning (git-fixes).
- nfsd: remove open coding of string copy (git-fixes).
- nfsv4.1: always send a reclaim_complete after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving nfs4err_badsession (git-fixes).
- nilfs2: fix buffer corruption due to concurrent device reads (git-fixes).
- nilfs2: reject devices with insufficient block count (git-fixes).
- ntb: amd: fix error handling in amd_ntb_pci_driver_init() (git-fixes).
- ntb: idt: fix error handling in idt_pci_driver_init() (git-fixes).
- ntb: intel: fix error handling in intel_ntb_pci_driver_init() (git-fixes).
- ntb: ntb_tool: add check for devm_kcalloc (git-fixes).
- ntb: ntb_transport: fix possible memory leak while device_register() fails (git-fixes).
- nvme-core: fix dev_pm_qos memleak (git-fixes).
- nvme-core: fix memory leak in dhchap_ctrl_secret (git-fixes).
- nvme-core: fix memory leak in dhchap_secret_store (git-fixes).
- nvme-multipath: support io stats on the mpath device (bsc#1210565).
- nvme-pci: add quirk for missing secondary temperature thresholds (git-fixes).
- nvme-pci: fix dma direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- nvme: do not reject probe due to duplicate ids for single-ported pcie devices (git-fixes).
- nvme: double ka polling frequency to avoid kato with tbkas on (git-fixes).
- nvme: fix the nvme_id_ns_nvm_sts_mask definition (git-fixes).
- nvme: introduce nvme_start_request (bsc#1210565).
- ocfs2: check new file size on fallocate call (git-fixes).
- ocfs2: fix defrag path triggering jbd2 assert (git-fixes).
- ocfs2: fix freeing uninitialized resource on ocfs2_dlm_shutdown (git-fixes).
- ocfs2: fix non-auto defrag path not working issue (git-fixes).
- ocfs2: fix use-after-free when unmounting read-only filesystem (git-fixes).
- ocfs2: switch to security_inode_init_security() (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: add additional check for mcam rules (git-fixes).
- opp: fix use-after-free in lazy_opp_tables after probe deferral (git-fixes).
- pci/aspm: disable aspm on mfd function removal to avoid use-after-free (git-fixes).
- pci/pm: avoid putting elopos e2/s2/h2 pcie ports in d3cold (git-fixes).
- pci: add function 1 dma alias quirk for marvell 88se9235 (git-fixes).
- pci: add pci_clear_master() stub for non-config_pci (git-fixes).
- pci: cadence: fix gen2 link retraining process (git-fixes).
- pci: endpoint: add missing documentation about the msi/msi-x range (git-fixes).
- pci: ftpci100: release the clock resources (git-fixes).
- pci: pciehp: cancel bringup sequence if card is not present (git-fixes).
- pci: qcom: disable write access to read only registers for ip v2.3.3 (git-fixes).
- pci: release resource invalidated by coalescing (git-fixes).
- pci: rockchip: add poll and timeout to wait for phy plls to be locked (git-fixes).
- pci: rockchip: assert pci configuration enable bit after probe (git-fixes).
- pci: rockchip: fix legacy irq generation for rk3399 pcie endpoint core (git-fixes).
- pci: rockchip: set address alignment for endpoint mode (git-fixes).
- pci: rockchip: use u32 variable to access 32-bit registers (git-fixes).
- pci: rockchip: write pci device id to correct register (git-fixes).
- pci: s390: fix use-after-free of pci resources with per-function hotplug (bsc#1212525).
- pci: vmd: fix uninitialized variable usage in vmd_enable_domain() (git-fixes).
- pci: vmd: reset vmd config register between soft reboots (git-fixes).
- perf/x86/amd/core: always clear status for idx (bsc#1213233).
- phy: hisilicon: fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- phy: revert 'phy: remove soc_exynos4212 dep. from phy_exynos4x12_usb' (git-fixes).
- phy: tegra: xusb: check return value of devm_kzalloc() (git-fixes).
- phy: tegra: xusb: clear the driver reference in usb-phy dev (git-fixes).
- pie: fix kernel-doc notation warning (git-fixes).
- pinctrl: amd: detect internal gpio0 debounce handling (git-fixes).
- pinctrl: amd: do not show `invalid config param` errors (git-fixes).
- pinctrl: amd: fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: only use special debounce behavior for gpio 0 (git-fixes).
- pinctrl: amd: use amd_pinconf_set() for all config options (git-fixes).
- pinctrl: at91-pio4: check return value of devm_kasprintf() (git-fixes).
- pinctrl: cherryview: return correct value if pin in push-pull mode (git-fixes).
- pinctrl: microchip-sgpio: check return value of devm_kasprintf() (git-fixes).
- platform/x86: msi-laptop: fix rfkill out-of-sync on msi wind u100 (git-fixes).
- platform/x86: think-lmi: correct nvme password handling (git-fixes).
- platform/x86: think-lmi: correct system password interface (git-fixes).
- platform/x86: think-lmi: mutex protection around multiple wmi calls (git-fixes).
- platform/x86: thinkpad_acpi: fix lkp-tests warnings for platform profiles (git-fixes).
- powerpc/64: only warn if __pa()/__va() called with bad addresses (bsc#1194869).
- powerpc/64s: fix vas mm use after free (bsc#1194869).
- powerpc/book3s64/mm: fix directmap stats in /proc/meminfo (bsc#1194869).
- powerpc/bpf: fix use of user_pt_regs in uapi (bsc#1194869).
- powerpc/ftrace: remove ftrace init tramp once kernel init is complete (bsc#1194869).
- powerpc/interrupt: do not read msr from interrupt_exit_kernel_prepare() (bsc#1194869).
- powerpc/mm/dax: fix the condition when checking if altmap vmemap can cross-boundary (bsc#1150305 ltc#176097 git-fixes).
- powerpc/mm: switch obsolete dssall to .long (bsc#1194869).
- powerpc/powernv/sriov: perform null check on iov before dereferencing iov (bsc#1194869).
- powerpc/powernv/vas: assign real address to rx_fifo in vas_rx_win_attr (bsc#1194869).
- powerpc/prom_init: fix kernel config grep (bsc#1194869).
- powerpc/pseries/vas: hold mmap_mutex after mmap lock during window close (jsc#ped-542 git-fixes).
- powerpc/secvar: fix refcount leak in format_show() (bsc#1194869).
- powerpc/xics: fix refcount leak in icp_opal_init() (bsc#1194869).
- powerpc: clean vdso32 and vdso64 directories (bsc#1194869).
- powerpc: define get_cycles macro for arch-override (bsc#1194869).
- powerpc: update ppc_save_regs to save current r1 in pt_regs (bsc#1194869).
- pstore/ram: add check for kstrdup (git-fixes).
- pwm: ab8500: fix error code in probe() (git-fixes).
- pwm: imx-tpm: force 'real_period' to be zero in suspend (git-fixes).
- pwm: sysfs: do not apply state to already disabled pwms (git-fixes).
- radeon: avoid double free in ci_dpm_init() (git-fixes).
- rdma/bnxt_re: avoid calling wake_up threads from spin_lock context (git-fixes)
- rdma/bnxt_re: disable/kill tasklet only if it is enabled (git-fixes)
- rdma/bnxt_re: fix hang during driver unload (git-fixes)
- rdma/bnxt_re: fix to remove an unnecessary log (git-fixes)
- rdma/bnxt_re: fix to remove unnecessary return labels (git-fixes)
- rdma/bnxt_re: prevent handling any completions after qp destroy (git-fixes)
- rdma/bnxt_re: remove a redundant check inside bnxt_re_update_gid (git-fixes)
- rdma/bnxt_re: remove unnecessary checks (git-fixes)
- rdma/bnxt_re: return directly without goto jumps (git-fixes)
- rdma/bnxt_re: use unique names while registering interrupts (git-fixes)
- rdma/bnxt_re: wraparound mbox producer index (git-fixes)
- rdma/cma: always set static rate to 0 for roce (git-fixes)
- rdma/core: update cma destination address on rdma_resolve_addr (git-fixes)
- rdma/hns: fix hns_roce_table_get return value (git-fixes)
- rdma/irdma: add missing read barriers (git-fixes)
- rdma/irdma: avoid fortify-string warning in irdma_clr_wqes (git-fixes)
- rdma/irdma: fix data race on cqp completion stats (git-fixes)
- rdma/irdma: fix data race on cqp request done (git-fixes)
- rdma/irdma: fix op_type reporting in cqes (git-fixes)
- rdma/irdma: report correct wc error (git-fixes)
- rdma/mlx4: make check for invalid flags stricter (git-fixes)
- rdma/mlx5: create an indirect flow table for steering anchor (git-fixes)
- rdma/mlx5: do not set tx affinity when lag is in hash mode (git-fixes)
- rdma/mlx5: fix affinity assignment (git-fixes)
- rdma/mlx5: initiate dropless rq for raw ethernet functions (git-fixes)
- rdma/mthca: fix crash when polling cq for shared qps (git-fixes)
- rdma/rtrs: fix rxe_dealloc_pd warning (git-fixes)
- rdma/rtrs: fix the last iu->buf leak in err path (git-fixes)
- rdma/rxe: fix access checks in rxe_check_bind_mw (git-fixes)
- rdma/rxe: fix packet length checks (git-fixes)
- rdma/rxe: fix ref count error in check_rkey() (git-fixes)
- rdma/rxe: fix rxe_cq_post (git-fixes)
- rdma/rxe: fix the use-before-initialization error of resp_pkts (git-fixes)
- rdma/rxe: remove dangling declaration of rxe_cq_disable() (git-fixes)
- rdma/rxe: remove the unused variable obj (git-fixes)
- rdma/rxe: removed unused name from rxe_task struct (git-fixes)
- rdma/uverbs: restrict usage of privileged qkeys (git-fixes)
- rdma/vmw_pvrdma: remove unnecessary check on wr->opcode (git-fixes)
- regmap: account for register length in smbus i/o limits (git-fixes).
- regmap: drop initial version of maximum transfer length fixes (git-fixes).
- regulator: core: fix more error checking for debugfs_create_dir() (git-fixes).
- regulator: core: streamline debugfs operations (git-fixes).
- regulator: helper: document ramp_delay parameter of regulator_set_ramp_delay_regmap() (git-fixes).
- restore kabi for nvidia vgpu driver (bsc#1210825).
- revert 'alsa: usb-audio: drop superfluous interface setup at parsing' (git-fixes).
- revert 'arm64: dts: zynqmp: add address-cells property to interrupt (git-fixes)
- revert 'debugfs, coccinelle: check for obsolete define_simple_attribute() usage' (git-fixes).
- revert 'drm/amd/display: edp do not add non-edid timings' (git-fixes).
- revert 'drm/i915: disable dsb usage for now' (git-fixes).
- revert 'drop amdgpu patches for fixing regression (bsc#1213304,bsc#1213777)' sle15-sp5 branch works as is, hence revive the dropped patches again.
- revert 'iavf: detach device during reset task' (git-fixes).
- revert 'iavf: do not restart tx queues after reset task failure' (git-fixes).
- revert 'mtd: rawnand: arasan: prevent an unsupported configuration' (git-fixes).
- revert 'net: phy: dp83867: perform soft reset and retain established link' (git-fixes).
- revert 'nfsv4: retry lock on old_stateid during delegation return' (git-fixes).
- revert 'usb: dwc3: core: enable autoretry feature in the controller' (git-fixes).
- revert 'usb: gadget: tegra-xudc: fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- revert 'usb: gadget: udc: core: offload usb_udc_vbus_handler processing'
- revert 'usb: gadget: udc: core: prevent soft_connect_store() race'
- revert 'usb: xhci: tegra: fix error check' (git-fixes).
- revive drm_dp_mst_hpd_irq() function (bsc#1213578).
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rsi: remove kernel-doc comment marker (git-fixes).
- rtc: efi: add wakeup support (bsc#1213116).
- rtc: efi: enable set/get wakeup services as optional (bsc#1213116).
- rtc: efi: switch to devm_rtc_allocate_device (bsc#1213116).
- rtc: st-lpc: release some resources in st_rtc_probe() in case of error (git-fixes).
- rxrpc, afs: fix selection of abort codes (git-fixes).
- s390/ap: fix status returned by ap_aqic() (git-fixes bsc#1213259).
- s390/ap: fix status returned by ap_qact() (git-fixes bsc#1213258).
- s390/bpf: add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872).
- s390/debug: add _asm_s390_ prefix to header guard (git-fixes bsc#1213263).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/gmap: voluntarily schedule during key setting (git-fixes bsc#1212892).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/pci: clean up left over special treatment for function zero (bsc#1212525).
- s390/pci: only add specific device in zpci_bus_scan_device() (bsc#1212525).
- s390/pci: remove redundant pci_bus_add_devices() on new bus (bsc#1212525).
- s390/percpu: add read_once() to arch_this_cpu_to_op_simple() (git-fixes bsc#1213252).
- s390/qeth: fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under kasan (git-fixes bsc#1213715).
- s390: define runtime_discard_exit to fix link error with gnu ld < 2.36 (git-fixes bsc#1213264).
- s390: discard .interp section (git-fixes bsc#1213247).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- scftorture: count reschedule ipis (git-fixes).
- sched/debug: fix dentry leak in update_sched_domain_debugfs (git-fixes)
- sched: fix debug && !schedstats warn (git-fixes)
- scsi: lpfc: abort outstanding els cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: avoid -wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: clean up sli-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: fix incorrect big endian type assignments in fdmi and vmid paths (bsc#1213756).
- scsi: lpfc: fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: make fabric zone discovery more robust when handling unsolicited logo (bsc#1213756).
- scsi: lpfc: pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: qualify ndlp discovery state when processing rscn (bsc#1213756).
- scsi: lpfc: refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: remove extra ndlp kref decrement in flogi cmpl for loop topology (bsc#1213756).
- scsi: lpfc: replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: set establish image pair service parameter only for target functions (bsc#1213756).
- scsi: lpfc: simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: adjust iocb resource on qpair create (bsc#1213747).
- scsi: qla2xxx: array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: correct the index of array (bsc#1213747).
- scsi: qla2xxx: drop useless list_head (bsc#1213747).
- scsi: qla2xxx: fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: fix command flush during tmf (bsc#1213747).
- scsi: qla2xxx: fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: fix end of loop test (bsc#1213747).
- scsi: qla2xxx: fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent tmf timeout (bsc#1213747).
- scsi: qla2xxx: fix null pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: fix potential null pointer dereference (bsc#1213747).
- scsi: qla2xxx: fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: fix tmf leak through (bsc#1213747).
- scsi: qla2xxx: limit tmf to 8 per function (bsc#1213747).
- scsi: qla2xxx: pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: replace one-element array with declare_flex_array() helper (bsc#1213747).
- scsi: qla2xxx: silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: use vmalloc_array() and vcalloc() (bsc#1213747).
- security: keys: modify mismatched function name (git-fixes).
- selftests/ir: fix build with ancient kernel headers (git-fixes).
- selftests: cgroup: fix unsigned comparison with less than zero (git-fixes).
- selftests: forwarding: fix packet matching in mirroring selftests (git-fixes).
- selftests: mptcp: depend on syn_cookies (git-fixes).
- selftests: mptcp: sockopt: return error if wrong mark (git-fixes).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- selftests: tc: add 'ct' action kconfig dep (git-fixes).
- selftests: tc: add conntrack procfs kconfig (git-fixes).
- selftests: tc: set timeout to 15 minutes (git-fixes).
- serial: 8250: lock port for stop_rx() in omap8250_irq() (git-fixes).
- serial: 8250: lock port for uart_ier access in omap8250_irq() (git-fixes).
- serial: 8250: omap: fix freeing of resources on failed register (git-fixes).
- serial: 8250_omap: use force_suspend and resume for system suspend (git-fixes).
- serial: atmel: do not enable irqs prematurely (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: fix sifive_serial_console_setup() section (git-fixes).
- sfc: fix crash when reading stats while nic is resetting (git-fixes).
- sfc: fix xdp queues mode with legacy irq (git-fixes).
- sfc: use budget for tx completions (git-fixes).
- signal/powerpc: on swapcontext failure force sigsegv (bsc#1194869).
- signal/s390: use force_sigsegv in default_trap_handler (git-fixes bsc#1212861).
- signal: replace force_sigsegv(sigsegv) with force_fatal_sig(sigsegv) (bsc#1194869).
- smb3: do not reserve too many oplock credits (bsc#1193629).
- smb3: missing null check in smb2_change_notify (bsc#1193629).
- smb: client: fix broken file attrs with nodfs mounts (bsc#1193629).
- smb: client: fix missed ses refcounting (git-fixes).
- smb: client: fix parsing of source mount option (bsc#1193629).
- smb: client: fix shared dfs root mounts with different prefixes (bsc#1193629).
- smb: client: fix warning in cifs_match_super() (bsc#1193629).
- smb: client: fix warning in cifs_smb3_do_mount() (bsc#1193629).
- smb: client: fix warning in cifsfindfirst() (bsc#1193629).
- smb: client: fix warning in cifsfindnext() (bsc#1193629).
- smb: client: fix warning in generic_ip_connect() (bsc#1193629).
- smb: client: improve dfs mount check (bsc#1193629).
- smb: client: remove redundant pointer 'server' (bsc#1193629).
- smb: delete an unnecessary statement (bsc#1193629).
- smb: move client and server files to common directory fs/smb (bsc#1193629).
- smb: remove obsolete comment (bsc#1193629).
- soc/fsl/qe: fix usb.c build errors (git-fixes).
- soc: samsung: exynos-pmu: re-introduce exynos4212 support (git-fixes).
- soundwire: bus_type: avoid lockdep assert in sdw_drv_probe() (git-fixes).
- soundwire: cadence: drain the rx fifo after an io timeout (git-fixes).
- soundwire: dmi-quirks: add new mapping for hp spectre x360 (git-fixes).
- soundwire: qcom: fix storing port config out-of-bounds (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- soundwire: stream: add missing clear of alloc_slave_rt (git-fixes).
- spi: bcm-qspi: return error if neither hif_mspi nor mspi is available (git-fixes).
- spi: bcm63xx: fix max prepend length (git-fixes).
- spi: dw: round of n_bytes to power of 2 (git-fixes).
- spi: lpspi: disable lpspi module irq in dma mode (git-fixes).
- spi: spi-geni-qcom: correct cs_toggle bit in spi_trans_cfg (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- sunrpc: always free ctxt when freeing deferred request (git-fixes).
- sunrpc: double free xprt_ctxt while still in use (git-fixes).
- sunrpc: fix trace_svc_register() call site (git-fixes).
- sunrpc: fix uaf in svc_tcp_listen_data_ready() (git-fixes).
- sunrpc: remove dead code in svc_tcp_release_rqst() (git-fixes).
- sunrpc: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: prevent page release when nothing was received (git-fixes).
- swsmu/amdgpu_smu: fix the wrong if-condition (git-fixes).
- test_firmware: return enomem instead of enospc on failed memory allocation (git-fixes).
- tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation (git-fixes).
- tpm_tis: explicitly check for error code (git-fixes).
- tracing/timer: add missing hrtimer modes to decode_hrtimer_mode() (git-fixes).
- tty: n_gsm: fix uaf in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- tty: serial: imx: fix rs485 rx after tx (git-fixes).
- tty: serial: samsung_tty: fix a memory leak in s3c24xx_serial_getclk() in case of error (git-fixes).
- tty: serial: samsung_tty: fix a memory leak in s3c24xx_serial_getclk() when iterating clk (git-fixes).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubifs: add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: fix aa deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: fix build errors as symbol undefined (git-fixes).
- ubifs: fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: fix memory leak in do_rename (git-fixes).
- ubifs: fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: fix to add refcount once page is set private (git-fixes).
- ubifs: fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: free memory for tmpfile name (git-fixes).
- ubifs: rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: fix double free for whiteout_ui->data (git-fixes).
- ubifs: reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: setflags: make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: mark page dirty after writing inode failed (git-fixes).
- udf: avoid double brelse() in udf_rename() (bsc#1213032).
- udf: define efscorrupted error code (bsc#1213038).
- udf: detect system inodes linked into directory hierarchy (bsc#1213114).
- udf: discard preallocation before extending file with a hole (bsc#1213036).
- udf: do not bother looking for prealloc extents if i_lenextents matches i_size (bsc#1213035).
- udf: do not bother merging very long extents (bsc#1213040).
- udf: do not update file length for failed writes to inline files (bsc#1213041).
- udf: fix error handling in udf_new_inode() (bsc#1213112).
- udf: fix extending file within last block (bsc#1213037).
- udf: fix preallocation discarding at indirect extent boundary (bsc#1213034).
- udf: preserve link count of system files (bsc#1213113).
- udf: truncate added extents on failed expansion (bsc#1213039).
- update config and supported.conf files due to renaming.
- update config files: enable config_x86_amd_pstate (bsc#1212445)
- update suse/rdma-mthca-fix-crash-when-polling-cq-for-shared-qps. (git-fixes bsc#1212604).
- usb: dwc2: fix some error handling paths (git-fixes).
- usb: dwc2: platform: improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3-meson-g12a: fix an error handling path in dwc3_meson_g12a_probe() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: gadget: propagate core init errors to udc during pullup (git-fixes).
- usb: dwc3: pci: skip byt gpio lookup table for hardwired phy (git-fixes).
- usb: dwc3: qcom: fix an error handling path in dwc3_qcom_probe() (git-fixes).
- usb: dwc3: qcom: fix potential memory leak (git-fixes).
- usb: dwc3: qcom: release the correct resources in dwc3_qcom_remove() (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: u_serial: add null pointer check in gserial_suspend (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: fix null dereference in remove() (git-fixes).
- usb: hide unused usbfs_notify_suspend/resume functions (git-fixes).
- usb: phy: phy-tahvo: fix memory leak in tahvo_usb_probe() (git-fixes).
- usb: serial: option: add lara-r6 01b pids (git-fixes).
- usb: typec: fix fast_role_swap_current show function (git-fixes).
- usb: typec: iterate pds array when showing the pd list (git-fixes).
- usb: typec: set port->pd before adding device for typec_port (git-fixes).
- usb: typec: use sysfs_emit_at when concatenating the string (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- usb: xhci: remove unused udev from xhci_log_ctx trace event (git-fixes).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- vhost: support packed when setting-getting vring_base (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- virtio-net: maintain reverse cleanup order (git-fixes).
- virtio_net: fix error unwinding of xdp initialization (git-fixes).
- w1: fix loop in w1_fini() (git-fixes).
- w1: w1_therm: fix locking behavior in convert_t (git-fixes).
- wifi: airo: avoid uninitialized warning in airo_get_rate() (git-fixes).
- wifi: ath10k: trigger sta disconnect after reconfig complete on hardware restart (git-fixes).
- wifi: ath11k: add missing check for ioremap (git-fixes).
- wifi: ath11k: add support for suspend in power down state (bsc#1207948).
- wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
- wifi: ath11k: handle thermal device registeration together with mac (bsc#1207948).
- wifi: ath11k: remove mhi loopback channels (bsc#1207948).
- wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: convert msecs to jiffies where needed (git-fixes).
- wifi: ath9k: do not allow to overwrite endpoint0 attributes (git-fixes).
- wifi: ath9k: fix ar9003 mac hardware hang check register offset calculation (git-fixes).
- wifi: ath9k: fix possible stall on ath9k_txq_list_has_key() (git-fixes).
- wifi: atmel: fix an error handling path in atmel_probe() (git-fixes).
- wifi: cfg80211: rewrite merging of inherited elements (git-fixes).
- wifi: iwlwifi: mvm: indicate hw decrypt for beacon protection (git-fixes).
- wifi: iwlwifi: pcie: fix null pointer dereference in iwl_pcie_irq_rx_msix_handler() (git-fixes).
- wifi: iwlwifi: pull from txqs with softirqs disabled (git-fixes).
- wifi: mwifiex: fix the size of a memory allocation in mwifiex_ret_802_11_scan() (git-fixes).
- wifi: orinoco: fix an error handling path in orinoco_cs_probe() (git-fixes).
- wifi: orinoco: fix an error handling path in spectrum_cs_probe() (git-fixes).
- wifi: ray_cs: drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: utilize strnlen() in parse_addr() (git-fixes).
- wifi: rsi: do not configure wowlan in shutdown hook if not enabled (git-fixes).
- wifi: rsi: do not set mmc_pm_keep_power in shutdown (git-fixes).
- wifi: rtw89: debug: fix error code in rtw89_debug_priv_send_h2c_set() (git-fixes).
- wifi: wilc1000: fix for absent rsn capabilities wfa testcase (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- writeback: fix call of incorrect macro (bsc#1213024).
- writeback: fix dereferencing null mapping->host on writeback_page_template (git-fixes).
- x86/amd_nb: add pci id for family 19h model 78h (git-fixes).
- x86/build: avoid relocation information in final vmlinux (bsc#1187829).
- x86/kprobes: fix arch_check_optimized_kprobe check within optimized_kprobe range (git-fixes).
- x86/platform/uv: add platform resolving #defines for misc gam_mmioh_redirect* (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: fix printed information in calc_mmioh_map (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: helper functions for allocating and freeing conversion tables (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: introduce helper function uv_pnode_to_socket (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: remove remaining bug_on() and bug() calls (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: update uv platform code for snc (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: uv support for sub-numa clustering (bsc#1212256 jsc#ped-4718).
- x86/platform/uv: when searching for minimums, start at int_max not 99999 (bsc#1212256 jsc#ped-4718).
- x86/pvh: obtain vga console info in dom0 (git-fixes).
- x86/xen: fix secondary processor fpu initialization (bsc#1212869).
- x86: fix .brk attribute in linker script (git-fixes).
- xen/blkfront: only check req_fua for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: ail needs asynchronous cil forcing (bsc#1211811).
- xfs: async cil flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: cil work is serialised, not pipelined (bsc#1211811).
- xfs: clean up the rtbitmap fsmap backend (git-fixes).
- xfs: do not deplete the reserve pool when trying to shrink the fs (git-fixes).
- xfs: do not reverse order of items in bulk ail insertion (git-fixes).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from cil commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: fix getfsmap reporting past the last rt extent (git-fixes).
- xfs: fix integer overflows in the fsmap rtbitmap and logdev backends (git-fixes).
- xfs: fix interval filtering in multi-step fsmap queries (git-fixes).
- xfs: fix logdev fsmap query result filtering (git-fixes).
- xfs: fix off-by-one error when the last rt extent is in use (git-fixes).
- xfs: fix uninitialized variable access (git-fixes).
- xfs: make fsmap backend function key parameters const (git-fixes).
- xfs: make the record pointer passed to query_range functions const (git-fixes).
- xfs: move the cil workqueue to the cil (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order cil checkpoint start records (bsc#1211811).
- xfs: pass a cil context to xlog_write() (bsc#1211811).
- xfs: pass explicit mount pointer to rtalloc query functions (git-fixes).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down ail (bsc#1211811).
- xfs: xlog_state_ioerror must die (bsc#1211811).
- xhci: fix resume issue of some zhaoxin hosts (git-fixes).
- xhci: fix trb prefetch issue of zhaoxin hosts (git-fixes).
- xhci: show zhaoxin xhci root hub speed correctly (git-fixes).
ImportantSUSE bug 1150305SUSE bug 1187829SUSE bug 1193629SUSE bug 1194869SUSE bug 1206418SUSE bug 1207129SUSE bug 1207894SUSE bug 1207948SUSE bug 1208788SUSE bug 1210335SUSE bug 1210565SUSE bug 1210584SUSE bug 1210627SUSE bug 1210780SUSE bug 1210825SUSE bug 1210853SUSE bug 1211014SUSE bug 1211131SUSE bug 1211243SUSE bug 1211738SUSE bug 1211811SUSE bug 1211867SUSE bug 1212051SUSE bug 1212256SUSE bug 1212265SUSE bug 1212301SUSE bug 1212445SUSE bug 1212456SUSE bug 1212502SUSE bug 1212525SUSE bug 1212603SUSE bug 1212604SUSE bug 1212685SUSE bug 1212766SUSE bug 1212835SUSE bug 1212838SUSE bug 1212842SUSE bug 1212846SUSE bug 1212848SUSE bug 1212861SUSE bug 1212869SUSE bug 1212892SUSE bug 1212901SUSE bug 1212905SUSE bug 1212961SUSE bug 1213010SUSE bug 1213011SUSE bug 1213012SUSE bug 1213013SUSE bug 1213014SUSE bug 1213015SUSE bug 1213016SUSE bug 1213017SUSE bug 1213018SUSE bug 1213019SUSE bug 1213020SUSE bug 1213021SUSE bug 1213024SUSE bug 1213025SUSE bug 1213032SUSE bug 1213034SUSE bug 1213035SUSE bug 1213036SUSE bug 1213037SUSE bug 1213038SUSE bug 1213039SUSE bug 1213040SUSE bug 1213041SUSE bug 1213059SUSE bug 1213061SUSE bug 1213087SUSE bug 1213088SUSE bug 1213089SUSE bug 1213090SUSE bug 1213092SUSE bug 1213093SUSE bug 1213094SUSE bug 1213095SUSE bug 1213096SUSE bug 1213098SUSE bug 1213099SUSE bug 1213100SUSE bug 1213102SUSE bug 1213103SUSE bug 1213104SUSE bug 1213105SUSE bug 1213106SUSE bug 1213107SUSE bug 1213108SUSE bug 1213109SUSE bug 1213110SUSE bug 1213111SUSE bug 1213112SUSE bug 1213113SUSE bug 1213114SUSE bug 1213116SUSE bug 1213134SUSE bug 1213167SUSE bug 1213205SUSE bug 1213206SUSE bug 1213226SUSE bug 1213233SUSE bug 1213245SUSE bug 1213247SUSE bug 1213252SUSE bug 1213258SUSE bug 1213259SUSE bug 1213263SUSE bug 1213264SUSE bug 1213272SUSE bug 1213286SUSE bug 1213287SUSE bug 1213304SUSE bug 1213417SUSE bug 1213493SUSE bug 1213523SUSE bug 1213524SUSE bug 1213533SUSE bug 1213543SUSE bug 1213578SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213601SUSE bug 1213620SUSE bug 1213632SUSE bug 1213653SUSE bug 1213705SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871SUSE bug 1213872CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-2430 at SUSECVE-2023-2430 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-3090 at SUSECVE-2023-3090 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3111 at SUSECVE-2023-3111 at NVDCVE-2023-3117 at SUSECVE-2023-3117 at NVDCVE-2023-31248 at SUSECVE-2023-31248 at NVDCVE-2023-3212 at SUSECVE-2023-3212 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3389 at SUSECVE-2023-3389 at NVDCVE-2023-3390 at SUSECVE-2023-3390 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-38409 at SUSECVE-2023-38409 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openj9 (Important)openSUSE Leap 15.5
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u372 build 07 with OpenJ9 0.38.0 virtual machine.
CVE-2023-21930: Unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition (bsc#1210628).
CVE-2023-21937: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). (bsc#1210631).
CVE-2023-21938: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). (bsc#1210632).
CVE-2023-21939: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). (bsc#1210634).
CVE-2023-21954: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). (bsc#1210635).
CVE-2023-21967: Fixed vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). (bsc#1210636).
CVE-2023-21968: Fixed ulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) (bsc#1210637).
CVE-2023-2597: Fixed buffer overflow in shared cache implementation (bsc#1211615).
ImportantSUSE bug 1210628SUSE bug 1210631SUSE bug 1210632SUSE bug 1210634SUSE bug 1210635SUSE bug 1210636SUSE bug 1210637SUSE bug 1211615CVE-2023-21930 at SUSECVE-2023-21930 at NVDCVE-2023-21937 at SUSECVE-2023-21937 at NVDCVE-2023-21938 at SUSECVE-2023-21938 at NVDCVE-2023-21939 at SUSECVE-2023-21939 at NVDCVE-2023-21954 at SUSECVE-2023-21954 at NVDCVE-2023-21967 at SUSECVE-2023-21967 at NVDCVE-2023-21968 at SUSECVE-2023-21968 at NVDCVE-2023-2597 at SUSECVE-2023-2597 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417).
- CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
The following non-security bugs were fixed:
- ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445).
- ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445).
- ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- afs: Adjust ACK interpretation to try and cope with NAT (git-fixes).
- afs: Fix access after dec in put functions (git-fixes).
- afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: Fix dynamic root getattr (git-fixes).
- afs: Fix fileserver probe RTT handling (git-fixes).
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: Fix lost servers_outstanding count (git-fixes).
- afs: Fix server->active leak in afs_put_server (git-fixes).
- afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: Fix updating of i_size with dv jump from server (git-fixes).
- afs: Fix vlserver probe RTT handling (git-fixes).
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
- afs: Use refcount_t rather than atomic_t (git-fixes).
- afs: Use the operation issue time instead of the reply time for callbacks (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-fixes).
- ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-fixes).
- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129).
- ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes).
- ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes).
- ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes).
- ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes).
- ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes).
- ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes).
- ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes).
- ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes).
- ALSA: usb-audio: Properly refcounting clock rate (git-fixes).
- ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes).
- ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes).
- ALSA: usb-audio: Update for native DSD support quirks (git-fixes).
- ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes).
- ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes).
- amd-pstate: Fix amd_pstate mode switch (git-fixes).
- ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes).
- ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
- block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948).
- bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948).
- can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445).
- cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
- cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445).
- cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445).
- cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445).
- cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445).
- cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445).
- cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445).
- cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
- cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445).
- cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
- cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445).
- cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445).
- cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445).
- cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445).
- cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445).
- cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445).
- cpufreq: amd-pstate: fix white-space (bsc#1212445).
- cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
- cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445).
- cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445).
- cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
- cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445).
- cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445).
- cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445).
- cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445).
- cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445).
- cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445).
- cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445).
- cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445).
- cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445).
- cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445).
- cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
- cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445).
- cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445).
- cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445).
- Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- drm/amd/display: Add monitor specific edid quirk (git-fixes).
- drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix seamless odm transitions (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
- drm/amd/display: only accept async flips for fast updates (git-fixes).
- drm/amd/display: Only update link settings after successful MST link train (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes).
- drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes).
- drm/amdgpu: add the fan abnormal detection feature (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/amdgpu: Fix minmax warning (git-fixes).
- drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
- drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-fixes).
- drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
- drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578).
- drm: Fix null pointer dereference in drm_dp_atomic_find_time_slots() (bsc#1213578).
- drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-fixes).
- drm/i915/dpt: Use shmem for dpt objects (git-fixes).
- drm/i915: Fix an error handling path in igt_write_huge() (git-fixes).
- drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
- drm/ttm: fix warning that we shouldn't mix && and || (git-fixes).
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632).
- drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632).
- drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: Removed unneeded release_mem_region (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes).
- FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes).
- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes).
- iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix potential deadlock on allocation failure (git-fixes).
- iavf: fix reset task race with iavf_remove() (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- iavf: Move netdev_update_features() into watchdog task (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Wait for reset in callbacks which trigger it (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: handle extts in the miscellaneous interrupt thread (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Handle PPS start time programming for past time values (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes).
- Input: iqs269a - do not poll during ATI (git-fixes).
- Input: iqs269a - do not poll during suspend or resume (git-fixes).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
- kABI fix after Restore kABI for NVidia vGPU driver (bsc#1210825).
- kabi/severities: relax kABI for ath11k local symbols (bsc#1207948)
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- KVM: arm64: Do not read a HW interrupt pending state in user context (git-fixes)
- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- KVM: Do not null dereference ops->destroy (git-fixes)
- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867).
- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-fixes).
- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-fixes).
- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- MAINTAINERS: Add AMD P-State driver maintainer entry (bsc#1212445).
- m ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes).
- md: add error_handlers for raid0 and linear (bsc#1212766).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- mhi_power_down() kABI workaround (bsc#1207948).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901).
- net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
- net/mlx5: DR, Support SW created encap actions for FW table (git-fixes).
- net/mlx5e: Check for NOT_READY flag state after locking (git-fixes).
- net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
- net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes).
- net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: Fix sparse warning (git-fixes).
- nfsd: Remove open coding of string copy (git-fixes).
- nfsv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes).
- nfsv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-fixes).
- nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes).
- nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes).
- nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Do not show `Invalid config param` errors (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes).
- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- RDMA/irdma: Add missing read barriers (git-fixes)
- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- RDMA/irdma: Report correct WC error (git-fixes)
- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- regmap: Account for register length in SMBus I/O limits (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes (git-fixes).
- Restore kABI for NVidia vGPU driver (bsc#1210825).
- Revert 'ALSA: usb-audio: Drop superfluous interface setup at parsing' (git-fixes).
- Revert 'debugfs, coccinelle: check for obsolete DEFINE_SIMPLE_ATTRIBUTE() usage' (git-fixes).
- Revert 'Drop AMDGPU patches for fixing regression (bsc#1213304,bsc#1213777)'
- Revert 'iavf: Detach device during reset task' (git-fixes).
- Revert 'iavf: Do not restart Tx queues after reset task failure' (git-fixes).
- Revert 'NFSv4: Retry LOCK on OLD_STATEID during delegation return' (git-fixes).
- Revert 'usb: dwc3: core: Enable AutoRetry feature in the controller' (git-fixes).
- Revert 'usb: gadget: tegra-xudc: Fix error check in tegra_xudc_powerdomain_init()' (git-fixes).
- Revert 'usb: xhci: tegra: Fix error check' (git-fixes).
- Revert 'xhci: add quirk for host controllers that do not update endpoint DCS' (git-fixes).
- Revive drm_dp_mst_hpd_irq() function (bsc#1213578).
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715).
- scftorture: Count reschedule IPIs (git-fixes).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
- series: udpate metadata Refresh
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- sfc: fix XDP queues mode with legacy IRQ (git-fixes).
- sfc: use budget for TX completions (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request (git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: Prevent page release when nothing was received (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: Fix build errors as symbol undefined (git-fixes).
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: Fix memory leak in do_rename (git-fixes).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: Fix to add refcount once page is set private (git-fixes).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: Free memory for tmpfile name (git-fixes).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: Rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
- ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: Re-statistic cleaned znode count if commit failed (git-fixes).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes).
- Update config files: enable CONFIG_X86_AMD_PSTATE (bsc#1212445)
- usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- usb: typec: Iterate pds array when showing the pd list (git-fixes).
- usb: typec: Set port->pd before adding device for typec_port (git-fixes).
- usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- vhost: support PACKED when setting-getting vring_base (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- virtio-net: Maintain reverse cleanup order (git-fixes).
- wifi: ath11k: add support for suspend in power down state (bsc#1207948).
- wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
- wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948).
- wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
ImportantSUSE bug 1206418SUSE bug 1207129SUSE bug 1207948SUSE bug 1210627SUSE bug 1210780SUSE bug 1210825SUSE bug 1211131SUSE bug 1211738SUSE bug 1211811SUSE bug 1212445SUSE bug 1212502SUSE bug 1212604SUSE bug 1212766SUSE bug 1212901SUSE bug 1213167SUSE bug 1213272SUSE bug 1213287SUSE bug 1213304SUSE bug 1213417SUSE bug 1213578SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213601SUSE bug 1213620SUSE bug 1213632SUSE bug 1213653SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871SUSE bug 1213872CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-38409 at SUSECVE-2023-38409 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:opensuse:leap:15.5Security update for krb5 (Important)openSUSE Leap 15.5
This update for krb5 fixes the following issues:
- CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054)
ImportantSUSE bug 1214054CVE-2023-36054 at SUSECVE-2023-36054 at NVDcpe:/o:opensuse:leap:15.5Security update for pcre2 (Moderate)openSUSE Leap 15.5
This update for pcre2 fixes the following issues:
- CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514).
ModerateSUSE bug 1213514CVE-2022-41409 at SUSECVE-2022-41409 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openj9 (Low)openSUSE Leap 15.5
This update for java-1_8_0-openj9 fixes the following issues:
OpenJDK was updated to version 8u382 build 05 with OpenJ9 0.40.0 VM:
- CVE-2023-22045: Fixed vulnerability in hotspot component (bsc#1213481).
- CVE-2023-22049: Fixed vulnerability in library component (bsc#1213482).
LowSUSE bug 1213481SUSE bug 1213482CVE-2023-22045 at SUSECVE-2023-22045 at NVDCVE-2023-22049 at SUSECVE-2023-22049 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Moderate)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853)
ModerateSUSE bug 1213853CVE-2023-3817 at SUSECVE-2023-3817 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Moderate)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
- Update to 13.12
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
ModerateSUSE bug 1214059CVE-2023-39417 at SUSECVE-2023-39417 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Moderate)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
- Update to 15.4
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
- CVE-2023-39418: Fix MERGE to enforce row security. (bsc#1214061)
ModerateSUSE bug 1214059SUSE bug 1214061CVE-2023-39417 at SUSECVE-2023-39417 at NVDCVE-2023-39418 at SUSECVE-2023-39418 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Moderate)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
- Update to 14.9
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
ModerateSUSE bug 1214059CVE-2023-39417 at SUSECVE-2023-39417 at NVDcpe:/o:opensuse:leap:15.5Security update for re2c (Moderate)openSUSE Leap 15.5
This update for re2c fixes the following issues:
- CVE-2018-21232: Fixed excess stack consumption due to uncontrolled recursion in find_fixed_tags (bsc#1170890).
ModerateSUSE bug 1170890CVE-2018-21232 at SUSECVE-2018-21232 at NVDcpe:/o:opensuse:leap:15.5Security update for python-configobj (Low)openSUSE Leap 15.5
This update for python-configobj fixes the following issues:
- CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070).
LowSUSE bug 1210070CVE-2023-26112 at SUSECVE-2023-26112 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-3268: Fixed an out of bounds memory access flaw in relay_file_read_start_pos in the relayfs (bsc#1212502).
- CVE-2023-2166: Fixed NULL pointer dereference in can_rcv_filter (bsc#1210627).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812).
- CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131).
- CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3863: Fixed a use-after-free flaw in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC. This flaw allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-38409: Fixed an issue in set_con2fb_map in drivers/video/fbdev/core/fbcon.c. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info) (bsc#1213417).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
The following non-security bugs were fixed:
- ACPI: CPPC: Add ACPI disabled check to acpi_cpc_valid() (bsc#1212445).
- ACPI: CPPC: Add definition for undefined FADT preferred PM profile value (bsc#1212445).
- ACPI: utils: Fix acpi_evaluate_dsm_typed() redefinition error (git-fixes).
- ACPI/IORT: Remove erroneous id_count check in iort_node_get_rmr_info() (git-fixes).
- afs: Adjust ACK interpretation to try and cope with NAT (git-fixes).
- afs: Fix access after dec in put functions (git-fixes).
- afs: Fix afs_getattr() to refetch file status if callback break occurred (git-fixes).
- afs: Fix dynamic root getattr (git-fixes).
- afs: Fix fileserver probe RTT handling (git-fixes).
- afs: Fix infinite loop found by xfstest generic/676 (git-fixes).
- afs: Fix lost servers_outstanding count (git-fixes).
- afs: Fix server->active leak in afs_put_server (git-fixes).
- afs: Fix setting of mtime when creating a file/dir/symlink (git-fixes).
- afs: Fix updating of i_size with dv jump from server (git-fixes).
- afs: Fix vlserver probe RTT handling (git-fixes).
- afs: Return -EAGAIN, not -EREMOTEIO, when a file already locked (git-fixes).
- afs: Use refcount_t rather than atomic_t (git-fixes).
- afs: Use the operation issue time instead of the reply time for callbacks (git-fixes).
- ALSA: emu10k1: roll up loops in DSP setup code for Audigy (git-fixes).
- ALSA: hda/realtek - remove 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for Clevo NS70AU (git-fixes).
- ALSA: hda/realtek: Add support for DELL Oasis 13/14/16 laptops (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 15s-eq2xxx (git-fixes).
- ALSA: hda/realtek: Fix generic fixup definition for cs35l41 amp (git-fixes).
- ALSA: hda/realtek: Support ASUS G713PV laptop (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP 250 G8 (git-fixes).
- ALSA: usb-audio: Add FIXED_RATE quirk for JBL Quantum610 Wireless (git-fixes).
- ALSA: usb-audio: Add new quirk FIXED_RATE for JBL Quantum810 Wireless (git-fixes).
- ALSA: usb-audio: Add quirk for Microsoft Modern Wireless Headset (bsc#1207129).
- ALSA: usb-audio: Add quirk for Tascam Model 12 (git-fixes).
- ALSA: usb-audio: Always initialize fixed_rate in snd_usb_find_implicit_fb_sync_format() (git-fixes).
- ALSA: usb-audio: Apply mutex around snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Avoid superfluous endpoint setup (git-fixes).
- ALSA: usb-audio: Avoid unnecessary interface change at EP close (git-fixes).
- ALSA: usb-audio: Clear fixed clock rate at closing EP (git-fixes).
- ALSA: usb-audio: Correct the return code from snd_usb_endpoint_set_params() (git-fixes).
- ALSA: usb-audio: Drop superfluous interface setup at parsing (git-fixes).
- ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() (git-fixes).
- ALSA: usb-audio: Fix wrong kfree issue in snd_usb_endpoint_free_all (git-fixes).
- ALSA: usb-audio: More refactoring of hw constraint rules (git-fixes).
- ALSA: usb-audio: Properly refcounting clock rate (git-fixes).
- ALSA: usb-audio: Rate limit usb_set_interface error reporting (git-fixes).
- ALSA: usb-audio: Refcount multiple accesses on the single clock (git-fixes).
- ALSA: usb-audio: Split endpoint setups for hw_params and prepare (take#2) (git-fixes).
- ALSA: usb-audio: Update for native DSD support quirks (git-fixes).
- ALSA: usb-audio: Use atomic_try_cmpxchg in ep_state_update (git-fixes).
- ALSA: usb-audio: Workaround for XRUN at prepare (git-fixes).
- amd-pstate: Fix amd_pstate mode switch (git-fixes).
- ASoC: amd: acp: fix for invalid dai id handling in acp_get_byte_count() (git-fixes).
- ASoC: atmel: Fix the 8K sample parameter in I2SC master (git-fixes).
- ASoc: codecs: ES8316: Fix DMIC config (git-fixes).
- ASoC: codecs: wcd-mbhc-v2: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd934x: fix resource leaks on component remove (git-fixes).
- ASoC: codecs: wcd938x: fix codec initialisation race (git-fixes).
- ASoC: codecs: wcd938x: fix dB range for HPHL and HPHR (git-fixes).
- ASoC: codecs: wcd938x: fix missing clsh ctrl error handling (git-fixes).
- ASoC: codecs: wcd938x: fix soundwire initialisation race (git-fixes).
- ASoC: da7219: Check for failure reading AAD IRQ events (git-fixes).
- ASoC: da7219: Flush pending AAD IRQ when suspending (git-fixes).
- ASoC: fsl_sai: Disable bit clock with transmitter (git-fixes).
- ASoC: fsl_spdif: Silence output on stop (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5682-sdw: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: rt711-sdca: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: rt711: fix for JD event handling in ClockStop Mode0 (git-fixes).
- ASoC: SOF: ipc3-dtrace: uninitialized data in dfsentry_trace_filter_write() (git-fixes).
- ASoC: tegra: Fix ADX byte map (git-fixes).
- ASoC: tegra: Fix AMX byte map (git-fixes).
- ASoC: wm8904: Fill the cache for WM8904_ADC_TEST_0 register (git-fixes).
- ata: pata_ns87415: mark ns87560_tf_read static (git-fixes).
- block, bfq: Fix division by zero error on zero wsum (bsc#1213653).
- block: Fix a source code comment in include/uapi/linux/blkzoned.h (git-fixes).
- Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO (bsc#1210780 CVE-2023-31083).
- bpf: add missing header file include (bsc#1211738 CVE-2023-0459).
- bus: mhi: add new interfaces to handle MHI channels directly (bsc#1207948).
- bus: mhi: host: add destroy_device argument to mhi_power_down() (bsc#1207948).
- can: af_can: fix NULL pointer dereference in can_rcv_filter (bsc#1210627 CVE-2023-2166).
- can: af_can: fix NULL pointer dereference in can_rcv_filter (bsc#1210627 CVE-2023-2166).
- can: gs_usb: gs_can_close(): add missing set of CAN state to CAN_STATE_STOPPED (git-fixes).
- ceph: do not let check_caps skip sending responses for revoke msgs (bsc#1213856).
- coda: Avoid partial allocation of sig_inputArgs (git-fixes).
- cpufreq: amd_pstate: fix wrong lowest perf fetch (bsc#1212445).
- cpufreq: amd_pstate: map desired perf into pstate scope for powersave governor (bsc#1212445).
- cpufreq: amd-pstate: Add ->fast_switch() callback (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State frequencies attributes (bsc#1212445).
- cpufreq: amd-pstate: Add AMD P-State performance attributes (bsc#1212445).
- cpufreq: amd-pstate: add amd-pstate driver parameter for mode selection (bsc#1212445).
- cpufreq: amd-pstate: Add boost mode support for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: add driver working mode switch support (bsc#1212445).
- cpufreq: amd-pstate: Add fast switch function for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: Add guided autonomous mode (bsc#1212445).
- cpufreq: amd-pstate: Add guided mode control support via sysfs (bsc#1212445).
- cpufreq: amd-pstate: Add more tracepoint for AMD P-State module (bsc#1212445).
- cpufreq: amd-pstate: Add resume and suspend callbacks (bsc#1212445).
- cpufreq: amd-pstate: Add trace for AMD P-State module (bsc#1212445).
- cpufreq: amd-pstate: avoid uninitialized variable use (bsc#1212445).
- cpufreq: amd-pstate: change amd-pstate driver to be built-in type (bsc#1212445).
- cpufreq: amd-pstate: convert sprintf with sysfs_emit() (bsc#1212445).
- cpufreq: amd-pstate: cpufreq: amd-pstate: reset MSR_AMD_PERF_CTL register at init (bsc#1212445).
- cpufreq: amd-pstate: Expose struct amd_cpudata (bsc#1212445).
- cpufreq: amd-pstate: Fix initial highest_perf value (bsc#1212445).
- cpufreq: amd-pstate: Fix invalid write to MSR_AMD_CPPC_REQ (bsc#1212445).
- cpufreq: amd-pstate: Fix Kconfig dependencies for AMD P-State (bsc#1212445).
- cpufreq: amd-pstate: fix kernel hang issue while amd-pstate unregistering (bsc#1212445).
- cpufreq: amd-pstate: Fix struct amd_cpudata kernel-doc comment (bsc#1212445).
- cpufreq: amd-pstate: fix white-space (bsc#1212445).
- cpufreq: amd-pstate: implement amd pstate cpu online and offline callback (bsc#1212445).
- cpufreq: amd-pstate: implement Pstate EPP support for the AMD processors (bsc#1212445).
- cpufreq: amd-pstate: implement suspend and resume callbacks (bsc#1212445).
- cpufreq: amd-pstate: Introduce a new AMD P-State driver to support future processors (bsc#1212445).
- cpufreq: amd-pstate: Introduce the support for the processors with shared memory solution (bsc#1212445).
- cpufreq: amd-pstate: Let user know amd-pstate is disabled (bsc#1212445).
- cpufreq: amd-pstate: Make amd-pstate EPP driver name hyphenated (bsc#1212445).
- cpufreq: amd-pstate: Make varaiable mode_state_machine static (bsc#1212445).
- cpufreq: amd-pstate: optimize driver working mode selection in amd_pstate_param() (bsc#1212445).
- cpufreq: amd-pstate: Remove fast_switch_possible flag from active driver (bsc#1212445).
- cpufreq: amd-pstate: remove MODULE_LICENSE in non-modules (bsc#1212445).
- cpufreq: amd-pstate: Set a fallback policy based on preferred_profile (bsc#1212445).
- cpufreq: amd-pstate: simplify cpudata pointer assignment (bsc#1212445).
- cpufreq: amd-pstate: Update policy->cur in amd_pstate_adjust_perf() (bsc#1212445).
- cpufreq: amd-pstate: update pstate frequency transition delay time (bsc#1212445).
- cpufreq: amd-pstate: Write CPPC enable bit per-socket (bsc#1212445).
- crypto: kpp - Add helper to set reqsize (git-fixes).
- crypto: qat - Use helper to set reqsize (git-fixes).
- dlm: fix missing lkb refcount handling (git-fixes).
- dlm: fix plock invalid read (git-fixes).
- Documentation: cpufreq: amd-pstate: Move amd_pstate param to alphabetical order (bsc#1212445).
- Documentation: devices.txt: reconcile serial/ucc_uart minor numers (git-fixes).
- drm/amd: Fix an error handling mistake in psp_sw_init() (git-fixes).
- drm/amd/display: Add monitor specific edid quirk (git-fixes).
- drm/amd/display: Add polling method to handle MST reply packet (bsc#1213578).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: Correct `DMUB_FW_VERSION` macro (git-fixes).
- drm/amd/display: Disable MPC split by default on special asic (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix seamless odm transitions (git-fixes).
- drm/amd/display: Keep PHY active for DP displays on DCN31 (git-fixes).
- drm/amd/display: only accept async flips for fast updates (git-fixes).
- drm/amd/display: Only update link settings after successful MST link train (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: Remove Phantom Pipe Check When Calculating K1 and K2 (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: Unlock on error path in dm_handle_mst_sideband_msg_ready_event() (git-fixes).
- drm/amd/pm: add abnormal fan detection for smu 13.0.0 (git-fixes).
- drm/amd/pm: conditionally disable pcie lane/speed switching for SMU13 (git-fixes).
- drm/amd/pm: re-enable the gfx imu when smu resume (git-fixes).
- drm/amd/pm: share the code around SMU13 pcie parameters update (git-fixes).
- drm/amdgpu: add the fan abnormal detection feature (git-fixes).
- drm/amdgpu: avoid restore process run into dead loop (git-fixes).
- drm/amdgpu: fix clearing mappings for BOs that are always valid in VM (git-fixes).
- drm/amdgpu: Fix minmax warning (git-fixes).
- drm/atomic: Allow vblank-enabled + self-refresh 'disable' (git-fixes).
- drm/atomic: Fix potential use-after-free in nonblocking commits (git-fixes).
- drm/bridge: tc358768: Add atomic_get_input_bus_fmts() implementation (git-fixes).
- drm/bridge: tc358768: fix TCLK_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_TRAILCNT computation (git-fixes).
- drm/bridge: tc358768: fix THS_ZEROCNT computation (git-fixes).
- drm/bridge: ti-sn65dsi86: Fix auxiliary bus lifetime (git-fixes).
- drm/client: Fix memory leak in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Clear MSG_RDY flag before sending new message (bsc#1213578).
- drm/i915: Do not preserve dpll_hw_state for slave crtc in Bigjoiner (git-fixes).
- drm/i915: Fix an error handling path in igt_write_huge() (git-fixes).
- drm/i915/dpt: Use shmem for dpt objects (git-fixes).
- drm/i915/tc: Fix system resume MST mode restore for DP-alt sinks (git-fixes).
- drm/msm: Fix IS_ERR_OR_NULL() vs NULL check in a5xx_submit_in_rb() (git-fixes).
- drm/msm/adreno: Fix snapshot BINDLESS_DATA size (git-fixes).
- drm/msm/disp/dpu: get timing engine status from intf status register (git-fixes).
- drm/msm/dpu: drop enum dpu_core_perf_data_bus_id (git-fixes).
- drm/msm/dpu: Set DPU_DATA_HCTL_EN for in INTF_SC7180_MASK (git-fixes).
- drm/radeon: Fix integer overflow in radeon_cs_parser_init (git-fixes).
- drm/ttm: fix bulk_move corruption when adding a entry (git-fixes).
- drm/ttm: fix warning that we shouldn't mix (git-fixes).
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (bsc#1213632).
- drm/vmwgfx: Remove explicit and broken vblank handling (bsc#1213632).
- drm/vmwgfx: Remove rcu locks from user resources (bsc#1213632).
- fbdev: au1200fb: Fix missing IRQ check in au1200fb_drv_probe (git-fixes).
- fbdev: imxfb: Removed unneeded release_mem_region (git-fixes).
- fbdev: imxfb: warn about invalid left/right margin (git-fixes).
- file: always lock position for FMODE_ATOMIC_POS (bsc#1213759).
- fs: dlm: add midcomms init/start functions (git-fixes).
- fs: dlm: do not set stop rx flag after node reset (git-fixes).
- fs: dlm: filter user dlm messages for kernel locks (git-fixes).
- fs: dlm: fix log of lowcomms vs midcomms (git-fixes).
- fs: dlm: fix race between test_bit() and queue_work() (git-fixes).
- fs: dlm: fix race in lowcomms (git-fixes).
- fs: dlm: handle -EBUSY first in lock arg validation (git-fixes).
- fs: dlm: move sending fin message into state change handling (git-fixes).
- fs: dlm: retry accept() until -EAGAIN or error returns (git-fixes).
- fs: dlm: return positive pid value for F_GETLK (git-fixes).
- fs: dlm: start midcomms before scand (git-fixes).
- fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() (git-fixes).
- FS: JFS: Check for read-only mounted filesystem in txBegin (git-fixes).
- FS: JFS: Fix null-ptr-deref Read in txBegin (git-fixes).
- fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev (git-fixes).
- gve: Set default duplex configuration to full (git-fixes).
- gve: unify driver name usage (git-fixes).
- hwmon: (adm1275) Allow setting sample averaging (git-fixes).
- hwmon: (k10temp) Enable AMD3255 Proc to show negative temperature (git-fixes).
- hwmon: (nct7802) Fix for temp6 (PECI1) processed even if PECI1 disabled (git-fixes).
- hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 (git-fixes).
- i2c: xiic: Defer xiic_wakeup() and __xiic_start_xfer() in xiic_process() (git-fixes).
- i2c: xiic: Do not try to handle more interrupt events after error (git-fixes).
- iavf: check for removal state before IAVF_FLAG_PF_COMMS_FAILED (git-fixes).
- iavf: fix a deadlock caused by rtnl and driver's lock circular dependencies (git-fixes).
- iavf: Fix out-of-bounds when setting channels on remove (git-fixes).
- iavf: fix potential deadlock on allocation failure (git-fixes).
- iavf: fix reset task race with iavf_remove() (git-fixes).
- iavf: Fix use-after-free in free_netdev (git-fixes).
- iavf: Move netdev_update_features() into watchdog task (git-fixes).
- iavf: use internal state to free traffic IRQs (git-fixes).
- iavf: Wait for reset in callbacks which trigger it (git-fixes).
- IB/hfi1: Use bitmap_zalloc() when applicable (git-fixes)
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- ice: handle extts in the miscellaneous interrupt thread (git-fixes).
- igc: Check if hardware TX timestamping is enabled earlier (git-fixes).
- igc: Enable and fix RX hash usage by netstack (git-fixes).
- igc: Fix inserting of empty frame for launchtime (git-fixes).
- igc: Fix Kernel Panic during ndo_tx_timeout callback (git-fixes).
- igc: Fix launchtime before start of cycle (git-fixes).
- igc: Fix race condition in PTP tx code (git-fixes).
- igc: Handle PPS start time programming for past time values (git-fixes).
- igc: Prevent garbled TX queue with XDP ZEROCOPY (git-fixes).
- igc: Remove delay during TX ring configuration (git-fixes).
- igc: set TP bit in 'supported' and 'advertising' fields of ethtool_link_ksettings (git-fixes).
- igc: Work around HW bug causing missing timestamps (git-fixes).
- Input: i8042 - add Clevo PCX0DX to i8042 quirk table (git-fixes).
- Input: iqs269a - do not poll during ATI (git-fixes).
- Input: iqs269a - do not poll during suspend or resume (git-fixes).
- io_uring: ensure IOPOLL locks around deferred work (bsc#1213272 CVE-2023-21400).
- ipv6: rpl: Fix Route of Death (CVE-2023-2156 bsc#1211131).
- jffs2: fix memory leak in jffs2_do_fill_super (git-fixes).
- jffs2: fix memory leak in jffs2_do_mount_fs (git-fixes).
- jffs2: fix memory leak in jffs2_scan_medium (git-fixes).
- jffs2: fix use-after-free in jffs2_clear_xattr_subsystem (git-fixes).
- jffs2: GC deadlock reading a page that is used in jffs2_write_begin() (git-fixes).
- jffs2: reduce stack usage in jffs2_build_xattr_subsystem() (git-fixes).
- jfs: jfs_dmap: Validate db_l2nbperpage while mounting (git-fixes).
- kabi/severities: relax kABI for ath11k local symbols (bsc#1207948)
- kselftest: vDSO: Fix accumulation of uninitialized ret when CLOCK_REALTIME is undefined (git-fixes).
- KVM: Add GDS_NO support to KVM (bsc#1206418, CVE-2022-40982).
- KVM: arm64: Do not read a HW interrupt pending state in user context (git-fixes)
- KVM: arm64: Warn if accessing timer pending state outside of vcpu (bsc#1213620)
- KVM: Do not null dereference ops->destroy (git-fixes)
- KVM: downgrade two BUG_ONs to WARN_ON_ONCE (git-fixes)
- KVM: Initialize debugfs_dentry when a VM is created to avoid NULL (git-fixes)
- KVM: s390: pv: fix index value of replaced ASCE (git-fixes bsc#1213867).
- KVM: VMX: Inject #GP on ENCLS if vCPU has paging disabled (CR0.PG==0) (git-fixes).
- KVM: VMX: Inject #GP, not #UD, if SGX2 ENCLS leafs are unsupported (git-fixes).
- KVM: VMX: restore vmx_vmexit alignment (git-fixes).
- KVM: x86: Account fastpath-only VM-Exits in vCPU stats (git-fixes).
- leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename (git-fixes).
- libceph: harden msgr2.1 frame segment length checks (bsc#1213857).
- md: add error_handlers for raid0 and linear (bsc#1212766).
- media: staging: atomisp: select V4L2_FWNODE (git-fixes).
- mhi_power_down() kABI workaround (bsc#1207948).
- mmc: core: disable TRIM on Kingston EMMC04G-M627 (git-fixes).
- mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used (git-fixes).
- net: ena: fix shift-out-of-bounds in exponential backoff (git-fixes).
- net: mana: Batch ringing RX queue doorbell on receiving packets (bsc#1212901).
- net: mana: Use the correct WQE count for ringing RQ doorbell (bsc#1212901).
- net: nfc: Fix use-after-free caused by nfc_llcp_find_local (bsc#1213601 CVE-2023-3863).
- net: phy: marvell10g: fix 88x3310 power up (git-fixes).
- net/mlx5: DR, Support SW created encap actions for FW table (git-fixes).
- net/mlx5e: Check for NOT_READY flag state after locking (git-fixes).
- net/mlx5e: fix double free in mlx5e_destroy_flow_table (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create (git-fixes).
- net/mlx5e: fix memory leak in mlx5e_ptp_open (git-fixes).
- net/mlx5e: XDP, Allow growing tail for XDP multi buffer (git-fixes).
- net/mlx5e: xsk: Set napi_id to support busy polling on XSK RQ (git-fixes).
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (CVE-2023-3776 bsc#1213588).
- net/sched: cls_u32: Fix reference counter leak leading to overflow (CVE-2023-3609 bsc#1213586).
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (CVE-2023-3611 bsc#1213585).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net/sched: sch_qfq: reintroduce lmax bound check for MTU (bsc#1213585).
- netfilter: nft_set_pipapo: fix improper element removal (bsc#1213812 CVE-2023-4004).
- nfc: llcp: simplify llcp_sock_connect() error paths (bsc#1213601 CVE-2023-3863).
- nfsd: add encoding of op_recall flag for write delegation (git-fixes).
- nfsd: fix double fget() bug in __write_ports_addfd() (git-fixes).
- nfsd: Fix sparse warning (git-fixes).
- nfsd: Remove open coding of string copy (git-fixes).
- NFSv4.1: Always send a RECLAIM_COMPLETE after establishing lease (git-fixes).
- NFSv4.1: freeze the session table upon receiving NFS4ERR_BADSESSION (git-fixes).
- nvme-pci: fix DMA direction of unmapping integrity data (git-fixes).
- nvme-pci: remove nvme_queue from nvme_iod (git-fixes).
- nvme: do not reject probe due to duplicate IDs for single-ported PCIe devices (git-fixes).
- nvme: fix the NVME_ID_NS_NVM_STS_MASK definition (git-fixes).
- octeontx-af: fix hardware timestamp configuration (git-fixes).
- octeontx2-af: Move validation of ptp pointer before its usage (git-fixes).
- octeontx2-pf: Add additional check for MCAM rules (git-fixes).
- PCI: Add function 1 DMA alias quirk for Marvell 88SE9235 (git-fixes).
- PCI/PM: Avoid putting EloPOS E2/S2/H2 PCIe Ports in D3cold (git-fixes).
- phy: hisilicon: Fix an out of bounds check in hisi_inno_phy_probe() (git-fixes).
- pinctrl: amd: Detect internal GPIO0 debounce handling (git-fixes).
- pinctrl: amd: Do not show Invalid config param errors (git-fixes).
- pinctrl: amd: Fix mistake in handling clearing pins at startup (git-fixes).
- pinctrl: amd: Only use special debounce behavior for GPIO 0 (git-fixes).
- pinctrl: amd: Use amd_pinconf_set() for all config options (git-fixes).
- platform/x86: msi-laptop: Fix rfkill out-of-sync on MSI Wind U100 (git-fixes).
- RDMA/bnxt_re: Fix hang during driver unload (git-fixes)
- RDMA/bnxt_re: Prevent handling any completions after qp destroy (git-fixes)
- RDMA/core: Update CMA destination address on rdma_resolve_addr (git-fixes)
- RDMA/irdma: Add missing read barriers (git-fixes)
- RDMA/irdma: Fix data race on CQP completion stats (git-fixes)
- RDMA/irdma: Fix data race on CQP request done (git-fixes)
- RDMA/irdma: Fix op_type reporting in CQEs (git-fixes)
- RDMA/irdma: Report correct WC error (git-fixes)
- RDMA/mlx4: Make check for invalid flags stricter (git-fixes)
- RDMA/mthca: Fix crash when polling CQ for shared QPs (git-fixes)
- regmap: Account for register length in SMBus I/O limits (git-fixes).
- regmap: Drop initial version of maximum transfer length fixes (git-fixes).
- relayfs: fix out-of-bounds access in relay_file_read (bsc#1212502 CVE-2023-3268).
- rxrpc, afs: Fix selection of abort codes (git-fixes).
- s390: introduce nospec_uses_trampoline() (git-fixes bsc#1213870).
- s390/bpf: Add expoline to tail calls (git-fixes bsc#1213870).
- s390/dasd: fix hanging device after quiesce/resume (git-fixes bsc#1213810).
- s390/dasd: print copy pair message only for the correct error (git-fixes bsc#1213872).
- s390/decompressor: specify __decompress() buf len to avoid overflow (git-fixes bsc#1213863).
- s390/ipl: add missing intersection check to ipl_report handling (git-fixes bsc#1213871).
- s390/qeth: Fix vipa deletion (git-fixes bsc#1213713).
- s390/vmem: fix empty page tables cleanup under KASAN (git-fixes bsc#1213715).
- scftorture: Count reschedule IPIs (git-fixes).
- scsi: lpfc: Abort outstanding ELS cmds when mailbox timeout error is detected (bsc#1213756).
- scsi: lpfc: Avoid -Wstringop-overflow warning (bsc#1213756).
- scsi: lpfc: Clean up SLI-4 sysfs resource reporting (bsc#1213756).
- scsi: lpfc: Copyright updates for 14.2.0.14 patches (bsc#1213756).
- scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignment in bsg loopback path (bsc#1213756).
- scsi: lpfc: Fix incorrect big endian type assignments in FDMI and VMID paths (bsc#1213756).
- scsi: lpfc: Fix lpfc_name struct packing (bsc#1213756).
- scsi: lpfc: Make fabric zone discovery more robust when handling unsolicited LOGO (bsc#1213756).
- scsi: lpfc: Pull out fw diagnostic dump log message from driver's trace buffer (bsc#1213756).
- scsi: lpfc: Qualify ndlp discovery state when processing RSCN (bsc#1213756).
- scsi: lpfc: Refactor cpu affinity assignment paths (bsc#1213756).
- scsi: lpfc: Remove extra ndlp kref decrement in FLOGI cmpl for loop topology (bsc#1213756).
- scsi: lpfc: Replace all non-returning strlcpy() with strscpy() (bsc#1213756).
- scsi: lpfc: Replace one-element array with flexible-array member (bsc#1213756).
- scsi: lpfc: Revise ndlp kref handling for dev_loss_tmo_callbk and lpfc_drop_node (bsc#1213756).
- scsi: lpfc: Set Establish Image Pair service parameter only for Target Functions (bsc#1213756).
- scsi: lpfc: Simplify fcp_abort transport callback log message (bsc#1213756).
- scsi: lpfc: Update lpfc version to 14.2.0.14 (bsc#1213756).
- scsi: lpfc: Use struct_size() helper (bsc#1213756).
- scsi: qla2xxx: Adjust IOCB resource on qpair create (bsc#1213747).
- scsi: qla2xxx: Array index may go out of bound (bsc#1213747).
- scsi: qla2xxx: Avoid fcport pointer dereference (bsc#1213747).
- scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() (bsc#1213747).
- scsi: qla2xxx: Correct the index of array (bsc#1213747).
- scsi: qla2xxx: Drop useless LIST_HEAD (bsc#1213747).
- scsi: qla2xxx: Fix buffer overrun (bsc#1213747).
- scsi: qla2xxx: Fix command flush during TMF (bsc#1213747).
- scsi: qla2xxx: Fix deletion race condition (bsc#1213747).
- scsi: qla2xxx: Fix end of loop test (bsc#1213747).
- scsi: qla2xxx: Fix erroneous link up failure (bsc#1213747).
- scsi: qla2xxx: Fix error code in qla2x00_start_sp() (bsc#1213747).
- scsi: qla2xxx: fix inconsistent TMF timeout (bsc#1213747).
- scsi: qla2xxx: Fix NULL pointer dereference in target mode (bsc#1213747).
- scsi: qla2xxx: Fix potential NULL pointer dereference (bsc#1213747).
- scsi: qla2xxx: Fix session hang in gnl (bsc#1213747).
- scsi: qla2xxx: Fix TMF leak through (bsc#1213747).
- scsi: qla2xxx: Limit TMF to 8 per function (bsc#1213747).
- scsi: qla2xxx: Pointer may be dereferenced (bsc#1213747).
- scsi: qla2xxx: Remove unused nvme_ls_waitq wait queue (bsc#1213747).
- scsi: qla2xxx: Replace one-element array with DECLARE_FLEX_ARRAY() helper (bsc#1213747).
- scsi: qla2xxx: Silence a static checker warning (bsc#1213747).
- scsi: qla2xxx: Turn off noisy message log (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.400-k (bsc#1213747).
- scsi: qla2xxx: Update version to 10.02.08.500-k (bsc#1213747).
- scsi: qla2xxx: Use vmalloc_array() and vcalloc() (bsc#1213747).
- selftests: rtnetlink: remove netdevsim device after ipsec offload test (git-fixes).
- serial: qcom-geni: drop bogus runtime pm state update (git-fixes).
- serial: sifive: Fix sifive_serial_console_setup() section (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- sfc: fix XDP queues mode with legacy IRQ (git-fixes).
- sfc: use budget for TX completions (git-fixes).
- soundwire: qcom: update status correctly with mask (git-fixes).
- staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() (git-fixes).
- staging: r8712: Fix memory leak in _r8712_init_xmit_priv() (git-fixes).
- SUNRPC: always free ctxt when freeing deferred request (git-fixes).
- SUNRPC: double free xprt_ctxt while still in use (git-fixes).
- SUNRPC: Fix trace_svc_register() call site (git-fixes).
- SUNRPC: Fix UAF in svc_tcp_listen_data_ready() (git-fixes).
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (git-fixes).
- SUNRPC: remove the maximum number of retries in call_bind_status (git-fixes).
- svcrdma: Prevent page release when nothing was received (git-fixes).
- tpm_tis: Explicitly check for error code (git-fixes).
- tty: n_gsm: fix UAF in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: add earlycon for imx8ulp platform (git-fixes).
- uaccess: Add speculation barrier to copy_from_user() (bsc#1211738 CVE-2023-0459).
- ubifs: Add missing iput if do_tmpfile() failed in rename whiteout (git-fixes).
- ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1 (git-fixes).
- ubifs: Error path in ubifs_remount_rw() seems to wrongly free write buffers (git-fixes).
- ubifs: Fix 'ui->dirty' race between do_tmpfile() and writeback work (git-fixes).
- ubifs: Fix AA deadlock when setting xattr for encrypted file (git-fixes).
- ubifs: Fix build errors as symbol undefined (git-fixes).
- ubifs: Fix deadlock in concurrent rename whiteout and inode writeback (git-fixes).
- ubifs: Fix memory leak in alloc_wbufs() (git-fixes).
- ubifs: Fix memory leak in do_rename (git-fixes).
- ubifs: Fix read out-of-bounds in ubifs_wbuf_write_nolock() (git-fixes).
- ubifs: Fix to add refcount once page is set private (git-fixes).
- ubifs: Fix wrong dirty space budget for dirty inode (git-fixes).
- ubifs: Free memory for tmpfile name (git-fixes).
- ubifs: Re-statistic cleaned znode count if commit failed (git-fixes).
- ubifs: Rectify space amount budget for mkdir/tmpfile operations (git-fixes).
- ubifs: Rectify space budget for ubifs_symlink() if symlink is encrypted (git-fixes).
- ubifs: Rectify space budget for ubifs_xrename() (git-fixes).
- ubifs: Rename whiteout atomically (git-fixes).
- ubifs: rename_whiteout: correct old_dir size computing (git-fixes).
- ubifs: rename_whiteout: Fix double free for whiteout_ui->data (git-fixes).
- ubifs: Reserve one leb for each journal head while doing budget (git-fixes).
- ubifs: setflags: Make dirtied_ino_d 8 bytes aligned (git-fixes).
- ubifs: ubifs_writepage: Mark page dirty after writing inode failed (git-fixes).
- usb: dwc2: platform: Improve error reporting for problems during .remove() (git-fixes).
- usb: dwc3: do not reset device side if dwc3 was configured as host-only (git-fixes).
- usb: dwc3: pci: skip BYT GPIO lookup table for hardwired phy (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- USB: serial: option: add LARA-R6 01B PIDs (git-fixes).
- usb: typec: Iterate pds array when showing the pd list (git-fixes).
- usb: typec: Set port->pd before adding device for typec_port (git-fixes).
- usb: typec: Use sysfs_emit_at when concatenating the string (git-fixes).
- usb: xhci-mtk: set the dma max_seg_size (git-fixes).
- vhost_net: revert upend_idx only on retriable error (git-fixes).
- vhost: support PACKED when setting-getting vring_base (git-fixes).
- virtio_net: Fix error unwinding of XDP initialization (git-fixes).
- virtio-net: Maintain reverse cleanup order (git-fixes).
- wifi: ath11k: add support for suspend in power down state (bsc#1207948).
- wifi: ath11k: handle irq enable/disable in several code path (bsc#1207948).
- wifi: ath11k: handle thermal device registeration together with MAC (bsc#1207948).
- wifi: ath11k: remove MHI LOOPBACK channels (bsc#1207948).
- wifi: ray_cs: Drop useless status variable in parse_addr() (git-fixes).
- wifi: ray_cs: Utilize strnlen() in parse_addr() (git-fixes).
- wl3501_cs: use eth_hw_addr_set() (git-fixes).
- x86/PVH: obtain VGA console info in Dom0 (git-fixes).
- x86/speculation: Add Kconfig option for GDS (bsc#1206418, CVE-2022-40982).
- x86/srso: Add IBPB on VMEXIT (bsc#1213287, CVE-2023-20569).
- x86/srso: Tie SBPB bit setting to microcode patch detection (bsc#1213287, CVE-2023-20569).
- xen/blkfront: Only check REQ_FUA for writes (git-fixes).
- xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() (git-fixes).
- xfs: AIL needs asynchronous CIL forcing (bsc#1211811).
- xfs: async CIL flushes need pending pushes to be made stable (bsc#1211811).
- xfs: attach iclog callbacks in xlog_cil_set_ctx_write_state() (bsc#1211811).
- xfs: CIL work is serialised, not pipelined (bsc#1211811).
- xfs: do not run shutdown callbacks on active iclogs (bsc#1211811).
- xfs: drop async cache flushes from CIL commits (bsc#1211811).
- xfs: factor out log write ordering from xlog_cil_push_work() (bsc#1211811).
- xfs: move the CIL workqueue to the CIL (bsc#1211811).
- xfs: move xlog_commit_record to xfs_log_cil.c (bsc#1211811).
- xfs: order CIL checkpoint start records (bsc#1211811).
- xfs: pass a CIL context to xlog_write() (bsc#1211811).
- xfs: rework xlog_state_do_callback() (bsc#1211811).
- xfs: run callbacks before waking waiters in xlog_state_shutdown_callbacks (bsc#1211811).
- xfs: separate out log shutdown callback processing (bsc#1211811).
- xfs: wait iclog complete before tearing down AIL (bsc#1211811).
- xfs: XLOG_STATE_IOERROR must die (bsc#1211811).
- xhci: Fix resume issue of some ZHAOXIN hosts (git-fixes).
- xhci: Fix TRB prefetch issue of ZHAOXIN hosts (git-fixes).
- xhci: Show ZHAOXIN xHCI root hub speed correctly (git-fixes).
ImportantSUSE bug 1206418SUSE bug 1207129SUSE bug 1207948SUSE bug 1210627SUSE bug 1210780SUSE bug 1210825SUSE bug 1211131SUSE bug 1211738SUSE bug 1211811SUSE bug 1212445SUSE bug 1212502SUSE bug 1212604SUSE bug 1212766SUSE bug 1212901SUSE bug 1213167SUSE bug 1213272SUSE bug 1213287SUSE bug 1213304SUSE bug 1213417SUSE bug 1213578SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213601SUSE bug 1213620SUSE bug 1213632SUSE bug 1213653SUSE bug 1213713SUSE bug 1213715SUSE bug 1213747SUSE bug 1213756SUSE bug 1213759SUSE bug 1213777SUSE bug 1213810SUSE bug 1213812SUSE bug 1213856SUSE bug 1213857SUSE bug 1213863SUSE bug 1213867SUSE bug 1213870SUSE bug 1213871SUSE bug 1213872CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-21400 at SUSECVE-2023-21400 at NVDCVE-2023-2156 at SUSECVE-2023-2156 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-31083 at SUSECVE-2023-31083 at NVDCVE-2023-3268 at SUSECVE-2023-3268 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-38409 at SUSECVE-2023-38409 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4004 at SUSECVE-2023-4004 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Important)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
Update to LTS version 18.17.1.
- CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150).
- CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156).
- CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154).
ImportantSUSE bug 1214150SUSE bug 1214154SUSE bug 1214156CVE-2023-32002 at SUSECVE-2023-32002 at NVDCVE-2023-32006 at SUSECVE-2023-32006 at NVDCVE-2023-32559 at SUSECVE-2023-32559 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20230808 release. (bsc#1214099)
- CVE-2022-40982: Fixed a potential security vulnerability in some Intel? Processors which may allow information disclosure.
- CVE-2023-23908: Fixed a potential security vulnerability in some 3rd Generation Intel? Xeon? Scalable processors which may allow information disclosure.
- CVE-2022-41804: Fixed a potential security vulnerability in some Intel? Xeon? Processors with Intel? Software Guard Extensions (SGX) which may allow escalation of privilege.
ImportantSUSE bug 1206418SUSE bug 1214099CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2022-41804 at SUSECVE-2022-41804 at NVDCVE-2023-23908 at SUSECVE-2023-23908 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Moderate)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
- Update to 12.16
- CVE-2023-39417: Fixed potential SQL injection for trusted extensions. (bsc#1214059)
ModerateSUSE bug 1214059CVE-2023-39417 at SUSECVE-2023-39417 at NVDcpe:/o:opensuse:leap:15.5Security update for janino (Low)openSUSE Leap 15.5
This update for janino fixes the following issues:
janino was upgraded to version 3.1.10:
- CVE-2023-33546: Fixed DoS due to missing error handling (bsc#1211923).
LowSUSE bug 1211923CVE-2023-33546 at SUSECVE-2023-33546 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() bsc#1214019).
The following non-security bugs were fixed:
- arm: spear: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/arm_arch_timer: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/sp804: do not use timer namespace for timer_shutdown() function (bsc#1213970).
- cpufeatures: allow adding more cpuid words
- get module prefix from kmod (bsc#1212835).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: change keyring_serialise_link_sem to a mutex (bsc#1207088).
- keys: fix linking a duplicate key to a keyring's assoc_array (bsc#1207088).
- keys: hoist locking out of __key_link_begin() (bsc#1207088).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- readme.branch: add myself as co-maintainer
- remove more packaging cruft for sle < 12 sp3
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- timers: add shutdown mechanism to the internal functions (bsc#1213970).
- timers: provide timer_shutdown[_sync]() (bsc#1213970).
- timers: rename del_timer() to timer_delete() (bsc#1213970).
- timers: rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: replace bug_on()s (bsc#1213970).
- timers: silently ignore timers with a null function (bsc#1213970).
- timers: split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: update kernel-doc for various functions (bsc#1213970).
- timers: use del_timer_sync() even on up (bsc#1213970).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- usrmerge: Adjust module path in the kernel sources (bsc#1212835).
ImportantSUSE bug 1206418SUSE bug 1207088SUSE bug 1210584SUSE bug 1211738SUSE bug 1211867SUSE bug 1212301SUSE bug 1212741SUSE bug 1212835SUSE bug 1213059SUSE bug 1213167SUSE bug 1213286SUSE bug 1213287SUSE bug 1213546SUSE bug 1213585SUSE bug 1213586SUSE bug 1213588SUSE bug 1213970SUSE bug 1214019CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-0459 at SUSECVE-2023-0459 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDCVE-2023-2985 at SUSECVE-2023-2985 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-35001 at SUSECVE-2023-35001 at NVDCVE-2023-3567 at SUSECVE-2023-3567 at NVDCVE-2023-3609 at SUSECVE-2023-3609 at NVDCVE-2023-3611 at SUSECVE-2023-3611 at NVDCVE-2023-3776 at SUSECVE-2023-3776 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDcpe:/o:opensuse:leap:15.5Security update for postfix (Important)openSUSE Leap 15.5
This update for postfix fixes the following issues:
- CVE-2023-32182: Fixed config_postfix SUSE specific script potentially bad /tmp file usage (bsc#1211196).
- Update to from 3.7.2 to 3.7.3:
- Fixes a bug where some messages were not delivered after 'warning: Unexpected record type 'X'. (bsc#1213515)
ImportantSUSE bug 1211196SUSE bug 1213515CVE-2023-32182 at SUSECVE-2023-32182 at NVDcpe:/o:opensuse:leap:15.5Security update for erlang (Important)openSUSE Leap 15.5
This update for erlang fixes the following issues:
- Replaced the CVE-2022-37026 patch with the one released by the upstream to fix a regression in the previous one. (bsc#1205318)
ImportantSUSE bug 1205318SUSE bug 1207113CVE-2022-37026 at SUSECVE-2022-37026 at NVDcpe:/o:opensuse:leap:15.5Feature update for LibreOffice and xmlsec1 (Important)openSUSE Leap 15.5
This update for LibreOffice and xmlsec1 fixes the following issue:
libreoffice:
- Version update from 7.4.3.2 to 7.5.4.1 (jsc#PED-3561, jsc#PED-3550, jsc#3549):
* For the highlights of changes of version 7.5 please consult the official release notes:
https://wiki.documentfoundation.org/ReleaseNotes/7.5
* Security issues fixed:
+ CVE-2023-0950: Fixed stack underflow in ScInterpreter (bsc#1209242)
+ CVE-2023-2255: Fixed vulnerability where remote documents could be loaded without prompt via IFrame (bsc#1211746)
* Bug fixes:
+ Fix PPTX shadow effect for table offset (bsc#1204040)
+ Fix ability to set the default tab size for each text object (bsc#1198666)
+ Fix PPTX extra vertical space between different text formats (bsc#1200085)
+ Do not use binutils-gold as the package is unmaintained and will be removed in the future (boo#1210687)
* Updated bundled dependencies:
* boost version update from 1_77_0 to 1_80_0
* curl version update from 7.83.1 to 8.0.1
* gpgme version update from 1.16.0 to 1.18.0
* icu4c-data version update from 70_1 to 72_1
* icu4c version update from 70_1 to 72_1
* pdfium version update from 4699 to 5408
* poppler version update from 21.11.0 to 22.12.0
xmlsec1:
- Version update from 1.2.28 to 1.2.37 required by LibreOffice 7.5.2.2 (jsc#PED-3561, jsc#PED-3550):
* Retired the XMLSec mailing list 'xmlsec@aleksey.com' and the XMLSec Online Signature Verifier.
* Migration to OpenSSL 3.0 API Note that OpenSSL engines are disabled by default when XMLSec library is compiled
against OpenSSL 3.0.
To re-enable OpenSSL engines, use `--enable-openssl3-engines` configure flag
(there will be a lot of deprecation warnings).
* The OpenSSL before 1.1.0 and LibreSSL before 2.7.0 are now deprecated and will be removed in the future versions of
XMLSec Library.
* Refactored all the integer casts to ensure cast-safety. Fixed all warnings and enabled `-Werror` and `-pedantic`
flags on CI builds.
* Added configure flag to use size_t for xmlSecSize (currently disabled by default for backward compatibility).
* Support for OpenSSL compiled with OPENSSL_NO_ERR.
* Full support for LibreSSL 3.5.0 and above
* Several other small fixes
* Fix decrypting session key for two recipients
* Added `--privkey-openssl-engine` option to enhance openssl engine support
* Remove MD5 for NSS 3.59 and above
* Fix PKCS12_parse return code handling
* Fix OpenSSL lookup
* xmlSecX509DataGetNodeContent(): don't return 0 for non-empty elements - fix for LibreOffice
* Unload error strings in OpenSSL shutdown.
* Make userData available when executing preExecCallback function
* Add an option to use secure memset.
* Enabled XML_PARSE_HUGE for all xml parsers.
* Various build and tests fixes and improvements.
* Move remaining private header files away from xmlsec/include/`` folder
- Other packaging changes:
* Relax the crypto policies for the test-suite. It allows the tests using certificates with small key lengths to pass.
* Pass `--disable-md5` to configure: The cryptographic strength of the MD5 algorithm is sufficiently doubtful that its
use is discouraged at this time. It is not listed as an algorithm in [XMLDSIG-CORE1]
https://www.w3.org/TR/xmlsec-algorithms/#bib-XMLDSIG-CORE1
ImportantSUSE bug 1198666SUSE bug 1200085SUSE bug 1204040SUSE bug 1209242SUSE bug 1210687SUSE bug 1211746CVE-2023-0950 at SUSECVE-2023-0950 at NVDCVE-2023-2255 at SUSECVE-2023-2255 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.40.5 (bsc#1213905):
- CVE-2023-38133: Fixed information disclosure.
- CVE-2023-38572: Fixed Same-Origin-Policy bypass.
- CVE-2023-38592: Fixed arbitrary code execution.
- CVE-2023-38594: Fixed arbitrary code execution.
- CVE-2023-38595: Fixed arbitrary code execution.
- CVE-2023-38597: Fixed arbitrary code execution.
- CVE-2023-38599: Fixed sensitive user information tracking.
- CVE-2023-38600: Fixed arbitrary code execution.
- CVE-2023-38611: Fixed arbitrary code execution.
Update to version 2.40.3 (bsc#1212863):
- CVE-2023-32439: Fixed a bug where processing maliciously crafted web content may lead to arbitrary code execution. (bsc#1212863)
- CVE-2023-32435: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863)
- CVE-2022-48503: Fixed a bug where processing web content may lead to arbitrary code execution. (bsc#1212863)
ImportantSUSE bug 1212863SUSE bug 1213905CVE-2022-48503 at SUSECVE-2022-48503 at NVDCVE-2023-32435 at SUSECVE-2023-32435 at NVDCVE-2023-32439 at SUSECVE-2023-32439 at NVDCVE-2023-38133 at SUSECVE-2023-38133 at NVDCVE-2023-38572 at SUSECVE-2023-38572 at NVDCVE-2023-38592 at SUSECVE-2023-38592 at NVDCVE-2023-38594 at SUSECVE-2023-38594 at NVDCVE-2023-38595 at SUSECVE-2023-38595 at NVDCVE-2023-38597 at SUSECVE-2023-38597 at NVDCVE-2023-38599 at SUSECVE-2023-38599 at NVDCVE-2023-38600 at SUSECVE-2023-38600 at NVDCVE-2023-38611 at SUSECVE-2023-38611 at NVDcpe:/o:opensuse:leap:15.5Security update for indent (Low)openSUSE Leap 15.5
This update for indent fixes the following issues:
- CVE-2023-40305: Fixed a memory safety issues bug. (bsc#1214243)
LowSUSE bug 1214243CVE-2023-40305 at SUSECVE-2023-40305 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Low)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2023-38559: Fixed out-of-bounds read in devn_pcx_write_rle() that could result in DoS (bsc#1213637).
LowSUSE bug 1213637CVE-2023-38559 at SUSECVE-2023-38559 at NVDcpe:/o:opensuse:leap:15.5Security update for gawk (Low)openSUSE Leap 15.5
This update for gawk fixes the following issues:
- CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025)
LowSUSE bug 1214025CVE-2023-4156 at SUSECVE-2023-4156 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 Fix Pack 10 (bsc#1213541)
- CVE-2022-40609: Fixed an unsafe deserialization flaw which could allow a remote attacker to execute arbitrary code on the system. (bsc#1213934)
- CVE-2023-22041: Fixed a flaw whcih could allow unauthorized access to critical data or complete access. (bsc#1213475)
- CVE-2023-22049: Fixed a flaw which could result in unauthorized update. (bsc#1213482)
- CVE-2023-22045: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213481)
- CVE-2023-22044: Fixed a flaw which could result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. (bsc#1213479)
- CVE-2023-22036: Fixed a flaw which could result in unauthorized ability to cause a partial denial of service. (bsc#1213474)
- CVE-2023-25193: Fixed a flaw which could allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks. (bsc#1207922)
- CVE-2023-22006: Fixed a flaw which could result in unauthorized update, insert or delete access for JDK accessible data. (bsc#1213473)
ImportantSUSE bug 1207922SUSE bug 1213473SUSE bug 1213474SUSE bug 1213475SUSE bug 1213479SUSE bug 1213481SUSE bug 1213482SUSE bug 1213541SUSE bug 1213934SUSE bug 1214431CVE-2022-40609 at SUSECVE-2022-40609 at NVDCVE-2023-22006 at SUSECVE-2023-22006 at NVDCVE-2023-22036 at SUSECVE-2023-22036 at NVDCVE-2023-22041 at SUSECVE-2023-22041 at NVDCVE-2023-22044 at SUSECVE-2023-22044 at NVDCVE-2023-22045 at SUSECVE-2023-22045 at NVDCVE-2023-22049 at SUSECVE-2023-22049 at NVDCVE-2023-25193 at SUSECVE-2023-25193 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Moderate)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u382 (icedtea-3.28.0):
- CVE-2023-22045: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213481).
- CVE-2023-22049: Fixed a difficult to exploit vulnerability that allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK (bsc#1213482).
ModerateSUSE bug 1213481SUSE bug 1213482CVE-2023-22045 at SUSECVE-2023-22045 at NVDCVE-2023-22049 at SUSECVE-2023-22049 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434)
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435)
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433)
ModerateSUSE bug 1027519SUSE bug 1212684SUSE bug 1213616SUSE bug 1214082SUSE bug 1214083CVE-2022-40982 at SUSECVE-2022-40982 at NVDCVE-2023-20569 at SUSECVE-2023-20569 at NVDCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:opensuse:leap:15.5Security update for ca-certificates-mozilla (Important)openSUSE Leap 15.5
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248)
Added:
- Atos TrustedRoot Root CA ECC G2 2020
- Atos TrustedRoot Root CA ECC TLS 2021
- Atos TrustedRoot Root CA RSA G2 2020
- Atos TrustedRoot Root CA RSA TLS 2021
- BJCA Global Root CA1
- BJCA Global Root CA2
- LAWtrust Root CA2 (4096)
- Sectigo Public Email Protection Root E46
- Sectigo Public Email Protection Root R46
- Sectigo Public Server Authentication Root E46
- Sectigo Public Server Authentication Root R46
- SSL.com Client ECC Root CA 2022
- SSL.com Client RSA Root CA 2022
- SSL.com TLS ECC Root CA 2022
- SSL.com TLS RSA Root CA 2022
Removed CAs:
- Chambers of Commerce Root
- E-Tugra Certification Authority
- E-Tugra Global Root CA ECC v3
- E-Tugra Global Root CA RSA v3
- Hongkong Post Root CA 1
ImportantSUSE bug 1214248cpe:/o:opensuse:leap:15.5Security update for clamav (Important)openSUSE Leap 15.5
This update for clamav fixes the following issues:
- Update to 0.103.9
- CVE-2023-20197: Fixed a possible denial of service vulnerability in the HFS+ file parser. (bsc#1214342)
ImportantSUSE bug 1214342CVE-2023-20197 at SUSECVE-2023-20197 at NVDcpe:/o:opensuse:leap:15.5Security update for freetype2 (Moderate)openSUSE Leap 15.5
This update for freetype2 fixes the following issues:
- CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419).
ModerateSUSE bug 1210419CVE-2023-2004 at SUSECVE-2023-2004 at NVDcpe:/o:opensuse:leap:15.5Security update for haproxy (Moderate)openSUSE Leap 15.5
This update for haproxy fixes the following issues:
- CVE-2023-40225: Fixed request smuggling with empty content-length header value (bsc#1214102).
ModerateSUSE bug 1214102CVE-2023-40225 at SUSECVE-2023-40225 at NVDcpe:/o:opensuse:leap:15.5Security update for procps (Low)openSUSE Leap 15.5
This update for procps fixes the following issues:
- CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290).
LowSUSE bug 1214290CVE-2023-4016 at SUSECVE-2023-4016 at NVDcpe:/o:opensuse:leap:15.5Security update for vim (Important)openSUSE Leap 15.5
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 1572.
- CVE-2023-2426: Fixed Out-of-range Pointer Offset use (bsc#1210996).
- CVE-2023-2609: Fixed NULL Pointer Dereference (bsc#1211256).
- CVE-2023-2610: Fixed nteger Overflow or Wraparound (bsc#1211257).
ImportantSUSE bug 1210996SUSE bug 1211256SUSE bug 1211257SUSE bug 1211461CVE-2023-2426 at SUSECVE-2023-2426 at NVDCVE-2023-2609 at SUSECVE-2023-2609 at NVDCVE-2023-2610 at SUSECVE-2023-2610 at NVDcpe:/o:opensuse:leap:15.5Security update for open-vm-tools (Important)openSUSE Leap 15.5
This update for open-vm-tools fixes the following issues:
- CVE-2023-20900: Fixed SAML token signature bypass vulnerability (bsc#1214566).
This update also ships a open-vm-tools-containerinfo plugin. (jsc#PED-3421)
ImportantSUSE bug 1214566CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:opensuse:leap:15.5Security update for exempi (Moderate)openSUSE Leap 15.5
This update for exempi fixes the following issues:
- CVE-2020-18652: Fixed buffer overflow vulnerability in WEBP_Support.cpp (bsc#1214488).
ModerateSUSE bug 1214488CVE-2020-18652 at SUSECVE-2020-18652 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Firefox was updated to Extended Support Release 115.2.0 ESR (MFSA 2023-36) (bsc#1214606).
- CVE-2023-4574: Fixed memory corruption in IPC ColorPickerShownCallback (bmo#1846688)
- CVE-2023-4575: Fixed memory corruption in IPC FilePickerShownCallback (bmo#1846689)
- CVE-2023-4576: Fixed integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694)
- CVE-2023-4577: Fixed memory corruption in JIT UpdateRegExpStatics (bmo#1847397)
- CVE-2023-4051: Fixed full screen notification obscured by file open dialog (bmo#1821884)
- CVE-2023-4578: Fixed Out of Memory Exception in SpiderMonkey could have triggered an (bmo#1839007)
- CVE-2023-4053: Fixed full screen notification obscured by external program (bmo#1839079)
- CVE-2023-4580: Fixed push notifications saved to disk unencrypted (bmo#1843046)
- CVE-2023-4581: Fixed XLL file extensions downloadable without warnings (bmo#1843758)
- CVE-2023-4582: Fixed buffer Overflow in WebGL glGetProgramiv (bmo#1773874)
- CVE-2023-4583: Fixed browsing Context potentially not cleared when closing Private Window (bmo#1842030)
- CVE-2023-4584: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529)
- CVE-2023-4585: Fixed memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2(bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999).
ImportantSUSE bug 1214606CVE-2023-4051 at SUSECVE-2023-4051 at NVDCVE-2023-4053 at SUSECVE-2023-4053 at NVDCVE-2023-4574 at SUSECVE-2023-4574 at NVDCVE-2023-4575 at SUSECVE-2023-4575 at NVDCVE-2023-4576 at SUSECVE-2023-4576 at NVDCVE-2023-4577 at SUSECVE-2023-4577 at NVDCVE-2023-4578 at SUSECVE-2023-4578 at NVDCVE-2023-4580 at SUSECVE-2023-4580 at NVDCVE-2023-4581 at SUSECVE-2023-4581 at NVDCVE-2023-4582 at SUSECVE-2023-4582 at NVDCVE-2023-4583 at SUSECVE-2023-4583 at NVDCVE-2023-4584 at SUSECVE-2023-4584 at NVDCVE-2023-4585 at SUSECVE-2023-4585 at NVDcpe:/o:opensuse:leap:15.5Security update for djvulibre (Low)openSUSE Leap 15.5
This update for djvulibre fixes the following issues:
- CVE-2021-46310: Fixed divide by zero in IW44Image.cpp (bsc#1214670).
- CVE-2021-46312: Fixed divide by zero in IW44EncodeCodec.cpp (bsc#1214672).
LowSUSE bug 1214670SUSE bug 1214672CVE-2021-46310 at SUSECVE-2021-46310 at NVDCVE-2021-46312 at SUSECVE-2021-46312 at NVDcpe:/o:opensuse:leap:15.5Security update for amazon-ecs-init (Important)openSUSE Leap 15.5
This update of amazon-ecs-init fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for keylime (Important)openSUSE Leap 15.5
This update for keylime fixes the following issues:
- CVE-2023-38201: Fixed a bug to avoid leaks of the authorization tag. (bsc#1213314)
ImportantSUSE bug 1213314CVE-2023-38201 at SUSECVE-2023-38201 at NVDcpe:/o:opensuse:leap:15.5Security update for sccache (Important)openSUSE Leap 15.5
This update for sccache fixes the following issues:
- Update to version 0.4.2.
- CVE-2021-45710: Fixed a segmentation fault due to data race in tokio crate. (bsc#1194119)
- CVE-2022-24713: Fixed a ReDoS issue due to vulnerable regex crate. (bsc#1196972)
- CVE-2022-31394: Fixed a DoS issue due to the max header list size not settable. (bsc#1208553)
- CVE-2023-1521: Fixed a local privilege escalation. (bsc#1212407)
ImportantSUSE bug 1181400SUSE bug 1194119SUSE bug 1196972SUSE bug 1208553SUSE bug 1212407CVE-2021-45710 at SUSECVE-2021-45710 at NVDCVE-2022-24713 at SUSECVE-2022-24713 at NVDCVE-2022-31394 at SUSECVE-2022-31394 at NVDCVE-2023-1521 at SUSECVE-2023-1521 at NVDcpe:/o:opensuse:leap:15.5Security update for gsl (Moderate)openSUSE Leap 15.5
This update for gsl fixes the following issues:
- CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681)
ModerateSUSE bug 1214681CVE-2020-35357 at SUSECVE-2020-35357 at NVDcpe:/o:opensuse:leap:15.5Security update for php7 (Important)openSUSE Leap 15.5
This update for php7 fixes the following issues:
- CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106)
- CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103)
ImportantSUSE bug 1214103SUSE bug 1214106CVE-2023-3823 at SUSECVE-2023-3823 at NVDCVE-2023-3824 at SUSECVE-2023-3824 at NVDcpe:/o:opensuse:leap:15.5Security update for busybox (Important)openSUSE Leap 15.5
This update for busybox fixes the following issues:
- CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538)
ImportantSUSE bug 1214538CVE-2022-48174 at SUSECVE-2022-48174 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.18 (Important)openSUSE Leap 15.5
This update of kubernetes1.18 fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for docker (Moderate)openSUSE Leap 15.5
This update for docker fixes the following issues:
- Update to Docker 24.0.5-ce.
See upstream changelong online at
<https://docs.docker.com/engine/release-notes/24.0/#2405> bsc#1213229
- Update to Docker 24.0.4-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2404>. bsc#1213500
- Update to Docker 24.0.3-ce.
See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2403>. bsc#1213120
- Recommend docker-rootless-extras instead of Require(ing) it, given
it's an additional functionality and not inherently required for
docker to function.
- Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless)
- Update to Docker 24.0.2-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/24.0/#2402>. bsc#1212368
* Includes the upstreamed fix for the mount table pollution issue.
bsc#1210797
- Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as
being provided by this package.
- was rebuilt against current GO compiler.
ModerateSUSE bug 1210797SUSE bug 1212368SUSE bug 1213120SUSE bug 1213229SUSE bug 1213500SUSE bug 1214107SUSE bug 1214108SUSE bug 1214109CVE-2023-28840 at SUSECVE-2023-28840 at NVDCVE-2023-28841 at SUSECVE-2023-28841 at NVDCVE-2023-28842 at SUSECVE-2023-28842 at NVDcpe:/o:opensuse:leap:15.5Security update for amazon-ssm-agent (Important)openSUSE Leap 15.5
This update of amazon-ssm-agent fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for php7 (Important)openSUSE Leap 15.5
This update for php7 fixes the following issues:
- CVE-2023-3823: Fixed an issue with external entity loading in XML without enabling it. (bsc#1214106)
- CVE-2023-3824: Fixed a buffer overflow in phar_dir_read(). (bsc#1214103)
ImportantSUSE bug 1214103SUSE bug 1214106CVE-2023-3823 at SUSECVE-2023-3823 at NVDCVE-2023-3824 at SUSECVE-2023-3824 at NVDcpe:/o:opensuse:leap:15.5Security update for libssh2_org (Important)openSUSE Leap 15.5
This update for libssh2_org fixes the following issues:
- CVE-2020-22218: Fixed a bug in _libssh2_packet_add() which allows to access out of bounds memory. (bsc#1214527)
ImportantSUSE bug 1214527CVE-2020-22218 at SUSECVE-2020-22218 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
- Provide/obsolete WebKit2GTK-%{_apiver}-lang (bsc#1214093)
- Have the lang package provide libwebkit2gtk3-lang (bsc#1214093)
- Adjustments of update version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581):
+ Added missing CVE references: CVE-2023-32393, CVE-2023-37450
ImportantSUSE bug 1213379SUSE bug 1213581SUSE bug 1213905SUSE bug 1214093CVE-2023-32393 at SUSECVE-2023-32393 at NVDCVE-2023-37450 at SUSECVE-2023-37450 at NVDcpe:/o:opensuse:leap:15.5Security update for rekor (Important)openSUSE Leap 15.5
This update of rekor fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for geoipupdate (Important)openSUSE Leap 15.5
This update of geoipupdate fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for skopeo (Important)openSUSE Leap 15.5
This update of skopeo fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for icu73_2 (Moderate)openSUSE Leap 15.5
This update for icu73_2 fixes the following issues:
- Update to release 73.2
* CLDR extends the support for “short” Chinese sort orders to
cover some additional, required characters for Level 2. This
is carried over into ICU collation.
* ICU has a modified character conversion table, mapping some
GB18030 characters to Unicode characters that were encoded
after GB18030-2005.
- fixes builds where UCHAR_TYPE is re-defined such as libqt5-qtwebengine
- Update to release 73.1
* Improved Japanese and Korean short-text line breaking
* Reduction of C++ memory use in date formatting
- Update to release 72.1
* Support for Unicode 15, including new characters, scripts,
emoji, and corresponding API constants.
* Support for CLDR 42 locale data with various additions and
corrections.
* Shift to tzdb 2022e. Pre-1970 data for a number of timezones
has been removed.
- bump library packagename to libicu71 to match the version.
- update to 71.1:
* updates to CLDR 41 locale data with various additions and corrections.
* phrase-based line breaking for Japanese. Existing line breaking methods
follow standards and conventions for body text but do not work well for
short Japanese text, such as in titles and headings. This new feature is
optimized for these use cases.
* support for Hindi written in Latin letters (hi_Latn). The CLDR data for
this increasingly popular locale has been significantly revised and
expanded. Note that based on user expectations, hi_Latn incorporates a
large amount of English, and can also be referred to as “Hinglish”.
* time zone data updated to version 2022a. Note that pre-1970 data for a
number of time zones has been removed, as has been the case in the upstream
tzdata release since 2021b.
- ICU-21793 Fix ucptrietest golden diff [bsc#1192935]
- Update to release 70.1:
* Unicode 14 (new characters, scripts, emoji, and API constants)
* CLDR 40 (many additions and corrections)
* Fixes for measurement unit formatting
* Can now be built with up to C++20 compilers
- ICU-21613 Fix undefined behaviour in ComplexUnitsConverter::applyRounder
- Update to release 69.1
* CLDR 39
* For Norwegian, 'no' is back to being the canonical code, with
'nb' treated as equivalent. This aligns handling of Norwegian
with other macro language codes.
* Binary prefixes in measurement units (KiB, MiB, etc.)
* Time zone offsets from local time: New APIs
BasicTimeZone::getOffsetFromLocal() (C++) and
ucal_getTimeZoneOffsetFromLocal()
- Backport ICU-21366 (bsc#1182645)
- Update to release 68.2
* Fix memory problem in FormattedStringBuilder
* Fix assertion when setKeywordValue w/ long value.
* Fix UBSan breakage on 8bit of rbbi
* fix int32_t overflow in listFormat
* Fix memory handling in MemoryPool::operator=()
* Fix memory leak in AliasReplacer
- Add back icu.keyring, see https://unicode-org.atlassian.net/browse/ICU-21361
- Update to release 68.1
* CLDR 38
* Measurement unit preferences
* PluralRules selection for ranges of numbers
* Locale ID canonicalization now conforms to the CLDR spec
including edge cases
* DateIntervalFormat supports output options such as capitalization
* Measurement units are normalized in skeleton string output
* Time zone data (tzdata) version 2020d
- Add the provides for libicu to Make .Net core can install
successfully. (bsc#1167603, bsc#1161007)
- Update to version 67.1
* Unicode 13 (ICU-20893, same as in ICU 66)
+ Total of 5930 new characters
+ 4 new scripts
+ 55 new emoji characters, plus additional new sequences
+ New CJK extension, first characters in plane 3: U+30000..U+3134A
* CLDR 37
+ New language at Modern coverage: Nigerian Pidgin
+ New languages at Basic coverage: Fulah (Adlam), Maithili,
Manipuri, Santali, Sindhi (Devanagari), Sundanese
+ Region containment: EU no longer includes GB
+ Unicode 13 root collation data and Chinese data for collation and transliteration
* DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier (ICU-20442)
* Various other improvements for ECMA-402 conformance
* Number skeletons have a new 'concise' form that can be used in MessageFormat strings (ICU-20418)
* Currency formatting options for formal and other currency display name variants (ICU-20854)
* ListFormatter: new public API to select the style & type (ICU-12863)
* ListFormatter now selects the proper “and”/“or” form for Spanish & Hebrew (ICU-21016)
* Locale ID canonicalization upgraded to implement the complete CLDR spec (ICU-20834, ICU-20272)
* LocaleMatcher: New option to ignore one-way matches (ICU-20936),
and other tweaks to the code (ICU-20916, ICU-20917) and data (from CLDR)
* acceptLanguage() reimplemented via LocaleMatcher (ICU-20700)
* Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category (ICU-21073)
* Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type (ICU-20972),
* and added a few API overloads to reduce the need for reinterpret_cast (ICU-20984).
* Support for manipulating CLDR 37 unit identifiers in MeasureUnit.
* Fix potential integer overflow in UnicodeString:doAppend (bsc#1166844, CVE-2020-10531).
- Update to version 66.1
* Unicode 13 support
* Fix uses of u8'literals' broken by C++20 introduction of
incompatible char8_t type. (ICU-20972)
* use LocalMemory for cmd to prevent use after free
(bsc#1193951 CVE-2020-21913).
- Remove /usr/lib(64)/icu/current [bsc#1158955].
- Update to release 65.1 (jsc#SLE-11118).
* Updated to CLDR 36 locale data with many additions and
corrections, and some new measurement units.
* The Java LocaleMatcher API is improved, and ported to C++.
ModerateSUSE bug 1030253SUSE bug 1095425SUSE bug 1103893SUSE bug 1112183SUSE bug 1146907SUSE bug 1158955SUSE bug 1159131SUSE bug 1161007SUSE bug 1162882SUSE bug 1166844SUSE bug 1167603SUSE bug 1182252SUSE bug 1182645SUSE bug 1192935SUSE bug 1193951SUSE bug 354372SUSE bug 437293SUSE bug 824262CVE-2020-10531 at SUSECVE-2020-10531 at NVDCVE-2020-21913 at SUSECVE-2020-21913 at NVDcpe:/o:opensuse:leap:15.5Security update for terraform-provider-helm (Important)openSUSE Leap 15.5
This update of terraform-provider-helm fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for terraform-provider-null (Important)openSUSE Leap 15.5
This update of terraform-provider-null fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for terraform-provider-aws (Important)openSUSE Leap 15.5
This update of terraform-provider-aws fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Critical)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.2.1 ESR (bsc#1215245).
- CVE-2023-4863: Fixed heap buffer overflow in libwebp (MFSA 2023-40) (bsc#1215231).
The following non-security bug was fixed:
- Fix i586 build by reducing debug info to -g1 (bsc#1210168).
CriticalSUSE bug 1210168SUSE bug 1215231SUSE bug 1215245CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:opensuse:leap:15.5Security update for libwebp (Critical)openSUSE Leap 15.5
This update for libwebp fixes the following issues:
- CVE-2023-4863: Fixed heap buffer overflow (bsc#1215231).
CriticalSUSE bug 1215231CVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:opensuse:leap:15.5Security update for flac (Moderate)openSUSE Leap 15.5
This update for flac fixes the following issues:
- CVE-2020-22219: Fixed a buffer overflow in function bitwriter_grow_ which might allow a remote attacker to run arbitrary code via crafted input to the encoder. (bsc#1214615)
ModerateSUSE bug 1214615CVE-2020-22219 at SUSECVE-2020-22219 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes)
- Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- enable TPM in azure (bsc#1214760)
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi: Allow extra bugsints (bsc#1213927).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs
- rpmsg: glink: Add check for kstrdup (git-fixes).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1203329SUSE bug 1203330SUSE bug 1205462SUSE bug 1206453SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1211220SUSE bug 1212091SUSE bug 1212142SUSE bug 1212423SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213733SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213949SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214073SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214233SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214305SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214404SUSE bug 1214428SUSE bug 1214451SUSE bug 1214659SUSE bug 1214661SUSE bug 1214727SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1214760SUSE bug 1214976CVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:opensuse:leap:15.5Security update for gcc12 (Important)openSUSE Leap 15.5
This update for gcc12 fixes the following issues:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
ImportantSUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Critical)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Security fixes:
- Mozilla Thunderbird 115.2.2 (MFSA 2023-40, bsc#1215245)
- CVE-2023-4863: Fixed heap buffer overflow in libwebp (bmo#1852649).
- Mozilla Thunderbird 115.2 (MFSA 2023-38, bsc#1214606)
- CVE-2023-4573: Memory corruption in IPC CanvasTranslator (bmo#1846687)
- CVE-2023-4574: Memory corruption in IPC ColorPickerShownCallback (bmo#1846688)
- CVE-2023-4575: Memory corruption in IPC FilePickerShownCallback (bmo#1846689)
- CVE-2023-4576: Integer Overflow in RecordedSourceSurfaceCreation (bmo#1846694)
- CVE-2023-4577: Memory corruption in JIT UpdateRegExpStatics (bmo#1847397)
- CVE-2023-4051: Full screen notification obscured by file open dialog (bmo#1821884)
- CVE-2023-4578: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (bmo#1839007)
- CVE-2023-4053: Full screen notification obscured by external program (bmo#1839079)
- CVE-2023-4580: Push notifications saved to disk unencrypted (bmo#1843046)
- CVE-2023-4581: XLL file extensions were downloadable without warnings (bmo#1843758)
- CVE-2023-4582: Buffer Overflow in WebGL glGetProgramiv (bmo#1773874)
- CVE-2023-4583: Browsing Context potentially not cleared when closing Private Window (bmo#1842030)
- CVE-2023-4584: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (bmo#1843968, bmo#1845205, bmo#1846080, bmo#1846526, bmo#1847529)
- CVE-2023-4585: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (bmo#1751583, bmo#1833504, bmo#1841082, bmo#1847904, bmo#1848999)
Other fixes:
Mozilla Thunderbird 115.2.1
* new: Column separators are now shown between all columns in
tree view (bmo#1847441)
* fixed: Crash reporter did not work in Thunderbird Flatpak
(bmo#1843102)
* fixed: New mail notification always opened message in message
pane, even if pane was disabled (bmo#1840092)
* fixed: After moving an IMAP message to another folder, the
incorrect message was selected in the message list
(bmo#1845376)
* fixed: Adding a tag to an IMAP message opened in a tab failed
(bmo#1844452)
* fixed: Junk/Spam folders were not always shown in Unified
Folders mode (bmo#1838672)
* fixed: Middle-clicking a folder or message did not open it in
a background tab, as in previous versions (bmo#1842482)
* fixed: Settings tab visual improvements: Advanced Fonts
dialog, Section headers hidden behind search box
(bmo#1717382,bmo#1846751)
* fixed: Various visual and style fixes
(bmo#1843707,bmo#1849823)
Mozilla Thunderbird 115.2
* new: Thunderbird MSIX packages are now published on
archive.mozilla.org (bmo#1817657)
* changed: Size, Unread, and Total columns are now right-
aligned (bmo#1848604)
* changed: Newsgroup names in message list header are now
abbreviated (bmo#1833298)
* fixed: Message compose window did not apply theme colors to
menus (bmo#1845699)
* fixed: Reading the second new message in a folder cleared the
unread indicator of all other new messages (bmo#1839805)
* fixed: Displayed counts of unread or flagged messages could
become out-of-sync (bmo#1846860)
* fixed: Deleting a message from the context menu with messages
sorted in chronological order and smooth scroll enabled
caused message list to scroll to top (bmo#1843462)
* fixed: Repeatedly switching accounts in Subscribe dialog
caused tree view to stop updating (bmo#1845593)
* fixed: 'Ignore thread' caused message cards to display
incorrectly in message list (bmo#1847966)
* fixed: Creating tags from unified toolbar failed
(bmo#1846336)
* fixed: Cross-folder navigation using F and N did not work
(bmo#1845011)
* fixed: Account Manager did not resize to fit content, causing
'Close' button to become hidden outside bounds of dialog when
too many accounts were listed (bmo#1847555)
* fixed: Remote content exceptions could not be added in
Settings (bmo#1847576)
* fixed: Newsgroup list file did not get updated after adding a
new NNTP server (bmo#1845464)
* fixed: 'Download all headers' option in NNTP 'Download
Headers' dialog was incorrectly selected by default
(bmo#1845457)
* fixed: 'Convert to event/task' was missing from mail context
menu (bmo#1817705)
* fixed: Events and tasks were not shown in some cases despite
being present on remote server (bmo#1827100)
* fixed: Various visual and UX improvements
(bmo#1844244,bmo#1845645)
- Mozilla Thunderbird 115.1.1
* fixed: Some HTML emails printed headers on first page and
message on subsequent pages (bmo#1843628)
* fixed: Deleting messages from message list sometimes scrolled
list to bottom, selecting bottommost message (bmo#1835173)
* fixed: Width of icon columns (like Junk or Starred) in
message list did not adjust when UI density was changed
(bmo#1843014)
* fixed: Old OpenPGP secret keys could not be used to decrypt
messages under certain circumstances (bmo#1835786)
* fixed: When multiple folder modes were active, tab focus
navigated through all folder mode options before reaching
message list (bmo#1842060)
* fixed: Unread message count badge was not displayed on parent
folders of subfolder containing unread messages (bmo#1844534)
* fixed: 'Undo archive' (via Ctrl-Z) did not un-archive
previously archived messages (bmo#1829340)
* fixed: 'New' button dropdown menu in 'Message Filters' dialog
could not be opened via keyboard navigation (bmo#1843511)
* fixed: 'Show New Mail Alert for' input field in 'Customize
New Mail Alert' dialog had zero width when using certain
language packs (bmo#1845832)
* fixed: 'Account Wizard' dialog was too narrow when adding a
news server, partially hiding confirmation buttons
(bmo#1846588)
* fixed: Link Properties and Image Properties dialogs in the
composer were too wide (bmo#1816850)
* fixed: Thunderbird version number and details in 'About'
dialog were not automatically read by screen readers when
first opening dialog (bmo#1847078)
* fixed: Flatpak improvements and bug fixes
(bmo#1825399,bmo#1843094,bmo#1843097)
* fixed: Various visual and UX improvements (bmo#1846262)
CriticalSUSE bug 1214606SUSE bug 1215231SUSE bug 1215245CVE-2023-4051 at SUSECVE-2023-4051 at NVDCVE-2023-4053 at SUSECVE-2023-4053 at NVDCVE-2023-4573 at SUSECVE-2023-4573 at NVDCVE-2023-4574 at SUSECVE-2023-4574 at NVDCVE-2023-4575 at SUSECVE-2023-4575 at NVDCVE-2023-4576 at SUSECVE-2023-4576 at NVDCVE-2023-4577 at SUSECVE-2023-4577 at NVDCVE-2023-4578 at SUSECVE-2023-4578 at NVDCVE-2023-4580 at SUSECVE-2023-4580 at NVDCVE-2023-4581 at SUSECVE-2023-4581 at NVDCVE-2023-4582 at SUSECVE-2023-4582 at NVDCVE-2023-4583 at SUSECVE-2023-4583 at NVDCVE-2023-4584 at SUSECVE-2023-4584 at NVDCVE-2023-4585 at SUSECVE-2023-4585 at NVDCVE-2023-4863 at SUSECVE-2023-4863 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Important)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
The following non-security bugs were fixed:
- kabi/severities: Ignore newly added SRSO mitigation functions
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
ImportantSUSE bug 1203517SUSE bug 1210448SUSE bug 1213543SUSE bug 1213601SUSE bug 1213666SUSE bug 1213927SUSE bug 1213969SUSE bug 1213971SUSE bug 1214149SUSE bug 1214348SUSE bug 1214350SUSE bug 1214451CVE-2022-36402 at SUSECVE-2022-36402 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3812 at SUSECVE-2023-3812 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4132 at SUSECVE-2023-4132 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4385 at SUSECVE-2023-4385 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDcpe:/o:opensuse:leap:15.5Security update for gcc7 (Important)openSUSE Leap 15.5
This update for gcc7 fixes the following issues:
Security issue fixed:
- CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).
Other fixes:
- Fixed KASAN kernel compile. [bsc#1205145]
- Fixed ICE with C++17 code as reported in [bsc#1204505]
- Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517):
- Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
ImportantSUSE bug 1195517SUSE bug 1196861SUSE bug 1204505SUSE bug 1205145SUSE bug 1214052CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Important)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768).
ImportantSUSE bug 1214768CVE-2023-39615 at SUSECVE-2023-39615 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Important)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
Update to go1.20.8 (bsc#1206346).
- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).
- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).
The following non-security bug was fixed:
- Add missing directory pprof html asset directory to package (bsc#1215090).
ImportantSUSE bug 1206346SUSE bug 1215084SUSE bug 1215085SUSE bug 1215090CVE-2023-39318 at SUSECVE-2023-39318 at NVDCVE-2023-39319 at SUSECVE-2023-39319 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
Update to go1.21.1 (bsc#1212475).
- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template (bsc#1215084).
- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).
- CVE-2023-39320: Fixed arbitrary execution in go.mod toolchain directive (bsc#1215086).
- CVE-2023-39321, CVE-2023-39322: Fixed a panic when processing post-handshake message on QUIC connections in crypto/tls (bsc#1215087).
The following non-security bug was fixed:
- Add missing directory pprof html asset directory to package (bsc#1215090).
ImportantSUSE bug 1212475SUSE bug 1215084SUSE bug 1215085SUSE bug 1215086SUSE bug 1215087SUSE bug 1215090CVE-2023-39318 at SUSECVE-2023-39318 at NVDCVE-2023-39319 at SUSECVE-2023-39319 at NVDCVE-2023-39320 at SUSECVE-2023-39320 at NVDCVE-2023-39321 at SUSECVE-2023-39321 at NVDCVE-2023-39322 at SUSECVE-2023-39322 at NVDcpe:/o:opensuse:leap:15.5Security update for cups (Important)openSUSE Leap 15.5
This update for cups fixes the following issues:
- CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204).
- CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254).
ImportantSUSE bug 1214254SUSE bug 1215204CVE-2023-32360 at SUSECVE-2023-32360 at NVDCVE-2023-4504 at SUSECVE-2023-4504 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Important)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- Update to 3.9.18:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
The following non-security bugs were fixed:
- making marshalling of `set` and `frozenset` deterministic (bsc#1211765).
- stabilizing FLAG_REF usage (required for reproduceability (bsc#1213463).
ImportantSUSE bug 1211765SUSE bug 1213463SUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2023-38802: Fixed bad length handling in BGP attribute handling (bsc#1213284).
- CVE-2023-41358: Fixed crash in bgpd/bgp_packet.c (bsc#1214735).
- CVE-2023-41360: Fixed out-of-bounds read in bgpd/bgp_packet.c (bsc#1214739).
- CVE-2023-3748: Fixed inifinite loop in babld message parsing may cause DoS (bsc#1213434).
- CVE-2023-41909: Fixed NULL pointer dereference due to processing in bgp_nlri_parse_flowspec (bsc#1215065).
ImportantSUSE bug 1213284SUSE bug 1213434SUSE bug 1214735SUSE bug 1214739SUSE bug 1215065CVE-2023-3748 at SUSECVE-2023-3748 at NVDCVE-2023-38802 at SUSECVE-2023-38802 at NVDCVE-2023-41358 at SUSECVE-2023-41358 at NVDCVE-2023-41360 at SUSECVE-2023-41360 at NVDCVE-2023-41909 at SUSECVE-2023-41909 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch3 (Moderate)openSUSE Leap 15.5
This update for openvswitch3 fixes the following issues:
- CVE-2023-3153: Fixed service monitor MAC flow is not rate limited (bsc#1212125).
ModerateSUSE bug 1212125CVE-2023-3152 at SUSECVE-2023-3152 at NVDCVE-2023-3153 at SUSECVE-2023-3153 at NVDcpe:/o:opensuse:leap:15.5Security update for redis7 (Low)openSUSE Leap 15.5
This update for redis7 fixes the following issues:
- CVE-2023-41053: Fixed SORT_RO may bypass ACL configuration (bsc#1215094).
LowSUSE bug 1215094CVE-2023-41053 at SUSECVE-2023-41053 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-rails-html-sanitizer (Important)openSUSE Leap 15.5
This update for rubygem-rails-html-sanitizer fixes the following issues:
- CVE-2022-23517: Fixed inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. (bsc#1206433)
- CVE-2022-23518: Fixed XSS via data URIs when used in combination with Loofah. (bsc#1206434)
- CVE-2022-23519: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206435)
- CVE-2022-23520: Fixed XSS vulnerability with certain configurations of Rails::Html::Sanitizer. (bsc#1206436)
ImportantSUSE bug 1206433SUSE bug 1206434SUSE bug 1206435SUSE bug 1206436CVE-2022-23517 at SUSECVE-2022-23517 at NVDCVE-2022-23518 at SUSECVE-2022-23518 at NVDCVE-2022-23519 at SUSECVE-2022-23519 at NVDCVE-2022-23520 at SUSECVE-2022-23520 at NVDcpe:/o:opensuse:leap:15.5Security update for rust, rust1.72 (Moderate)openSUSE Leap 15.5
This update for rust, rust1.72 fixes the following issues:
Changes in rust:
- Update to version 1.72.0 - for details see the rust1.72 package
Changes in rust1.72:
- CVE-2023-40030: fix minor non-exploited issue in cargo (bsc#1214689)
Version 1.72.0 (2023-08-24)
==========================
Language
--------
- Replace const eval limit by a lint and add an exponential backoff warning
- expand: Change how `#![cfg(FALSE)]` behaves on crate root
- Stabilize inline asm for LoongArch64
- Uplift `clippy::undropped_manually_drops` lint
- Uplift `clippy::invalid_utf8_in_unchecked` lint
- Uplift `clippy::cast_ref_to_mut` lint
- Uplift `clippy::cmp_nan` lint
- resolve: Remove artificial import ambiguity errors
- Don't require associated types with Self: Sized bounds in `dyn Trait` objects
Compiler
--------
- Remember names of `cfg`-ed out items to mention them in diagnostics
- Support for native WASM exceptions
- Add support for NetBSD/aarch64-be (big-endian arm64).
- Write to stdout if `-` is given as output file
- Force all native libraries to be statically linked when linking a static binary
- Add Tier 3 support for `loongarch64-unknown-none*`
- Prevent `.eh_frame` from being emitted for `-C panic=abort`
- Support 128-bit enum variant in debuginfo codegen
- compiler: update solaris/illumos to enable tsan support.
Refer to Rust's platform support page for more information on Rust's tiered platform support.
Libraries
---------
- Document memory orderings of `thread::{park, unpark}`
- io: soften ‘at most one write attempt’ requirement in io::Write::write
- Specify behavior of HashSet::insert
- Relax implicit `T: Sized` bounds on `BufReader<T>`, `BufWriter<T>` and `LineWriter<T>`
- Update runtime guarantee for `select_nth_unstable`
- Return `Ok` on kill if process has already exited
- Implement PartialOrd for `Vec`s over different allocators
- Use 128 bits for TypeId hash
- Don't drain-on-drop in DrainFilter impls of various collections.
- Make `{Arc,Rc,Weak}::ptr_eq` ignore pointer metadata
Rustdoc
-------
- Allow whitespace as path separator like double colon
- Add search result item types after their name
- Search for slices and arrays by type with `[]`
- Clean up type unification and 'unboxing'
Stabilized APIs
---------------
- `impl<T: Send> Sync for mpsc::Sender<T>`
- `impl TryFrom<&OsStr> for &str`
- `String::leak`
These APIs are now stable in const contexts:
- `CStr::from_bytes_with_nul`
- `CStr::to_bytes`
- `CStr::to_bytes_with_nul`
- `CStr::to_str`
Cargo
-----
- Enable `-Zdoctest-in-workspace` by default. When running each documentation
test, the working directory is set to the root directory of the package the
test belongs to.
- Add support of the 'default' keyword to reset previously set `build.jobs`
parallelism back to the default.
Compatibility Notes
-------------------
- Alter `Display` for `Ipv6Addr` for IPv4-compatible addresses
- Cargo changed feature name validation check to a hard error. The warning was
added in Rust 1.49. These extended characters aren't allowed on crates.io, so
this should only impact users of other registries, or people who don't publish
to a registry.
ModerateSUSE bug 1214689CVE-2023-40030 at SUSECVE-2023-40030 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
- Expand lang sub-package in spec file unconditionally to handle
previous name change from WebKit2GTK-lang to WebKitGTK-lang. This
change affected the automatic generated Requires tag on
WebKit2GTK-%{_apiver}, then getting out of sync of what's being
required and what's being provided. Now, any sub-package that was
providing WebKit2GTK-%{_apiver} will provide WebKitGTK-%{_apiver}
instead (bsc#1214835, bsc#1214640, bsc#1214093).
- Require libwaylandclient0 >= 1.20. 15.4 originally had 1.19.0,
but webkitgtk uses a function added in 1.20.0, so we need to
ensure that the wayland update is pulled in (bsc#1215072).
- Update to version 2.40.5 (bsc#1213905 bsc#1213379 bsc#1213581
bsc#1215230):
CVE-2023-38594, CVE-2023-38595, CVE-2023-38597,
CVE-2023-38599, CVE-2023-38600, CVE-2023-38611,
CVE-2023-40397, CVE-2023-37450, CVE-2023-28198,
CVE-2023-32370
ImportantSUSE bug 1213379SUSE bug 1213581SUSE bug 1213905SUSE bug 1214093SUSE bug 1214640SUSE bug 1214835SUSE bug 1215072SUSE bug 1215230CVE-2023-28198 at SUSECVE-2023-28198 at NVDCVE-2023-32370 at SUSECVE-2023-32370 at NVDCVE-2023-37450 at SUSECVE-2023-37450 at NVDCVE-2023-38594 at SUSECVE-2023-38594 at NVDCVE-2023-38595 at SUSECVE-2023-38595 at NVDCVE-2023-38597 at SUSECVE-2023-38597 at NVDCVE-2023-38599 at SUSECVE-2023-38599 at NVDCVE-2023-38600 at SUSECVE-2023-38600 at NVDCVE-2023-38611 at SUSECVE-2023-38611 at NVDCVE-2023-40397 at SUSECVE-2023-40397 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Moderate)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
- Wireshark update to v3.6.16.
- CVE-2023-4512: Fixed a bug in CBOR dissector which could lead to crash. (bsc#1214561)
- CVE-2023-4511: Fixed a bug in BT SDP dissector which could lead to an infinite loop. (bsc#1214560)
- CVE-2023-4513: Fixed a bug in BT SDP dissector which could lead to a memory leak. (bsc#1214562)
- CVE-2023-2906: Fixed a bug in CP2179 dissector which could lead to crash. (bsc#1214652)
ModerateSUSE bug 1214560SUSE bug 1214561SUSE bug 1214562SUSE bug 1214652CVE-2023-2906 at SUSECVE-2023-2906 at NVDCVE-2023-4511 at SUSECVE-2023-4511 at NVDCVE-2023-4512 at SUSECVE-2023-4512 at NVDCVE-2023-4513 at SUSECVE-2023-4513 at NVDcpe:/o:opensuse:leap:15.5Security update for wire (Important)openSUSE Leap 15.5
This update of wire fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for rubygem-actionview-5_1 (Important)openSUSE Leap 15.5
This update for rubygem-actionview-5_1 fixes the following issues:
- CVE-2023-23913: Fixed DOM Based Cross-site Scripting in rails-ujs (bsc#1209826).
ImportantSUSE bug 1209826CVE-2023-23913 at SUSECVE-2023-23913 at NVDcpe:/o:opensuse:leap:15.5Security update for containerd (Important)openSUSE Leap 15.5
This update of containerd fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for ffmpeg (Moderate)openSUSE Leap 15.5
This update for ffmpeg fixes the following issues:
- CVE-2021-28429: Fixed Integer overflow vulnerability in av_timecode_make_string in libavutil/timecode.c (bsc#1214246).
ModerateSUSE bug 1214246CVE-2021-28429 at SUSECVE-2021-28429 at NVDcpe:/o:opensuse:leap:15.5Security update for busybox (Important)openSUSE Leap 15.5
This update for busybox fixes the following issues:
- CVE-2022-48174: Fixed stack overflow vulnerability. (bsc#1214538)
ImportantSUSE bug 1214538CVE-2022-48174 at SUSECVE-2022-48174 at NVDcpe:/o:opensuse:leap:15.5Security update for bind (Important)openSUSE Leap 15.5
This update for bind fixes the following issues:
Update to release 9.16.44:
- CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472).
Update to release 9.16.43
* Processing already-queued queries received over TCP could cause
an assertion failure, when the server was reconfigured at the
same time or the cache was being flushed. This has been fixed.
ImportantSUSE bug 1215472CVE-2023-3341 at SUSECVE-2023-3341 at NVDcpe:/o:opensuse:leap:15.5Security update for supportutils (Moderate)openSUSE Leap 15.5
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
ModerateSUSE bug 1181477SUSE bug 1196933SUSE bug 1204942SUSE bug 1205533SUSE bug 1206402SUSE bug 1206608SUSE bug 1207543SUSE bug 1207598SUSE bug 1208928SUSE bug 1209979SUSE bug 1210015SUSE bug 1210950SUSE bug 1211598SUSE bug 1211599SUSE bug 1213127CVE-2022-45154 at SUSECVE-2022-45154 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Important)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)
ImportantSUSE bug 1215026CVE-2023-38039 at SUSECVE-2023-38039 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- Update to 3.10.13.
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692)
The following non-security bug was fixed:
- stabilizing FLAG_REF usage (required for reproduceability (bsc#1213463).
ImportantSUSE bug 1213463SUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:opensuse:leap:15.5Security update for binutils (Important)openSUSE Leap 15.5
This update for binutils fixes the following issues:
Update to version 2.41 [jsc#PED-5778]:
* The MIPS port now supports the Sony Interactive Entertainment Allegrex
processor, used with the PlayStation Portable, which implements the MIPS
II ISA along with a single-precision FPU and a few implementation-specific
integer instructions.
* Objdump's --private option can now be used on PE format files to display the
fields in the file header and section headers.
* New versioned release of libsframe: libsframe.so.1. This release introduces
versioned symbols with version node name LIBSFRAME_1.0. This release also
updates the ABI in an incompatible way: this includes removal of
sframe_get_funcdesc_with_addr API, change in the behavior of
sframe_fre_get_ra_offset and sframe_fre_get_fp_offset APIs.
* SFrame Version 2 is now the default (and only) format version supported by
gas, ld, readelf and objdump.
* Add command-line option, --strip-section-headers, to objcopy and strip to
remove ELF section header from ELF file.
* The RISC-V port now supports the following new standard extensions:
- Zicond (conditional zero instructions)
- Zfa (additional floating-point instructions)
- Zvbb, Zvbc, Zvkg, Zvkned, Zvknh[ab], Zvksed, Zvksh, Zvkn, Zvknc, Zvkng,
Zvks, Zvksc, Zvkg, Zvkt (vector crypto instructions)
* The RISC-V port now supports the following vendor-defined extensions:
- XVentanaCondOps
* Add support for Intel FRED, LKGS and AMX-COMPLEX instructions.
* A new .insn directive is recognized by x86 gas.
* Add SME2 support to the AArch64 port.
* The linker now accepts a command line option of --remap-inputs
<PATTERN>=<FILE> to relace any input file that matches <PATTERN> with
<FILE>. In addition the option --remap-inputs-file=<FILE> can be used to
specify a file containing any number of these remapping directives.
* The linker command line option --print-map-locals can be used to include
local symbols in a linker map. (ELF targets only).
* For most ELF based targets, if the --enable-linker-version option is used
then the version of the linker will be inserted as a string into the .comment
section.
* The linker script syntax has a new command for output sections: ASCIZ 'string'
This will insert a zero-terminated string at the current location.
* Add command-line option, -z nosectionheader, to omit ELF section
header.
- Contains fixes for these non-CVEs (not security bugs per upstreams
SECURITY.md):
* bsc#1209642 aka CVE-2023-1579 aka PR29988
* bsc#1210297 aka CVE-2023-1972 aka PR30285
* bsc#1210733 aka CVE-2023-2222 aka PR29936
* bsc#1213458 aka CVE-2021-32256 aka PR105039 (gcc)
* bsc#1214565 aka CVE-2020-19726 aka PR26240
* bsc#1214567 aka CVE-2022-35206 aka PR29290
* bsc#1214579 aka CVE-2022-35205 aka PR29289
* bsc#1214580 aka CVE-2022-44840 aka PR29732
* bsc#1214604 aka CVE-2022-45703 aka PR29799
* bsc#1214611 aka CVE-2022-48065 aka PR29925
* bsc#1214619 aka CVE-2022-48064 aka PR29922
* bsc#1214620 aka CVE-2022-48063 aka PR29924
* bsc#1214623 aka CVE-2022-47696 aka PR29677
* bsc#1214624 aka CVE-2022-47695 aka PR29846
* bsc#1214625 aka CVE-2022-47673 aka PR29876
- This only existed only for a very short while in SLE-15, as the main
variant in devel:gcc subsumed this in binutils-revert-rela.diff.
Hence:
- Document fixed CVEs:
* bsc#1208037 aka CVE-2023-25588 aka PR29677
* bsc#1208038 aka CVE-2023-25587 aka PR29846
* bsc#1208040 aka CVE-2023-25585 aka PR29892
* bsc#1208409 aka CVE-2023-0687 aka PR29444
- Enable bpf-none cross target and add bpf-none to the multitarget
set of supported targets.
- Disable packed-relative-relocs for old codestreams. They generate
buggy relocations when binutils-revert-rela.diff is active.
[bsc#1206556]
- Disable ZSTD debug section compress by default.
- Enable zstd compression algorithm (instead of zlib)
for debug info sections by default.
- Pack libgprofng only for supported platforms.
- Move libgprofng-related libraries to the proper locations (packages).
- Add --without=bootstrap for skipping of bootstrap (faster testing
of the package).
- Remove broken arm32-avoid-copyreloc.patch to fix [gcc#108515]
Update to version 2.40:
* Objdump has a new command line option --show-all-symbols which will make it
display all symbols that match a given address when disassembling. (Normally
only the first symbol that matches an address is shown).
* Add --enable-colored-disassembly configure time option to enable colored
disassembly output by default, if the output device is a terminal. Note,
this configure option is disabled by default.
* DCO signed contributions are now accepted.
* objcopy --decompress-debug-sections now supports zstd compressed debug
sections. The new option --compress-debug-sections=zstd compresses debug
sections with zstd.
* addr2line and objdump --dwarf now support zstd compressed debug sections.
* The dlltool program now accepts --deterministic-libraries and
--non-deterministic-libraries as command line options to control whether or
not it generates deterministic output libraries. If neither of these options
are used the default is whatever was set when the binutils were configured.
* readelf and objdump now have a newly added option --sframe which dumps the
SFrame section.
* Add support for Intel RAO-INT instructions.
* Add support for Intel AVX-NE-CONVERT instructions.
* Add support for Intel MSRLIST instructions.
* Add support for Intel WRMSRNS instructions.
* Add support for Intel CMPccXADD instructions.
* Add support for Intel AVX-VNNI-INT8 instructions.
* Add support for Intel AVX-IFMA instructions.
* Add support for Intel PREFETCHI instructions.
* Add support for Intel AMX-FP16 instructions.
* gas now supports --compress-debug-sections=zstd to compress
debug sections with zstd.
* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
that selects the default compression algorithm
for --enable-compressed-debug-sections.
* Add support for various T-Head extensions (XTheadBa, XTheadBb, XTheadBs,
XTheadCmo, XTheadCondMov, XTheadFMemIdx, XTheadFmv, XTheadInt, XTheadMemIdx,
XTheadMemPair, XTheadMac, and XTheadSync) from version 2.0 of the T-Head
ISA manual, which are implemented in the Allwinner D1.
* Add support for the RISC-V Zawrs extension, version 1.0-rc4.
* Add support for Cortex-X1C for Arm.
* New command line option --gsframe to generate SFrame unwind information
on x86_64 and aarch64 targets.
* The linker has a new command line option to suppress the generation of any
warning or error messages. This can be useful when there is a need to create
a known non-working binary. The option is -w or --no-warnings.
* ld now supports zstd compressed debug sections. The new option
--compress-debug-sections=zstd compresses debug sections with zstd.
* Add --enable-default-compressed-debug-sections-algorithm={zlib,zstd}
that selects the default compression algorithm
for --enable-compressed-debug-sections.
* Remove support for -z bndplt (MPX prefix instructions).
- Includes fixes for these CVEs:
* bsc#1206080 aka CVE-2022-4285 aka PR29699
- Enable by default: --enable-colored-disassembly.
- fix build on x86_64_vX platforms
ImportantSUSE bug 1200962SUSE bug 1206080SUSE bug 1206556SUSE bug 1208037SUSE bug 1208038SUSE bug 1208040SUSE bug 1208409SUSE bug 1209642SUSE bug 1210297SUSE bug 1210733SUSE bug 1213458SUSE bug 1214565SUSE bug 1214567SUSE bug 1214579SUSE bug 1214580SUSE bug 1214604SUSE bug 1214611SUSE bug 1214619SUSE bug 1214620SUSE bug 1214623SUSE bug 1214624SUSE bug 1214625CVE-2020-19726 at SUSECVE-2020-19726 at NVDCVE-2021-32256 at SUSECVE-2021-32256 at NVDCVE-2022-35205 at SUSECVE-2022-35205 at NVDCVE-2022-35206 at SUSECVE-2022-35206 at NVDCVE-2022-4285 at SUSECVE-2022-4285 at NVDCVE-2022-44840 at SUSECVE-2022-44840 at NVDCVE-2022-45703 at SUSECVE-2022-45703 at NVDCVE-2022-47673 at SUSECVE-2022-47673 at NVDCVE-2022-47695 at SUSECVE-2022-47695 at NVDCVE-2022-47696 at SUSECVE-2022-47696 at NVDCVE-2022-48063 at SUSECVE-2022-48063 at NVDCVE-2022-48064 at SUSECVE-2022-48064 at NVDCVE-2022-48065 at SUSECVE-2022-48065 at NVDCVE-2023-0687 at SUSECVE-2023-0687 at NVDCVE-2023-1579 at SUSECVE-2023-1579 at NVDCVE-2023-1972 at SUSECVE-2023-1972 at NVDCVE-2023-2222 at SUSECVE-2023-2222 at NVDCVE-2023-25585 at SUSECVE-2023-25585 at NVDCVE-2023-25587 at SUSECVE-2023-25587 at NVDCVE-2023-25588 at SUSECVE-2023-25588 at NVDcpe:/o:opensuse:leap:15.5Security update for mutt (Moderate)openSUSE Leap 15.5
This update for mutt fixes the following issues:
- CVE-2023-4874: Fixed NULL pointer dereference when composing an email (bsc#1215189).
- CVE-2023-4875: Fixed NULL pointer dereference when receiving an email (bsc#1215191).
ModerateSUSE bug 1215189SUSE bug 1215191CVE-2023-4874 at SUSECVE-2023-4874 at NVDCVE-2023-4875 at SUSECVE-2023-4875 at NVDcpe:/o:opensuse:leap:15.5Security update for python-brotlipy (Moderate)openSUSE Leap 15.5
This update for python-brotlipy fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
ModerateSUSE bug 1175825CVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Important)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:opensuse:leap:15.5Security update for xrdp (Moderate)openSUSE Leap 15.5
This update for xrdp fixes the following issues:
- CVE-2023-40184: Fixed restriction bypass via improper session handling (bsc#1214805). ModerateSUSE bug 1214805CVE-2023-40184 at SUSECVE-2023-40184 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
ImportantSUSE bug 1215145SUSE bug 1215474CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDcpe:/o:opensuse:leap:15.5Security update for exempi (Moderate)openSUSE Leap 15.5
This update for exempi fixes the following issues:
- CVE-2020-18651: Fixed a buffer overflow in ID3 support (bsc#1214486).
ModerateSUSE bug 1214486CVE-2020-18651 at SUSECVE-2020-18651 at NVDcpe:/o:opensuse:leap:15.5Securitys update for open-vm-tools (Important)openSUSE Leap 15.5
This update for open-vm-tools fixes the following issues:
Update to 12.3.0 (build 22234872) (bsc#1214850)
- There are no new features in the open-vm-tools 12.3.0 release. This is
primarily a maintenance release that addresses a few critical problems,
including:
- This release integrates CVE-2023-20900 without the need for a patch.
For more information on this vulnerability and its impact on VMware
products, see
https://www.vmware.com/security/advisories/VMSA-2023-0019.html.
- A tools.conf configuration setting is available to temporaily direct
Linux quiesced snaphots to restore pre open-vm-tools 12.2.0 behavior
of ignoring file systems already frozen.
- Building of the VMware Guest Authentication Service (VGAuth) using
'xml-security-c' and 'xerces-c' is being deprecated.
- A number of Coverity reported issues have been addressed.
- A number of GitHub issues and pull requests have been handled.
Please see the Resolves Issues section of the Release Notes.
- For issues resolved in this release, see the Resolved Issues section
of the Release Notes.
- For complete details, see:
https://github.com/vmware/open-vm-tools/releases/tag/stable-12.3.0
- Release Notes are available at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- The granular changes that have gone into the 12.3.0 release are in the
ChangeLog at
https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/open-vm-tools/ChangeLog
- Fix (bsc#1205927) - hv_vmbus module is loaded unnecessarily in VMware guests
- jsc#PED-1344 - reinable building containerinfo plugin for SLES 15 SP4.
ImportantSUSE bug 1205927SUSE bug 1214850CVE-2023-20900 at SUSECVE-2023-20900 at NVDcpe:/o:opensuse:leap:15.5Security update for quagga (Important)openSUSE Leap 15.5
This update for quagga fixes the following issues:
- CVE-2023-38802: Fixed bad length handling in BGP attribute handling (bsc#1213284).
- CVE-2023-41358: Fixed possible crash when processing NLRIs if the attribute length is zero
(bsc#1214735).
ImportantSUSE bug 1213284SUSE bug 1214735CVE-2023-38802 at SUSECVE-2023-38802 at NVDCVE-2023-41358 at SUSECVE-2023-41358 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20-openssl (Important)openSUSE Leap 15.5
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.8 (bsc#1206346).
- CVE-2023-29409: Fixed unrestricted RSA keys in certificates (bsc#1213880).
- CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template (bsc#1215085).
- CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts (bsc#1215084).
The following non-security bug was fixed:
- Add missing directory pprof html asset directory to package (bsc#1215090).
ImportantSUSE bug 1206346SUSE bug 1213880SUSE bug 1215084SUSE bug 1215085SUSE bug 1215090CVE-2023-29409 at SUSECVE-2023-29409 at NVDCVE-2023-39318 at SUSECVE-2023-39318 at NVDCVE-2023-39319 at SUSECVE-2023-39319 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.19-openssl (Important)openSUSE Leap 15.5
This update for go1.19-openssl fixes the following issues:
Update to version 1.19.13 (bsc#1200441).
- CVE-2023-29409: Fixed unrestricted RSA keys in certificates (bsc#1213880).
- CVE-2023-29406: Fixed insufficient sanitization of Host header (bsc#1213229).
The following non-security bug was fixed:
- Add missing directory pprof html asset directory to package (bsc#1215090).
ImportantSUSE bug 1200441SUSE bug 1213229SUSE bug 1213880SUSE bug 1215090CVE-2023-29406 at SUSECVE-2023-29406 at NVDCVE-2023-29409 at SUSECVE-2023-29409 at NVDcpe:/o:opensuse:leap:15.5Security update for gsl (Moderate)openSUSE Leap 15.5
This update for gsl fixes the following issues:
- CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681)
ModerateSUSE bug 1214681CVE-2020-35357 at SUSECVE-2020-35357 at NVDcpe:/o:opensuse:leap:15.5Security update for pmix (Moderate)openSUSE Leap 15.5
This update for pmix fixes the following issues:
- CVE-2023-41915: Fixed a potential vulnerability where a `chown` may follow a
user-created link (bsc#1215190).
- Install pmix-plugin-munge if munge is installed. ModerateSUSE bug 1215190CVE-2023-41915 at SUSECVE-2023-41915 at NVDcpe:/o:opensuse:leap:15.5Security update for salt (Moderate)openSUSE Leap 15.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)
- CVE-2023-20898: Fixed Git Providers can read from the wrong environment because they get the same cache directory base
name. (bsc#1214797, bsc#1193948)
Bugs fixed:
- Create minion_id with reproducible mtime
- Fix broken tests to make them running in the testsuite
- Fix detection of Salt codename by 'salt_version' execution module
- Fix inconsistency in reported version by egg-info metadata (bsc#1215489)
- Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)
- Fix the regression of user.present state when group is unset (bsc#1212855)
- Fix utf8 handling in 'pass' renderer and make it more robust
- Fix zypper repositories always being reconfigured
- Make sure configured user is properly set by Salt (bsc#1210994)
- Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)
- Revert usage of long running REQ channel to prevent possible missing responses on requests and duplicated responses
(bsc#1213960, bsc#1213630, bsc#1213257)
ModerateSUSE bug 1193948SUSE bug 1210994SUSE bug 1212794SUSE bug 1212844SUSE bug 1212855SUSE bug 1213257SUSE bug 1213441SUSE bug 1213630SUSE bug 1213960SUSE bug 1214796SUSE bug 1214797SUSE bug 1215489CVE-2023-20897 at SUSECVE-2023-20897 at NVDCVE-2023-20898 at SUSECVE-2023-20898 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Important)openSUSE Leap 15.5
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Security issues fixed:
* CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501)
* CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270)
* CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046)
- Changes and bugs fixed:
* Updated to 1.0.0 (jsc#PED-5405)
+ Improved flag parsing
+ Added support for custom headers
* Changes from 0.13.1
+ Fix panic caused by missing flagConfig options
* Added AppArmor profile
* Added sandboxing options to systemd service unit
* Build using promu
* Build with Go 1.19
* Exclude s390 architecture
golang-github-prometheus-prometheus:
- This update introduces breaking changes. Please, read carefully the provided informations.
- Security issues fixed:
* CVE-2022-41723: Fix uncontrolled resource consumption by updating Go to version 1.20.1 (bsc#1208298)
- Updated to 2.45.0 (jsc#PED-5406):
* [FEATURE] API: New limit parameter to limit the number of items returned by `/api/v1/status/tsdb` endpoint
* [FEATURE] Config: Add limits to global config
* [FEATURE] Consul SD: Added support for `path_prefix`
* [FEATURE] Native histograms: Add option to scrape both classic and native histograms.
* [FEATURE] Native histograms: Added support for two more arithmetic operators `avg_over_time` and `sum_over_time`
* [FEATURE] Promtool: When providing the block id, only one block will be loaded and analyzed
* [FEATURE] Remote-write: New Azure ad configuration to support remote writing directly to Azure Monitor workspace
* [FEATURE] TSDB: Samples per chunk are now configurable with flag `storage.tsdb.samples-per-chunk`. By default set
to its former value 120
* [ENHANCEMENT] Native histograms: bucket size can now be limited to avoid scrape fails
* [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL sooner
* [BUGFIX] Native histograms: ChunkSeries iterator now checks if a new sample can be appended to the open chunk
* [BUGFIX] Native histograms: Fix Histogram Appender `Appendable()` segfault
* [BUGFIX] Native histograms: Fix setting reset header to gauge histograms in seriesToChunkEncoder
* [BUGFIX] TSDB: Tombstone intervals are not modified after Get() call
* [BUGFIX] TSDB: Use path/filepath to set the WAL directory.
- Changes from 2.44.0:
* [FEATURE] Remote-read: Handle native histograms
* [FEATURE] Promtool: Health and readiness check of prometheus server in CLI
* [FEATURE] PromQL: Add `query_samples_total` metric, the total number of samples loaded by all queries
* [ENHANCEMENT] Storage: Optimise buffer used to iterate through samples
* [ENHANCEMENT] Scrape: Reduce memory allocations on target labels
* [ENHANCEMENT] PromQL: Use faster heap method for `topk()` / `bottomk()`
* [ENHANCEMENT] Rules API: Allow filtering by rule name
* [ENHANCEMENT] Native Histograms: Various fixes and improvements
* [ENHANCEMENT] UI: Search of scraping pools is now case-insensitive
* [ENHANCEMENT] TSDB: Add an affirmative log message for successful WAL repair
* [BUGFIX] TSDB: Block compaction failed when shutting down
* [BUGFIX] TSDB: Out-of-order chunks could be ignored if the write-behind log was deleted
- Changes from 2.43.1
* [BUGFIX] Labels: Set() after Del() would be ignored, which broke some relabeling rules
- Changes from 2.43.0:
* [FEATURE] Promtool: Add HTTP client configuration to query commands
* [FEATURE] Scrape: Add `include_scrape_configs` to include scrape configs from different files
* [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from proxied requests
* [FEATURE] HTTP client: Add `proxy_from_enviroment` to read proxies from env variables
* [ENHANCEMENT] API: Add support for setting lookback delta per query via the API
* [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499 if a request is canceled
* [ENHANCEMENT] Scrape: Allow exemplars for all metric types
* [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders size
* [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot with index that is ahead of WAL
* [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to be more comprehensible
* [ENHANCEMENT] UI: Scope `group by` labels to metric in autocompletion
* [BUGFIX] Scrape: Fix `prometheus_target_scrape_pool_target_limit` metric not set before reloading
* [BUGFIX] TSDB: Correctly update `prometheus_tsdb_head_chunks_removed_total` and `prometheus_tsdb_head_chunks`
metrics when reading WAL
* [BUGFIX] TSDB: Use the correct unit (seconds) when recording out-of-order append deltas in the
`prometheus_tsdb_sample_ooo_delta` metric
- Changes from 2.42.0:
This release comes with a new feature coverage for native histograms and breaking changes.
If you are trying native histograms already, we recommend you remove the `wal` directory when upgrading. Because the
old WAL record for native histograms is not backward compatible in v2.42.0, this will lead to some data loss for the
latest data. Additionally, if you scrape 'float histograms' or use recording rules on native histograms in v2.42.0
(which writes float histograms), it is a one-way street since older versions do not support float histograms.
* [CHANGE] **breaking** TSDB: Changed WAL record format for the experimental native histograms
* [FEATURE] Add 'keep_firing_for' field to alerting rules
* [FEATURE] Promtool: Add support of selecting timeseries for TSDB dump
* [ENHANCEMENT] Agent: Native histogram support.
* [ENHANCEMENT] Rules: Support native histograms in recording rules
* [ENHANCEMENT] SD: Add container ID as a meta label for pod targets for Kubernetes
* [ENHANCEMENT] SD: Add VM size label to azure service discovery
* [ENHANCEMENT] Support native histograms in federation
* [ENHANCEMENT] TSDB: Add gauge histogram support
* [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that represents buckets as float64 values
* [ENHANCEMENT] UI: Show individual scrape pools on /targets page
- Changes from 2.41.0:
* [FEATURE] Relabeling: Add keepequal and dropequal relabel actions
* [FEATURE] Add support for HTTP proxy headers
* [ENHANCEMENT] Reload private certificates when changed on disk
* [ENHANCEMENT] Add max_version to specify maximum TLS version in tls_config
* [ENHANCEMENT] Add goos and goarch labels to prometheus_build_info
* [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs
* [ENHANCEMENT] SD: Add new metric prometheus_sd_file_watcher_errors_total
* [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling
* [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in iterators
* [ENHANCEMENT] TSDB: Optimize postings offset table reading
* [BUGFIX] Scrape: Validate the metric name, label names, and label values after relabeling
* [BUGFIX] Remote Write receiver and rule manager: Fix error handling
- Changes from 2.40.7:
* [BUGFIX] TSDB: Fix queries involving negative buckets of native histograms
- Changes from 2.40.5:
* [BUGFIX] TSDB: Fix queries involving native histograms due to improper reset of iterators
- Changes from 2.40.3:
* [BUGFIX] TSDB: Fix compaction after a deletion is called
- Changes from 2.40.2:
* [BUGFIX] UI: Fix black-on-black metric name color in dark mode
- Changes from 2.40.1:
* [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit architecture
* [BUGFIX] Scrape: Fix accept headers
- Changes from 2.40.0:
* [FEATURE] Add experimental support for native histograms.
Enable with the flag --enable-feature=native-histograms.
* [FEATURE] SD: Add service discovery for OVHcloud
* [ENHANCEMENT] Kubernetes SD: Use protobuf encoding
* [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved sorting speed
* [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds __meta_consul_partition label. Adds partition
config in consul_sd_config
* [BUGFIX] API: Fix API error codes for /api/v1/labels and /api/v1/series
- Changes from 2.39.1:
* [BUGFIX] Rules: Fix notifier relabel changing the labels on active alerts
- Changes from 2.39.0:
* [FEATURE] experimental TSDB: Add support for ingesting out-of-order samples. This is configured via
out_of_order_time_window field in the config file; check config file docs for more info
* [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also respond to a HEAD request on top of existing
GET support.
* [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.
* [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.
* [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region label.
* [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.
* [ENHANCEMENT] TSDB: Improve WAL replay timings.
* [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary data in the memory.
* [ENHANCEMENT] TSDB: Allow overlapping blocks by default.
--storage.tsdb.allow-overlapping-blocks now has no effect.
* [ENHANCEMENT] UI: Click to copy label-value pair from query result to clipboard.
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
* [BUGFIX] PromQL: Properly close file descriptor when logging unfinished queries.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
- Changes from 2.38.0:
* [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint that allows pretty-formatting PromQL expressions.
* [FEATURE]: UI: Add support for formatting PromQL expressions in the UI.
* [FEATURE]: DNS SD: Support MX records for discovering targets.
* [FEATURE]: Templates: Add toTime() template function that allows converting sample timestamps to
Go time.Time values
* [ENHANCEMENT]: Kubernetes SD: Add
__meta_kubernetes_service_port_number meta label indicating the service port number.
__meta_kubernetes_pod_container_image meta label indicating the container image.
* [ENHANCEMENT]: PromQL: When a query panics, also log the query itself alongside the panic message.
* [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve the contrast ratio.
* [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding locks and using atomic types instead.
* [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature flag, which omits or removes any default HTTP (:80)
or HTTPS (:443) ports in the target's scrape address.
* [BUGFIX]: TSDB: In the WAL watcher metrics, expose the
type='exemplar' label instead of type='unknown' for exemplar records.
* [BUGFIX]: TSDB: Fix race condition around allocating series IDs during chunk snapshot loading.
golang-github-QubitProducts-exporter_exporter:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
grafana:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
prometheus-blackbox_exporter:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
prometheus-postgres_exporter:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
python-pyvmomi:
- Preparing submission to SUSE:SLE-15-SP3:Update as part of ECO PED-3623.
spacecmd:
- Updated to 4.3.23-1
* Update translation strings
supportutils-plugin-susemanager-client:
- Updated to 4.3.3-1
* Write configured crypto-policy in supportconfig
* Add cloud and Pay-as-you-go checks
uyuni-common-libs:
- Updated to 4.3.9-1
* Workaround for python3-debian bug about collecting control file (bsc#1211525, bsc#1208692)
ImportantSUSE bug 1204501SUSE bug 1208046SUSE bug 1208270SUSE bug 1208298SUSE bug 1208692SUSE bug 1211525SUSE bug 1213880CVE-2022-32149 at SUSECVE-2022-32149 at NVDCVE-2022-41723 at SUSECVE-2022-41723 at NVDCVE-2022-46146 at SUSECVE-2022-46146 at NVDCVE-2023-29409 at SUSECVE-2023-29409 at NVDcpe:/o:opensuse:leap:15.5Security update for grafana (Important)openSUSE Leap 15.5
This update for grafana fixes the following issues:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
ImportantSUSE bug 1213880CVE-2023-29409 at SUSECVE-2023-29409 at NVDcpe:/o:opensuse:leap:15.5Security update for iperf (Important)openSUSE Leap 15.5
This update for iperf fixes the following issues:
- update to 3.15 (bsc#1215662, ESNET-SECADV-2023-0002):
* Several bugs that could allow the iperf3 server to hang waiting
for input on the control connection has been fixed
(ESnet Software Security Advisory ESNET-SECADV-2023-0002)
* A bug that caused garbled output with UDP tests on 32-bit hosts
has been fixed (PR #1554, PR #1556). This bug was introduced in
iperf-3.14.
* A bug in counting UDP messages has been fixed
- update to 3.14 (bsc#1213430, CVE-2023-38403):
* fixes a memory allocation hazard that allowed a remote user to
crash an iperf3 process
* see https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
- update to 3.13:
* Added missing bind_dev getter and setter.
* a fix for A resource leak bug in function iperf_create_pidfile (#1443)
* doc: Fix copy-and-paste error leading to wrong error message
* Fix crash on rcv-timeout with JSON logfile
- update to 3.12:
* cJSON has been updated to version 1.7.15 (#1383).
* The --bind <host>%<dev> option syntax now works properly (#1360 /
* A server-side file descriptor leak with the --logfile option has
been fixed (#1369 / #1360 / #1369 / #1389 / #1393).
* A bug that caused some large values from TCP_INFO to be misprinted
as negative numbers has been fixed (#1372).
* Using the -k or -n flags with --reverse no longer leak into future
tests (#1363 / #1364).
* There are now various debug level options available with the
--debug option. These can be used to adjust the amount of
debugging output (#1327).
* A new --snd-timeout option has been added to set a termination
timeout for idle TCP connections (#1215 / #1282).
* iperf3 is slightly more robust to out-of-order packets during UDP
connection setup in --reverse mode (#914 / #1123 / #1182 / #1212 /
* iperf3 will now use different ports for each direction when the
--cport and --bdir options are set (#1249 / #1259).
* The iperf3 server will now exit if it can't open its log file
* Various help message and output fixes have been made (#1299 /
* Various compiler warnings have been fixed (#1211 / #1316).
* Operation of bootstrap.sh has been fixed and simplified (#1335 /
* Flow label support / compatibility under Linux has been improved
* Various minor memory leaks have been fixed (#1332 / #1333).
* A getter/setter has been added for the bind_port parameter
(--cport option). (#1303, #1305)
* Various internal documentation improvements (#1265 / #1285 / #1304).
- update to 3.11:
* Update links to Discussions in documentation
* Fix DSCP so that TOS = DSCP * 4 (#1162)
* Fix --bind-dev for TCP streams (#1153)
* Fix interface specification so doesn't overlap with IPv6 link-local addresses for -c and -B (#1157, #1180)
* Add get/set test_unit_format function declaration to iperf_api.h
* Auto adjustment of test-end condition for file transfers (-F), if no end condition is set,
it will automatically adjust it to file size in bytes
* Exit if idle time expires waiting for a connection in one-off mode (#1187, #1197)
* Support zerocopy by reverse mode (#1204)
* Update help and manpage text for #1157, support bind device
* Consistently print target_bandwidth in JSON start section (#1177)
* Test bitrate added to JSON output (#1168)
* Remove fsync call after every write to receiving --file (#1176, #1159)
* Update documentation for -w (#1175)
* Fix for #952, different JSON object names for bidir reverse channel
- update to 3.10.1:
* Fixed a problem with autoconf scripts that made builds fail in
some environments (#1154 / #1155).
* GNU autoconf 2.71 or newer is now required to regenerate iperf3's
configure scripts.
- update to 3.10:
* Fix a bug where some --reverse tests didn't terminate (#982 /
#1054).
* Responsiveness of control connections is slightly improved (#1045
/ #1046 / #1063).
* The allowable clock skew when doing authentication between client
and server is now configurable with the new --time-skew-threshold
(#1065 / #1070).
* Bitrate throttling using the -b option now works when a burst size
is specified (#1090).
* A bug with calculating CPU utilization has been fixed (#1076 /
#1077).
* A --bind-dev option to support binding sockets to a given network
interface has been added to make iperf3 work better with
multi-homed machines and/or VRFs (#817 / #1089 / #1097).
* --pidfile now works with --client mode (#1110).
* The server is now less likely to get stuck due to network errors
(#1101, #1125), controlled by the new --rcv-timeout option.
* Fixed a few bugs in termination conditions for byte or
block-limited tests (#1113, #1114, #1115).
* Added tcp_info.snd_wnd to JSON output (#1148).
* Some bugs with garbled JSON output have been fixed (#1086, #1118,
#1143 / #1146).
* Support for setting the IPv4 don't-fragment (DF) bit has been
added with the new --dont-fragment option (#1119).
* A failure with not being able to read the congestion control
algorithm under WSL1 has been fixed (#1061 / #1126).
* Error handling and error messages now make more sense in cases
where sockets were not successfully opened (#1129 / #1132 /
#1136, #1135 / #1138, #1128 / #1139).
* Some buffer overflow hazards were fixed (#1134).
* It is now possible to use the API to set/get the congestion
control algorithm (#1036 / #1112).
- update to 3.9:
* A --timestamps flag has been added, which prepends a timestamp to
each output line. An optional argument to this flag, which is a
format specification to strftime(3), allows for custom timestamp
formats (#909, #1028).
* A --server-bitrate-limit flag has been added as a server-side
command-line argument. It allows a server to enforce a maximum
throughput rate; client connections that specify a higher bitrate
or exceed this bitrate during a test will be terminated. The
bitrate is expressed in bits per second, with an optional trailing
slash and integer count that specifies an averaging interval over
which to enforce the limit (#999).
* A bug that caused increased CPU usage with the --bidir option has
been fixed (#1011).
* Fixed various minor memory leaks (#1023).
- update to 3.8.1
* Minor bugfixes and enhancements
- update to 3.7
* Support for simultaneous bidirectional tests with the --bidir flag
* Use POSIX standard clock_gettime(3) interface for timekeeping where
available
* Passwords for authentication can be provided via environment
variable
* Specifying --repeating-payload and --reverse now works
* Failed authentication doesn't count for --one-off
* Several memory leaks related to authenticated use were fixed
* The delay for tearing down the control connection for the default
timed tests has been increased, to more gracefully handle
high-delay paths
* Various improvements to the libiperf APIs
* Fixed build behavior when OpenSSL is absent
* Portability fixes
- update to 3.6
* A new --extra-data option can be used to fill in a user-defined
string field that appears in JSON output.
* A new --repeating-payload option makes iperf3 use a payload pattern
similar to that used by iperf2, which could help in recreating
results that might be affected by payload entropy (for example,
compression).
* -B now works properly with SCTP tests.
* A compile fix for Solaris 10 was added.
* Some minor bug fixes for JSON output. In particular, warnings for
debug and/or verbose modes with --json output and a fix for
JSON output on CentOS 6
* This maintenance release adds a -1 flag to make the iperf3
execute a single test and exit, needed for an upcoming bwctl
there is only one stream.
ImportantSUSE bug 1215662CVE-2023-38403 at SUSECVE-2023-38403 at NVDcpe:/o:opensuse:leap:15.5Security update for Golang Prometheus (Important)openSUSE Leap 15.5
This update for Golang Prometheus fixes the following issues:
golang-github-prometheus-alertmanager:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
golang-github-prometheus-node_exporter:
- CVE-2023-29409: Restrict RSA keys in certificates to less than or equal to 8192 bits to avoid DoSing client/server
while validating signatures for extremely large RSA keys. (bsc#1213880)
There are no direct source changes. The CVE is fixed rebuilding the sources with the patched Go version.
ImportantSUSE bug 1213880CVE-2023-29409 at SUSECVE-2023-29409 at NVDcpe:/o:opensuse:leap:15.5Security update for libqb (Moderate)openSUSE Leap 15.5
This update for libqb fixes the following issues:
- CVE-2023-39976: Fixed potential buffer overflow with long log messages (bsc#1214066).
ModerateSUSE bug 1214066CVE-2023-39976 at SUSECVE-2023-39976 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 115.3.0 ESR (MFSA 2023-42, bsc#1215575):
Security fixes:
- CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1 (bmo#1846683).
- CVE-2023-5169: Out-of-bounds write in PathOps (bmo#1846685).
- CVE-2023-5171: Use-after-free in Ion Compiler (bmo#1851599).
- CVE-2023-5174: Double-free in process spawning on Windows (bmo#1848454).
- CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (bmo#1836353, bmo#1842674, bmo#1843824, bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983, bmo#1851195).
Other fixes:
- Fix broken build with newer binutils (bsc#1215309)
ImportantSUSE bug 1215309SUSE bug 1215575CVE-2023-5168 at SUSECVE-2023-5168 at NVDCVE-2023-5169 at SUSECVE-2023-5169 at NVDCVE-2023-5171 at SUSECVE-2023-5171 at NVDCVE-2023-5174 at SUSECVE-2023-5174 at NVDCVE-2023-5176 at SUSECVE-2023-5176 at NVDcpe:/o:opensuse:leap:15.5Security update for python (Important)openSUSE Leap 15.5
This update for python fixes the following issues:
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
ImportantSUSE bug 1214692CVE-2023-40217 at SUSECVE-2023-40217 at NVDcpe:/o:opensuse:leap:15.5Security update for python311 (Important)openSUSE Leap 15.5
This update for python311 fixes the following issues:
Update to 3.11.5.
- CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692).
- CVE-2023-41105: Fixed input truncation on null bytes in os.path.normpath (bsc#1214693).
ImportantSUSE bug 1214692SUSE bug 1214693CVE-2023-40217 at SUSECVE-2023-40217 at NVDCVE-2023-41105 at SUSECVE-2023-41105 at NVDcpe:/o:opensuse:leap:15.5Security update for libvpx (Important)openSUSE Leap 15.5
This update for libvpx fixes the following issues:
- CVE-2023-5217: Fixed a heap buffer overflow (bsc#1215778).
ImportantSUSE bug 1215778CVE-2023-5217 at SUSECVE-2023-5217 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Mozilla Firefox was updated to 115.3.1 ESR, fixing a security issue:
MFSA 2023-44 (bsc#1215814)
* CVE-2023-5217: Fixed a heap buffer overflow in libvpx
ImportantSUSE bug 1215814CVE-2023-5217 at SUSECVE-2023-5217 at NVDcpe:/o:opensuse:leap:15.5Security update for runc (Important)openSUSE Leap 15.5
This update of runc fixes the following issues:
- Update to runc v1.1.8.
Upstream changelog is available from
<https://github.com/opencontainers/runc/releases/tag/v1.1.8>.
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475cpe:/o:opensuse:leap:15.5Security update for libeconf (Important)openSUSE Leap 15.5
This update for libeconf fixes the following issues:
Update to version 0.5.2.
- CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078).
- CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)
ImportantSUSE bug 1211078CVE-2023-22652 at SUSECVE-2023-22652 at NVDCVE-2023-30078 at SUSECVE-2023-30078 at NVDCVE-2023-30079 at SUSECVE-2023-30079 at NVDCVE-2023-32181 at SUSECVE-2023-32181 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-puma (Important)openSUSE Leap 15.5
This update for rubygem-puma fixes the following issues:
- CVE-2023-40175: Fixed HTTP request smuggling when parsing chunked transfer encoding bodies and zero-length content-length headers (bsc#1214425).
ImportantSUSE bug 1214425CVE-2023-40175 at SUSECVE-2023-40175 at NVDcpe:/o:opensuse:leap:15.5Security update for libX11 (Moderate)openSUSE Leap 15.5
This update for libX11 fixes the following issues:
- CVE-2023-43786: Fixed stack exhaustion from infinite recursion in PutSubImage() (bsc#1215684).
- CVE-2023-43787: Fixed integer overflow in XCreateImage() leading to a heap overflow (bsc#1215685).
- CVE-2023-43785: Fixed out-of-bounds memory access in _XkbReadKeySyms() (bsc#1215683).
ModerateSUSE bug 1215683SUSE bug 1215684SUSE bug 1215685CVE-2023-43785 at SUSECVE-2023-43785 at NVDCVE-2023-43786 at SUSECVE-2023-43786 at NVDCVE-2023-43787 at SUSECVE-2023-43787 at NVDcpe:/o:opensuse:leap:15.5Security update for libXpm (Moderate)openSUSE Leap 15.5
This update for libXpm fixes the following issues:
- CVE-2023-43788: Fixed an out of bounds read when creating an image
(bsc#1215686).
- CVE-2023-43789: Fixed an out of bounds read when parsing an XPM file
with a corrupted colormap (bsc#1215687).
ModerateSUSE bug 1215686SUSE bug 1215687CVE-2023-43788 at SUSECVE-2023-43788 at NVDCVE-2023-43789 at SUSECVE-2023-43789 at NVDcpe:/o:opensuse:leap:15.5Security update for libraw (Moderate)openSUSE Leap 15.5
This update for libraw fixes the following issues:
- CVE-2020-22628: Fixed buffer overflow vulnerability in LibRaw::stretch() function in libraw\src\postprocessing\aspect_ratio.cpp. (bsc#1215308)
ModerateSUSE bug 1215308CVE-2020-22628 at SUSECVE-2020-22628 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Created new preempt kernel flavor Configs are cloned from the respective $arch/default configs. All changed configs appart from CONFIG_PREEMPT->y are a result of dependencies, namely many lock/unlock primitives are no longer inlined in the preempt kernel. TREE_RCU has been also changed to PREEMPT_RCU which is the default implementation for PREEMPT kernel.
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523)
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes)
- Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes).
- SMB3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi: Allow extra bugsints (bsc#1213927).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs
- rpmsg: glink: Add check for kstrdup (git-fixes).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1120059SUSE bug 1177719SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1203329SUSE bug 1203330SUSE bug 1205462SUSE bug 1206453SUSE bug 1208902SUSE bug 1208949SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210448SUSE bug 1211220SUSE bug 1212091SUSE bug 1212142SUSE bug 1212423SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213733SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213949SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214073SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214233SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214305SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214404SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214727SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1214976SUSE bug 1215522SUSE bug 1215523SUSE bug 1215552SUSE bug 1215553CVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDcpe:/o:opensuse:leap:15.5Security update for python-reportlab (Important)openSUSE Leap 15.5
This update for python-reportlab fixes the following issues:
- CVE-2019-19450: Fixed an issue which allowed remote code execution via start_unichar in paraparser.py evaluating untrusted user input. (bsc#1215560)
ImportantSUSE bug 1215560CVE-2019-19450 at SUSECVE-2019-19450 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Important)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2023-43115: Fixed remote code execution via crafted PostScript documents in gdevijs.c (bsc#1215466).
ImportantSUSE bug 1215466CVE-2023-43115 at SUSECVE-2023-43115 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-38457: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203330).
- CVE-2022-40133: Fixed a use-after-free vulnerability in vmwgfx driver that allowed a local attacker to cause a denial of service (bsc#1203329).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995 CVE-2023-1192).
- CVE-2023-1859: Fixed a use-after-free flaw in xen_9pfs_front_removet that could lead to system crash and kernel information leak (bsc#1210169).
- CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448).
- CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927).
- CVE-2023-2177: Fixed null pointer dereference issue in the sctp network protocol that could lead to system crash or DoS (bsc#1210643).
- CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666).
- CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149).
- CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970).
- CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971).
- CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968).
- CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019).
- CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120).
- CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350).
- CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451).
- CVE-2023-4563: Fixed use-after-free in nft_verdict_dump due to a race between set GC and transaction (bsc#1214727).
- CVE-2023-4569: Fixed information leak in nft_set_catchall_flush in net/netfilter/nf_tables_api.c (bsc#1214729).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
The following non-security bugs were fixed:
- ACPI/IORT: Update SMMUv3 DeviceID support (bsc#1214305).
- ACPI: processor: perflib: Avoid updating frequency QoS unnecessarily (git-fixes).
- ACPI: processor: perflib: Use the 'no limit' frequency QoS (git-fixes).
- ACPI: x86: s2idle: Fix a logic error parsing AMD constraints table (git-fixes).
- ALSA: ac97: Fix possible error value of *rac97 (git-fixes).
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/cs8409: Support new Dell Dolphin Variants (git-fixes).
- ALSA: hda/realtek - Remodified 3k pull low procedure (git-fixes).
- ALSA: hda/realtek: Add quirk for HP Victus 16-d1xxx to enable mute LED (git-fixes).
- ALSA: hda/realtek: Add quirk for mute LEDs on HP ENVY x360 15-eu0xxx (git-fixes).
- ALSA: hda/realtek: Add quirks for HP G11 Laptops (git-fixes).
- ALSA: hda/realtek: Switch Dell Oasis models to use SPI (git-fixes).
- ALSA: pcm: Fix missing fixup call in compat hw_refine ioctl (git-fixes).
- ALSA: usb-audio: Add support for Mythware XA001AU capture and playback interfaces (git-fixes).
- ALSA: usb-audio: Fix init call orders for UAC1 (git-fixes).
- ALSA: ymfpci: Fix the missing snd_card_free() call at probe error (git-fixes).
- ARM: dts: imx6dl: prtrvt, prtvt7, prti6q, prtwd2: fix USB related warnings (git-fixes).
- ARM: dts: imx6sll: fixup of operating points (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- ASoC: SOF: Intel: fix SoundWire/HDaudio mutual exclusion (git-fixes).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82SJ (git-fixes).
- ASoC: lower 'no backend DAIs enabled for ... Port' log severity (git-fixes).
- ASoC: meson: axg-tdm-formatter: fix channel slot allocation (git-fixes).
- ASoC: rt5665: add missed regulator_bulk_disable (git-fixes).
- ASoC: stac9766: fix build errors with REGMAP_AC97 (git-fixes).
- ASoC: tegra: Fix SFC conversion for few rates (git-fixes).
- Bluetooth: Fix potential use-after-free when clear keys (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free (git-fixes).
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (git-fixes).
- Bluetooth: Remove unused declaration amp_read_loc_info() (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- Bluetooth: btusb: Add MT7922 bluetooth ID for the Asus Ally (git-fixes).
- Bluetooth: btusb: Do not call kfree_skb() under spin_lock_irqsave() (git-fixes).
- Bluetooth: nokia: fix value check in nokia_bluetooth_serdev_probe() (git-fixes).
- CONFIG_NVME_VERBOSE_ERRORS=y gone with a82baa8083b
- CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 gone with 7e152d55123
- Documentation: devices.txt: Fix minors for ttyCPM* (git-fixes).
- Documentation: devices.txt: Remove ttyIOC* (git-fixes).
- Documentation: devices.txt: Remove ttySIOC* (git-fixes).
- Drivers: hv: Do not remap addresses that are above shared_gpa_boundary (bsc#1206453).
- Drivers: hv: Enable vmbus driver for nested root partition (bsc#1206453).
- Drivers: hv: Explicitly request decrypted in vmap_pfn() calls (bsc#1206453).
- Drivers: hv: Setup synic registers in case of nested root partition (bsc#1206453).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (bsc#1206453).
- Drivers: hv: vmbus: Remove second mapping of VMBus monitor pages (bsc#1206453).
- Drivers: hv: vmbus: Remove second way of mapping ring buffers (bsc#1206453).
- Drivers: hv: vmbus: Remove the per-CPU post_msg_page (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523)
- Drop cfg80211 lock fix patches that caused a regression (bsc#1213757)
- Drop rtsx patch that caused a regression (bsc#1214397,bsc#1214428)
- Enable Analog Devices Industrial Ethernet PHY driver (jsc#PED-4759)
- HID: add quirk for 03f0:464a HP Elite Presenter Mouse (git-fixes).
- HID: logitech-dj: Fix error handling in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- HID: logitech-hidpp: Add USB and Bluetooth IDs for the Logitech G915 TKL Keyboard (git-fixes).
- HID: multitouch: Correct devm device reference for hidinput input_dev name (git-fixes).
- HID: wacom: remove the battery when the EKR is off (git-fixes).
- HWPOISON: offline support: fix spelling in Documentation/ABI/ (git-fixes).
- IB/hfi1: Fix possible panic during hotplug remove (git-fixes)
- IB/uverbs: Fix an potential error pointer dereference (git-fixes)
- Input: exc3000 - properly stop timer on shutdown (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: s390: fix sthyi error handling (git-fixes bsc#1214370).
- Kbuild: add -Wno-shift-negative-value where -Wextra is used (bsc#1214756).
- Kbuild: move to -std=gnu11 (bsc#1214756).
- PCI/ASPM: Avoid link retraining race (git-fixes).
- PCI/ASPM: Factor out pcie_wait_for_retrain() (git-fixes).
- PCI/ASPM: Return 0 or -ETIMEDOUT from pcie_retrain_link() (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- PCI: Mark NVIDIA T4 GPUs to avoid bus reset (git-fixes).
- PCI: acpiphp: Reassign resources on bridge if necessary (git-fixes).
- PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus (git-fixes).
- PCI: hv: Enable PCI pass-thru devices in Confidential VMs (bsc#1206453).
- PCI: hv: Replace retarget_msi_interrupt_params with (bsc#1206453).
- PCI: meson: Remove cast between incompatible function type (git-fixes).
- PCI: microchip: Correct the DED and SEC interrupt bit offsets (git-fixes).
- PCI: microchip: Remove cast between incompatible function type (git-fixes).
- PCI: pciehp: Use RMW accessors for changing LNKCTL (git-fixes).
- PCI: rockchip: Remove writes to unused registers (git-fixes).
- PCI: s390: Fix use-after-free of PCI resources with per-function hotplug (git-fixes).
- PCI: tegra194: Fix possible array out of bounds access (git-fixes).
- PM / devfreq: Fix leak in devfreq_dev_release() (git-fixes).
- RDMA/bnxt_re: Fix error handling in probe failure path (git-fixes)
- RDMA/bnxt_re: Fix max_qp count for virtual functions (git-fixes)
- RDMA/efa: Fix wrong resources deallocation order (git-fixes)
- RDMA/hns: Fix CQ and QP cache affinity (git-fixes)
- RDMA/hns: Fix incorrect post-send with direct wqe of wr-list (git-fixes)
- RDMA/hns: Fix port active speed (git-fixes)
- RDMA/irdma: Prevent zero-length STAG registration (git-fixes)
- RDMA/irdma: Replace one-element array with flexible-array member (git-fixes)
- RDMA/mlx5: Return the firmware result upon destroying QP/RQ (git-fixes)
- RDMA/qedr: Remove a duplicate assignment in irdma_query_ah() (git-fixes)
- RDMA/siw: Balance the reference of cep->kref in the error path (git-fixes)
- RDMA/siw: Correct wrong debug message (git-fixes)
- RDMA/umem: Set iova in ODP flow (git-fixes)
- README.BRANCH: Add Miroslav Franc as a SLE15-SP4 co-maintainer.
- Revert 'IB/isert: Fix incorrect release of isert connection' (git-fixes)
- Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (git-fixes).
- Revert 'scsi: qla2xxx: Fix buffer overrun' (bsc#1214928).
- Revert 'tracing: Add '(fault)' name injection to kernel probes' (git-fixes).
- Update patches.suse/cpufreq-intel_pstate-Fix-cpu-pstate.turbo_freq-initi.patch (git-fixes bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- amba: bus: fix refcount leak (git-fixes).
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: dts: imx8mn-var-som: add missing pull-up for onboard PHY reset pinmux (git-fixes).
- arm64: dts: qcom: qrb5165-rb5: fix thermal zone conflict (git-fixes).
- arm64: dts: rockchip: Disable HS400 for eMMC on ROCK Pi 4 (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- audit: fix possible soft lockup in __audit_inode_child() (git-fixes).
- backlight/bd6107: Compare against struct fb_info.device (git-fixes).
- backlight/gpio_backlight: Compare against struct fb_info.device (git-fixes).
- backlight/lv5207lp: Compare against struct fb_info.device (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- batman-adv: Do not get eth header before batadv_check_management_packet (git-fixes).
- batman-adv: Do not increase MTU when set by user (git-fixes).
- batman-adv: Fix TT global entry leak when client roamed back (git-fixes).
- batman-adv: Fix batadv_v_ogm_aggr_send memory leak (git-fixes).
- batman-adv: Hold rtnl lock during MTU update via netlink (git-fixes).
- batman-adv: Trigger events for auto adjusted MTU (git-fixes).
- bnx2x: fix page fault following EEH recovery (bsc#1214299).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- bpf: Disable preemption in bpf_event_output (git-fixes).
- bpftool: Print newline before '}' for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- bus: mhi: host: Skip MHI reset if device is in RDDM (git-fixes).
- bus: ti-sysc: Fix build warning for 64-bit build (git-fixes).
- bus: ti-sysc: Fix cast to enum warning (git-fixes).
- bus: ti-sysc: Flush posted write on enable before reset (git-fixes).
- can: gs_usb: gs_usb_receive_bulk_callback(): count RX overflow errors also in case of OOM (git-fixes).
- ceph: defer stopping mdsc delayed_work (bsc#1214392).
- ceph: do not check for quotas on MDS stray dirs (bsc#1214238).
- ceph: never send metrics if disable_send_metrics is set (bsc#1214180).
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- cifs: add missing return value check for cifs_sb_tlink (bsc#1193629).
- cifs: allow dumping keys for directories too (bsc#1193629).
- cifs: fix mid leak during reconnection after timeout threshold (git-fixes).
- cifs: if deferred close is disabled then close files immediately (git-fixes).
- cifs: is_network_name_deleted should return a bool (bsc#1193629).
- cifs: update internal module version number for cifs.ko (bsc#1193629).
- clk: Fix slab-out-of-bounds error in devm_clk_release() (git-fixes).
- clk: Fix undefined reference to `clk_rate_exclusive_{get,put}' (git-fixes).
- clk: imx8mp: fix sai4 clock (git-fixes).
- clk: imx: composite-8m: fix clock pauses when set_rate would be a no-op (git-fixes).
- clk: imx: pll14xx: dynamically configure PLL for 393216000/361267200Hz (git-fixes).
- clk: qcom: camcc-sc7180: fix async resume during probe (git-fixes).
- clk: qcom: gcc-mdm9615: use proper parent for pll0_vote clock (git-fixes).
- clk: qcom: gcc-sc7180: Fix up gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: gcc-sm8250: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: sunxi-ng: Modify mismatched function name (git-fixes).
- clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource/drivers/hyper-v: Rework clocksource and sched clock setup (bsc#1206453).
- clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970).
- clocksource: hyper-v: Add TSC page support for root partition (bsc#1206453).
- clocksource: hyper-v: Introduce TSC PFN getter (bsc#1206453).
- clocksource: hyper-v: Introduce a pointer to TSC page (bsc#1206453).
- clocksource: hyper-v: Use TSC PFN getter to map vvar page (bsc#1206453).
- clocksource: hyper-v: make sure Invariant-TSC is used if it is (bsc#1206453).
- cpu/SMT: Allow enabling partial SMT states via sysfs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Create topology_smt_thread_allowed() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move SMT prototypes into cpu_smt.h (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Move smt/control simple exit cases earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Remove topology_smt_supported() (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpu/SMT: Store the current/max number of threads (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- cpufreq: Fix the race condition while updating the transition_task of policy (git-fixes).
- cpufreq: intel_pstate: Adjust balance_performance EPP for Sapphire Rapids (bsc#1214659).
- cpufreq: intel_pstate: Enable HWP IO boost for all servers (bsc#1208949 jsc#PED-6003 jsc#PED-6004).
- cpufreq: intel_pstate: Fix scaling for hybrid-capable systems with disabled E-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: Read all MSRs on the target CPU (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Rework HWP calibration (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores (bsc#1212526 bsc#1214368 jsc#PED-4927 jsc#PED-4929).
- crypto: caam - fix unchecked return value error (git-fixes).
- crypto: stm32 - Properly handle pm_runtime_get failing (git-fixes).
- define more Hyper-V related constants (bsc#1206453).
- dma-buf/sw_sync: Avoid recursive lock during fence signal (git-fixes).
- dma-buf/sync_file: Fix docs syntax (git-fixes).
- dmaengine: idxd: Modify the dependence of attribute pasid_enabled (git-fixes).
- dmaengine: mcf-edma: Fix a potential un-allocated memory access (git-fixes).
- dmaengine: pl330: Return DMA_PAUSED when transaction is paused (git-fixes).
- dmaengine: ste_dma40: Add missing IRQ check in d40_probe (git-fixes).
- docs/process/howto: Replace C89 with C11 (bsc#1214756).
- docs: kernel-parameters: Refer to the correct bitmap function (git-fixes).
- docs: networking: replace skb_hwtstamp_tx with skb_tstamp_tx (git-fixes).
- docs: printk-formats: Fix hex printing of signed values (git-fixes).
- driver core: test_async: fix an error code (git-fixes).
- drivers: clk: keystone: Fix parameter judgment in _of_pll_clk_init() (git-fixes).
- drivers: usb: smsusb: fix error handling code in smsusb_init_device (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: Apply 60us prefetch for DCFCLK <= 300Mhz (git-fixes).
- drm/amd/display: Disable phantom OTG after enable for plane disable (git-fixes).
- drm/amd/display: Do not set drr on pipe commit (git-fixes).
- drm/amd/display: Enable dcn314 DPP RCO (git-fixes).
- drm/amd/display: Ensure that planes are in the same order (git-fixes).
- drm/amd/display: Implement workaround for writing to OTG_PIXEL_RATE_DIV register (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/amd/display: Retain phantom plane/stream if validation fails (git-fixes).
- drm/amd/display: Skip DPP DTO update if root clock is gated (git-fixes).
- drm/amd/display: Use update plane and stream routine for DCN32x (git-fixes).
- drm/amd/display: check TG is non-null before checking if enabled (git-fixes).
- drm/amd/display: check attr flag before set cursor degamma on DCN3+ (git-fixes).
- drm/amd/display: disable RCO for DCN314 (git-fixes).
- drm/amd/display: do not wait for mpc idle if tg is disabled (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix access hdcp_workqueue assert (git-fixes).
- drm/amd/display: fix the build when DRM_AMD_DC_DCN is not set (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: limit DPIA link rate to HBR3 (git-fixes).
- drm/amd/display: phase3 mst hdcp for multiple displays (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/amd/display: save restore hdcp state when display is unplugged from mst hub (git-fixes).
- drm/amd/display: trigger timing sync only if TG is running (git-fixes).
- drm/amd/pm/smu7: move variables to where they are used (git-fixes).
- drm/amd/pm: avoid unintentional shutdown due to temperature momentary fluctuation (git-fixes).
- drm/amd/pm: expose swctf threshold setting for legacy powerplay (git-fixes).
- drm/amd/pm: fix variable dereferenced issue in amdgpu_device_attr_create() (git-fixes).
- drm/amd/pm: fulfill powerplay peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: fulfill swsmu peak profiling mode shader/memory clock settings (git-fixes).
- drm/amd/pm: skip the RLC stop when S0i3 suspend for SMU v13.0.4/11 (git-fixes).
- drm/amd: Disable S/G for APUs when 64GB or more host memory (git-fixes).
- drm/amd: flush any delayed gfxoff on suspend entry (git-fixes).
- drm/amdgpu/pm: fix throttle_status for other than MP1 11.0.7 (git-fixes).
- drm/amdgpu: Fix integer overflow in amdgpu_cs_pass1 (git-fixes).
- drm/amdgpu: Fix potential fence use-after-free v2 (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/amdgpu: add S/G display parameter (git-fixes).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: avoid integer overflow warning in amdgpu_device_resize_fb_bar() (git-fixes).
- drm/amdgpu: fix calltrace warning in amddrm_buddy_fini (git-fixes).
- drm/amdgpu: fix memory leak in mes self test (git-fixes).
- drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() (git-fixes).
- drm/amdgpu: install stub fence into potential unused fence pointers (git-fixes).
- drm/amdgpu: keep irq count in amdgpu_irq_disable_all (git-fixes).
- drm/amdgpu: skip fence GFX interrupts disable/enable for S0ix (git-fixes).
- drm/armada: Fix off-by-one error in armada_overlay_get_property() (git-fixes).
- drm/ast: Fix DRAM init on AST2200 (git-fixes).
- drm/atomic-helper: Update reference to drm_crtc_force_disable_all() (git-fixes).
- drm/bridge: anx7625: Drop device lock before drm_helper_hpd_irq_event() (git-fixes).
- drm/bridge: anx7625: Use common macros for DP power sequencing commands (git-fixes).
- drm/bridge: anx7625: Use common macros for HDCP capabilities (git-fixes).
- drm/bridge: fix -Wunused-const-variable= warning (git-fixes).
- drm/bridge: tc358764: Fix debug print parameter order (git-fixes).
- drm/etnaviv: fix dumping of active MMU context (git-fixes).
- drm/gma500: Use drm_aperture_remove_conflicting_pci_framebuffers (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes).
- drm/i915/sdvo: fix panel_type initialization (git-fixes).
- drm/i915: Fix premature release of request's reusable memory (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/mediatek: Fix dereference before null check (git-fixes).
- drm/mediatek: Fix potential memory leak if vmap() fail (git-fixes).
- drm/mediatek: Remove freeing not dynamic allocated memory (git-fixes).
- drm/msm/a2xx: Call adreno_gpu_init() earlier (git-fixes).
- drm/msm/dpu: fix the irq index in dpu_encoder_phys_wb_wait_for_commit_done (git-fixes).
- drm/msm/mdp5: Do not leak some plane state (git-fixes).
- drm/msm: Update dev core dump to not print backwards (git-fixes).
- drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() (git-fixes).
- drm/nouveau/disp: Revert a NULL check inside nouveau_connector_get_modes (git-fixes).
- drm/nouveau/disp: fix use-after-free in error handling of nouveau_connector_create (bsc#1214073).
- drm/nouveau/gr: enable memory loads on helper invocation on all channels (git-fixes).
- drm/nouveau/nvkm/dp: Add workaround to fix DP 1.3+ DPCD issues (git-fixes).
- drm/panel: simple: Add missing connector type and pixel format for AUO T215HVN01 (git-fixes).
- drm/panel: simple: Fix AUO G121EAN01 panel timings according to the docs (git-fixes).
- drm/qxl: fix UAF on handle creation (git-fixes).
- drm/radeon: Use RMW accessors for changing LNKCTL (git-fixes).
- drm/repaper: Reduce temporary buffer size in repaper_fb_dirty() (git-fixes).
- drm/rockchip: Do not spam logs in atomic check (git-fixes).
- drm/shmem-helper: Reset vma->vm_ops before calling dma_buf_mmap() (git-fixes).
- drm/stm: ltdc: fix late dereference check (git-fixes).
- drm/tegra: dpaux: Fix incorrect return value of platform_get_irq (git-fixes).
- drm/ttm: check null pointer before accessing when swapping (git-fixes).
- drm/ttm: never consider pinned BOs for eviction&swap (git-fixes).
- drm/vmwgfx: Fix shader stage validation (git-fixes).
- drm: adv7511: Fix low refresh rate register for ADV7533/5 (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm: rcar-du: remove R-Car H3 ES1.* workarounds (git-fixes).
- drm: xlnx: zynqmp_dpsub: Add missing check for dma_set_mask (git-fixes).
- dt-bindings: clock: xlnx,versal-clk: drop select:false (git-fixes).
- dt-bindings: clocks: imx8mp: make sai4 a dummy clock (git-fixes).
- dt-bindings: crypto: ti,sa2ul: make power-domains conditional (git-fixes).
- e1000: Fix typos in comments (jsc#PED-5738).
- e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738).
- e1000: switch to napi_build_skb() (jsc#PED-5738).
- e1000: switch to napi_consume_skb() (jsc#PED-5738).
- exfat: fix unexpected EOF while reading dir (bsc#1214000).
- exfat: release s_lock before calling dir_emit() (bsc#1214000).
- exfat_iterate(): do not open-code file_inode(file) (bsc#1214000).
- fbdev/ep93xx-fb: Do not assign to struct fb_info.dev (git-fixes).
- fbdev: Fix sys_imageblit() for arbitrary image widths (git-fixes).
- fbdev: Improve performance of sys_imageblit() (git-fixes).
- fbdev: Update fbdev source file paths (git-fixes).
- fbdev: fix potential OOB read in fast_imageblit() (git-fixes).
- fbdev: mmp: fix value check in mmphw_probe() (git-fixes).
- file: reinstate f_pos locking optimization for regular files (bsc#1213759).
- firmware: arm_scmi: Drop OF node reference in the transport channel setup (git-fixes).
- firmware: cs_dsp: Fix new control name check (git-fixes).
- firmware: meson_sm: fix to avoid potential NULL pointer dereference (git-fixes).
- firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe (git-fixes).
- fprobe: Release rethook after the ftrace_ops is unregistered (git-fixes).
- fprobe: add unlock to match a succeeded ftrace_test_recursion_trylock (git-fixes).
- fs/sysv: Null check to prevent null-ptr-deref bug (git-fixes).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fsi: aspeed: Reset master errors after CFAM reset (git-fixes).
- fsi: master-ast-cf: Add MODULE_FIRMWARE macro (git-fixes).
- ftrace: Fix possible warning on checking all pages used in ftrace_process_locs() (git-fixes).
- gpio: mvebu: Make use of devm_pwmchip_add (git-fixes).
- gpio: mvebu: fix irq domain leak (git-fixes).
- gpio: tps68470: Make tps68470_gpio_output() always set the initial value (git-fixes).
- hv_netvsc: Remove second mapping of send and recv buffers (bsc#1206453).
- hwmon: (pmbus/bel-pfe) Enable PMBUS_SKIP_STATUS_CHECK for pfe1100 (git-fixes).
- hwmon: (tmp513) Fix the channel number in tmp51x_is_visible() (git-fixes).
- hwrng: iproc-rng200 - Implement suspend and resume calls (git-fixes).
- hwrng: nomadik - keep clock enabled while hwrng is registered (git-fixes).
- hwrng: pic32 - use devm_clk_get_enabled (git-fixes).
- i2c: Delete error messages for failed memory allocations (git-fixes).
- i2c: Improve size determinations (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i2c: bcm-iproc: Fix bcm_iproc_i2c_isr deadlock issue (git-fixes).
- i2c: designware: Correct length byte validation logic (git-fixes).
- i2c: designware: Handle invalid SMBus block data response length value (git-fixes).
- i2c: hisi: Only handle the interrupt of the driver's transfer (git-fixes).
- i2c: nomadik: Remove a useless call in the remove function (git-fixes).
- i2c: nomadik: Remove unnecessary goto label (git-fixes).
- i2c: nomadik: Use devm_clk_get_enabled() (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i40e: Fix an NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- iavf: fix potential races for FDIR filters (git-fixes).
- ice: Fix RDMA VSI removal during queue rebuild (git-fixes).
- ice: Fix crash by keep old cfg when update TCs more than queues (git-fixes).
- ice: Fix max_rate check while configuring TX rate limits (git-fixes).
- ice: Fix memory management in ice_ethtool_fdir.c (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- iio: adc: ina2xx: avoid NULL pointer dereference on OF device match (git-fixes).
- iio: adc: stx104: Implement and utilize register structures (git-fixes).
- iio: adc: stx104: Utilize iomap interface (git-fixes).
- iio: cros_ec: Fix the allocation size for cros_ec_command (git-fixes).
- intel/e1000:fix repeated words in comments (jsc#PED-5738).
- intel: remove unused macros (jsc#PED-5738).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add PCI segment support for ivrs_ commands (git-fixes).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/amd: Do not identity map v2 capable device when snp is enabled (git-fixes).
- iommu/amd: Fix compile warning in init code (git-fixes).
- iommu/amd: Fix ill-formed ivrs_ioapic, ivrs_hpet and ivrs_acpihid options (git-fixes).
- iommu/amd: Fix ivrs_acpihid cmdline parsing code (git-fixes).
- iommu/amd: Fix pci device refcount leak in ppr_notifier() (git-fixes).
- iommu/amd: use full 64-bit value in build_completion_wait() (git-fixes).
- iommu/arm-smmu-v3: Make default domain type of HiSilicon PTT device to identity (git-fixes).
- iommu/arm-smmu-v3: check return value after calling platform_get_resource() (git-fixes).
- iommu/arm-smmu-v3: fix event handling soft lockup (git-fixes).
- iommu/arm-smmu: fix possible null-ptr-deref in arm_smmu_device_probe() (git-fixes).
- iommu/dart: Initialize DART_STREAMS_ENABLE (git-fixes).
- iommu/dma: Fix incorrect error return on iommu deferred attach (git-fixes).
- iommu/dma: Fix iova map result check bug (git-fixes).
- iommu/dma: return error code from iommu_dma_map_sg() (git-fixes).
- iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe() (git-fixes).
- iommu/io-pgtable-arm-v7s: Add a quirk to allow pgtable PA up to 35bit (git-fixes).
- iommu/iova: Fix module config properly (git-fixes).
- iommu/mediatek: Add error path for loop of mm_dts_parse (git-fixes).
- iommu/mediatek: Add platform_device_put for recovering the device refcnt (git-fixes).
- iommu/mediatek: Check return value after calling platform_get_resource() (git-fixes).
- iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN (git-fixes).
- iommu/mediatek: Use component_match_add (git-fixes).
- iommu/mediatek: Validate number of phandles associated with 'mediatek,larbs' (git-fixes).
- iommu/omap: Fix buffer overflow in debugfs (git-fixes).
- iommu/rockchip: fix permission bits in page table entries v2 (git-fixes).
- iommu/s390: Fix duplicate domain attachments (git-fixes).
- iommu/sun50i: Consider all fault sources for reset (git-fixes).
- iommu/sun50i: Fix R/W permission check (git-fixes).
- iommu/sun50i: Fix flush size (git-fixes).
- iommu/sun50i: Fix reset release (git-fixes).
- iommu/sun50i: Implement .iotlb_sync_map (git-fixes).
- iommu/sun50i: Remove IOMMU_DOMAIN_IDENTITY (git-fixes).
- iommu/vt-d: Add RPLS to quirk list to skip TE disabling (git-fixes).
- iommu/vt-d: Check correct capability for sagaw determination (git-fixes).
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (git-fixes).
- iommu/vt-d: Correctly calculate sagaw value of IOMMU (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in dmar_dev_scope_init() (git-fixes).
- iommu/vt-d: Fix PCI device refcount leak in has_external_pci() (git-fixes).
- iommu/vt-d: Fix kdump kernels boot failure with scalable mode (git-fixes).
- iommu/vt-d: Preset Access bit for IOVA in FL non-leaf paging entries (git-fixes).
- iommu/vt-d: Set SRE bit only when hardware has SRS cap (git-fixes).
- ipmi:ssif: Add check for kstrdup (git-fixes).
- ipmi:ssif: Fix a memory leak when scanning for an adapter (git-fixes).
- ipmi_si: fix a memleak in try_smi_init() (git-fixes).
- jffs2: correct logic when creating a hole in jffs2_write_begin (git-fixes).
- kabi/severities: Ignore newly added SRSO mitigation functions
- kabi/severities: ignore mlx4 internal symbols
- kabi: Allow extra bugsints (bsc#1213927).
- kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025).
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Common dependencies cleanup Common dependencies are copied to a subpackage, there is no need for copying defines or build dependencies there.
- kernel-binary: Drop code for kerntypes support Kerntypes was a SUSE-specific feature dropped before SLE 12.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- kunit: make kunit_test_timeout compatible with comment (git-fixes).
- leds: Fix BUG_ON check for LED_COLOR_ID_MULTI that is always false (git-fixes).
- leds: multicolor: Use rounded division when calculating color components (git-fixes).
- leds: pwm: Fix error code in led_pwm_create_fwnode() (git-fixes).
- leds: trigger: tty: Do not use LED_ON/OFF constants, use led_blink_set_oneshot instead (git-fixes).
- leds: turris-omnia: Drop unnecessary mutex locking (git-fixes).
- lib/test_meminit: allocate pages up to order MAX_ORDER (git-fixes).
- lib/test_meminit: destroy cache in kmem_cache_alloc_bulk() test (git-fixes).
- libbpf: Fix BTF-to-C converter's padding logic (bsc#1211220 jsc#PED-3924).
- libbpf: Fix btf_dump's packed struct determination (bsc#1211220 jsc#PED-3924).
- libbpf: Fix single-line struct definition output in btf_dump (bsc#1211220 jsc#PED-3924).
- libceph: fix potential hang in ceph_osdc_notify() (bsc#1214393).
- md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916).
- md/raid0: Fix performance regression for large sequential writes (bsc#1213916).
- media: ad5820: Drop unsupported ad5823 from i2c_ and of_device_id tables (git-fixes).
- media: cx24120: Add retval check for cx24120_message_send() (git-fixes).
- media: dib7000p: Fix potential division by zero (git-fixes).
- media: dvb-usb: m920x: Fix a potential memory leak in m920x_i2c_xfer() (git-fixes).
- media: go7007: Remove redundant if statement (git-fixes).
- media: i2c: ccs: Check rules is non-NULL (git-fixes).
- media: i2c: rdacm21: Fix uninitialized value (git-fixes).
- media: i2c: tvp5150: check return value of devm_kasprintf() (git-fixes).
- media: ov2680: Add ov2680_fill_format() helper function (git-fixes).
- media: ov2680: Do not take the lock for try_fmt calls (git-fixes).
- media: ov2680: Fix ov2680_bayer_order() (git-fixes).
- media: ov2680: Fix ov2680_set_fmt() which == V4L2_SUBDEV_FORMAT_TRY not working (git-fixes).
- media: ov2680: Fix regulators being left enabled on ov2680_power_on() errors (git-fixes).
- media: ov2680: Fix vflip / hflip set functions (git-fixes).
- media: ov2680: Remove VIDEO_V4L2_SUBDEV_API ifdef-s (git-fixes).
- media: ov5640: Enable MIPI interface in ov5640_set_power_mipi() (git-fixes).
- media: rkvdec: increase max supported height for H.264 (git-fixes).
- media: v4l2-core: Fix a potential resource leak in v4l2_fwnode_parse_link() (git-fixes).
- media: v4l2-mem2mem: add lock to protect parameter num_rdy (git-fixes).
- media: venus: hfi_venus: Only consider sys_idle_indicator on V1 (git-fixes).
- media: venus: hfi_venus: Write to VIDC_CTRL_INIT after unmasking interrupts (git-fixes).
- misc: rtsx: judge ASPM Mode to set PETXCFG Reg (git-fixes).
- mkspec: Allow unsupported KMPs (bsc#1214386)
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- mlxsw: pci: Add shutdown method in PCI driver (git-fixes).
- mmc: block: Fix in_flight[issue_type] value error (git-fixes).
- mmc: moxart: read scr register without changing byte order (git-fixes).
- mmc: wbsd: fix double mmc_free_host() in wbsd_init() (git-fixes).
- module: avoid allocation if module is already present and ready (bsc#1213921).
- module: extract patient module check into helper (bsc#1213921).
- module: move check_modinfo() early to early_mod_check() (bsc#1213921).
- module: move early sanity checks into a helper (bsc#1213921).
- mtd: rawnand: brcmnand: Fix crash during the panic_write (git-fixes).
- mtd: rawnand: brcmnand: Fix mtd oobsize (git-fixes).
- mtd: rawnand: brcmnand: Fix potential false time out warning (git-fixes).
- mtd: rawnand: brcmnand: Fix potential out-of-bounds access in oob write (git-fixes).
- mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() (git-fixes).
- mtd: rawnand: fsmc: handle clk prepare error in fsmc_nand_resume() (git-fixes).
- mtd: rawnand: omap_elm: Fix incorrect type in assignment (git-fixes).
- mtd: rawnand: rockchip: Align hwecc vs. raw page helper layouts (git-fixes).
- mtd: rawnand: rockchip: fix oobfree offset and description (git-fixes).
- mtd: spi-nor: Check bus width while setting QE bit (git-fixes).
- mtd: spinand: toshiba: Fix ecc_get_status (git-fixes).
- n_tty: Rename tail to old_tail in n_tty_read() (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- net: hns3: fix wrong bw weight of disabled tc issue (git-fixes).
- net: ieee802154: at86rf230: Stop leaking skb's (git-fixes).
- net: mana: Fix MANA VF unload when hardware is unresponsive (git-fixes).
- net: phy: at803x: remove set/get wol callbacks for AR8032 (git-fixes).
- net: phy: broadcom: stub c45 read/write for 54810 (git-fixes).
- net: phy: fix IRQ-based wake-on-lan over hibernate / power off (git-fixes).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: stmmac: tegra: Properly allocate clock bulk data (bsc#1213733)
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (git-fixes).
- net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb (git-fixes).
- netfs: Fix lockdep warning from taking sb_writers whilst holding mmap_lock (bsc#1214742).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946 bsc#1214404).
- netfs: Fix missing xas_retry() calls in xarray iteration (bsc#1213946).
- netfs: fix parameter of cleanup() (bsc#1214743).
- nfsd: Remove incorrect check in nfsd4_validate_stateid (git-fixes).
- nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse (git-fixes).
- nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-rdma: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- nvme-tcp: fix potential unbalanced freeze & unfreeze (bsc#1208902).
- objtool/x86: Fix SRSO mess (git-fixes).
- objtool/x86: Fixup frame-pointer vs rethunk (git-fixes).
- objtool: Union instruction::{call_dest,jump_table} (git-fixes).
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
- pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() (git-fixes).
- phy/rockchip: inno-hdmi: do not power on rk3328 post pll on reg write (git-fixes).
- phy/rockchip: inno-hdmi: round fractal pixclock in rk3328 recalc_rate (git-fixes).
- phy/rockchip: inno-hdmi: use correct vco_div_5 macro on rk3328 (git-fixes).
- phy: qcom-snps-femto-v2: keep cfg_ahb_clk enabled during runtime suspend (git-fixes).
- phy: qcom-snps-femto-v2: properly enable ref clock (git-fixes).
- phy: qcom-snps: Use dev_err_probe() to simplify code (git-fixes).
- phy: qcom-snps: correct struct qcom_snps_hsphy kerneldoc (git-fixes).
- pinctrl: amd: Mask wake bits on probe again (git-fixes).
- pinctrl: amd: Revert 'pinctrl: amd: disable and mask interrupts on probe' (git-fixes).
- pinctrl: cherryview: fix address_space_handler() argument (git-fixes).
- pinctrl: mcp23s08: check return value of devm_kasprintf() (git-fixes).
- pinctrl: renesas: rza2: Add lock around pinctrl_generic{{add,remove}_group,{add,remove}_function} (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: dell-sysman: Fix reference leak (git-fixes).
- powerpc/64e: Fix kexec build error (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix iommu_table_in_use for a small default DMA window case (bsc#1212091 ltc#199106).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/iommu: Incorrect DDW Table is referenced for SR-IOV device (bsc#1212091 ltc#199106).
- powerpc/iommu: TCEs are incorrectly manipulated with DLPAR add/remove of memory (bsc#1212091 ltc#199106).
- powerpc/iommu: do not set failed sg dma_address to DMA_MAPPING_ERROR (bsc#1212091 ltc#199106).
- powerpc/iommu: return error code from .map_sg() ops (bsc#1212091 ltc#199106).
- powerpc/kernel/iommu: Add new iommu_table_in_use() helper (bsc#1212091 ltc#199106).
- powerpc/kexec: Fix build failure from uninitialised variable (bsc#1212091 ltc#199106).
- powerpc/mm/altmap: Fix altmap boundary check (bsc#1120059 git-fixes).
- powerpc/pseries/ddw: Do not try direct mapping with persistent memory and one window (bsc#1212091 ltc#199106).
- powerpc/pseries/ddw: simplify enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_list_new_entry() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add ddw_property_create() and refactor enable_ddw() (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add iommu_pseries_alloc_table() helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Add of_node_put() before break (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Allow DDW windows starting at 0x00 (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Check if the default window in use before removing it (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Create huge DMA window if no MMIO32 is present (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Find existing DDW with given property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Make use of DDW for indirect mapping (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Print ibm,query-pe-dma-windows parameters (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Rename 'direct window' to 'dma window' (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Reorganize iommu_table_setparms*() with new helper (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Replace hard-coded page shift (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Update remove_dma_window() to accept property name (bsc#1212091 ltc#199106).
- powerpc/pseries/iommu: Use correct vfree for it_map (bsc#1212091 ltc#199106).
- powerpc/pseries: Add __init attribute to eligible functions (bsc#1212091 ltc#199106).
- powerpc/pseries: Honour current SMT state when DLPAR onlining CPUs (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/pseries: Initialise CPU hotplug callbacks earlier (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588).
- powerpc/rtas: block error injection when locked down (bsc#1023051).
- powerpc/rtas: enture rtas_call is called with MMU enabled (bsc#1023051).
- powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051).
- powerpc/rtas_flash: allow user copy to flash block cache objects (bsc#1194869).
- powerpc/security: Fix Speculation_Store_Bypass reporting on Power10 (bsc#1188885 ltc#193722 git-fixes).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- powerpc: Add HOTPLUG_SMT support (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588). Update config files.
- powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503).
- powerpc: fix typos in comments (bsc#1212091 ltc#199106).
- pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503).
- pstore/ram: Check start of empty przs during init (git-fixes).
- pwm: Add a stub for devm_pwmchip_add() (git-fixes).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- pwm: meson: Simplify duplicated per-channel tracking (git-fixes).
- pwm: meson: fix handling of period/duty if greater than UINT_MAX (git-fixes).
- qed: Fix scheduling in a tasklet while getting stats (git-fixes).
- regmap: rbtree: Use alloc_flags for memory allocations (git-fixes).
- ring-buffer: Do not swap cpu_buffer during resize process (git-fixes).
- ring-buffer: Fix deadloop issue on reading trace_pipe (git-fixes).
- ring-buffer: Fix wrong stat of cpu_buffer->read (git-fixes).
- rpm/mkspec-dtb: support for nested subdirs.
- rpmsg: glink: Add check for kstrdup (git-fixes).
- rt: Add helper script to refresh RT configs based on the parent (SLE Realtime Extension).
- s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- s390/ipl: add eckd dump support (jsc#PED-2025).
- s390/ipl: add eckd support (jsc#PED-2023).
- s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976).
- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- s390/purgatory: disable branch profiling (git-fixes bsc#1214372).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- s390/zcrypt: fix reply buffer calculations for CCA replies (bsc#1213949).
- sched/fair: Fix inaccurate tally of ttwu_move_affine (git fixes).
- sched/fair: Use recent_used_cpu to test p->cpus_ptr (git fixes).
- sched/psi: use kernfs polling functions for PSI trigger polling (bsc#1209799).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: RDMA/srp: Fix residual handling (git-fixes)
- scsi: bsg: Increase number of devices (bsc#1210048).
- scsi: core: Do not wait for quiesce in scsi_device_block() (bsc#1209284).
- scsi: core: Do not wait for quiesce in scsi_stop_queue() (bsc#1209284).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: core: Improve warning message in scsi_device_block() (bsc#1209284).
- scsi: core: Merge scsi_internal_device_block() and device_block() (bsc#1209284).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: sg: Increase number of devices (bsc#1210048).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Always set no_report_opcodes (git-fixes).
- scsi: storvsc: Fix handling of virtual Fibre Channel timeouts (git-fixes).
- scsi: storvsc: Handle SRB status value 0x30 (git-fixes).
- scsi: storvsc: Limit max_sectors for virtual Fibre Channel devices (git-fixes).
- scsi: zfcp: Defer fc_rport blocking until after ADISC response (git-fixes bsc#1214371).
- selftests/bpf: Test btf dump for struct with padding only fields (bsc#1211220 jsc#PED-3924).
- selftests/futex: Order calls to futex_lock_pi (git-fixes).
- selftests/harness: Actually report SKIP for signal tests (git-fixes).
- selftests/resctrl: Close perf value read fd on errors (git-fixes).
- selftests/resctrl: Do not leak buffer in fill_cache() (git-fixes).
- selftests/resctrl: Unmount resctrl FS if child fails to run benchmark (git-fixes).
- selftests/rseq: check if libc rseq support is registered (git-fixes).
- selftests: forwarding: Add a helper to skip test when using veth pairs (git-fixes).
- selftests: forwarding: Skip test when no interfaces are specified (git-fixes).
- selftests: forwarding: Switch off timeout (git-fixes).
- selftests: forwarding: ethtool: Skip when using veth pairs (git-fixes).
- selftests: forwarding: ethtool_extended_state: Skip when using veth pairs (git-fixes).
- selftests: forwarding: tc_actions: Use ncat instead of nc (git-fixes).
- selftests: forwarding: tc_actions: cleanup temporary files when test is aborted (git-fixes).
- selftests: forwarding: tc_flower: Relax success criterion (git-fixes).
- selftests: mirror_gre_changes: Tighten up the TTL test match (git-fixes).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- serial: sc16is7xx: fix broken port 0 uart init (git-fixes).
- serial: sc16is7xx: fix bug when first setting GPIO direction (git-fixes).
- serial: sprd: Assign sprd_port after initialized to avoid wrong access (git-fixes).
- serial: sprd: Fix DMA buffer leak issue (git-fixes).
- serial: tegra: handle clk prepare error in tegra_uart_hw_init() (git-fixes).
- sfc: fix crash when reading stats while NIC is resetting (git-fixes).
- smb3: Do not send lease break acknowledgment if all file handles have been closed (git-fixes).
- smb3: do not set NTLMSSP_VERSION flag for negotiate not auth request (bsc#1193629).
- smb: client: Fix -Wstringop-overflow issues (bsc#1193629).
- smb: client: fix dfs link mount against w2k8 (bsc#1212142).
- smb: client: fix null auth (git-fixes).
- soc: aspeed: socinfo: Add kfree for kstrdup (git-fixes).
- soundwire: bus: pm_runtime_request_resume on peripheral attachment (git-fixes).
- soundwire: fix enumeration completion (git-fixes).
- spi: tegra20-sflash: fix to check return value of platform_get_irq() in tegra_sflash_probe() (git-fixes).
- supported.conf: fix typos for -!optional markers
- swiotlb: Remove bounce buffer remapping for Hyper-V (bsc#1206453).
- target: compare and write backend driver sense handling (bsc#1177719 bsc#1213026).
- target_core_rbd: fix leak and reduce kmalloc calls (bsc#1212873).
- target_core_rbd: fix rbd_img_request.snap_id assignment (bsc#1212857).
- target_core_rbd: remove snapshot existence validation code (bsc#1212857).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- thunderbolt: Read retimer NVM authentication status prior tb_retimer_set_inbound_sbtx() (git-fixes).
- timers: Add shutdown mechanism to the internal functions (bsc#1213970).
- timers: Provide timer_shutdown[_sync]() (bsc#1213970).
- timers: Rename del_timer() to timer_delete() (bsc#1213970).
- timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970).
- timers: Replace BUG_ON()s (bsc#1213970).
- timers: Silently ignore timers with a NULL function (bsc#1213970).
- timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970).
- timers: Update kernel-doc for various functions (bsc#1213970).
- timers: Use del_timer_sync() even on UP (bsc#1213970).
- tracing/histograms: Add histograms to hist_vars if they have referenced variables (git-fixes).
- tracing/histograms: Return an error if we fail to add histogram to hist_vars list (git-fixes).
- tracing/probes: Fix not to count error code to total length (git-fixes).
- tracing/probes: Fix to avoid double count of the string length on the array (git-fixes).
- tracing/probes: Fix to record 0-length data_loc in fetch_store_string*() if fails (git-fixes).
- tracing/probes: Fix to update dynamic data counter if fetcharg uses it (git-fixes).
- tracing: Fix cpu buffers unavailable due to 'record_disabled' missed (git-fixes).
- tracing: Fix memleak due to race between current_tracer and trace (git-fixes).
- tracing: Fix memory leak of iter->temp when reading trace_pipe (git-fixes).
- tracing: Fix null pointer dereference in tracing_err_log_open() (git-fixes).
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- tty: fix hang on tty device with no_room set (git-fixes).
- tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux (git-fixes).
- tty: serial: fsl_lpuart: Add i.MXRT1050 support (git-fixes).
- tty: serial: fsl_lpuart: Clear the error flags by writing 1 for lpuart32 platforms (git-fixes).
- tty: serial: fsl_lpuart: make rx_watermark configurable for different platforms (git-fixes).
- tty: serial: fsl_lpuart: reduce RX watermark to 0 on LS1028A (git-fixes).
- ubifs: Fix memleak when insert_old_idx() failed (git-fixes).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (git-fixes).
- usb: chipidea: imx: add missing USB PHY DPDM wakeup setting (git-fixes).
- usb: chipidea: imx: do not request QoS for imx8ulp (git-fixes).
- usb: chipidea: imx: improve logic if samsung,picophy-* parameter is 0 (git-fixes).
- usb: common: usb-conn-gpio: Prevent bailing out if initial role is none (git-fixes).
- usb: dwc3: Fix typos in gadget.c (git-fixes).
- usb: dwc3: Properly handle processing of pending events (git-fixes).
- usb: dwc3: meson-g12a: do post init to fix broken usb after resumption (git-fixes).
- usb: gadget: Fix the memory leak in raw_gadget driver (git-fixes).
- usb: gadget: f_mass_storage: Fix unused variable warning (git-fixes).
- usb: gadget: u_serial: Avoid spinlock recursion in __gs_console_push (git-fixes).
- usb: ohci-at91: Fix the unhandle interrupt when resume (git-fixes).
- usb: phy: mxs: fix getting wrong state with mxs_phy_is_otg_host() (git-fixes).
- usb: quirks: add quirk for Focusrite Scarlett (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EC200A module support (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: serial: option: support Quectel EM060K_128 (git-fixes).
- usb: serial: simple: add Kaufmann RKS+CAN VCP (git-fixes).
- usb: serial: simple: sort driver entries (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd when configuring pin assignment (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- usb: typec: tcpm: Fix response to vsafe0V event (git-fixes).
- usb: typec: tcpm: set initial svdm version based on pd revision (git-fixes).
- usb: zaurus: Add ID for A-300/B-500/C-700 (git-fixes).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- watchdog: sp5100_tco: support Hygon FCH/SCH (Server Controller Hub) (git-fixes).
- wifi: ath10k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath11k: Use RMW accessors for changing LNKCTL (git-fixes).
- wifi: ath9k: fix races between ath9k_wmi_cmd and ath9k_wmi_ctrl_rx (git-fixes).
- wifi: ath9k: protect WMI command response buffer replacement with a lock (git-fixes).
- wifi: ath9k: use IS_ERR() with debugfs_create_dir() (git-fixes).
- wifi: cfg80211: Fix return value in scan logic (git-fixes).
- wifi: cfg80211: fix sband iftype data lookup for AP_VLAN (git-fixes).
- wifi: mt76: mt7615: do not advertise 5 GHz on first phy of MT7615D (DBDC) (git-fixes).
- wifi: mt76: mt7915: fix power-limits while chan_switch (git-fixes).
- wifi: mt76: mt7921: do not support one stream on secondary antenna only (git-fixes).
- wifi: mt76: mt7921: fix non-PSC channel scan fail (git-fixes).
- wifi: mt76: testmode: add nla_policy for MT76_TM_ATTR_TX_LENGTH (git-fixes).
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (git-fixes).
- wifi: mwifiex: Fix missed return in oob checks failed path (git-fixes).
- wifi: mwifiex: avoid possible NULL skb pointer dereference (git-fixes).
- wifi: mwifiex: fix error recovery in PCIE buffer descriptor management (git-fixes).
- wifi: mwifiex: fix memory leak in mwifiex_histogram_read() (git-fixes).
- wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute (git-fixes).
- wifi: radiotap: fix kernel-doc notation warnings (git-fixes).
- wifi: rtw89: debug: Fix error handling in rtw89_debug_priv_btc_manual_set() (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/CPU/AMD: Disable XSAVES on AMD family 0x17 (git-fixes).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/alternative: Make custom return thunk unconditional (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/cpu: Clean up SRSO return thunk mess (git-fixes).
- x86/cpu: Cleanup the untrain mess (git-fixes).
- x86/cpu: Fix __x86_return_thunk symbol type (git-fixes).
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (git-fixes).
- x86/cpu: Rename original retbleed methods (git-fixes).
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add an interface to do nested hypercalls (bsc#1206453).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add support for detecting nested hypervisor (bsc#1206453).
- x86/hyperv: Change vTOM handling to use standard coco mechanisms (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Remove BUG_ON() for kmap_local_page() (bsc#1206453).
- x86/hyperv: Reorder code to facilitate future work (bsc#1206453).
- x86/hyperv: Replace kmap() with kmap_local_page() (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Add hypervisor callback for private MMIO mapping in coco (bsc#1206453).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Make sure logged MCEs are processed after sysfs update (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/mm: Handle decryption/re-encryption of bss_decrypted consistently (bsc#1206453).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (git-fixes).
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (git-fixes).
- x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/speculation: Add cpu_show_gds() prototype (git-fixes).
- x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes).
- x86/srso: Correct the mitigation status when SMT is disabled (git-fixes).
- x86/srso: Disable the mitigation on unaffected configurations (git-fixes).
- x86/srso: Explain the untraining sequences a bit more (git-fixes).
- x86/srso: Fix build breakage with the LLVM linker (git-fixes).
- x86/srso: Fix return thunks in generated code (git-fixes).
- x86/static_call: Fix __static_call_fixup() (git-fixes).
- x86/tdx: Add more registers to struct tdx_hypercall_args (bsc#1206453).
- x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Expand __tdx_hypercall() to handle more arguments (bsc#1206453).
- x86/tdx: Fix typo in comment in __tdx_hypercall() (bsc#1206453).
- x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (bsc#1206453).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xfs: fix sb write verify for lazysbcount (bsc#1214661).
ImportantSUSE bug 1023051SUSE bug 1065729SUSE bug 1120059SUSE bug 1177719SUSE bug 1187236SUSE bug 1188885SUSE bug 1193629SUSE bug 1194869SUSE bug 1203329SUSE bug 1203330SUSE bug 1205462SUSE bug 1206453SUSE bug 1208902SUSE bug 1208949SUSE bug 1208995SUSE bug 1209284SUSE bug 1209799SUSE bug 1210048SUSE bug 1210169SUSE bug 1210448SUSE bug 1210643SUSE bug 1211220SUSE bug 1212091SUSE bug 1212142SUSE bug 1212423SUSE bug 1212526SUSE bug 1212857SUSE bug 1212873SUSE bug 1213026SUSE bug 1213123SUSE bug 1213546SUSE bug 1213580SUSE bug 1213601SUSE bug 1213666SUSE bug 1213733SUSE bug 1213757SUSE bug 1213759SUSE bug 1213916SUSE bug 1213921SUSE bug 1213927SUSE bug 1213946SUSE bug 1213949SUSE bug 1213968SUSE bug 1213970SUSE bug 1213971SUSE bug 1214000SUSE bug 1214019SUSE bug 1214073SUSE bug 1214120SUSE bug 1214149SUSE bug 1214180SUSE bug 1214233SUSE bug 1214238SUSE bug 1214285SUSE bug 1214297SUSE bug 1214299SUSE bug 1214305SUSE bug 1214350SUSE bug 1214368SUSE bug 1214370SUSE bug 1214371SUSE bug 1214372SUSE bug 1214380SUSE bug 1214386SUSE bug 1214392SUSE bug 1214393SUSE bug 1214397SUSE bug 1214404SUSE bug 1214428SUSE bug 1214451SUSE bug 1214635SUSE bug 1214659SUSE bug 1214661SUSE bug 1214727SUSE bug 1214729SUSE bug 1214742SUSE bug 1214743SUSE bug 1214756SUSE bug 1214813SUSE bug 1214873SUSE bug 1214928SUSE bug 1214976SUSE bug 1214988SUSE bug 1215123SUSE bug 1215124SUSE bug 1215148SUSE bug 1215221SUSE bug 1215523CVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2007 at SUSECVE-2023-2007 at NVDCVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-34319 at SUSECVE-2023-34319 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-3772 at SUSECVE-2023-3772 at NVDCVE-2023-3863 at SUSECVE-2023-3863 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4128 at SUSECVE-2023-4128 at NVDCVE-2023-4133 at SUSECVE-2023-4133 at NVDCVE-2023-4134 at SUSECVE-2023-4134 at NVDCVE-2023-4147 at SUSECVE-2023-4147 at NVDCVE-2023-4194 at SUSECVE-2023-4194 at NVDCVE-2023-4273 at SUSECVE-2023-4273 at NVDCVE-2023-4387 at SUSECVE-2023-4387 at NVDCVE-2023-4459 at SUSECVE-2023-4459 at NVDCVE-2023-4563 at SUSECVE-2023-4563 at NVDCVE-2023-4569 at SUSECVE-2023-4569 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDcpe:/o:opensuse:leap:15.5Security update for nghttp2 (Important)openSUSE Leap 15.5
This update for nghttp2 fixes the following issues:
- CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713).
ImportantSUSE bug 1215713CVE-2023-35945 at SUSECVE-2023-35945 at NVDcpe:/o:opensuse:leap:15.5Security update for yq (Moderate)openSUSE Leap 15.5
This update for yq fixes the following issues:
yq was updated to 4.35.2 (bsc#1215808):
* Fixed number parsing as float bug in JSON #1756
* Fixed string, null concatenation consistency #1712
* Fixed expression parsing issue #1711
Update to 4.35.1:
* Added Lua output support
* Added BSD checksum format
Update to 4.34.1:
* Added shell output format
* Fixed nil pointer dereference
Update to 4.33.3:
* Fixed bug when splatting empty array #1613
* Added scalar output for TOML (#1617)
* Fixed passing of read-only context in pipe (partial fix for
#1631)
Update to 4.33.2:
* Add ``--nul-output|-0`` flag to separate element with NUL
character (#1550) Thanks @vaab!
* Add removable-media interface plug declaration to the snap
packaging(#1618) Thanks @brlin-tw!
* Scalar output now handled in csv, tsv and property files
Update to 4.33.1:
* Added read-only TOML support! #1364. Thanks @pelletier for
making your API available in your toml lib :)
* Added warning when auto detect by file type is outputs JSON
Update to 4.32.2:
* Fixes parsing terraform tfstate files results in 'unknown'
format
* Added divide and modulo operators (#1593)
* Add support for decoding base64 strings without padding
* Add filter operation (#1588) - thanks @rbren!
* Detect input format based on file name extension (#1582)
* Auto output format when input format is automatically
detected
* Fixed npe in log #1596
* Improved binary file size!
Update to 4.31.2:
* Fixed merged anchor reference problem #1482
* Fixed xml encoding of ProcInst #1563, improved XML
comment handling
* Allow build without json and xml support (#1556) Thanks
Update to 4.31.1:
* Added shuffle command #1503
* Added ability to sort by multiple fields #1541
* Added @sh encoder #1526
* Added @uri/@urid encoder/decoder #1529
* Fixed date comparison with string date #1537
* Added from_unix/to_unix Operators
ModerateSUSE bug 1215808cpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Critical)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Security fixes:
- CVE-2023-5217: Fixed a heap buffer overflow in libvpx. (bsc#1215814)
- CVE-2023-5168: Out-of-bounds write in FilterNodeD2D1. (bsc#1215575)
- CVE-2023-5169: Out-of-bounds write in PathOps. (bsc#1215575)
- CVE-2023-5171: Use-after-free in Ion Compiler. (bsc#1215575)
- CVE-2023-5174: Double-free in process spawning on Windows. (bsc#1215575)
- CVE-2023-5176: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. (bsc#1215575)
Other fixes:
- Mozilla Thunderbird 115.3.1
* fixed: In Unified Folders view, some folders had incorrect
unified folder parent (bmo#1852525)
* fixed: 'Edit message as new' did not restore encrypted
subject from selected message (bmo#1788534)
* fixed: Importing some CalDAV calendars with yearly recurrence
events caused Thunderbird to freeze (bmo#1850732)
* fixed: Security fixes
MFSA 2023-44 (bsc#1215814)
* CVE-2023-5217 (bmo#1855550)
Heap buffer overflow in libvpx
- Mozilla Thunderbird 115.3
* fixed: Thunderbird could not import profiles with hostname
ending in dot ('.') (bmo#1825374)
* fixed: Message header was occasionally missing in message
preview (bmo#1840943)
* fixed: Setting an existing folder's type flag did not add
descendant folders to the Unified Folders view (bmo#1848904)
* fixed: Thunderbird did not always delete all temporary mail
files, sometimes preventing messages from being sent
(bmo#673703)
* fixed: Status bar in Message Compose window could not be
hidden (bmo#1806860)
* fixed: Message header was intermittently missing from message
preview (bmo#1840943)
* fixed: OAuth2 did not work on some profiles created in
Thunderbird 102.6.1 or earlier (bmo#1814823)
* fixed: In Vertical View, decrypted subject lines were
displayed as ellipsis ('...') in message list (bmo#1831764)
* fixed: Condensed address preference
(mail.showCondensedAddresses) did not show condensed
addresses in message list (bmo#1831280)
* fixed: Spam folder could not be assigned non-ASCII names with
IMAP UTF-8 enabled (bmo#1816332)
* fixed: Message header was not displayed until images finished
loading, causing noticeable delay for messages containing
large images (bmo#1851871)
* fixed: Large SVG favicons did not display on RSS feeds
(bmo#1853895)
* fixed: Context menu items did not display a hover background
color (bmo#1852732)
* fixed: Security fixes
MFSA 2023-43 (bsc#1215575)
* CVE-2023-5168 (bmo#1846683)
Out-of-bounds write in FilterNodeD2D1
* CVE-2023-5169 (bmo#1846685)
Out-of-bounds write in PathOps
* CVE-2023-5171 (bmo#1851599)
Use-after-free in Ion Compiler
* CVE-2023-5174 (bmo#1848454)
Double-free in process spawning on Windows
* CVE-2023-5176 (bmo#1836353, bmo#1842674, bmo#1843824,
bmo#1843962, bmo#1848890, bmo#1850180, bmo#1850983,
bmo#1851195)
Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3,
and Thunderbird 115.3
- Add patch mozilla-fix-broken-ffmpeg.patch to fix broken build
with newer binutils (bsc#1215309)
- Fix i586 build by reducing debug info to -g1. (bsc#1210168)
- Mozilla Thunderbird 115.2.3
* changed: Card view and vertical layout are now default for
new profiles (bmo#1849000)
* fixed: Go - Folder menu was disabled (bmo#1849919)
* fixed: 'Tools' menu was blank when opened from compose window
on macOS (bmo#1848155)
* fixed: Deleting an attachment from a message on an IMAP
server corrupted the local copy when configured with 'mark as
deleted' (bmo#1135434)
* fixed: Manually entered passwords were not remembered for
OAuth-authenticated accounts such as Yahoo mail (bmo#1673446)
* fixed: Quick Filter's 'Keep filters applied' did not persist
after restarting Thunderbird (bmo#1846880,bmo#1849221)
* fixed: Top-level Quick Filter settings did not persist after
restart (bmo#1849249)
* fixed: Notifications for new messages with non-ASCII
characters in the subject were garbled (bmo#1842384)
* fixed: 'Mark Thread As Read' did not work when some messages
in thread were already read (bmo#1850850)
* fixed: New Groups tab in NNTP subscribe dialog id not work as
expected (bmo#1848366)
* fixed: Negative values were allowed in 'Share for files
larger than' field (bmo#1850281)
* fixed: Thunderbird sometimes crashed when deleting a parent
folder with subfolders (bmo#1851293)
* fixed: 'Send Message Error' appeared intermittently while
Thunderbird was idle (bmo#1801668)
* fixed: Focused but not selected messages were missing visual
indication of focus in card view (bmo#1844263)
* fixed: Notification dot did not disappear from taskbar icon
on Windows after messages had already been read (bmo#1824889)
* fixed: Multiple selected messages could not be opened
simultaneously if selection included more than 19 messages
(bmo#1851563)
* fixed: Email replies received via BCC incorrectly populated
From field with default identity (bmo#1851512)
* fixed: User was not always notified of message send failures
in outbox (bmo#1851542)
* fixed: Tag dialog did not close properly after editing tag
(bmo#1852414)
* fixed: Newsgroup field in compose window did not autocomplete
with suggested newsgroup names (bmo#1670457)
* fixed: Canceling newsgroup messages did not check if sender
matched user's own identity (bmo#1823274)
* fixed: Event dialog with several invitees expanded beyond
screen height (bmo#1848261)
* fixed: Message check boxes were partially obstructed in
message list (bmo#1850760)
* unresolved: Some folders missing from Unified Folders ()
CriticalSUSE bug 1210168SUSE bug 1215309SUSE bug 1215575SUSE bug 1215814CVE-2023-5168 at SUSECVE-2023-5168 at NVDCVE-2023-5169 at SUSECVE-2023-5169 at NVDCVE-2023-5171 at SUSECVE-2023-5171 at NVDCVE-2023-5174 at SUSECVE-2023-5174 at NVDCVE-2023-5176 at SUSECVE-2023-5176 at NVDCVE-2023-5217 at SUSECVE-2023-5217 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
- Updated to version 1.21.2 (bsc#1212475):
- CVE-2023-39323: Fixed an arbitrary execution issue during build
time due to path directive bypass (bsc#1215985).
ImportantSUSE bug 1212475SUSE bug 1215985CVE-2023-39323 at SUSECVE-2023-39323 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Important)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
- Updated to version 1.20.9 (bsc#1206346):
- CVE-2023-39323: Fixed an arbitrary execution issue during build
time due to path directive bypass (bsc#1215985).
ImportantSUSE bug 1206346SUSE bug 1215985CVE-2023-39323 at SUSECVE-2023-39323 at NVDcpe:/o:opensuse:leap:15.5Security update for conmon (Important)openSUSE Leap 15.5
This update for conmon fixes the following issues:
conmon is rebuild with go1.21 to capture current stability, bug and security fixes. (bsc#1215806)
ImportantSUSE bug 1215806cpe:/o:opensuse:leap:15.5Security update for shadow (Low)openSUSE Leap 15.5
This update for shadow fixes the following issues:
- CVE-2023-4641: Fixed potential password leak (bsc#1214806).
LowSUSE bug 1214806CVE-2023-4641 at SUSECVE-2023-4641 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
The following non-security bugs were fixed:
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1152472SUSE bug 1202845SUSE bug 1206453SUSE bug 1213808SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214950SUSE bug 1214951SUSE bug 1214954SUSE bug 1214957SUSE bug 1214986SUSE bug 1214992SUSE bug 1214993SUSE bug 1215322SUSE bug 1215523SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916CVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:opensuse:leap:15.5Security update for php-composer2 (Moderate)openSUSE Leap 15.5
This update for php-composer2 fixes the following issues:
- CVE-2023-43655: Fixed a remote code execution issue that could be
triggered if users published a web-accessible composer.phar file
(bsc#1215859).
ModerateSUSE bug 1215859CVE-2023-43655 at SUSECVE-2023-43655 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Important)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888)
- CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)
ImportantSUSE bug 1215888SUSE bug 1215889CVE-2023-38545 at SUSECVE-2023-38545 at NVDCVE-2023-38546 at SUSECVE-2023-38546 at NVDcpe:/o:opensuse:leap:15.5Security update for samba (Important)openSUSE Leap 15.5
This update for samba fixes the following issues:
- CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904)
- CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bsc#1215905)
- CVE-2023-42670: Fixed the procedure number which was out of range when starting Active Directory Users and Computers. (bsc#1215906)
- CVE-2023-3961: Fixed an unsanitized client pipe name passed to local_np_connect(). (bsc#1215907)
- CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908)
ImportantSUSE bug 1215904SUSE bug 1215905SUSE bug 1215906SUSE bug 1215907SUSE bug 1215908CVE-2023-3961 at SUSECVE-2023-3961 at NVDCVE-2023-4091 at SUSECVE-2023-4091 at NVDCVE-2023-4154 at SUSECVE-2023-4154 at NVDCVE-2023-42669 at SUSECVE-2023-42669 at NVDCVE-2023-42670 at SUSECVE-2023-42670 at NVDcpe:/o:opensuse:leap:15.5Security update for ImageMagick (Moderate)openSUSE Leap 15.5
This update for ImageMagick fixes the following issues:
- CVE-2023-5341: Fixed a heap use-after-free in coders/bmp.c. (bsc#1215939)
ModerateSUSE bug 1215939CVE-2023-5341 at SUSECVE-2023-5341 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-34323: A transaction conflict can crash C Xenstored (XSA-440, bsc#1215744)
- CVE-2023-34326: Missing IOMMU TLB flushing (XSA-442, bsc#1215746)
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443, bsc#1215747)
- CVE-2023-34327: Debug Mask handling (XSA-444, bsc#1215748)
- CVE-2023-34328: Debug Mask handling (XSA-444, bsc#1215748)
ImportantSUSE bug 1215744SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748CVE-2023-34323 at SUSECVE-2023-34323 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation (bsc#1215899).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-37453: Fixed oversight in SuperSpeed initialization (bsc#1213123).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (bsc#1214022).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- Drop amdgpu patch causing spamming (bsc#1215523).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- PCI: Free released resource after coalescing (git-fixes).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- Revert 'PCI: Mark NVIDIA T4 GPUs to avoid bus reset' (git-fixes).
- Revert 'scsi: qla2xxx: Fix buffer overrun' (bsc#1214928).
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- USB: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- USB: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blacklist.conf: workqueue: compiler warning on 32-bit systems with Clang (bsc#1215877)
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi/severities: ignore mlx4 internal symbols
- s390/ipl: add support for List-Directed dump from ECKD DASD (jsc#PED-2023, jsc#PED-2025).
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- nfs/blocklayout: Use the passed in gfp flags (git-fixes).
- nfsd: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- nfsd: fix change_info in NFSv4 RENAME replies (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- s390/dasd: fix hanging device after request requeue (git-fixes bsc#1215124).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- s390: add z16 elf platform (git-fixes bsc#1215956, bsc#1215957).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1187236SUSE bug 1201284SUSE bug 1202845SUSE bug 1206453SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212639SUSE bug 1212703SUSE bug 1213123SUSE bug 1213534SUSE bug 1213808SUSE bug 1214022SUSE bug 1214037SUSE bug 1214040SUSE bug 1214233SUSE bug 1214351SUSE bug 1214479SUSE bug 1214543SUSE bug 1214635SUSE bug 1214813SUSE bug 1214873SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214945SUSE bug 1214946SUSE bug 1214947SUSE bug 1214948SUSE bug 1214949SUSE bug 1214950SUSE bug 1214951SUSE bug 1214952SUSE bug 1214953SUSE bug 1214954SUSE bug 1214955SUSE bug 1214957SUSE bug 1214958SUSE bug 1214959SUSE bug 1214961SUSE bug 1214962SUSE bug 1214963SUSE bug 1214964SUSE bug 1214965SUSE bug 1214966SUSE bug 1214967SUSE bug 1214986SUSE bug 1214988SUSE bug 1214990SUSE bug 1214991SUSE bug 1214992SUSE bug 1214993SUSE bug 1214995SUSE bug 1214997SUSE bug 1214998SUSE bug 1215115SUSE bug 1215117SUSE bug 1215123SUSE bug 1215124SUSE bug 1215148SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215322SUSE bug 1215467SUSE bug 1215523SUSE bug 1215581SUSE bug 1215752SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1215875SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215899SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916SUSE bug 1215941SUSE bug 1215956SUSE bug 1215957CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:opensuse:leap:15.5Security update for rage-encryption (Moderate)openSUSE Leap 15.5
This update for rage-encryption fixes the following issues:
-CVE-2023-42811: chosen ciphertext attack possible against aes-gcm (bsc#1215657)
* update vendor.tar.zst to contain aes-gcm >= 0.10.3
- Update to version 0.9.2+0:
* CI: Ensure `apt` repository is up-to-date before installing build deps
* CI: Build Linux releases using `ubuntu-20.04` runner
* CI: Remove most uses of `actions-rs` actions
- Update to version 0.9.2+0:
* Fix changelog bugs and add missing entry
* Document `PINENTRY_PROGRAM` environment variable
* age: Add `Decryptor::new_async_buffered`
* age: `impl AsyncBufRead for ArmoredReader`
* Pre-initialize vectors when the capacity is known, or use arrays
* Use `PINENTRY_PROGRAM` as environment variable for `pinentry`
* Document why `impl AsyncWrite for StreamWriter` doesn't loop indefinitely
* cargo update
* cargo vet prune
* Migrate to `cargo-vet 0.7`
* build(deps): bump svenstaro/upload-release-action from 2.5.0 to 2.6.1
* Correct spelling in documentation
* build(deps): bump codecov/codecov-action from 3.1.1 to 3.1.4
* StreamWriter AsyncWrite: fix usage with futures::io::copy()
* rage: Use `Decryptor::new_buffered`
* age: Add `Decryptor::new_buffered`
* age: `impl BufRead for ArmoredReader`
* Update Homebrew formula to v0.9.1
* feat/pinentry: Use env var to define pinentry binary
- Update to version 0.9.1+0:
* ssh: Fix parsing of OpenSSH private key format
* ssh: Support `aes256-gcm@openssh.com` ciphers for encrypted keys
* ssh: Add `aes256-gcm@openssh.com` cipher to test cases
* ssh: Extract common key material derivation logic for encrypted keys
* ssh: Use associated constants for key and IV sizes
* ssh: Add test cases for encrypted keys
- Add shell completions for fish and zsh.
ModerateSUSE bug 1215657CVE-2023-42811 at SUSECVE-2023-42811 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Important)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
- Update to go1.20.10 (bsc#1206346)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109)
ImportantSUSE bug 1206346SUSE bug 1216109CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
- Update to go1.21.3 (bsc#1212475)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1216109)
ImportantSUSE bug 1212475SUSE bug 1216109CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-39194: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215861)
- CVE-2023-39193: Fixed a flaw in the processing of state filters which could allow a local attackers to disclose sensitive information. (bsc#1215860)
- CVE-2023-39192: Fixed a flaw in the u32_match_it function which could allow a local attackers to disclose sensitive information. (bsc#1215858)
- CVE-2023-42754: Fixed a null pointer dereference in ipv4_link_failure which could lead an authenticated attacker to trigger a DoS. (bsc#1215467)
- CVE-2023-5345: fixed an use-after-free vulnerability in the fs/smb/client component which could be exploited to achieve local privilege escalation. (bsc#1215899)
- CVE-2023-4155: Fixed a flaw in KVM AMD Secure Encrypted Virtualization (SEV). An attacker can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages. (bsc#1214022)
- CVE-2023-4389: Fixed a reference counting issue in the Btrfs filesystem that could be exploited in order to leak internal kernel information or crash the system (bsc#1214351).
- CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges (bsc#1215150).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalatio (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system (bsc#1210643).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- ALSA: hda/cirrus: Fix broken audio on hardware with two CS42L42 codecs (git-fixes).
- ALSA: hda/realtek: Splitting the UX3402 into two separate models (git-fixes).
- ARM: pxa: remove use of symbol_get() (git-fixes).
- arm64: csum: Fix OoB access in IP checksum code for negative lengths (git-fixes).
- arm64: module-plts: inline linux/moduleloader.h (git-fixes)
- arm64: module: Use module_init_layout_section() to spot init sections (git-fixes)
- arm64: sdei: abort running SDEI handlers during crash (git-fixes)
- arm64: tegra: Update AHUB clock parent and rate (git-fixes)
- arm64/fpsimd: Only provide the length to cpufeature for xCR registers (git-fixes)
- arm64/hyperv: Use CPUHP_AP_HYPERV_ONLINE state to fix CPU online sequencing (bsc#1206453).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82QF and 82UG (git-fixes).
- ASoC: hdaudio.c: Add missing check for devm_kstrdup (git-fixes).
- ASoC: imx-audmix: Fix return error with devm_clk_get() (git-fixes).
- ASoC: meson: spdifin: start hw on dai probe (git-fixes).
- ASoC: rt5640: Fix IRQ not being free-ed for HDA jack detect mode (git-fixes).
- ASoC: rt5640: Fix sleep in atomic context (git-fixes).
- ASoC: rt5640: Revert 'Fix sleep in atomic context' (git-fixes).
- ASoC: soc-utils: Export snd_soc_dai_is_dummy() symbol (git-fixes).
- ASoC: SOF: core: Only call sof_ops_free() on remove if the probe was successful (git-fixes).
- ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates (git-fixes).
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (git-fixes).
- ata: pata_falcon: fix IO base selection for Q40 (git-fixes).
- ata: pata_ftide010: Add missing MODULE_DESCRIPTION (git-fixes).
- ata: sata_gemini: Add missing MODULE_DESCRIPTION (git-fixes).
- backlight: gpio_backlight: Drop output GPIO direction check for initial power state (git-fixes).
- blk-iocost: fix divide by 0 error in calc_lcoefs() (bsc#1214986).
- blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost (bsc#1214992).
- block/mq-deadline: use correct way to throttling write requests (bsc#1214993).
- Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition (git-fixes).
- bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322).
- bpf: Clear the probe_addr for uprobe (git-fixes).
- btrfs: do not hold CPU for too long when defragging a file (bsc#1214988).
- clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (bsc#1206453).
- drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (bsc#1206453).
- Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (bsc#1206453).
- Drivers: hv: vmbus: Support fully enlightened TDX guests (bsc#1206453).
- drm: gm12u320: Fix the timeout usage for usb_bulk_msg() (git-fixes).
- drm/amd/display: Add smu write msg id fail retry process (git-fixes).
- drm/amd/display: enable cursor degamma for DCN3+ DRM legacy gamma (git-fixes).
- drm/amd/display: fix the white screen issue when >= 64GB DRAM (git-fixes).
- drm/amd/display: prevent potential division by zero errors (git-fixes).
- drm/amd/display: register edp_backlight_control() for DCN301 (git-fixes).
- drm/amd/display: Remove wait while locked (git-fixes).
- drm/ast: Add BMC virtual connector (bsc#1152472) Backporting changes: * rename ast_device to ast_private
- drm/ast: report connection status on Display Port. (bsc#1152472) Backporting changes: * rename ast_device to ast_private * context changes
- drm/display: Do not assume dual mode adaptors support i2c sub-addressing (bsc#1213808).
- drm/i915: mark requests for GuC virtual engines to avoid use-after-free (git-fixes).
- drm/i915/gvt: Drop unused helper intel_vgpu_reset_gtt() (git-fixes).
- drm/i915/gvt: Put the page reference obtained by KVM's gfn_to_pfn() (git-fixes).
- drm/i915/gvt: Verify pfn is 'valid' before dereferencing 'struct page' (git-fixes).
- drm/meson: fix memory leak on ->hpd_notify callback (git-fixes).
- drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling (git-fixes).
- drm/virtio: Use appropriate atomic state in virtio_gpu_plane_cleanup_fb() (git-fixes).
- ext4: avoid potential data overflow in next_linear_group (bsc#1214951).
- ext4: correct inline offset when handling xattrs in inode body (bsc#1214950).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix wrong unit use in ext4_mb_clear_bb (bsc#1214943).
- ext4: fix wrong unit use in ext4_mb_new_blocks (bsc#1214944).
- ext4: get block from bh in ext4_free_blocks for fast commit replay (bsc#1214942).
- ext4: reflect error codes from ext4_multi_mount_protect() to its callers (bsc#1214941).
- ext4: Remove ext4 locking of moved directory (bsc#1214957).
- ext4: set goal start correctly in ext4_mb_normalize_request (bsc#1214940).
- fs: do not update freeing inode i_io_list (bsc#1214813).
- fs: Establish locking order for unrelated directories (bsc#1214958).
- fs: Lock moved directories (bsc#1214959).
- fs: lockd: avoid possible wrong NULL parameter (git-fixes).
- fs: no need to check source (bsc#1215752).
- fs: record I_DIRTY_TIME even if inode already has I_DIRTY_INODE (bsc#1214813).
- fuse: nlookup missing decrement in fuse_direntplus_link (bsc#1215581).
- gve: Add AF_XDP zero-copy support for GQI-QPL format (bsc#1214479).
- gve: Add XDP DROP and TX support for GQI-QPL format (bsc#1214479).
- gve: Add XDP REDIRECT support for GQI-QPL format (bsc#1214479).
- gve: Changes to add new TX queues (bsc#1214479).
- gve: Control path for DQO-QPL (bsc#1214479).
- gve: fix frag_list chaining (bsc#1214479).
- gve: Fix gve interrupt names (bsc#1214479).
- gve: RX path for DQO-QPL (bsc#1214479).
- gve: trivial spell fix Recive to Receive (bsc#1214479).
- gve: Tx path for DQO-QPL (bsc#1214479).
- gve: Unify duplicate GQ min pkt desc size constants (bsc#1214479).
- gve: use vmalloc_array and vcalloc (bsc#1214479).
- gve: XDP support GQI-QPL: helper function changes (bsc#1214479).
- hwrng: virtio - add an internal buffer (git-fixes).
- hwrng: virtio - always add a pending request (git-fixes).
- hwrng: virtio - do not wait on cleanup (git-fixes).
- hwrng: virtio - do not waste entropy (git-fixes).
- hwrng: virtio - Fix race on data_avail and actual data (git-fixes).
- i2c: aspeed: Reset the i2c controller when timeout occurs (git-fixes).
- i3c: master: svc: fix probe failure when no i3c device exist (git-fixes).
- i915/pmu: Move execlist stats initialization to execlist specific setup (git-fixes).
- idr: fix param name in idr_alloc_cyclic() doc (git-fixes).
- Input: tca6416-keypad - fix interrupt enable disbalance (git-fixes).
- iommu/virtio: Detach domain on endpoint release (git-fixes).
- iommu/virtio: Return size mapped for a detached domain (git-fixes).
- jbd2: check 'jh->b_transaction' before removing it from checkpoint (bsc#1214953).
- jbd2: correct the end of the journal recovery scan range (bsc#1214955).
- jbd2: fix a race when checking checkpoint buffer busy (bsc#1214949).
- jbd2: fix checkpoint cleanup performance regression (bsc#1214952).
- jbd2: Fix wrongly judgement for buffer head removing while doing checkpoint (bsc#1214948).
- jbd2: recheck chechpointing non-dirty buffer (bsc#1214945).
- jbd2: remove journal_clean_one_cp_list() (bsc#1214947).
- jbd2: remove t_checkpoint_io_list (bsc#1214946).
- jbd2: restore t_checkpoint_io_list to maintain kABI (bsc#1214946).
- kabi: hide changes in enum ipl_type and struct sclp_info (jsc#PED-2023 jsc#PED-2025).
- kabi/severities: ignore mlx4 internal symbols
- kconfig: fix possible buffer overflow (git-fixes).
- kernel-binary: Move build-time definitions together Move source list and build architecture to buildrequires to aid in future reorganization of the spec template.
- kernel-binary: python3 is needed for build At least scripts/bpf_helpers_doc.py requires python3 since Linux 4.18 Other simimlar scripts may exist.
- kselftest/runner.sh: Propagate SIGTERM to runner child (git-fixes).
- KVM: s390: fix KVM_S390_GET_CMMA_BITS for GFNs in memslot holes (git-fixes bsc#1215915).
- KVM: s390: interrupt: use READ_ONCE() before cmpxchg() (git-fixes bsc#1215896).
- KVM: s390: pv: fix external interruption loop not always detected (git-fixes bsc#1215916).
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (git-fixes bsc#1215894).
- KVM: s390: vsie: fix the length of APCB bitmap (git-fixes bsc#1215895).
- KVM: s390/diag: fix racy access of physical cpu number in diag 9c handler (git-fixes bsc#1215911).
- KVM: SVM: Remove a duplicate definition of VMCB_AVIC_APIC_BAR_MASK (git-fixes).
- KVM: VMX: Fix header file dependency of asm/vmx.h (git-fixes).
- KVM: x86: Fix KVM_CAP_SYNC_REGS's sync_regs() TOCTOU issues (git-fixes).
- KVM: x86/mmu: Include mmu.h in spte.h (git-fixes).
- loop: Fix use-after-free issues (bsc#1214991).
- loop: loop_set_status_from_info() check before assignment (bsc#1214990).
- mlx4: Avoid resetting MLX4_INTFF_BONDING per driver (bsc#1187236).
- mlx4: Connect the ethernet part to the auxiliary bus (bsc#1187236).
- mlx4: Connect the infiniband part to the auxiliary bus (bsc#1187236).
- mlx4: Delete custom device management logic (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.activate callback (bsc#1187236).
- mlx4: Get rid of the mlx4_interface.get_dev callback (bsc#1187236).
- mlx4: Move the bond work to the core driver (bsc#1187236).
- mlx4: Register mlx4 devices to an auxiliary virtual bus (bsc#1187236).
- mlx4: Rename member mlx4_en_dev.nb to netdev_nb (bsc#1187236).
- mlx4: Replace the mlx4_interface.event callback with a notifier (bsc#1187236).
- mlx4: Use 'void *' as the event param of mlx4_dispatch_event() (bsc#1187236).
- module: Expose module_init_layout_section() (git-fixes)
- net: do not allow gso_size to be set to GSO_BY_FRAGS (git-fixes).
- net: mana: Add page pool for RX buffers (bsc#1214040).
- net: mana: Configure hwc timeout from hardware (bsc#1214037).
- net: phy: micrel: Correct bit assignments for phy_device flags (git-fixes).
- net: usb: qmi_wwan: add Quectel EM05GV2 (git-fixes).
- net/mlx4: Remove many unnecessary NULL values (bsc#1187236).
- NFS: Guard against READDIR loop when entry names exceed MAXNAMELEN (git-fixes).
- NFS/blocklayout: Use the passed in gfp flags (git-fixes).
- NFS/pNFS: Report EINVAL errors from connect() to the server (git-fixes).
- NFSD: da_addr_body field missing in some GETDEVICEINFO replies (git-fixes).
- NFSD: fix change_info in NFSv4 RENAME replies (git-fixes).
- NFSD: Fix race to FREE_STATEID and cl_revoked (git-fixes).
- NFSv4: Fix dropped lock for racing OPEN and delegation return (git-fixes).
- NFSv4: fix out path in __nfs4_get_acl_uncached (git-fixes).
- NFSv4.2: fix error handling in nfs42_proc_getxattr (git-fixes).
- NFSv4.2: fix handling of COPY ERR_OFFLOAD_NO_REQ (git-fixes).
- NFSv4/pnfs: minor fix for cleanup path in nfs4_get_device_info (git-fixes).
- ntb: Clean up tx tail index on link down (git-fixes).
- ntb: Drop packets when qp link is down (git-fixes).
- ntb: Fix calculation ntb_transport_tx_free_entry() (git-fixes).
- nvme-auth: use chap->s2 to indicate bidirectional authentication (bsc#1214543).
- nvme-tcp: add recovery_delay to sysfs (bsc#1201284).
- nvme-tcp: delay error recovery until the next KATO interval (bsc#1201284).
- nvme-tcp: Do not terminate commands when in RESETTING (bsc#1201284).
- nvme-tcp: make 'err_work' a delayed work (bsc#1201284).
- PCI: Free released resource after coalescing (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix potential buffer overflows (git-fixes).
- platform/mellanox: mlxbf-pmc: Fix reading of unprogrammed events (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop jumbo frames (git-fixes).
- platform/mellanox: mlxbf-tmfifo: Drop the Rx packet if no more descriptors (git-fixes).
- platform/x86: intel_scu_ipc: Check status after timeout in busy_loop() (git-fixes).
- platform/x86: intel_scu_ipc: Check status upon timeout in ipc_wait_for_interrupt() (git-fixes).
- platform/x86: intel_scu_ipc: Do not override scu in intel_scu_ipc_dev_simple_command() (git-fixes).
- platform/x86: intel_scu_ipc: Fail IPC send if still busy (git-fixes).
- pNFS: Fix assignment of xprtdata.cred (git-fixes).
- powerpc/fadump: make is_kdump_kernel() return false when fadump is active (bsc#1212639 ltc#202582).
- powerpc/iommu: Fix notifiers being shared by PCI and VIO buses (bsc#1065729).
- powerpc/xics: Remove unnecessary endian conversion (bsc#1065729).
- printk: ringbuffer: Fix truncating buffer size min_t cast (bsc#1215875).
- pwm: lpc32xx: Remove handling of PWM channels (git-fixes).
- quota: add new helper dquot_active() (bsc#1214998).
- quota: factor out dquot_write_dquot() (bsc#1214995).
- quota: fix dqput() to follow the guarantees dquot_srcu should provide (bsc#1214963).
- quota: fix warning in dqgrab() (bsc#1214962).
- quota: Properly disable quotas when add_dquot_ref() fails (bsc#1214961).
- quota: rename dquot_active() to inode_quota_active() (bsc#1214997).
- RDMA/siw: Fabricate a GID on tun and loopback devices (git-fixes)
- s390/dasd: fix command reject error on ESE devices (LTC#203630 bsc#1215123 git-fixes).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/ipl: add DEFINE_GENERIC_LOADPARM() (jsc#PED-2023).
- s390/ipl: add eckd dump support (jsc#PED-2025).
- s390/ipl: add eckd support (jsc#PED-2023).
- s390/ipl: add loadparm parameter to eckd ipl/reipl data (jsc#PED-2023).
- s390/ipl: use octal values instead of S_* macros (jsc#PED-2023).
- s390/qeth: Do not call dev_close/dev_open (DOWN/UP) (bsc#1214873 git-fixes).
- s390/zcrypt: do not leak memory if dev_set_name() fails (git-fixes bsc#1215148).
- scsi: 3w-xxxx: Add error handling for initialization failure in tw_probe() (git-fixes).
- scsi: 53c700: Check that command slot is not NULL (git-fixes).
- scsi: core: Fix legacy /proc parsing buffer overflow (git-fixes).
- scsi: core: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: fnic: Replace return codes in fnic_clean_pending_aborts() (git-fixes).
- scsi: lpfc: Do not abuse UUID APIs and LPFC_COMPRESS_VMID_SIZE (git-fixes).
- scsi: lpfc: Early return after marking final NLP_DROPPED flag in dev_loss_tmo (git-fixes).
- scsi: lpfc: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- scsi: lpfc: Modify when a node should be put in device recovery mode during RSCN (git-fixes).
- scsi: lpfc: Prevent use-after-free during rmmod with mapped NVMe rports (git-fixes).
- scsi: lpfc: Remove reftag check in DIF paths (git-fixes).
- scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658).
- scsi: qedf: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qedf: Fix NULL dereference in error handling (git-fixes).
- scsi: qedi: Fix firmware halt over suspend and resume (git-fixes).
- scsi: qla2xxx: Add logs for SFP temperature monitoring (bsc#1214928).
- scsi: qla2xxx: Allow 32-byte CDBs (bsc#1214928).
- scsi: qla2xxx: Error code did not return to upper layer (bsc#1214928).
- scsi: qla2xxx: Fix firmware resource tracking (bsc#1214928).
- scsi: qla2xxx: Fix NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- scsi: qla2xxx: Fix smatch warn for qla_init_iocb_limit() (bsc#1214928).
- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1214928).
- scsi: qla2xxx: Move resource to allow code reuse (bsc#1214928).
- scsi: qla2xxx: Remove unsupported ql2xenabledif option (bsc#1214928).
- scsi: qla2xxx: Remove unused declarations (bsc#1214928).
- scsi: qla2xxx: Remove unused variables in qla24xx_build_scsi_type_6_iocbs() (bsc#1214928).
- scsi: qla2xxx: Update version to 10.02.09.100-k (bsc#1214928).
- scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id() (git-fixes).
- scsi: scsi_debug: Remove dead code (git-fixes).
- scsi: snic: Fix double free in snic_tgt_create() (git-fixes).
- scsi: snic: Fix possible memory leak if device_add() fails (git-fixes).
- scsi: storvsc: Handle additional SRB status values (git-fixes).
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (git-fixes bsc#1215941).
- selftests: mlxsw: Fix test failure on Spectrum-4 (jsc#PED-1549).
- selftests: tracing: Fix to unmount tracefs for recovering environment (git-fixes).
- spi: Add TPM HW flow flag (bsc#1213534)
- spi: tegra210-quad: Enable TPM wait polling (bsc#1213534)
- spi: tegra210-quad: set half duplex flag (bsc#1213534)
- SUNRPC: Mark the cred for revalidation if the server rejects it (git-fixes).
- tcpm: Avoid soft reset when partner does not support get_status (git-fixes).
- tpm_tis_spi: Add hardware wait polling (bsc#1213534)
- tracing: Fix race issue between cpu buffer write and swap (git-fixes).
- tracing: Remove extra space at the end of hwlat_detector/mode (git-fixes).
- tracing: Remove unnecessary copying of tr->current_trace (git-fixes).
- uapi: stddef.h: Fix __DECLARE_FLEX_ARRAY for C++ (git-fixes).
- udf: Fix extension of the last extent in the file (bsc#1214964).
- udf: Fix file corruption when appending just after end of preallocated extent (bsc#1214965).
- udf: Fix off-by-one error when discarding preallocation (bsc#1214966).
- udf: Fix uninitialized array access for some pathnames (bsc#1214967).
- Update metadata
- uprobes/x86: Allow to probe a NOP instruction with 0x66 prefix (git-fixes).
- usb: ehci: add workaround for chipidea PORTSC.PEC bug (git-fixes).
- usb: ehci: move new member has_ci_pec_bug into hole (git-fixes).
- usb: serial: option: add FOXCONN T99W368/T99W373 product (git-fixes).
- usb: serial: option: add Quectel EM05G variant (0x030e) (git-fixes).
- usb: typec: tcpci: clear the fault status bit (git-fixes).
- usb: typec: tcpci: move tcpci.h to include/linux/usb/ (git-fixes).
- vhost_vdpa: fix the crash in unmap a large memory (git-fixes).
- vhost-scsi: unbreak any layout for response (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: allow batching hint without size (git-fixes).
- vhost: fix hung thread due to erroneous iotlb entries (git-fixes).
- vhost: handle error while adding split ranges to iotlb (git-fixes).
- virtio_net: add checking sq is full inside xdp xmit (git-fixes).
- virtio_net: Fix probe failed when modprobe virtio_net (git-fixes).
- virtio_net: reorder some funcs (git-fixes).
- virtio_net: separate the logic of checking whether sq is full (git-fixes).
- virtio_ring: fix avail_wrap_counter in virtqueue_add_packed (git-fixes).
- virtio-blk: set req->state to MQ_RQ_COMPLETE after polling I/O is finished (git-fixes).
- virtio-mmio: do not break lifecycle of vm_dev (git-fixes).
- virtio-net: fix race between set queues and probe (git-fixes).
- virtio-net: set queues after driver_ok (git-fixes).
- virtio-rng: make device ready before making request (git-fixes).
- virtio: acknowledge all features before access (git-fixes).
- vmcore: remove dependency with is_kdump_kernel() for exporting vmcore (bsc#1212639 ltc#202582).
- watchdog: intel-mid_wdt: add MODULE_ALIAS() to allow auto-load (git-fixes).
- word-at-a-time: use the same return type for has_zero regardless of endianness (bsc#1065729).
- x86/alternative: Fix race in try_get_desc() (git-fixes).
- x86/boot/e820: Fix typo in e820.c comment (git-fixes).
- x86/bugs: Reset speculation control settings on init (git-fixes).
- x86/coco: Allow CPU online/offline for a TDX VM with the paravisor on Hyper-V (bsc#1206453).
- x86/coco: Export cc_vendor (bsc#1206453).
- x86/cpu: Add Lunar Lake M (git-fixes).
- x86/cpu: Add model number for Intel Arrow Lake processor (git-fixes).
- x86/fpu: Take task_struct* in copy_sigframe_from_user_to_xstate() (git-fixes).
- x86/head/64: Switch to KERNEL_CS as soon as new GDT is installed (git-fixes).
- x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (bsc#1206453).
- x86/hyperv: Add hv_write_efer() for a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (bsc#1206453).
- x86/hyperv: Add missing 'inline' to hv_snp_boot_ap() stub (bsc#1206453).
- x86/hyperv: Add sev-snp enlightened guest static key (bsc#1206453)
- x86/hyperv: Add smp support for SEV-SNP guest (bsc#1206453).
- x86/hyperv: Add VTL specific structs and hypercalls (bsc#1206453).
- x86/hyperv: Fix hyperv_pcpu_input_arg handling when CPUs go online/offline (bsc#1206453).
- x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (bsc#1206453).
- x86/hyperv: Introduce a global variable hyperv_paravisor_present (bsc#1206453).
- x86/hyperv: Mark hv_ghcb_terminate() as noreturn (bsc#1206453).
- x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (bsc#1206453).
- x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef's (bsc#1206453).
- x86/hyperv: Remove hv_isolation_type_en_snp (bsc#1206453).
- x86/hyperv: Set Virtual Trust Level in VMBus init message (bsc#1206453).
- x86/hyperv: Support hypercalls for fully enlightened TDX guests (bsc#1206453).
- x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (bsc#1206453).
- x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (bsc#1206453).
- x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL (git-fixes).
- x86/ioapic: Do not return 0 from arch_dynirq_lower_bound() (git-fixes).
- x86/ioremap: Fix page aligned size calculation in __ioremap_caller() (git-fixes).
- x86/mce: Retrieve poison range from hardware (git-fixes).
- x86/mem_encrypt: Unbreak the AMD_MEM_ENCRYPT=n build (git-fixes).
- x86/mm: Avoid incomplete Global INVLPG flushes (git-fixes).
- x86/mm: Do not shuffle CPU entry areas without KASLR (git-fixes).
- x86/purgatory: remove PGO flags (git-fixes).
- x86/PVH: avoid 32-bit build warning when obtaining VGA console info (git-fixes).
- x86/reboot: Disable virtualization in an emergency if SVM is supported (git-fixes).
- x86/resctl: fix scheduler confusion with 'current' (git-fixes).
- x86/resctrl: Fix task CLOSID/RMID update race (git-fixes).
- x86/resctrl: Fix to restore to original value when re-enabling hardware prefetch register (git-fixes).
- x86/rtc: Remove __init for runtime functions (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Reduce delay and interference of enclave release (git-fixes).
- x86/srso: Do not probe microcode in a guest (git-fixes).
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes).
- x86/srso: Fix srso_show_state() side effect (git-fixes).
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes).
- x86/virt: Force GIF=1 prior to disabling SVM (for reboot flows) (git-fixes).
- xen: remove a confusing comment on auto-translated guest I/O (git-fixes).
- xprtrdma: Remap Receive buffers after a reconnect (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1152472SUSE bug 1187236SUSE bug 1201284SUSE bug 1202845SUSE bug 1206453SUSE bug 1208995SUSE bug 1210169SUSE bug 1210643SUSE bug 1210658SUSE bug 1212639SUSE bug 1212703SUSE bug 1213534SUSE bug 1213808SUSE bug 1214022SUSE bug 1214037SUSE bug 1214040SUSE bug 1214351SUSE bug 1214479SUSE bug 1214543SUSE bug 1214635SUSE bug 1214813SUSE bug 1214873SUSE bug 1214928SUSE bug 1214940SUSE bug 1214941SUSE bug 1214942SUSE bug 1214943SUSE bug 1214944SUSE bug 1214945SUSE bug 1214946SUSE bug 1214947SUSE bug 1214948SUSE bug 1214949SUSE bug 1214950SUSE bug 1214951SUSE bug 1214952SUSE bug 1214953SUSE bug 1214954SUSE bug 1214955SUSE bug 1214957SUSE bug 1214958SUSE bug 1214959SUSE bug 1214961SUSE bug 1214962SUSE bug 1214963SUSE bug 1214964SUSE bug 1214965SUSE bug 1214966SUSE bug 1214967SUSE bug 1214986SUSE bug 1214988SUSE bug 1214990SUSE bug 1214991SUSE bug 1214992SUSE bug 1214993SUSE bug 1214995SUSE bug 1214997SUSE bug 1214998SUSE bug 1215115SUSE bug 1215117SUSE bug 1215123SUSE bug 1215124SUSE bug 1215148SUSE bug 1215150SUSE bug 1215221SUSE bug 1215275SUSE bug 1215322SUSE bug 1215467SUSE bug 1215581SUSE bug 1215752SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1215875SUSE bug 1215877SUSE bug 1215894SUSE bug 1215895SUSE bug 1215896SUSE bug 1215899SUSE bug 1215911SUSE bug 1215915SUSE bug 1215916SUSE bug 1215941CVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-2177 at SUSECVE-2023-2177 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-4155 at SUSECVE-2023-4155 at NVDCVE-2023-42753 at SUSECVE-2023-42753 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-4389 at SUSECVE-2023-4389 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-5345 at SUSECVE-2023-5345 at NVDcpe:/o:opensuse:leap:15.5Security update for cni-plugins (Important)openSUSE Leap 15.5
This update of cni-plugins fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:opensuse:leap:15.5Security update for cni (Important)openSUSE Leap 15.5
This update of cni fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216006cpe:/o:opensuse:leap:15.5Security update for wireshark (Low)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
Updated to version 3.6.17:
- CVE-2023-5371: Fixed a memory leak issue in the RTPS dissector
(bsc#1215959).
LowSUSE bug 1215959CVE-2023-5371 at SUSECVE-2023-5371 at NVDcpe:/o:opensuse:leap:15.5Security update for opensc (Important)openSUSE Leap 15.5
This update for opensc fixes the following issues:
- CVE-2023-40660: Fixed a PIN bypass that could be triggered when
cards tracked their own login state (bsc#1215762).
- CVE-2023-40661: Fixed several memory safety issues that could happen
during the card enrollment process using pkcs15-init (bsc#1215761).
ImportantSUSE bug 1215761SUSE bug 1215762CVE-2023-40660 at SUSECVE-2023-40660 at NVDCVE-2023-40661 at SUSECVE-2023-40661 at NVDcpe:/o:opensuse:leap:15.5Security update for libcue (Important)openSUSE Leap 15.5
This update for libcue fixes the following issues:
- CVE-2023-43641: Fixed a buffer overflow while parsing a malicious
file (bsc#1215728).
ImportantSUSE bug 1215728CVE-2023-43641 at SUSECVE-2023-43641 at NVDcpe:/o:opensuse:leap:15.5Security update for python-gevent (Important)openSUSE Leap 15.5
This update for python-gevent fixes the following issues:
- CVE-2023-41419: Fixed a http request smuggling (bsc#1215469).
ImportantSUSE bug 1215469CVE-2023-41419 at SUSECVE-2023-41419 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Moderate)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- CVE-2023-43665: Fixed a Denial-of-service in django.utils.text.Truncator. (bsc#1215978)
ModerateSUSE bug 1215978CVE-2023-43665 at SUSECVE-2023-43665 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah (Important)openSUSE Leap 15.5
This update of buildah fixes the following issues:
- rebuild the package with the go 1.21 security release (bsc#1212475).
ImportantSUSE bug 1212475SUSE bug 1216005cpe:/o:opensuse:leap:15.5Security update for python-urllib3 (Moderate)openSUSE Leap 15.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if
the user manually set the corresponding header (bsc#1215968).
ModerateSUSE bug 1215968CVE-2023-43804 at SUSECVE-2023-43804 at NVDcpe:/o:opensuse:leap:15.5Security update for erlang (Critical)openSUSE Leap 15.5
This update for erlang fixes the following issues:
- Updated to version 23.3.4.19 (jsc#PED-6209):
- CVE-2022-37026: Complete a previous insufficient fix for an
authentication bypass (bsc#1205318).
CriticalSUSE bug 1205318CVE-2022-37026 at SUSECVE-2022-37026 at NVDcpe:/o:opensuse:leap:15.5Security update for glibc (Important)openSUSE Leap 15.5
This update for glibc fixes the following issues:
Security issue fixed:
- CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931)
Also a regression from a previous update was fixed:
- elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)
ImportantSUSE bug 1215286SUSE bug 1215891CVE-2023-4813 at SUSECVE-2023-4813 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm (Important)openSUSE Leap 15.5
This update for slurm fixes the following issues:
- CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207)
ImportantSUSE bug 1208810SUSE bug 1216207CVE-2023-41914 at SUSECVE-2023-41914 at NVDcpe:/o:opensuse:leap:15.5Security update for helm (Important)openSUSE Leap 15.5
This update for helm fixes the following issues:
helm was updated to version 3.13.1:
* Fixing precedence issue with the import of values.
* Add missing with clause to release gh action
* FIX Default ServiceAccount yaml
* fix(registry): unswallow error
* remove useless print during prepareUpgrade
* fix(registry): address anonymous pull issue
* Fix missing run statement on release action
* Write latest version to get.helm.sh bucket
* Increased release information key name max length.
helm was updated to version 3.13.0 (bsc#1215588):
* Fix leaking goroutines in Install
* Update Helm to use k8s 1.28.2 libraries
* make the dependabot k8s.io group explicit
* use dependabot's group support for k8s.io dependencies
* doc:Executing helm rollback release 0 will roll back to the
previous release
* Use labels instead of selectorLabels for pod labels
* fix(helm): fix GetPodLogs, the hooks should be sorted before
get the logs of each hook
* chore: HTTPGetter add default timeout
* Avoid nil dereference if passing a nil resolver
* Add required changes after merge
* Fix #3352, add support for --ignore-not-found just like kubectl
delete
* Fix helm may identify achieve of the application/x-gzip as
application/vnd.ms-fontobject
* Restore `helm get metadata` command
* Revert 'Add `helm get metadata` command'
* test: replace `ensure.TempDir` with `t.TempDir`
* use json api url + report curl/wget error on fail
* Added error in case try to supply custom label with name of
system label during install/upgrade
* fix(main): fix basic auth for helm pull or push
* cmd: support generating index in JSON format
* repo: detect JSON and unmarshal efficiently
* Tweaking new dry-run internal handling
* bump kubernetes modules to v0.27.3
* Remove warning for template directory not found.
* Added tests for created OCI annotation time format
* Add created OCI annotation
* Fix multiple bugs in values handling
* chore: fix a typo in `manager.go`
* add GetRegistryClient method
* oci: add tests for plain HTTP and insecure HTTPS registries
* oci: Add flag `--plain-http` to enable working with HTTP
registries
* docs: add an example for using the upgrade command with
existing values
* Replace `fmt.Fprintf` with `fmt.Fprint` in get_metadata.go
* Replace `fmt.Fprintln` with `fmt.Fprintf` in get_metadata.go
* update kubernetes dependencies from v0.27.0 to v0.27.1
* Add ClientOptResolver to test util file
* Check that missing keys are still handled in tpl
* tests: change crd golden file to match after #11870
* Adding details on the Factory interface
* update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
* feat(helm): add ability for --dry-run to do lookup functions
When a helm command is run with the --dry-run flag, it will try
to connect to the cluster to be able to render lookup
functions. Closes #8137
* bugfix:(#11391) helm lint infinite loop when malformed
template object
* pkg/engine: fix nil-dereference
* pkg/chartutil: fix nil-dereference
* pkg/action: fix nil-dereference
* full source path when output-dir is not provided
* added Contributing.md section and ref link in the README
* feat(helm): add ability for --dry-run to do lookup functions
When a helm command is run with the --dry-run flag, it will try
to connect to the cluster if the value is 'server' to be able
to render lookup functions. Closes #8137
* feat(helm): add ability for --dry-run to do lookup functions
* Add `CHART`, `VERSION` and `APP_VERSION` fields to `get all`
command output
* Adjust `get` command description to account metadata
* add volumes and volumeMounts in chartutil
* Seed a default switch to control `automountServiceAccountToken`
* Avoid confusing error when passing in '--version X.Y.Z'
* Add `helm get metadata` command
* Use wrapped error so that ErrNoObjectsVisited can be compared
after return.
* Add exact version test.
* strict file permissions of repository.yaml
* Check redefinition of define and include in tpl
* Check that `.Template` is passed through `tpl`
* Make sure empty `tpl` values render empty.
* Pick the test improvement out of PR#8371
* #11369 Use the correct index repo cache directory in the
`parallelRepoUpdate` method as well
* #11369 Add a test case to prove the bug and its resolution
* ref(helm): export DescriptorPullSummary fields
* feat(helm): add 'ClientOptResolver' ClientOption
* Fix flaky TestSQLCreate test by making sqlmock ignore order of
sql requests
* Fixing tests after adding labels to release fixture
* Make default release fixture contain custom labels to make
tests check that labels are not lost
* Added support for storing custom labels in SQL storage driver
* Adding support merging new custom labels with original release
labels during upgrade
* Added note to install/upgrade commands that original release
labels wouldn't be persisted in upgraded release
* Added unit tests for implemented install/upgrade labels logic
* Remove redudant types from util_test.go
* Added tests for newly introduced util.go functions
* Fix broken tests for SQL storage driver
* Fix broken tests for configmap and secret storage drivers
* Make superseded releases keep labels
* Support configmap storage driver for install/upgrade actions
--labels argument
* Added upgrade --install labels argument support
* Add labels support for install action with secret storage
backend
* test: added tests to load plugin from home dir with space
* fix: plugin does not load when helm base dir contains space
* Add priority class to kind sorter
* Fixes #10566
* test(search): add mixedCase test case
* fix(search): print repo search result in original case
* Adjust error message wrongly claiming that there is a resource
conflict
* Throw an error from jobReady() if the job exceeds its
BackoffLimit
* github: add Asset Transparency action for GitHub releases
Update to version 3.12.3:
* bump kubernetes modules to v0.27.3
* Add priority class to kind sorter
Update to version 3.12.2:
* add GetRegistryClient method
Update to version 3.12.1:
* bugfix:(#11391) helm lint infinite loop when malformed
template object
* update autoscaling/v2beta1 to autoscaling/v2 in skeleton chart
* test(search): add mixedCase test case
* fix(search): print repo search result in original case
* strict file permissions of repository.yaml
* update kubernetes dependencies from v0.27.0 to v0.27.1
Update to version 3.12.0:
* Attach annotations to OCI artifacts
* Fix goroutine leak in action install
* fix quiet lint does not fail on non-linting errors
* create failing test for quietly linting a chart that doesn't
exist
* Fixes Readiness Check for statefulsets using partitioned
rolling update. (#11774)
* fix: failed testcase on windows
* Fix 32bit-x86 typo in testsuite
* Handle failed DNS case for Go 1.20+
* Updating the Go version in go.mod
* Fix goroutine leak in perform
* Properly invalidate client after CRD install
* Provide a helper to set the registryClient in cmd
* Reimplemented change in httpgetter for insecure TLS option
* Added insecure option to login subcommand
* Added support for insecure OCI registries
* Enable custom certificates option for OCI
* Add testing to default and release branches
* Remove job dependency. Should have done when I moved job to new
file
* Remove check to run only in helm org
* Add why comments
* Convert remaining CircleCI config to GitHub Actions
* Changed how the setup-go action sets go version
* chore:Use http constants as http.request parameters
* update k8s registry domain
* don't mark issues as stale where a PR is in progress
* Update to func handling
* Add option to support cascade deletion options
* the linter varcheck and deadcode are deprecated (since v1.49.0)
* Check status code before retrying request
* Fix improper use of Table request/response to k8s API
* fix template --output-dir issue
* Add protection for stack-overflows for nested keys
* feature(helm): add --set-literal flag for literal string
interpretation
Update to version 3.11.3:
* Fix goroutine leak in perform
* Fix goroutine leak in action install
* Fix 32bit-x86 typo in testsuite
* Fixes Readiness Check for statefulsets using partitioned rolling update. (#11774)
- avoid CGO to workaround missing gold dependency (bsc#1183043)
ImportantSUSE bug 1183043SUSE bug 1215588SUSE bug 1215711CVE-2022-41723 at SUSECVE-2022-41723 at NVDCVE-2023-25173 at SUSECVE-2023-25173 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat (Important)openSUSE Leap 15.5
This update for tomcat fixes the following issues:
Tomcat was updated to version 9.0.82 (jsc#PED-6376, jsc#PED-6377):
- Security issues fixed:
* CVE-2023-41080: Avoid protocol relative redirects in FORM authentication. (bsc#1214666)
* CVE-2023-44487: Fix HTTP/2 Rapid Reset Attack. (bsc#1216182)
- Update to Tomcat 9.0.82:
* Catalina
+ Add: 65770: Provide a lifecycle listener that will
automatically reload TLS configurations a set time before the
certificate is due to expire. This is intended to be used with
third-party tools that regularly renew TLS certificates.
+ Fix: Fix handling of an error reading a context descriptor on
deployment.
+ Fix: Fix rewrite rule qsd (query string discard) being ignored
if qsa was also use, while it should instead take precedence.
+ Fix: 67472: Send fewer CORS-related headers when CORS is not
actually being engaged.
+ Add: Improve handling of failures within recycle() methods.
* Coyote
+ Fix: 67670: Fix regression with HTTP compression after code
refactoring.
+ Fix: 67198: Ensure that the AJP connector attribute
tomcatAuthorization takes precedence over the
tomcatAuthentication attribute when processing an auth_type
attribute received from a proxy server.
+ Fix: 67235: Fix a NullPointerException when an AsyncListener
handles an error with a dispatch rather than a complete.
+ Fix: When an error occurs during asynchronous processing,
ensure that the error handling process is only triggered once
per asynchronous cycle.
+ Fix: Fix logic issue trying to match no argument method in
IntropectionUtil.
+ Fix: Improve thread safety around readNotify and writeNotify
in the NIO2 endpoint.
+ Fix: Avoid rare thread safety issue accessing message digest
map.
+ Fix: Improve statistics collection for upgraded connections
under load.
+ Fix: Align validation of HTTP trailer fields with standard
fields.
+ Fix: Improvements to HTTP/2 overhead protection (bsc#1216182,
CVE-2023-44487)
* jdbc-pool
+ Fix: 67664: Correct a regression in the clean-up of
unnecessary use of fully qualified class names in 9.0.81
that broke the jdbc-pool.
* Jasper
+ Fix: 67080: Improve performance of EL expressions in JSPs that
use implicit objects
- Update to Tomcat 9.0.80 (jsc#PED-6376, jsc#PED-6377):
* Catalina:
+ Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks
+ Move the management of the utility executor from the init()/destroy() methods of components to the start()/stop()
methods.
+ Add org.apache.catalina.core.StandardVirtualThreadExecutor, a virtual thread based executor that may be used with
one or more Connectors to process requests received by those Connectors using virtual threads. This Executor
requires a minimum Java version of Java 21.
+ Add a per session Semaphore to the PersistentValve that ensures that, within a single Tomcat instance, there is no
more than one concurrent request per session. Also expand the debug logging to include whether a request bypasses
the Valve and the reason if a request fails to obtain the per session Semaphore.
+ Ensure that the default servlet correctly escapes file names in directory listings when using XML output.
+ Add a numeric last modified field to the XML directory listings produced by the default servlet to enable sorting
in the XSLT.
+ Attempts to lock a collection with WebDAV may incorrectly fail if a child collection has an expired lock.
+ Deprecate the xssProtectionEnabled setting from the HttpHeaderSecurityFilter and change the default value to false
as support for the associated HTTP header has been removed from all major browsers.
+ Add org.apache.catalina.core.ContextNamingInfoListener, a listener which creates context naming information
environment entries.
+ Add org.apache.catalina.core.PropertiesRoleMappingListener, a listener which populates the context's role mapping
from a properties file.
+ Fix an edge case where intra-web application symlinks would be followed if the web applications were deliberately
crafted to allow it even when allowLinking was set to false.
+ Add utility config file resource lookup on Context to allow looking up resources from the webapp
(prefixed with webapp:) and make the resource lookup API more visible.
+ Fix potential database connection leaks in DataSourceUserDatabase identified by Coverity Scan.
+ Make parsing of ExtendedAccessLogValve patterns more robust.
+ Fix failure trying to persist configuration for an internal credential handler.
+ When serializing a session during the session presistence process, do not log a warning that null Principals are
not serializable.
+ Catch NamingException in JNDIRealm#getPrincipal. It is used in Java up to 17 to signal closed connections.
+ Use the same naming format in log messages for Connector instances as the associated ProtocolHandler instance.
+ The parts count should also lower the actual maxParameterCount used for parsing parameters if parts are parsed
first.
+ If an application or library sets both a non-500 error code and the javax.servlet.error.exception request
attribute, use the provided error code during error page processing rather than assuming an error code of 500.
+ Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and
kB.
* Coyote:
+ Update the HTTP/2 implementation to use the prioritization scheme defined in RFC 9218 rather than the one defined
in RFC 7540.
+ Fix not sending WINDOW_UPDATE when dataLength is ZERO on call SwallowedDataFramePayload.
+ Restore the documented behaviour of MessageBytes.getType() that it returns the type of the original content rather
than reflecting the most recent conversion.
+ Correct certificate logging on start-up so it differentiates between keystore based keys/certificates:
PEM file based keys/certificates and logs the relevant information for each.
+ Refactor blocking reads and writes for the NIO connector to remove code paths that could allow a notification from
the Poller to be missed resuting in a timeout rather than the expected read or write.
+ Refactor waiting for an HTTP/2 stream or connection window update to handle spurious wake-ups during the wait.
+ Correct a regression introduced in 9.0.78 and use the correct constant when constructing the default value for the
certificateKeystoreFile attribute of an SSLHostConfigCertificate instance.
+ Refactor HTTP/2 implementation to reduce pinning when using virtual threads.
+ Pass through ciphers referring to an OpenSSL profile, such as PROFILE=SYSTEM instead of producing an error trying
to parse it.
+ Ensure that AsyncListener.onError() is called after an error during asynchronous processing with HTTP/2.
+ When using asynchronous I/O (the default for NIO and NIO2), include DATA frames when calculating the HTTP/2
overhead count to ensure that connections are not prematurely terminated.
+ Correct a race condition that could cause spurious RST messages to be sent after the response had been written to
an HTTP/2 stream.
* WebSocket:
+ Expand the validation of the value of the Sec-Websocket-Key header in the HTTP upgrade request that initiates a
WebSocket connection. The value is not decoded but it is checked for the correct length and that only valid
characters from the base64 alphabet are used.
+ Improve handling of error conditions for the WebSocket server, particularly during Tomcat shutdown.
+ Correct a regression in the fix for 66574 that meant the WebSocket session could return false for onOpen() before
the onClose() event had been completed.
+ Fix a NullPointerException when flushing batched messages with compression enabled using permessage-deflate.
* Web applications:
+ Add RateLimitFilter which can be used to mitigate DoS and Brute Force attacks attribute in the configuration
section for the Digest authentication value.
+ Documentation: Expand the security guidance to cover the embedded use case and add notes on the uses made of the
java.io.tmpdir system property.
+ Documentation: Fix a typo in the name of the algorithms
+ Documentation: Update documentation to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB.
* jdbc-pool:
+ Fix the releaseIdleCounter does not increment when testAllIdle releases them.
+ Fix the ConnectionState state will be inconsistent with actual state on the connection when an exception occurs
while writing.
* Other:
+ Update to Commons Daemon 1.3.4.
+ Improvements to French translations.
+ Update Checkstyle to 10.12.0.
+ Update the packaged version of the Apache Tomcat Native Library to 1.2.37 to pick up the Windows binaries built
with with OpenSSL 1.1.1u.
+ Include the Windows specific binary distributions in the files uploaded to Maven Central.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Update UnboundID to 6.0.9.
+ Update Checkstyle to 10.12.1.
+ Update BND to 6.4.1.66665:
+ Update JSign to 5.0.
+ Correct properties for JSign dependency.
+ Align documentation for maxParameterCount to match hard-coded defaults.
+ Update NSIS to 3.0.9.
+ Update Checkstyle to 10.12.2.
+ Improvements to French translations.
+ Improvements to Japanese translations.
+ Fix quoting so users can use the _RUNJAVA environment variable as intended on Windows when the path to the Java
executable contains spaces.
+ Update Tomcat Native to 1.2.38 to pick up Windows binaries built with OpenSSL 1.1.1v.
+ Improvements to Chinese translations.
+ Improvements to French translations.
+ Improvements to Japanese translations
ImportantSUSE bug 1214666SUSE bug 1216182CVE-2023-41080 at SUSECVE-2023-41080 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Important)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
- Update to version 18.18.2
- CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190)
- CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205)
- CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272)
- CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273)
ImportantSUSE bug 1216190SUSE bug 1216205SUSE bug 1216272SUSE bug 1216273CVE-2023-38552 at SUSECVE-2023-38552 at NVDCVE-2023-39333 at SUSECVE-2023-39333 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45143 at SUSECVE-2023-45143 at NVDcpe:/o:opensuse:leap:15.5Security update for suse-module-tools (Important)openSUSE Leap 15.5
This update for suse-module-tools fixes the following issues:
- Update to version 15.5.3:
- CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier
module (bsc#1210335).
- CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules
(bsc#1205767, jsc#PED-5731).
ImportantSUSE bug 1205767SUSE bug 1210335CVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-23559 at SUSECVE-2023-23559 at NVDcpe:/o:opensuse:leap:15.5Security update for grub2 (Important)openSUSE Leap 15.5
This update for grub2 fixes the following issues:
Security fixes:
- CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935)
- CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936)
Other fixes:
- Fix a boot delay issue in PowerPC PXE boot (bsc#1201300)
ImportantSUSE bug 1201300SUSE bug 1215935SUSE bug 1215936CVE-2023-4692 at SUSECVE-2023-4692 at NVDCVE-2023-4693 at SUSECVE-2023-4693 at NVDcpe:/o:opensuse:leap:15.5Security update for gcc13 (Important)openSUSE Leap 15.5
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:opensuse:leap:15.5Security update for netty, netty-tcnative (Important)openSUSE Leap 15.5
This update for netty, netty-tcnative fixes the following issues:
- Updated netty to version 4.1.100:
- CVE-2023-44487: Fixed a potential denial of service scenario via
RST frame floods (bsc#1216169).
- Updated netty-tcnative to version 2.0.62 Final.
ImportantSUSE bug 1216169CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for ruby2.5 (Important)openSUSE Leap 15.5
This update for ruby2.5 fixes the following issues:
- CVE-2023-28755: Fixed a ReDoS vulnerability in URI. (bsc#1209891)
- CVE-2023-28756: Fixed an expensive regexp in the RFC2822 time parser. (bsc#1209967)
- CVE-2021-41817: Fixed a Regular Expression Denial of Service Vulnerability of Date Parsing Methods. (bsc#1193035)
- CVE-2021-33621: Fixed a HTTP response splitting vulnerability in CGI gem. (bsc#1205726)
ImportantSUSE bug 1193035SUSE bug 1205726SUSE bug 1209891SUSE bug 1209967CVE-2021-33621 at SUSECVE-2021-33621 at NVDCVE-2021-41817 at SUSECVE-2021-41817 at NVDCVE-2023-28755 at SUSECVE-2023-28755 at NVDCVE-2023-28756 at SUSECVE-2023-28756 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Moderate)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
This update ships nodejs18 (jsc#PED-2097)
Update to NodejJS 18.13.0 LTS:
* build: disable v8 snapshot compression by default
* crypto: update root certificates
* deps: update ICU to 72.1
* doc:
+ add doc-only deprecation for headers/trailers setters
+ add Rafael to the tsc
+ deprecate use of invalid ports in url.parse
+ deprecate url.parse()
* lib: drop fetch experimental warning
* net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options
* src:
+ add uvwasi version
+ add initial shadow realm support
* test_runner:
+ add t.after() hook
+ don't use a symbol for runHook()
* tls:
+ add 'ca' property to certificate object
* util:
+ add fast path for utf8 encoding
+ improve textdecoder decode performance
+ add MIME utilities
- Fixes compatibility with ICU 72.1 (bsc#1205236)
- Fix migration to openssl-3 (bsc#1205042)
Update to NodeJS 18.12.1 LTS:
* inspector: DNS rebinding in --inspect via invalid octal IP
(bsc#1205119, CVE-2022-43548)
Update to NodeJS 18.12.0 LTS:
* Running in 'watch' mode using node --watch restarts the process
when an imported file is changed.
* fs: add FileHandle.prototype.readLines
* http: add writeEarlyHints function to ServerResponse
* http2: make early hints generic
* util: add default value option to parsearg
Update to NodeJS 18.11.0:
* added experimental watch mode -- running in 'watch' mode using
node --watch restarts the process when an imported file is changed
* fs: add FileHandle.prototype.readLines
* http: add writeEarlyHints function to ServerResponse
* http2: make early hints generic
* lib: refactor transferable AbortSignal
* src: add detailed embedder process initialization API
* util: add default value option to parsearg
Update to NodeJS 18.10.0:
* deps: upgrade npm to 8.19.2
* http: throw error on content-length mismatch
* stream: add ReadableByteStream.tee()
Update to Nodejs 18.9.1:
* deps: llhttp updated to 6.0.10
+ CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)
+ Incorrect Parsing of Multi-line Transfer-Encoding
(CVE-2022-32215, bsc#1201327)
+ Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
* crypto: fix weak randomness in WebCrypto keygen
(CVE-2022-35255, bsc#1203831)
Update to Nodejs 18.9.0:
* lib - add diagnostics channel for process and worker
* os - add machine method
* report - expose report public native apis
* src - expose environment RequestInterrupt api
* vm - include vm context in the embedded snapshot
Changes in 18.8.0:
* bootstrap: implement run-time user-land snapshots via
--build-snapshot and --snapshot-blob. See
* crypto:
+ allow zero-length IKM in HKDF and in webcrypto PBKDF2
+ allow zero-length secret KeyObject
* deps: upgrade npm to 8.18.0
* http: make idle http parser count configurable
* net: add local family
* src: print source map error source on demand
* tls: pass a valid socket on tlsClientError
Update to Nodejs 18.7.0:
* events: add CustomEvent
* http: add drop request event for http server
* lib: improved diagnostics_channel subscribe/unsubscribe
* util: add tokens to parseArgs
- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)
Update to Nodejs 18.6.0:
* Experimental ESM Loader Hooks API. For details see,
https://nodejs.org/api/esm.html
* dns: export error code constants from dns/promises
* esm: add chaining to loaders
* http: add diagnostics channel for http client
* http: add perf_hooks detail for http request and client
* module: add isBuiltIn method
* net: add drop event for net server
* test_runner: expose describe and it
* v8: add v8.startupSnapshot utils
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0
Update to Nodejs 18.5.0:
* http: stricter Transfer-Encoding and header separator parsing
(bsc#1201325, bsc#1201326, bsc#1201327,
CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)
* src: fix IPv4 validation in inspector_socket
(bsc#1201328, CVE-2022-32212)
For details, see
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0
Update to Nodejs 18.4.0. For detailed changes see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0
Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see
https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
ModerateSUSE bug 1200303SUSE bug 1201325SUSE bug 1201326SUSE bug 1201327SUSE bug 1201328SUSE bug 1203831SUSE bug 1203832SUSE bug 1205042SUSE bug 1205119SUSE bug 1205236CVE-2022-32212 at SUSECVE-2022-32212 at NVDCVE-2022-32213 at SUSECVE-2022-32213 at NVDCVE-2022-32214 at SUSECVE-2022-32214 at NVDCVE-2022-32215 at SUSECVE-2022-32215 at NVDCVE-2022-35255 at SUSECVE-2022-35255 at NVDCVE-2022-35256 at SUSECVE-2022-35256 at NVDCVE-2022-43548 at SUSECVE-2022-43548 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Important)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-5363: Incorrect cipher key and IV length processing. (bsc#1216163)
- CVE-2023-3817: Add test of DH_check() with q = p + 1. (bsc#1213853)
ImportantSUSE bug 1213853SUSE bug 1216163CVE-2023-3817 at SUSECVE-2023-3817 at NVDCVE-2023-5363 at SUSECVE-2023-5363 at NVDcpe:/o:opensuse:leap:15.5Recommended update for libssh2_org (Moderate)openSUSE Leap 15.5
This update for libssh2_org fixes the following issues:
- Upgrade to version 1.11.0 in SLE-15: [jsc#PED-7040]
Update to 1.11.0:
* Enhancements and bugfixes
- Adds support for encrypt-then-mac (ETM) MACs
- Adds support for AES-GCM crypto protocols
- Adds support for sk-ecdsa-sha2-nistp256 and sk-ssh-ed25519 keys
- Adds support for RSA certificate authentication
- Adds FIDO support with *_sk() functions
- Adds RSA-SHA2 key upgrading to OpenSSL, WinCNG, mbedTLS, OS400 backends
- Adds Agent Forwarding and libssh2_agent_sign()
- Adds support for Channel Signal message libssh2_channel_signal_ex()
- Adds support to get the user auth banner message libssh2_userauth_banner()
- Adds LIBSSH2_NO_{MD5, HMAC_RIPEMD, DSA, RSA, RSA_SHA1, ECDSA, ED25519,
AES_CBC, AES_CTR, BLOWFISH, RC4, CAST, 3DES} options
- Adds direct stream UNIX sockets with libssh2_channel_direct_streamlocal_ex()
- Adds wolfSSL support to CMake file
- Adds mbedTLS 3.x support
- Adds LibreSSL 3.5 support
- Adds support for CMake 'unity' builds
- Adds CMake support for building shared and static libs in a single pass
- Adds symbol hiding support to CMake
- Adds support for libssh2.rc for all build tools
- Adds .zip, .tar.xz and .tar.bz2 release tarballs
- Enables ed25519 key support for LibreSSL 3.7.0 or higher
- Improves OpenSSL 1.1 and 3 compatibility
- Now requires OpenSSL 1.0.2 or newer
- Now requires CMake 3.1 or newer
- SFTP: Adds libssh2_sftp_open_ex_r() and libssh2_sftp_open_r() extended APIs
- SFTP: No longer has a packet limit when reading a directory
- SFTP: now parses attribute extensions if they exist
- SFTP: no longer will busy loop if SFTP fails to initialize
- SFTP: now clear various errors as expected
- SFTP: no longer skips files if the line buffer is too small
- SCP: add option to not quote paths
- SCP: Enables 64-bit offset support unconditionally
- Now skips leading \r and \n characters in banner_receive()
- Enables secure memory zeroing with all build tools on all platforms
- No longer logs SSH_MSG_REQUEST_FAILURE packets from keepalive
- Speed up base64 encoding by 7x
- Assert if there is an attempt to write a value that is too large
- WinCNG: fix memory leak in _libssh2_dh_secret()
- Added protection against possible null pointer dereferences
- Agent now handles overly large comment lengths
- Now ensure KEX replies don't include extra bytes
- Fixed possible buffer overflow when receiving SSH_MSG_USERAUTH_BANNER
- Fixed possible buffer overflow in keyboard interactive code path
- Fixed overlapping memcpy()
- Fixed Windows UWP builds
- Fixed DLL import name
- Renamed local RANDOM_PADDING macro to avoid unexpected define on Windows
- Support for building with gcc versions older than 8
- Improvements to CMake, Makefile, NMakefile, GNUmakefile, autoreconf files
- Restores ANSI C89 compliance
- Enabled new compiler warnings and fixed/silenced them
- Improved error messages
- Now uses CIFuzz
- Numerous minor code improvements
- Improvements to CI builds
- Improvements to unit tests
- Improvements to doc files
- Improvements to example files
- Removed 'old gex' build option
- Removed no-encryption/no-mac builds
- Removed support for NetWare and Watcom wmake build files
- Bump to version 1.10.0
* Enhancements and bugfixes:
* support ECDSA certificate authentication
* fix detailed _libssh2_error being overwritten by generic errors
* unified error handling
* fix _libssh2_random() silently discarding errors
* don't error if using keys without RSA
* avoid OpenSSL latent error in FIPS mode
* fix EVP_Cipher interface change in openssl 3
* fix potential overwrite of buffer when reading stdout of command
* use string_buf in ecdh_sha2_nistp() to avoid attempting to parse malformed data
* correct a typo which may lead to stack overflow
* fix random big number generation to match openssl
* added key exchange group16-sha512 and group18-sha512.
* add support for an OSS Fuzzer fuzzing target
* adds support for ECDSA for both key exchange and host key algorithms
* clean up curve25519 code
* update the min, preferred and max DH group values based on RFC 8270.
* changed type of LIBSSH2_FX_* constants to unsigned long
* added diffie-hellman-group14-sha256 kex
* fix for use of uninitialized aes_ctr_cipher.key_len when using HAVE_OPAQUE_STRUCTS, regression
* fixes memory leaks and use after free AES EVP_CIPHER contexts when using OpenSSL 1.0.x.
* fixes crash with delayed compression option using Bitvise server.
* adds support for PKIX key reading
* use new API to parse data in packet_x11_open() for better bounds checking.
* double the static buffer size when reading and writing known hosts
* improved bounds checking in packet_queue_listener
* improve message parsing (CVE-2019-17498)
* improve bounds checking in kex_agree_methods()
* adding SSH agent forwarding.
* fix agent forwarding message, updated example.
* added integration test code and cmake target. Added example to cmake list.
* don't call `libssh2_crypto_exit()` until `_libssh2_initialized` count is down to zero.
* add an EWOULDBLOCK check for better portability
* fix off by one error when loading public keys with no id
* fix use-after-free crash on reinitialization of openssl backend
* preserve error info from agent_list_identities()
* make sure the error code is set in _libssh2_channel_open()
* fixed misspellings
* fix potential typecast error for `_libssh2_ecdsa_key_get_curve_type`
* rename _libssh2_ecdsa_key_get_curve_type to _libssh2_ecdsa_get_curve_type
ModerateCVE-2019-17498 at SUSECVE-2019-17498 at NVDcpe:/o:opensuse:leap:15.5Security update for java-11-openjdk (Important)openSUSE Leap 15.5
This update for java-11-openjdk fixes the following issues:
- Upgraded to JDK 11.0.21+9 (October 2023 CPU):
- CVE-2023-22081: Fixed a partial denial of service issue that
could be triggered via HTTPS (bsc#1216374).
Please visit the Oracle Release Notes page for the full changelog:
https://www.oracle.com/java/technologies/javase/11all-relnotes.html
ImportantSUSE bug 1214790SUSE bug 1216374CVE-2023-22081 at SUSECVE-2023-22081 at NVDcpe:/o:opensuse:leap:15.5Security update for nghttp2 (Important)openSUSE Leap 15.5
This update for nghttp2 fixes the following issues:
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174)
ImportantSUSE bug 1216123SUSE bug 1216174CVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for jetty-minimal (Important)openSUSE Leap 15.5
This update for jetty-minimal fixes the following issues:
- Updated to version 9.4.53.v20231009:
- CVE-2023-44487: Fixed a potential denial of service scenario via
RST frame floods (bsc#1216169).
- CVE-2023-36478: Fixed an integer overflow in the HTTP/2 HPACK
decoder (bsc#1216162).
- CVE-2023-40167: Fixed a permissive HTTP header parsing issue that
could potentially lead to HTTP smuggling attacks (bsc#1215417).
- CVE-2023-36479: Fixed an incorrect command execution when sending
requests with certain characters in requested filenames
(bsc#1215415).
- CVE-2023-41900: Fixed an issue where an invalidated session would
be allowed to perform a single request (bsc#1215416).
ImportantSUSE bug 1215415SUSE bug 1215416SUSE bug 1215417SUSE bug 1216162SUSE bug 1216169CVE-2023-36478 at SUSECVE-2023-36478 at NVDCVE-2023-36479 at SUSECVE-2023-36479 at NVDCVE-2023-40167 at SUSECVE-2023-40167 at NVDCVE-2023-41900 at SUSECVE-2023-41900 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
- Updated to version 115.4.0 ESR (bsc#1216338):
- CVE-2023-5721: Fixed a potential clickjack via queued up
rendering.
- CVE-2023-5722: Fixed a cross-Origin size and header leakage.
- CVE-2023-5723: Fixed unexpected errors when handling invalid
cookie characters.
- CVE-2023-5724: Fixed a crash due to a large WebGL draw.
- CVE-2023-5725: Fixed an issue where WebExtensions could open
arbitrary URLs.
- CVE-2023-5726: Fixed an issue where fullscreen notifications would
be obscured by file the open dialog on macOS.
- CVE-2023-5727: Fixed a download protection bypass on on Windows.
- CVE-2023-5728: Fixed a crash caused by improper object tracking
during GC in the JavaScript engine.
- CVE-2023-5729: Fixed an issue where fullscreen notifications would
be obscured by WebAuthn prompts.
- CVE-2023-5730: Fixed multiple memory safety issues.
- CVE-2023-5731: Fixed multiple memory safety issues.
ImportantSUSE bug 1216338CVE-2023-5721 at SUSECVE-2023-5721 at NVDCVE-2023-5722 at SUSECVE-2023-5722 at NVDCVE-2023-5723 at SUSECVE-2023-5723 at NVDCVE-2023-5724 at SUSECVE-2023-5724 at NVDCVE-2023-5725 at SUSECVE-2023-5725 at NVDCVE-2023-5726 at SUSECVE-2023-5726 at NVDCVE-2023-5727 at SUSECVE-2023-5727 at NVDCVE-2023-5728 at SUSECVE-2023-5728 at NVDCVE-2023-5729 at SUSECVE-2023-5729 at NVDCVE-2023-5730 at SUSECVE-2023-5730 at NVDCVE-2023-5731 at SUSECVE-2023-5731 at NVDcpe:/o:opensuse:leap:15.5Security update for zlib (Moderate)openSUSE Leap 15.5
This update for zlib fixes the following issues:
- CVE-2023-45853: Fixed an integer overflow that would lead to a
buffer overflow in the minizip subcomponent (bsc#1216378).
ModerateSUSE bug 1216378CVE-2023-45853 at SUSECVE-2023-45853 at NVDcpe:/o:opensuse:leap:15.5Security update for python (Moderate)openSUSE Leap 15.5
This update for python fixes the following issues:
- CVE-2022-48566: Fixed a potential timing side channel due to
inadequate checking during HMAC comparison (bsc#1214691).
ModerateSUSE bug 1210638SUSE bug 1214685SUSE bug 1214691CVE-2022-48565 at SUSECVE-2022-48565 at NVDCVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:opensuse:leap:15.5Security update for libnbd (Moderate)openSUSE Leap 15.5
This update for libnbd fixes the following issues:
- Updated to version 1.18.1
- Updated to version 1.18.0:
- CVE-2023-5215: Fixed an issue where an NBD server returning an
unexpected block size might crash an application (bsc#1215799).
ModerateSUSE bug 1215799CVE-2023-5215 at SUSECVE-2023-5215 at NVDcpe:/o:opensuse:leap:15.5Security update for zchunk (Important)openSUSE Leap 15.5
This update for zchunk fixes the following issues:
- CVE-2023-46228: Fixed a handle overflow errors in malformed zchunk files. (bsc#1216268)
ImportantSUSE bug 1216268CVE-2023-46228 at SUSECVE-2023-46228 at NVDcpe:/o:opensuse:leap:15.5Security update for open-vm-tools (Important)openSUSE Leap 15.5
This update for open-vm-tools fixes the following issues:
- CVE-2023-34058: Fixed a SAML token signature bypass issue
(bsc#1216432).
- CVE-2023-34059: Fixed a privilege escalation issue through
vmware-user-suid-wrapper (bsc#1216433).
ImportantSUSE bug 1216432SUSE bug 1216433CVE-2023-34058 at SUSECVE-2023-34058 at NVDCVE-2023-34059 at SUSECVE-2023-34059 at NVDcpe:/o:opensuse:leap:15.5Security update for vorbis-tools (Important)openSUSE Leap 15.5
This update for vorbis-tools fixes the following issues:
- CVE-2023-43361: Fixed a buffer overflow vulnerability during the conversion of wav files to ogg files. (bsc#1215942)
ImportantSUSE bug 1215942CVE-2023-43361 at SUSECVE-2023-43361 at NVDcpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Important)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
- CVE-2023-5574: Fixed a privilege escalation issue that could be
triggered via the Damage extension protocol (bsc#1216261).
- CVE-2023-5380: Fixed a memory safety issue that could be triggered
when using multiple protocol screens (bsc#1216133).
- CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR
protocols (bsc#1216135).
ImportantSUSE bug 1216133SUSE bug 1216135SUSE bug 1216261CVE-2023-5367 at SUSECVE-2023-5367 at NVDCVE-2023-5380 at SUSECVE-2023-5380 at NVDCVE-2023-5574 at SUSECVE-2023-5574 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Werkzeug (Important)openSUSE Leap 15.5
This update for python-Werkzeug fixes the following issues:
- CVE-2023-46136: Fixed a potential denial of service via large
multipart file uploads (bsc#1216581).
ImportantSUSE bug 1216581CVE-2023-46136 at SUSECVE-2023-46136 at NVDcpe:/o:opensuse:leap:15.5Security update for java-17-openjdk (Important)openSUSE Leap 15.5
This update for java-17-openjdk fixes the following issues:
- Updated to JDK 17.0.9+9 (October 2023 CPU):
- CVE-2023-22081: Fixed a partial denial of service issue that could
be triggered via HTTPS (bsc#1216374).
- CVE-2023-22025: Fixed a memory corruption issue in applications
using AVX-512 (bsc#1216339).
Please visit the Oracle Release Notes page for the full changelog:
https://www.oracle.com/java/technologies/javase/17all-relnotes.html
ImportantSUSE bug 1214790SUSE bug 1216339SUSE bug 1216374CVE-2023-22025 at SUSECVE-2023-22025 at NVDCVE-2023-22081 at SUSECVE-2023-22081 at NVDcpe:/o:opensuse:leap:15.5Security update for redis (Important)openSUSE Leap 15.5
This update for redis fixes the following issues:
- CVE-2023-45145: Fixed a potential permission bypass due to a race
condition during UNIX socket creation (bsc#1216376).
ImportantSUSE bug 1216376CVE-2023-45145 at SUSECVE-2023-45145 at NVDcpe:/o:opensuse:leap:15.5Security update for poppler (Moderate)openSUSE Leap 15.5
This update for poppler fixes the following issues:
- CVE-2023-34872: Fixed a remote denial-of-service in Outline.cc. (bsc#1213888)
ModerateSUSE bug 1213888CVE-2023-34872 at SUSECVE-2023-34872 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 ships missing Lang packages to SUSE Linux Enterprise 15 SP4 and SP5.
Security fixes:
- CVE-2023-41993: Fixed an issue where processing malicious web
content could have lead to arbitrary code execution (bsc#1215661).
- CVE-2023-39928: Fixed a use-after-free that could be exploited to
execute arbitrary code when visiting a malicious webpage
(bsc#1215868).
- CVE-2023-41074: Fixed an issue where processing malicious web
content could have lead to arbitrary code execution (bsc#1215870).
Other fixes:
- Fixed missing package dependencies (bsc#1215072).
ImportantSUSE bug 1214093SUSE bug 1214640SUSE bug 1214835SUSE bug 1215072SUSE bug 1215661SUSE bug 1215866SUSE bug 1215867SUSE bug 1215868SUSE bug 1215869SUSE bug 1215870SUSE bug 1216483CVE-2023-35074 at SUSECVE-2023-35074 at NVDCVE-2023-39434 at SUSECVE-2023-39434 at NVDCVE-2023-39928 at SUSECVE-2023-39928 at NVDCVE-2023-40451 at SUSECVE-2023-40451 at NVDCVE-2023-41074 at SUSECVE-2023-41074 at NVDCVE-2023-41993 at SUSECVE-2023-41993 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Updated to version 115.4.1:
- CVE-2023-5721: Fixed a potential clickjack via queued up
rendering.
- CVE-2023-5732: Fixed an address bar spoofing via bidirectional
characters
- CVE-2023-5724: Fixed a crash due to a large WebGL draw.
- CVE-2023-5725: Fixed an issue where WebExtensions could open
arbitrary URLs.
- CVE-2023-5726: Fixed an issue where fullscreen notifications would
be obscured by file the open dialog on macOS.
- CVE-2023-5727: Fixed a download protection bypass on on Windows.
- CVE-2023-5728: Fixed a crash caused by improper object tracking
during GC in the JavaScript engine.
- CVE-2023-5730: Fixed multiple memory safety issues.
ImportantSUSE bug 1216338CVE-2023-5721 at SUSECVE-2023-5721 at NVDCVE-2023-5724 at SUSECVE-2023-5724 at NVDCVE-2023-5725 at SUSECVE-2023-5725 at NVDCVE-2023-5726 at SUSECVE-2023-5726 at NVDCVE-2023-5727 at SUSECVE-2023-5727 at NVDCVE-2023-5728 at SUSECVE-2023-5728 at NVDCVE-2023-5730 at SUSECVE-2023-5730 at NVDCVE-2023-5732 at SUSECVE-2023-5732 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Important)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2023-5574: Fixed a privilege escalation issue that could be
triggered via the Damage extension protocol (bsc#1216261).
- CVE-2023-5367: Fixed a memory safety issue in both the XI2 and RandR
protocols (bsc#1216135).
ImportantSUSE bug 1216135SUSE bug 1216261CVE-2023-5367 at SUSECVE-2023-5367 at NVDCVE-2023-5574 at SUSECVE-2023-5574 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm (Important)openSUSE Leap 15.5
This update for slurm fixes the following issues:
- CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. (bsc#1216207)
ImportantSUSE bug 1208810SUSE bug 1216207CVE-2023-41914 at SUSECVE-2023-41914 at NVDcpe:/o:opensuse:leap:15.5Security update for libsndfile (Important)openSUSE Leap 15.5
This update for libsndfile fixes the following issues:
- CVE-2022-33065: Fixed an integer overflow that could cause memory
safety issues when reading a MAT4 file (bsc#1213451).
ImportantSUSE bug 1213451CVE-2022-33065 at SUSECVE-2022-33065 at NVDcpe:/o:opensuse:leap:15.5Recommended update for slurm (Moderate)openSUSE Leap 15.5
This update for slurm fixes the following issues:
- Updated to version 23.02.5 with the following changes:
* Bug Fixes:
+ Revert a change in 23.02 where `SLURM_NTASKS` was no longer set in the
job's environment when `--ntasks-per-node` was requested.
The method that is is being set, however, is different and should be more
accurate in more situations.
+ Change pmi2 plugin to honor the `SrunPortRange` option. This matches the
new behavior of the pmix plugin in 23.02.0. Note that neither of these
plugins makes use of the `MpiParams=ports=` option, and previously
were only limited by the systems ephemeral port range.
+ Fix regression in 23.02.2 that caused slurmctld -R to crash on startup if
a node features plugin is configured.
+ Fix and prevent reoccurring reservations from overlapping.
+ `job_container/tmpfs` - Avoid attempts to share BasePath between nodes.
+ With `CR_Cpu_Memory`, fix node selection for jobs that request gres and
`--mem-per-cpu`.
+ Fix a regression from 22.05.7 in which some jobs were allocated too few
nodes, thus overcommitting cpus to some tasks.
+ Fix a job being stuck in the completing state if the job ends while the
primary controller is down or unresponsive and the backup controller has
not yet taken over.
+ Fix `slurmctld` segfault when a node registers with a configured
`CpuSpecList` while `slurmctld` configuration has the node without
`CpuSpecList`.
+ Fix cloud nodes getting stuck in `POWERED_DOWN+NO_RESPOND` state after
not registering by `ResumeTimeout`.
+ `slurmstepd` - Avoid cleanup of `config.json-less` containers spooldir
getting skipped.
+ Fix scontrol segfault when 'completing' command requested repeatedly in
interactive mode.
+ Properly handle a race condition between `bind()` and `listen()` calls
in the network stack when running with SrunPortRange set.
+ Federation - Fix revoked jobs being returned regardless of the
`-a`/`--all` option for privileged users.
+ Federation - Fix canceling pending federated jobs from non-origin
clusters which could leave federated jobs orphaned from the origin
cluster.
+ Fix sinfo segfault when printing multiple clusters with `--noheader`
option.
+ Federation - fix clusters not syncing if clusters are added to a
federation before they have registered with the dbd.
+ `node_features/helpers` - Fix node selection for jobs requesting
changeable.
features with the `|` operator, which could prevent jobs from
running on some valid nodes.
+ `node_features/helpers` - Fix inconsistent handling of `&` and `|`,
where an AND'd feature was sometimes AND'd to all sets of features
instead of just the current set. E.g. `foo|bar&baz` was interpreted
as `{foo,baz}` or `{bar,baz}` instead of how it is documented:
`{foo} or {bar,baz}`.
+ Fix job accounting so that when a job is requeued its allocated node
count is cleared. After the requeue, sacct will correctly show that
the job has 0 `AllocNodes` while it is pending or if it is canceled
before restarting.
+ `sacct` - `AllocCPUS` now correctly shows 0 if a job has not yet
received an allocation or if the job was canceled before getting one.
+ Fix intel OneAPI autodetect: detect the `/dev/dri/renderD[0-9]+` GPUs,
and do not detect `/dev/dri/card[0-9]+`.
+ Fix node selection for jobs that request `--gpus` and a number of
tasks fewer than GPUs, which resulted in incorrectly rejecting these
jobs.
+ Remove `MYSQL_OPT_RECONNECT` completely.
+ Fix cloud nodes in `POWERING_UP` state disappearing (getting set
to `FUTURE`)
when an `scontrol reconfigure` happens.
+ `openapi/dbv0.0.39` - Avoid assert / segfault on missing coordinators
list.
+ `slurmrestd` - Correct memory leak while parsing OpenAPI specification
templates with server overrides.
+ Fix overwriting user node reason with system message.
+ Prevent deadlock when `rpc_queue` is enabled.
+ `slurmrestd` - Correct OpenAPI specification generation bug where
fields with overlapping parent paths would not get generated.
+ Fix memory leak as a result of a partition info query.
+ Fix memory leak as a result of a job info query.
+ For step allocations, fix `--gres=none` sometimes not ignoring gres
from the job.
+ Fix `--exclusive` jobs incorrectly gang-scheduling where they shouldn't.
+ Fix allocations with `CR_SOCKET`, gres not assigned to a specific
socket, and block core distribion potentially allocating more sockets
than required.
+ Revert a change in 23.02.3 where Slurm would kill a script's process
group as soon as the script ended instead of waiting as long as any
process in that process group held the stdout/stderr file descriptors
open. That change broke some scripts that relied on the previous
behavior. Setting time limits for scripts (such as
`PrologEpilogTimeout`) is strongly encouraged to avoid Slurm waiting
indefinitely for scripts to finish.
+ Fix `slurmdbd -R` not returning an error under certain conditions.
+ `slurmdbd` - Avoid potential NULL pointer dereference in the mysql
plugin.
+ Fix regression in 23.02.3 which broken X11 forwarding for hosts when
MUNGE sends a localhost address in the encode host field. This is caused
when the node hostname is mapped to 127.0.0.1 (or similar) in
`/etc/hosts`.
+ `openapi/[db]v0.0.39` - fix memory leak on parsing error.
+ `data_parser/v0.0.39` - fix updating qos for associations.
+ `openapi/dbv0.0.39` - fix updating values for associations with null
users.
+ Fix minor memory leak with `--tres-per-task` and licenses.
+ Fix cyclic socket cpu distribution for tasks in a step where
`--cpus-per-task` < usable threads per core.
+ `slurmrestd` - For `GET /slurm/v0.0.39/node[s]`, change format of
node's energy field `current_watts` to a dictionary to account for
unset value instead of dumping 4294967294.
+ `slurmrestd` - For `GET /slurm/v0.0.39/qos`, change format of QOS's
field 'priority' to a dictionary to account for unset value instead of
dumping 4294967294.
+ slurmrestd - For `GET /slurm/v0.0.39/job[s]`, the 'return code'
code field in `v0.0.39_job_exit`_code will be set to -127 instead of
being left unset where job does not have a relevant return code.
* Other Changes:
+ Remove --uid / --gid options from salloc and srun commands. These options
did not work correctly since the CVE-2022-29500 fix in combination with
some changes made in 23.02.0.
+ Add the `JobId` to `debug()` messages indicating when
`cpus_per_task/mem_per_cpu` or `pn_min_cpus` are being automatically
adjusted.
+ Change the log message warning for rate limited users from verbose to
info.
+ `slurmstepd` - Cleanup per task generated environment for containers in
spooldir.
+ Format batch, extern, interactive, and pending step ids into strings that
are human readable.
+ `slurmrestd` - Reduce memory usage when printing out job CPU frequency.
+ `data_parser/v0.0.39` - Add `required/memory_per_cpu` and
`required/memory_per_node` to `sacct --json` and `sacct --yaml` and
`GET /slurmdb/v0.0.39/jobs` from slurmrestd.
+ `gpu/oneapi` - Store cores correctly so CPU affinity is tracked.
+ Allow `slurmdbd -R` to work if the root assoc id is not 1.
+ Limit periodic node registrations to 50 instead of the full `TreeWidth`.
Since unresolvable `cloud/dynamic` nodes must disable fanout by setting
`TreeWidth` to a large number, this would cause all nodes to register at
once.
ModerateSUSE bug 1215437CVE-2022-29500 at SUSECVE-2022-29500 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
- CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Fix metadata references
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
- Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
ImportantSUSE bug 1211162SUSE bug 1211307SUSE bug 1213772SUSE bug 1214754SUSE bug 1214874SUSE bug 1215545SUSE bug 1215921SUSE bug 1215955SUSE bug 1216062SUSE bug 1216202SUSE bug 1216322SUSE bug 1216324SUSE bug 1216333SUSE bug 1216512CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39191 at SUSECVE-2023-39191 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861).
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858).
- CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467).
- CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain sockets component which could be exploited to achieve local privilege escalation (bsc#1215117).
- CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115).
- CVE-2020-36766: Fixed a potential information leak in in the CEC driver (bsc#1215299).
- CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs which could be exploited to crash the system (bsc#1210169).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233).
- CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995).
The following non-security bugs were fixed:
- check-for-config-changes: ignore BUILTIN_RETURN_ADDRESS_STRIPS_PAC (bsc#1214380). gcc7 on SLE 15 does not support this while later gcc does.
- mkspec: Allow unsupported KMPs (bsc#1214386)
- old-flavors: Drop 2.6 kernels. 2.6 based kernels are EOL, upgrading from them is no longer suported.
ImportantSUSE bug 1208995SUSE bug 1210169SUSE bug 1210778SUSE bug 1212703SUSE bug 1214233SUSE bug 1214380SUSE bug 1214386SUSE bug 1215115SUSE bug 1215117SUSE bug 1215221SUSE bug 1215275SUSE bug 1215299SUSE bug 1215467SUSE bug 1215745SUSE bug 1215858SUSE bug 1215860SUSE bug 1215861SUSE bug 1216046SUSE bug 1216051CVE-2020-36766 at SUSECVE-2020-36766 at NVDCVE-2023-1192 at SUSECVE-2023-1192 at NVDCVE-2023-1206 at SUSECVE-2023-1206 at NVDCVE-2023-1859 at SUSECVE-2023-1859 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39192 at SUSECVE-2023-39192 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-39194 at SUSECVE-2023-39194 at NVDCVE-2023-40283 at SUSECVE-2023-40283 at NVDCVE-2023-42754 at SUSECVE-2023-42754 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-4622 at SUSECVE-2023-4622 at NVDCVE-2023-4623 at SUSECVE-2023-4623 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDcpe:/o:opensuse:leap:15.5Security update for apache-ivy (Important)openSUSE Leap 15.5
This update for apache-ivy fixes the following issues:
- Upgrade to version 2.5.2 (bsc#1214422)
- CVE-2022-46751: Fixed an XML External Entity Injections that could be exploited to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. (bsc#1214422)
ImportantSUSE bug 1214422CVE-2022-46751 at SUSECVE-2022-46751 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Moderate)openSUSE Leap 15.5
This update for tiff fixes the following issues:
- CVE-2023-38289: Fixed a NULL pointer dereference in raw2tiff
(bsc#1213589).
- CVE-2023-38288: Fixed an integer overflow in raw2tiff (bsc#1213590).
- CVE-2023-3576: Fixed a memory leak in tiffcrop (bsc#1213273).
- CVE-2020-18768: Fixed an out of bounds read in tiffcp (bsc#1214574).
- CVE-2023-26966: Fixed an out of bounds read when transforming a
little-endian file to a big-endian output (bsc#1212881)
- CVE-2023-3618: Fixed a NULL pointer dereference while encoding FAX3
files (bsc#1213274).
- CVE-2023-2908: Fixed an undefined behavior issue when doing pointer
arithmetic on a NULL pointer (bsc#1212888).
- CVE-2023-3316: Fixed a NULL pointer dereference while opening a file
in an inaccessible path (bsc#1212535).
- CVE-2023-25433: Fixed a buffer overflow in tiffcrop (bsc#1212883).
ModerateSUSE bug 1212535SUSE bug 1212881SUSE bug 1212883SUSE bug 1212888SUSE bug 1213273SUSE bug 1213274SUSE bug 1213589SUSE bug 1213590SUSE bug 1214574CVE-2020-18768 at SUSECVE-2020-18768 at NVDCVE-2023-25433 at SUSECVE-2023-25433 at NVDCVE-2023-26966 at SUSECVE-2023-26966 at NVDCVE-2023-2908 at SUSECVE-2023-2908 at NVDCVE-2023-3316 at SUSECVE-2023-3316 at NVDCVE-2023-3576 at SUSECVE-2023-3576 at NVDCVE-2023-3618 at SUSECVE-2023-3618 at NVDCVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-38289 at SUSECVE-2023-38289 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an use-after-free and a double-free flaw that could allow a malicious user to execute a remote code execution. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFS: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915/pmu: Check if pmu is closed before stopping event (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware/imx-dsp: Fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: aspeed: Fix i2c bus hang in slave read (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: Use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- i2c: stm32f7: Fix PEC handling in case of SMBUS transfers (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: adc: xilinx-xadc: Correct temperature offset/scale for UltraScale (git-fixes).
- iio: adc: xilinx-xadc: Do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- misc: fastrpc: Clean buffers on remote invocation failures (git-fixes).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: ieee802154: adf7242: Fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: usb: smsc95xx: Fix uninit-value access in smsc95xx_read_reg (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: Cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: Increase USB control msg timeout to 5000ms as per spec (git-fixes).
- r8152: Release firmware if we have an error in probe (git-fixes).
- r8152: Run the unload routine if we have errors during probe (git-fixes).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- s390: add z16 elf platform (git-fixes LTC#203789 bsc#1215956 LTC#203788 bsc#1215957).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- treewide: Spelling fix in comment (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- usb: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- usb: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
ImportantSUSE bug 1208788SUSE bug 1211162SUSE bug 1211307SUSE bug 1212423SUSE bug 1212649SUSE bug 1213705SUSE bug 1213772SUSE bug 1214754SUSE bug 1214874SUSE bug 1215095SUSE bug 1215104SUSE bug 1215523SUSE bug 1215545SUSE bug 1215921SUSE bug 1215955SUSE bug 1215986SUSE bug 1216062SUSE bug 1216202SUSE bug 1216322SUSE bug 1216323SUSE bug 1216324SUSE bug 1216333SUSE bug 1216345SUSE bug 1216512SUSE bug 1216621SUSE bug 802154CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39191 at SUSECVE-2023-39191 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:opensuse:leap:15.5Security update for squid (Important)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2023-46846: Request/Response smuggling in HTTP/1.1 and ICAP (bsc#1216500).
- CVE-2023-46847: Denial of Service in HTTP Digest Authentication (bsc#1216495).
- CVE-2023-46724: Fix validation of certificates with CN=* (bsc#1216803).
- CVE-2023-46848: Denial of Service in FTP (bsc#1216498).
ImportantSUSE bug 1216495SUSE bug 1216498SUSE bug 1216500SUSE bug 1216803CVE-2023-46724 at SUSECVE-2023-46724 at NVDCVE-2023-46846 at SUSECVE-2023-46846 at NVDCVE-2023-46847 at SUSECVE-2023-46847 at NVDCVE-2023-46848 at SUSECVE-2023-46848 at NVDcpe:/o:opensuse:leap:15.5Security update for salt (Important)openSUSE Leap 15.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:opensuse:leap:15.5Security update for salt (Important)openSUSE Leap 15.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2023-34049: arbitrary code execution via symlink attack (bsc#1215157)
Bugs fixed:
- Fix optimization_order opt to prevent testsuite fails
- Improve salt.utils.json.find_json to avoid fails (bsc#1213293)
- Use salt-call from salt bundle with transactional_update
- Only call native_str on curl_debug message in tornado when needed
- Implement the calling for batch async from the salt CLI
- Fix calculation of SLS context vars when trailing dots
on targetted sls/state (bsc#1213518)
- Rename salt-tests to python3-salt-testsuite
- Allow all primitive grain types for autosign_grains (bsc#1214477)
ImportantSUSE bug 1213293SUSE bug 1213518SUSE bug 1214477SUSE bug 1215157CVE-2023-34049 at SUSECVE-2023-34049 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-46813: Fixed a local privilege escalation with user-space programs that have access to MMIO regions (bsc#1212649).
- CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778)
- CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051)
- CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860).
- CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
- CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518)
- CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745).
- CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046)
- CVE-2023-39191: Fixed a lack of validation of dynamic pointers within user-supplied eBPF programs that may have allowed an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code. (bsc#1215863)
- CVE-2023-2860: Fixed an out-of-bounds read vulnerability in the processing of seg6 attributes. This flaw allowed a privileged local user to disclose sensitive information. (bsc#1211592)
The following non-security bugs were fixed:
- 9p: virtio: make sure 'offs' is initialized in zc_request (git-fixes).
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (git-fixes).
- ALSA: hda/realtek - ALC287 I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - ALC287 merge RTK codec with CS CS35L41 AMP (git-fixes).
- ALSA: hda/realtek - Fixed ASUS platform headset Mic issue (git-fixes).
- ALSA: hda/realtek - Fixed two speaker platform (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS ROG GU603ZV (git-fixes).
- ALSA: hda/realtek: Change model for Intel RVP board (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq5xxx (git-fixes).
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (git-fixes).
- ALSA: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- ALSA: hda: intel-sdw-acpi: Use u8 type for link index (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Nexigo webcam (git-fixes).
- ALSA: usb-audio: Fix microphone sound on Opencomm2 Headset (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on Lenovo 82YM (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix runtime PM imbalance on probe errors (git-fixes).
- ASoC: codecs: wcd938x-sdw: fix use after free on driver unbind (git-fixes).
- ASoC: codecs: wcd938x: drop bogus bind error handling (git-fixes).
- ASoC: codecs: wcd938x: fix unbind tear down order (git-fixes).
- ASoC: fsl: imx-pcm-rpmsg: Add SNDRV_PCM_INFO_BATCH flag (git-fixes).
- ASoC: imx-rpmsg: Set ignore_pmdown_time for dai_link (git-fixes).
- ASoC: pxa: fix a memory leak in probe() (git-fixes).
- Bluetooth: Avoid redundant authentication (git-fixes).
- Bluetooth: Fix a refcnt underflow problem for hci_conn (git-fixes).
- Bluetooth: ISO: Fix handling of listen for unicast (git-fixes).
- Bluetooth: Reject connection with the device which has same BD_ADDR (git-fixes).
- Bluetooth: avoid memcmp() out of bounds warning (git-fixes).
- Bluetooth: btusb: add shutdown function for QCA6174 (git-fixes).
- Bluetooth: hci_codec: Fix leaking content of local_codecs (git-fixes).
- Bluetooth: hci_event: Fix coding style (git-fixes).
- Bluetooth: hci_event: Fix using memcmp when comparing keys (git-fixes).
- Bluetooth: hci_event: Ignore NULL link key (git-fixes).
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (git-fixes).
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (git-fixes).
- Bluetooth: vhci: Fix race when opening vhci device (git-fixes).
- Documentation: qat: change kernel version (PED-6401).
- Documentation: qat: rewrite description (PED-6401).
- Drivers: hv: vmbus: Call hv_synic_free() if hv_synic_alloc() fails (git-fixes).
- Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs (git-fixes).
- Drop amdgpu patch causing spamming (bsc#1215523).
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (git-fixes).
- HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit (git-fixes).
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (git-fixes).
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (git-fixes).
- HID: sony: Fix a potential memory leak in sony_probe() (git-fixes).
- HID: sony: remove duplicate NULL check before calling usb_free_urb() (git-fixes).
- IB/mlx4: Fix the size of a buffer in add_port_entries() (git-fixes)
- Input: goodix - ensure int GPIO is in input for gpio_count == 1 && gpio_int_idx == 0 case (git-fixes).
- Input: powermate - fix use-after-free in powermate_config_complete (git-fixes).
- Input: psmouse - fix fast_reconnect function for PS/2 mode (git-fixes).
- Input: xpad - add PXN V900 support (git-fixes).
- KVM: SVM: Do not kill SEV guest if SMAP erratum triggers in usermode (git-fixes).
- KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (git-fixes).
- KVM: s390: fix gisa destroy operation might lead to cpu stalls (git-fixes bsc#1216512).
- KVM: x86/mmu: Reconstruct shadow page root if the guest PDPTEs is changed (git-fixes).
- KVM: x86: Fix clang -Wimplicit-fallthrough in do_host_cpuid() (git-fixes).
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (bsc#1213772).
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (bsc#1213772).
- KVM: x86: add support for CPUID leaf 0x80000021 (bsc#1213772).
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (bsc#1213772).
- KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes).
- NFS: Fix O_DIRECT locking issues (bsc#1211162).
- NFS: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- NFS: Fix a potential data corruption (bsc#1211162).
- NFS: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- NFS: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- NFS: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- NFS: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- NFS: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- NFSD: Never call nfsd_file_gc() in foreground paths (bsc#1215545).
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (git-fixes)
- RDMA/cma: Initialize ib_sa_multicast structure to 0 when join (git-fixes)
- RDMA/core: Require admin capabilities to set system parameters (git-fixes)
- RDMA/cxgb4: Check skb value for failure to allocate (git-fixes)
- RDMA/mlx5: Fix NULL string error (git-fixes)
- RDMA/mlx5: Fix mutex unlocking on error flow for steering anchor creation (git-fixes)
- RDMA/siw: Fix connection failure handling (git-fixes)
- RDMA/srp: Do not call scsi_done() from srp_abort() (git-fixes)
- RDMA/uverbs: Fix typo of sizeof argument (git-fixes)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (git-fixes).
- Revert 'tty: n_gsm: fix UAF in gsm_cleanup_mux' (git-fixes).
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (git-fixes).
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (git-fixes).
- USB: serial: option: add entry for Sierra EM9191 with new firmware (git-fixes).
- arm64/smmu: use TLBI ASID when invalidating entire range (bsc#1215921)
- ata: libata-core: Do not register PM operations for SAS ports (git-fixes).
- ata: libata-core: Fix ata_port_request_pm() locking (git-fixes).
- ata: libata-core: Fix port and device removal (git-fixes).
- ata: libata-sata: increase PMP SRST timeout to 10s (git-fixes).
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (git-fixes).
- blk-cgroup: Fix NULL deref caused by blkg_policy_data being installed before init (bsc#1216062).
- blk-cgroup: support to track if policy is online (bsc#1216062).
- bonding: Fix extraction of ports from the packet headers (bsc#1214754).
- bonding: Return pointer to data after pull on skb (bsc#1214754).
- bonding: do not assume skb mac_header is set (bsc#1214754).
- bpf: Add copy_map_value_long to copy to remote percpu memory (git-fixes).
- bpf: Add missing btf_put to register_btf_id_dtor_kfuncs (git-fixes).
- bpf: Add override check to kprobe multi link attach (git-fixes).
- bpf: Add zero_map_value to zero map value with special fields (git-fixes).
- bpf: Cleanup check_refcount_ok (git-fixes).
- bpf: Fix max stack depth check for async callbacks (git-fixes).
- bpf: Fix offset calculation error in __copy_map_value and zero_map_value (git-fixes).
- bpf: Fix ref_obj_id for dynptr data slices in verifier (git-fixes).
- bpf: Fix resetting logic for unreferenced kptrs (git-fixes).
- bpf: Fix subprog idx logic in check_max_stack_depth (git-fixes).
- bpf: Gate dynptr API behind CAP_BPF (git-fixes).
- bpf: Prevent decl_tag from being referenced in func_proto arg (git-fixes).
- bpf: Repeat check_max_stack_depth for async callbacks (git-fixes).
- bpf: Tighten ptr_to_btf_id checks (git-fixes).
- bpf: fix precision propagation verbose logging (git-fixes).
- bpf: prevent decl_tag from being referenced in func_proto (git-fixes).
- bpf: propagate precision across all frames, not just the last one (git-fixes).
- bpf: propagate precision in ALU/ALU64 operations (git-fixes).
- btf: Export bpf_dynptr definition (git-fixes).
- btrfs: do not start transaction for scrub if the fs is mounted read-only (bsc#1214874).
- bus: ti-sysc: Fix missing AM35xx SoC matching (git-fixes).
- bus: ti-sysc: Use fsleep() instead of usleep_range() in sysc_reset() (git-fixes).
- ceph: add base64 endcoding routines for encrypted names (jsc#SES-1880).
- ceph: add encryption support to writepage and writepages (jsc#SES-1880).
- ceph: add fscrypt ioctls and ceph.fscrypt.auth vxattr (jsc#SES-1880).
- ceph: add helpers for converting names for userland presentation (jsc#SES-1880).
- ceph: add infrastructure for file encryption and decryption (jsc#SES-1880).
- ceph: add new mount option to enable sparse reads (jsc#SES-1880).
- ceph: add object version support for sync read (jsc#SES-1880).
- ceph: add read/modify/write to ceph_sync_write (jsc#SES-1880).
- ceph: add some fscrypt guardrails (jsc#SES-1880).
- ceph: add support for encrypted snapshot names (jsc#SES-1880).
- ceph: add support to readdir for encrypted names (jsc#SES-1880).
- ceph: add truncate size handling support for fscrypt (jsc#SES-1880).
- ceph: align data in pages in ceph_sync_write (jsc#SES-1880).
- ceph: allow encrypting a directory while not having Ax caps (jsc#SES-1880).
- ceph: create symlinks with encrypted and base64-encoded targets (jsc#SES-1880).
- ceph: decode alternate_name in lease info (jsc#SES-1880).
- ceph: do not use special DIO path for encrypted inodes (jsc#SES-1880).
- ceph: drop messages from MDS when unmounting (jsc#SES-1880).
- ceph: encode encrypted name in ceph_mdsc_build_path and dentry release (jsc#SES-1880).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1216322).
- ceph: fix type promotion bug on 32bit systems (bsc#1216324).
- ceph: fix updating i_truncate_pagecache_size for fscrypt (jsc#SES-1880).
- ceph: fscrypt_auth handling for ceph (jsc#SES-1880).
- ceph: handle fscrypt fields in cap messages from MDS (jsc#SES-1880).
- ceph: implement -o test_dummy_encryption mount option (jsc#SES-1880).
- ceph: invalidate pages when doing direct/sync writes (jsc#SES-1880).
- ceph: make ceph_fill_trace and ceph_get_name decrypt names (jsc#SES-1880).
- ceph: make ceph_msdc_build_path use ref-walk (jsc#SES-1880).
- ceph: make d_revalidate call fscrypt revalidator for encrypted dentries (jsc#SES-1880).
- ceph: make ioctl cmds more readable in debug log (jsc#SES-1880).
- ceph: make num_fwd and num_retry to __u32 (jsc#SES-1880).
- ceph: mark directory as non-complete after loading key (jsc#SES-1880).
- ceph: pass the request to parse_reply_info_readdir() (jsc#SES-1880).
- ceph: plumb in decryption during reads (jsc#SES-1880).
- ceph: preallocate inode for ops that may create one (jsc#SES-1880).
- ceph: prevent snapshot creation in encrypted locked directories (jsc#SES-1880).
- ceph: remove unnecessary check for NULL in parse_longname() (bsc#1216333).
- ceph: send alternate_name in MClientRequest (jsc#SES-1880).
- ceph: set DCACHE_NOKEY_NAME flag in ceph_lookup/atomic_open() (jsc#SES-1880).
- ceph: size handling in MClientRequest, cap updates and inode traces (jsc#SES-1880).
- ceph: switch ceph_lookup/atomic_open() to use new fscrypt helper (jsc#SES-1880).
- ceph: use osd_req_op_extent_osd_iter for netfs reads (jsc#SES-1880).
- ceph: voluntarily drop Xx caps for requests those touch parent mtime (jsc#SES-1880).
- ceph: wait for OSD requests' callbacks to finish when unmounting (jsc#SES-1880).
- cgroup/cpuset: Change references of cpuset_mutex to cpuset_rwsem (bsc#1215955).
- cgroup: Remove duplicates in cgroup v1 tasks file (bsc#1211307).
- clk: tegra: fix error return case for recalc_rate (git-fixes).
- counter: microchip-tcb-capture: Fix the use of internal GCLK logic (git-fixes).
- crypto: qat - Include algapi.h for low-level Crypto API (PED-6401).
- crypto: qat - Remove unused function declarations (PED-6401).
- crypto: qat - add fw_counters debugfs file (PED-6401).
- crypto: qat - add heartbeat counters check (PED-6401).
- crypto: qat - add heartbeat feature (PED-6401).
- crypto: qat - add internal timer for qat 4xxx (PED-6401).
- crypto: qat - add measure clock frequency (PED-6401).
- crypto: qat - add missing function declaration in adf_dbgfs.h (PED-6401).
- crypto: qat - add qat_zlib_deflate (PED-6401).
- crypto: qat - add support for 402xx devices (PED-6401).
- crypto: qat - change value of default idle filter (PED-6401).
- crypto: qat - delay sysfs initialization (PED-6401).
- crypto: qat - do not export adf_init_admin_pm() (PED-6401).
- crypto: qat - drop log level of msg in get_instance_node() (PED-6401).
- crypto: qat - drop obsolete heartbeat interface (PED-6401).
- crypto: qat - drop redundant adf_enable_aer() (PED-6401).
- crypto: qat - expose pm_idle_enabled through sysfs (PED-6401).
- crypto: qat - extend buffer list logic interface (PED-6401).
- crypto: qat - extend configuration for 4xxx (PED-6401).
- crypto: qat - fix apply custom thread-service mapping for dc service (PED-6401).
- crypto: qat - fix concurrency issue when device state changes (PED-6401).
- crypto: qat - fix crypto capability detection for 4xxx (PED-6401).
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (PED-6401).
- crypto: qat - make fw images name constant (PED-6401).
- crypto: qat - make state machine functions static (PED-6401).
- crypto: qat - move dbgfs init to separate file (PED-6401).
- crypto: qat - move returns to default case (PED-6401).
- crypto: qat - refactor device restart logic (PED-6401).
- crypto: qat - refactor fw config logic for 4xxx (PED-6401).
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (PED-6401).
- crypto: qat - replace state machine calls (PED-6401).
- crypto: qat - replace the if statement with min() (PED-6401).
- crypto: qat - set deprecated capabilities as reserved (PED-6401).
- crypto: qat - unmap buffer before free for DH (PED-6401).
- crypto: qat - unmap buffers before free for RSA (PED-6401).
- crypto: qat - update slice mask for 4xxx devices (PED-6401).
- crypto: qat - use kfree_sensitive instead of memset/kfree() (PED-6401).
- dmaengine: idxd: use spin_lock_irqsave before wait_event_lock_irq (git-fixes).
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (git-fixes).
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (git-fixes).
- drm/amd/display: Do not check registers, if using AUX BL control (git-fixes).
- drm/amd/display: Do not set dpms_off for seamless boot (git-fixes).
- drm/amd/pm: add unique_id for gc 11.0.3 (git-fixes).
- drm/amd: Fix detection of _PR3 on the PCIe root port (git-fixes).
- drm/amdgpu/nbio4.3: set proper rmmio_remap.reg_offset for SR-IOV (git-fixes).
- drm/amdgpu/soc21: do not remap HDP registers for SR-IOV (git-fixes).
- drm/amdgpu: Handle null atom context in VBIOS info ioctl (git-fixes).
- drm/amdgpu: add missing NULL check (git-fixes).
- drm/amdkfd: Flush TLB after unmapping for GFX v9.4.3 (git-fixes).
- drm/amdkfd: Insert missing TLB flush on GFX10 and later (git-fixes).
- drm/amdkfd: Use gpu_offset for user queue's wptr (git-fixes).
- drm/atomic-helper: relax unregistered connector check (git-fixes).
- drm/bridge: ti-sn65dsi83: Do not generate HFP/HBP/HSA and EOT packet (git-fixes).
- drm/i915/gt: Fix reservation address in ggtt_reserve_guc_top (git-fixes).
- drm/i915: Retry gtt fault when out of fence registers (git-fixes).
- drm/mediatek: Correctly free sg_table in gem prime vmap (git-fixes).
- drm/msm/dp: do not reinitialize phy unless retry during link training (git-fixes).
- drm/msm/dpu: change _dpu_plane_calc_bw() to use u64 to avoid overflow (git-fixes).
- drm/msm/dsi: fix irq_of_parse_and_map() error checking (git-fixes).
- drm/msm/dsi: skip the wait for video mode done if not applicable (git-fixes).
- drm/vmwgfx: fix typo of sizeof argument (git-fixes).
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (git-fixes).
- firmware: arm_ffa: Do not set the memory region attributes for MEM_LEND (git-fixes).
- firmware: imx-dsp: Fix an error handling path in imx_dsp_setup_channels() (git-fixes).
- fprobe: Ensure running fprobe_exit_handler() finished before calling rethook_free() (git-fixes).
- fscrypt: new helper function - fscrypt_prepare_lookup_partial() (jsc#SES-1880).
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (git-fixes).
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (git-fixes).
- gpio: pxa: disable pinctrl calls for MMP_GPIO (git-fixes).
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (git-fixes).
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (git-fixes).
- gpio: vf610: set value before the direction to avoid a glitch (git-fixes).
- gve: Do not fully free QPL pages on prefill errors (git-fixes).
- i2c: i801: unregister tco_pdev in i801_probe() error path (git-fixes).
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (git-fixes).
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (git-fixes).
- i2c: mux: gpio: Add missing fwnode_handle_put() (git-fixes).
- i2c: mux: gpio:?Replace custom acpi_get_local_address() (git-fixes).
- i2c: npcm7xx: Fix callback completion ordering (git-fixes).
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (git-fixes).
- iio: pressure: bmp280: Fix NULL pointer exception (git-fixes).
- iio: pressure: dps310: Adjust Timeout Settings (git-fixes).
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (git-fixes).
- intel x86 platform vsec kABI workaround (bsc#1216202).
- io_uring/fs: remove sqe->rw_flags checking from LINKAT (git-fixes).
- io_uring/rw: defer fsnotify calls to task context (git-fixes).
- io_uring/rw: ensure kiocb_end_write() is always called (git-fixes).
- io_uring/rw: remove leftover debug statement (git-fixes).
- io_uring: Replace 0-length array with flexible array (git-fixes).
- io_uring: ensure REQ_F_ISREG is set async offload (git-fixes).
- io_uring: fix fdinfo sqe offsets calculation (git-fixes).
- io_uring: fix memory leak when removing provided buffers (git-fixes).
- iommu/amd/io-pgtable: Implement map_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd/io-pgtable: Implement unmap_pages io_pgtable_ops callback (bsc#1212423).
- iommu/amd: Add map/unmap_pages() iommu_domain_ops callback support (bsc#1212423).
- iommu/arm-smmu-v3: Fix soft lockup triggered by (bsc#1215921)
- kABI: fix bpf Tighten-ptr_to_btf_id checks (git-fixes).
- kabi: blkcg_policy_data fix KABI (bsc#1216062).
- kabi: workaround for enum nft_trans_phase (bsc#1215104).
- kprobes: Prohibit probing on CFI preamble symbol (git-fixes).
- leds: Drop BUG_ON check for LED_COLOR_ID_MULTI (git-fixes).
- libceph: add CEPH_OSD_OP_ASSERT_VER support (jsc#SES-1880).
- libceph: add new iov_iter-based ceph_msg_data_type and ceph_osd_data_type (jsc#SES-1880).
- libceph: add sparse read support to OSD client (jsc#SES-1880).
- libceph: add sparse read support to msgr1 (jsc#SES-1880).
- libceph: add spinlock around osd->o_requests (jsc#SES-1880).
- libceph: allow ceph_osdc_new_request to accept a multi-op read (jsc#SES-1880).
- libceph: define struct ceph_sparse_extent and add some helpers (jsc#SES-1880).
- libceph: new sparse_read op, support sparse reads on msgr2 crc codepath (jsc#SES-1880).
- libceph: support sparse reads on msgr2 secure codepath (jsc#SES-1880).
- libceph: use kernel_connect() (bsc#1216323).
- mm, memcg: reconsider kmem.limit_in_bytes deprecation (bsc#1208788 bsc#1213705).
- mmc: core: Capture correct oemid-bits for eMMC cards (git-fixes).
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (git-fixes).
- mmc: mtk-sd: Use readl_poll_timeout_atomic in msdc_reset_hw (git-fixes).
- mtd: physmap-core: Restore map_rom fallback (git-fixes).
- mtd: rawnand: arasan: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: marvell: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: pl353: Ensure program page operations are successful (git-fixes).
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (git-fixes).
- mtd: spinand: micron: correct bitmask for ecc status (git-fixes).
- net/sched: fix netdevice reference leaks in attach_default_qdiscs() (git-fixes).
- net: mana: Fix TX CQE error handling (bsc#1215986).
- net: mana: Fix oversized sge0 for GSO packets (bsc#1215986).
- net: nfc: llcp: Add lock when modifying device list (git-fixes).
- net: rfkill: gpio: prevent value glitch during probe (git-fixes).
- net: sched: add barrier to fix packet stuck problem for lockless qdisc (bsc#1216345).
- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (bsc#1216345).
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (git-fixes).
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (git-fixes).
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (git-fixes).
- net: use sk_is_tcp() in more places (git-fixes).
- netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain (git-fixes).
- netfilter: nf_tables: unbind non-anonymous set if rule construction fails (git-fixes).
- nfc: nci: assert requested protocol is valid (git-fixes).
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (git-fixes).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (git-fixes).
- nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842).
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (git-fixes).
- phy: mapphone-mdm6600: Fix runtime PM for remove (git-fixes).
- phy: mapphone-mdm6600: Fix runtime disable on probe (git-fixes).
- pinctrl: avoid unsafe code pattern in find_pinctrl() (git-fixes).
- pinctrl: renesas: rzn1: Enable missing PINMUX (git-fixes).
- platform/surface: platform_profile: Propagate error if profile registration fails (git-fixes).
- platform/x86/intel/pmt: Ignore uninitialized entries (bsc#1216202).
- platform/x86/intel/pmt: telemetry: Fix fixed region handling (bsc#1216202).
- platform/x86/intel/vsec: Rework early hardware code (bsc#1216202).
- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (bsc#1216202).
- platform/x86/intel: Fix pmt_crashlog array reference (bsc#1216202).
- platform/x86: asus-wmi: Change ASUS_WMI_BRN_DOWN code from 0x20 to 0x2e (git-fixes).
- platform/x86: asus-wmi: Map 0x2a code, Ignore 0x2b and 0x2c events (git-fixes).
- platform/x86: think-lmi: Fix reference leak (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the Positivo C4128B (git-fixes).
- power: supply: ucs1002: fix error code in ucs1002_get_property() (git-fixes).
- quota: Fix slow quotaoff (bsc#1216621).
- r8152: check budget for r8152_poll() (git-fixes).
- regmap: fix NULL deref on lookup (git-fixes).
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823).
- ring-buffer: Avoid softlockup in ring_buffer_resize() (git-fixes).
- ring-buffer: Do not attempt to read past 'commit' (git-fixes).
- ring-buffer: Fix bytes info in per_cpu buffer stats (git-fixes).
- ring-buffer: Update 'shortest_full' in polling (git-fixes).
- s390/cio: fix a memleak in css_alloc_subchannel (git-fixes bsc#1216510).
- s390/pci: fix iommu bitmap allocation (git-fixes bsc#1216511).
- sched/cpuset: Bring back cpuset_mutex (bsc#1215955).
- sched/deadline,rt: Remove unused parameter from pick_next_[rt|dl]_entity() (git fixes (sched)).
- sched/rt: Fix live lock between select_fallback_rq() and RT push (git fixes (sched)).
- sched/rt: Fix sysctl_sched_rr_timeslice intial value (git fixes (sched)).
- scsi: be2iscsi: Add length check when parsing nlattrs (git-fixes).
- scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock (git-fixes).
- scsi: iscsi: Add length check for nlattr payload (git-fixes).
- scsi: iscsi: Add strlen() check in iscsi_if_set{_host}_param() (git-fixes).
- scsi: iscsi_tcp: restrict to TCP sockets (git-fixes).
- scsi: mpi3mr: Propagate sense data for admin queue SCSI I/O (git-fixes).
- scsi: mpt3sas: Perform additional retries if doorbell read returns 0 (git-fixes).
- scsi: pm8001: Setup IRQs on resume (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_debug_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_fp_int_cmd_read() directly (git-fixes).
- scsi: qedf: Do not touch __user pointer in qedf_dbg_stop_io_on_error_cmd_read() directly (git-fixes).
- scsi: qedi: Fix potential deadlock on &qedi_percpu->p_work_lock (git-fixes).
- scsi: qla4xxx: Add length check when parsing nlattrs (git-fixes).
- selftests/bpf: Add more tests for check_max_stack_depth bug (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto argument (git-fixes).
- selftests/bpf: Add reproducer for decl_tag in func_proto return type (git-fixes).
- selftests/bpf: Add selftest for check_stack_max_depth bug (git-fixes).
- selftests/bpf: Clean up sys_nanosleep uses (git-fixes).
- serial: 8250_port: Check IRQ data before use (git-fixes).
- soc: imx8m: Enable OCOTP clock for imx8mm before reading registers (git-fixes).
- spi: nxp-fspi: reset the FLSHxCR1 registers (git-fixes).
- spi: stm32: add a delay before SPI disable (git-fixes).
- spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain (git-fixes).
- spi: sun6i: reduce DMA RX transfer width to single byte (git-fixes).
- thunderbolt: Check that lane 1 is in CL0 before enabling lane bonding (git-fixes).
- thunderbolt: Restart XDomain discovery handshake after failure (git-fixes).
- thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge (git-fixes).
- tracing: Have current_trace inc the trace array ref count (git-fixes).
- tracing: Have event inject files inc the trace array ref count (git-fixes).
- tracing: Have option files inc the trace array ref count (git-fixes).
- tracing: Have tracing_max_latency inc the trace array ref count (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (git-fixes).
- tracing: Make trace_marker{,_raw} stream-like (git-fixes).
- usb: cdnsp: Fixes issue with dequeuing not queued requests (git-fixes).
- usb: dwc3: Soft reset phy on probe for host (git-fixes).
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (git-fixes).
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: musb: Get the musb_qh poniter after musb_giveback (git-fixes).
- usb: musb: Modify the 'HWVers' register address (git-fixes).
- usb: typec: altmodes/displayport: Signal hpd low when exiting mode (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING bit if ucsi_send_command fails (git-fixes).
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (git-fixes).
- vmbus_testing: fix wrong python syntax for integer value comparison (git-fixes).
- vringh: do not use vringh_kiov_advance() in vringh_iov_xfer() (git-fixes).
- watchdog: iTCO_wdt: No need to stop the timer in probe (git-fixes).
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (git-fixes).
- wifi: cfg80211: Fix 6GHz scan configuration (git-fixes).
- wifi: cfg80211: avoid leaking stack data into trace (git-fixes).
- wifi: iwlwifi: Ensure ack flag is properly cleared (git-fixes).
- wifi: iwlwifi: dbg_ini: fix structure packing (git-fixes).
- wifi: iwlwifi: mvm: Fix a memory corruption issue (git-fixes).
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (git-fixes).
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (git-fixes).
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (git-fixes).
- wifi: mwifiex: Fix tlv_buf_left calculation (git-fixes).
- wifi: mwifiex: Sanity check tlv_len and tlv_bitmap_len (git-fixes).
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (bsc#1213772).
- x86/cpu, kvm: Add the Null Selector Clears Base feature (bsc#1213772).
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (bsc#1213772).
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (bsc#1213772).
- x86/cpu: Enable STIBP on AMD if Automatic IBRS is enabled (bsc#1213772).
- x86/cpu: Support AMD Automatic IBRS (bsc#1213772).
- x86/mm: Print the encryption features correctly when a paravisor is present (bsc#1206453).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696).
- x86/sev: Check IOBM for IOIO exceptions from user-space (bsc#1212649).
- x86/sev: Check for user-space IOIO pointing to kernel space (bsc#1212649).
- x86/sev: Disable MMIO emulation from user mode (bsc#1212649).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- xen-netback: use default TX queue size for vifs (git-fixes).
- xhci: Keep interrupt disabled in initialization until host is running (git-fixes).
ImportantSUSE bug 1208788SUSE bug 1211162SUSE bug 1211307SUSE bug 1212423SUSE bug 1213705SUSE bug 1213772SUSE bug 1214754SUSE bug 1214874SUSE bug 1215104SUSE bug 1215523SUSE bug 1215545SUSE bug 1215921SUSE bug 1215955SUSE bug 1215986SUSE bug 1216062SUSE bug 1216202SUSE bug 1216322SUSE bug 1216323SUSE bug 1216324SUSE bug 1216333SUSE bug 1216345SUSE bug 1216512CVE-2023-2163 at SUSECVE-2023-2163 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-31085 at SUSECVE-2023-31085 at NVDCVE-2023-34324 at SUSECVE-2023-34324 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39189 at SUSECVE-2023-39189 at NVDCVE-2023-39191 at SUSECVE-2023-39191 at NVDCVE-2023-39193 at SUSECVE-2023-39193 at NVDCVE-2023-45862 at SUSECVE-2023-45862 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-5178 at SUSECVE-2023-5178 at NVDcpe:/o:opensuse:leap:15.5Security update for clamav (Important)openSUSE Leap 15.5
This update for clamav fixes the following issues:
- Updated to version 0.103.11:
- CVE-2023-40477: Updated libclamunrar dependency to version 6.2.12
(bsc#1216625).
ImportantSUSE bug 1216625CVE-2023-40477 at SUSECVE-2023-40477 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Moderate)openSUSE Leap 15.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security issue fixed:
- CVE-2023-31022: Fixed NULL ptr deref in kernel module layer
Changes in kernel-firmware-nvidia-gspx-G06:
- update firmware to version 535.129.03
- update firmware to version 535.113.01
Changes in nvidia-open-driver-G06-signed:
- Update to version 535.129.03
- Add a devel package so other modules can be built against this
one. [jira#PED-4964]
- disabled build of nvidia-peermem module; it's no longer needed
and never worked anyway (it was only a stub) [bsc#1211892]
- preamble: added conflict to nvidia-gfxG05-kmp to prevent users
from accidently installing conflicting proprietary kernelspace
drivers from CUDA repository
- Update to version 535.113.01
- kmp-post.sh/kmp-postun.sh:
* add/remove nosimplefb=1 kernel option in order to fix Linux
console also on sle15-sp6/Leap 15.6 kernel, which will come
with simpledrm support
ModerateSUSE bug 1211892SUSE bug 1216826CVE-2023-31022 at SUSECVE-2023-31022 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2023-31122: Fixed an out of bounds read in mod_macro (bsc#1216424).
Non-security fixes:
- Fixed the content type handling in mod_proxy_http2 (bsc#1214357).
- Fixed a floating point exception crash (bsc#1207399).
ImportantSUSE bug 1207399SUSE bug 1214357SUSE bug 1216424CVE-2023-31122 at SUSECVE-2023-31122 at NVDcpe:/o:opensuse:leap:15.5Security update for xterm (Low)openSUSE Leap 15.5
This update for xterm fixes the following issues:
- CVE-2023-40359: Fixed reporting characterset names in ReGiS graphics mode. (bsc#1214282)
LowSUSE bug 1214282CVE-2023-40359 at SUSECVE-2023-40359 at NVDcpe:/o:opensuse:leap:15.5Security update for w3m (Moderate)openSUSE Leap 15.5
This update for w3m fixes the following issues:
- Update to version 0.5.3+git20230121
- CVE-2023-38252: Fixed an out-of-bounds write in function Strnew_size that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213324)
- CVE-2023-38253: Fixed an out-of-bounds write in function growbuf_to_Str that allows attackers to cause a denial of service via a crafted HTML file. (bsc#1213323)
ModerateSUSE bug 1213323SUSE bug 1213324CVE-2023-38252 at SUSECVE-2023-38252 at NVDCVE-2023-38253 at SUSECVE-2023-38253 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 pre-release (labeled 20231113). (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:opensuse:leap:15.5Security update for exfatprogs (Moderate)openSUSE Leap 15.5
This update for exfatprogs fixes the following issues:
- CVE-2023-45897: Fixed out-of-bound memory issues in fsck (bsc#1216701).
ModerateSUSE bug 1216701CVE-2023-45897 at SUSECVE-2023-45897 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql12 (Important)openSUSE Leap 15.5
This update for postgresql12 fixes the following issues:
Security issues fixed:
* CVE-2023-5868: Fix handling of unknown-type
arguments in DISTINCT 'any' aggregate functions. This error led
to a text-type value being interpreted as an unknown-type value
(that is, a zero-terminated string) at runtime. This could
result in disclosure of server memory following the text value. (bsc#1216962)
* CVE-2023-5869: Detect integer overflow while
computing new array dimensions. When assigning new elements to
array subscripts that are outside the current array bounds, an
undetected integer overflow could occur in edge cases. Memory
stomps that are potentially exploitable for arbitrary code
execution are possible, and so is disclosure of server memory. (bsc#1216961)
* CVE-2023-5870: Prevent the pg_signal_backend role
from signalling background workers and autovacuum processes.
The documentation says that pg_signal_backend cannot issue
signals to superuser-owned processes. It was able to signal
these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process
types are fairly small so far as the core code goes (we'll just
start another one), but extensions might add background workers
that are more vulnerable.
Also ensure that the is_superuser parameter is set correctly in
such processes. No specific security consequences are known for
that oversight, but it might be significant for some extensions.
(bsc#1216960)
- Updated to 12.17: https://www.postgresql.org/docs/12/release-12-17.html
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
ImportantSUSE bug 1216022SUSE bug 1216734SUSE bug 1216960SUSE bug 1216961SUSE bug 1216962CVE-2023-5868 at SUSECVE-2023-5868 at NVDCVE-2023-5869 at SUSECVE-2023-5869 at NVDCVE-2023-5870 at SUSECVE-2023-5870 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql13 (Important)openSUSE Leap 15.5
This update for postgresql13 fixes the following issues:
Security issues fixed:
* CVE-2023-5868: Fix handling of unknown-type
arguments in DISTINCT 'any' aggregate functions. This error led
to a text-type value being interpreted as an unknown-type value
(that is, a zero-terminated string) at runtime. This could
result in disclosure of server memory following the text value. (bsc#1216962)
* CVE-2023-5869: Detect integer overflow while
computing new array dimensions. When assigning new elements to
array subscripts that are outside the current array bounds, an
undetected integer overflow could occur in edge cases. Memory
stomps that are potentially exploitable for arbitrary code
execution are possible, and so is disclosure of server memory. (bsc#1216961)
* CVE-2023-5870: Prevent the pg_signal_backend role
from signalling background workers and autovacuum processes.
The documentation says that pg_signal_backend cannot issue
signals to superuser-owned processes. It was able to signal
these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process
types are fairly small so far as the core code goes (we'll just
start another one), but extensions might add background workers
that are more vulnerable.
Also ensure that the is_superuser parameter is set correctly in
such processes. No specific security consequences are known for
that oversight, but it might be significant for some extensions.
(bsc#1216960)
- Updated to 13.13: https://www.postgresql.org/docs/13/release-13-13.html
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
ImportantSUSE bug 1216022SUSE bug 1216734SUSE bug 1216960SUSE bug 1216961SUSE bug 1216962CVE-2023-5868 at SUSECVE-2023-5868 at NVDCVE-2023-5869 at SUSECVE-2023-5869 at NVDCVE-2023-5870 at SUSECVE-2023-5870 at NVDcpe:/o:opensuse:leap:15.5Security update for gcc13 (Important)openSUSE Leap 15.5
This update for gcc13 fixes the following issues:
This update ship the GCC 13.2 compiler suite and its base libraries.
The compiler base libraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 12 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module.
The Go, D, Ada and Modula 2 language compiler parts are available
unsupported via the PackageHub repositories.
To use gcc13 compilers use:
- install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages.
- override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages.
For a full changelog with all new GCC13 features, check out
https://gcc.gnu.org/gcc-13/changes.html
Detailed changes:
* CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable
length stack allocations. (bsc#1214052)
- Work around third party app crash during C++ standard library initialization. [bsc#1216664]
- Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427)
- Bump included newlib to version 4.3.0.
- Update to GCC trunk head (r13-5254-g05b9868b182bb9)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Turn cross compiler to s390x to a glibc cross. [bsc#1214460]
- Also handle -static-pie in the default-PIE specs
- Fixed missed optimization in Skia resulting in Firefox crashes when
building with LTO. [bsc#1212101]
- Make libstdc++6-devel packages own their directories since they
can be installed standalone. [bsc#1211427]
- Add new x86-related intrinsics (amxcomplexintrin.h).
- RISC-V: Add support for inlining subword atomic operations
- Use --enable-link-serialization rather that --enable-link-mutex,
the benefit of the former one is that the linker jobs are not
holding tokens of the make's jobserver.
- Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd
for the general state of BPF with GCC.
- Add bootstrap conditional to allow --without=bootstrap to be
specified to speed up local builds for testing.
- Bump included newlib to version 4.3.0.
- Also package libhwasan_preinit.o on aarch64.
- Configure external timezone database provided by the timezone
package. Make libstdc++6 recommend timezone to get a fully
working std::chrono. Install timezone when running the testsuite.
- Package libhwasan_preinit.o on x86_64.
- Fixed unwinding on aarch64 with pointer signing. [bsc#1206684]
- Enable PRU flavour for gcc13
- update floatn fixinclude pickup to check each header separately (bsc#1206480)
- Redo floatn fixinclude pick-up to simply keep what is there.
- Bump libgo SONAME to libgo22.
- Do not package libhwasan for biarch (32-bit architecture)
as the extension depends on 64-bit pointers.
- Adjust floatn fixincludes guard to work with SLE12 and earlier
SLE15.
- Depend on at least LLVM 13 for GCN cross compiler.
- Update embedded newlib to version 4.2.0
- Allow cross-pru-gcc12-bootstrap for armv7l architecture.
PRU architecture is used for real-time MCUs embedded into TI
armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for
armv7l in order to build both host applications and PRU firmware
during the same build.
ImportantSUSE bug 1206480SUSE bug 1206684SUSE bug 1210557SUSE bug 1211427SUSE bug 1212101SUSE bug 1213915SUSE bug 1214052SUSE bug 1214460SUSE bug 1215427SUSE bug 1216664CVE-2023-4039 at SUSECVE-2023-4039 at NVDcpe:/o:opensuse:leap:15.5Security update for libnbd (Moderate)openSUSE Leap 15.5
This update for libnbd fixes the following issues:
- CVE-2023-5871: Fixed an assertion problem in ext-mode BLOCK_STATUS (bsc#1216769).
ModerateSUSE bug 1216769CVE-2023-5871 at SUSECVE-2023-5871 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Moderate)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).
ImportantSUSE bug 1216894CVE-2023-44271 at SUSECVE-2023-44271 at NVDcpe:/o:opensuse:leap:15.5Security update for python-urllib3 (Moderate)openSUSE Leap 15.5
This update for python-urllib3 fixes the following issues:
- CVE-2023-45803: Fix a request body leak that could occur when
receiving a 303 HTTP response (bsc#1216377).
ModerateSUSE bug 1216377CVE-2023-45803 at SUSECVE-2023-45803 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21-openssl (Moderate)openSUSE Leap 15.5
This update for go1.21-openssl fixes the following issues:
Update to version 1.21.4.1 cut from the go1.21-openssl-fips
branch at the revision tagged go1.21.4-1-openssl-fips.
* Update to go1.21.4
go1.21.4 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker, the
runtime, the compiler, and the go/types, net/http, and
runtime/cgo packages.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* spec: update unification rules
* cmd/compile: internal compiler error: expected struct value to have type struct
* cmd/link: split text sections for arm 32-bit
* runtime: MADV_COLLAPSE causes production performance issues on Linux
* go/types, x/tools/go/ssa: panic: type param without replacement encountered
* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64
* net/http: http2 page fails on firefox/safari if pushing resources
Initial package go1.21-openssl version 1.21.3.1 cut from the
go1.21-openssl-fips branch at the revision tagged
go1.21.3-1-openssl-fips. (jsc#SLE-18320)
* Go upstream merged branch dev.boringcrypto in go1.19+.
* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.
* In go1.x-openssl enable FIPS mode (or boring mode as the
package is named) either via an environment variable
GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.
* When the operating system is operating in FIPS mode, Go
applications which import crypto/tls/fipsonly limit operations
to the FIPS ciphersuite.
* go1.x-openssl is delivered as two large patches to go1.x
applying necessary modifications from the golang-fips/go GitHub
project for the Go crypto library to use OpenSSL as the
external cryptographic library in a FIPS compliant way.
* go1.x-openssl modifies the crypto/* packages to use OpenSSL for
cryptographic operations.
* go1.x-openssl uses dlopen() to call into OpenSSL.
* SUSE RPM packaging introduces a fourth version digit go1.x.y.z
corresponding to the golang-fips/go patchset tagged revision.
* Patchset improvements can be updated independently of upstream
Go maintenance releases.
ModerateSUSE bug 1212475SUSE bug 1212667SUSE bug 1212669SUSE bug 1215084SUSE bug 1215085SUSE bug 1215086SUSE bug 1215087SUSE bug 1215090SUSE bug 1215985SUSE bug 1216109SUSE bug 1216943SUSE bug 1216944CVE-2023-39318 at SUSECVE-2023-39318 at NVDCVE-2023-39319 at SUSECVE-2023-39319 at NVDCVE-2023-39320 at SUSECVE-2023-39320 at NVDCVE-2023-39321 at SUSECVE-2023-39321 at NVDCVE-2023-39322 at SUSECVE-2023-39322 at NVDCVE-2023-39323 at SUSECVE-2023-39323 at NVDCVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45283 at SUSECVE-2023-45283 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Moderate)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
go1.20.11 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker and the
net/http package.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* cmd/link: split text sections for arm 32-bit
* net/http: http2 page fails on firefox/safari if pushing resources
ModerateSUSE bug 1206346SUSE bug 1216943SUSE bug 1216944CVE-2023-45283 at SUSECVE-2023-45283 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Moderate)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
go1.21.4 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker, the
runtime, the compiler, and the go/types, net/http, and
runtime/cgo packages.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* spec: update unification rules
* cmd/compile: internal compiler error: expected struct value to have type struct
* cmd/link: split text sections for arm 32-bit
* runtime: MADV_COLLAPSE causes production performance issues on Linux
* go/types, x/tools/go/ssa: panic: type param without replacement encountered
* cmd/compile: -buildmode=c-archive produces code not suitable for use in a shared object on arm64
* net/http: http2 page fails on firefox/safari if pushing resources
ModerateSUSE bug 1212475SUSE bug 1216943SUSE bug 1216944CVE-2023-45283 at SUSECVE-2023-45283 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20-openssl (Important)openSUSE Leap 15.5
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.11.1 cut from the go1.20-openssl-fips
branch at the revision tagged go1.20.11-1-openssl-fips.
* Update to go1.20.11
go1.20.11 (released 2023-11-07) includes security fixes to the
path/filepath package, as well as bug fixes to the linker and the
net/http package.
* security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944)
* cmd/link: split text sections for arm 32-bit
* net/http: http2 page fails on firefox/safari if pushing resources
Update to version 1.20.10.1 cut from the go1.20-openssl-fips
branch at the revision tagged go1.20.10-1-openssl-fips.
* Update to go1.20.10
go1.20.10 (released 2023-10-10) includes a security fix to the
net/http package.
* security: fix CVE-2023-39325 CVE-2023-44487 net/http: rapid stream resets can cause excessive work (bsc#1216109)
go1.20.9 (released 2023-10-05) includes one security fixes to the
cmd/go package, as well as bug fixes to the go command and the
linker.
* security: fix CVE-2023-39323 cmd/go: line directives allows arbitrary execution during build (bsc#1215985)
* cmd/link: issues with Apple's new linker in Xcode 15 beta
ImportantSUSE bug 1206346SUSE bug 1215985SUSE bug 1216109SUSE bug 1216943SUSE bug 1216944CVE-2023-39323 at SUSECVE-2023-39323 at NVDCVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45283 at SUSECVE-2023-45283 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Moderate)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2023-46753: Fixed a crash caused from a crafted BGP UPDATE message. (bsc#1216626)
- CVE-2023-46752: Fixed a crash caused from a mishandled malformed MP_REACH_NLRI data. (bsc#1216627)
ModerateSUSE bug 1216626SUSE bug 1216627CVE-2023-46752 at SUSECVE-2023-46752 at NVDCVE-2023-46753 at SUSECVE-2023-46753 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-20588: AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474).
- CVE-2023-34322: top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145).
- CVE-2023-34325: Multiple vulnerabilities in libfsimage disk handling (XSA-443) (bsc#1215747).
- CVE-2023-34326: x86/AMD: missing IOMMU TLB flushing (XSA-442) (bsc#1215746).
- CVE-2023-34327,CVE-2023-34328: x86/AMD: Debug Mask handling (XSA-444) (bsc#1215748).
- CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654).
- CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807).
- Upstream bug fixes (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1215145SUSE bug 1215474SUSE bug 1215746SUSE bug 1215747SUSE bug 1215748SUSE bug 1216654SUSE bug 1216807CVE-2023-20588 at SUSECVE-2023-20588 at NVDCVE-2023-34322 at SUSECVE-2023-34322 at NVDCVE-2023-34325 at SUSECVE-2023-34325 at NVDCVE-2023-34326 at SUSECVE-2023-34326 at NVDCVE-2023-34327 at SUSECVE-2023-34327 at NVDCVE-2023-34328 at SUSECVE-2023-34328 at NVDCVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql14 (Important)openSUSE Leap 15.5
This update for postgresql14 fixes the following issues:
Security issues fixed:
* CVE-2023-5868: Fix handling of unknown-type
arguments in DISTINCT 'any' aggregate functions. This error led
to a text-type value being interpreted as an unknown-type value
(that is, a zero-terminated string) at runtime. This could
result in disclosure of server memory following the text value. (bsc#1216962)
* CVE-2023-5869: Detect integer overflow while
computing new array dimensions. When assigning new elements to
array subscripts that are outside the current array bounds, an
undetected integer overflow could occur in edge cases. Memory
stomps that are potentially exploitable for arbitrary code
execution are possible, and so is disclosure of server memory. (bsc#1216961)
* CVE-2023-5870: Prevent the pg_signal_backend role
from signalling background workers and autovacuum processes.
The documentation says that pg_signal_backend cannot issue
signals to superuser-owned processes. It was able to signal
these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process
types are fairly small so far as the core code goes (we'll just
start another one), but extensions might add background workers
that are more vulnerable.
Also ensure that the is_superuser parameter is set correctly in
such processes. No specific security consequences are known for
that oversight, but it might be significant for some extensions.
(bsc#1216960)
- update to 14.10: https://www.postgresql.org/docs/14/release-14-10.html
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
ImportantSUSE bug 1216022SUSE bug 1216734SUSE bug 1216960SUSE bug 1216961SUSE bug 1216962CVE-2023-5868 at SUSECVE-2023-5868 at NVDCVE-2023-5869 at SUSECVE-2023-5869 at NVDCVE-2023-5870 at SUSECVE-2023-5870 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql, postgresql15, postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql, postgresql15, postgresql16 fixes the following issues:
This update ships postgresql 16.
Security issues fixed:
* CVE-2023-5868: Fix handling of unknown-type
arguments in DISTINCT 'any' aggregate functions. This error led
to a text-type value being interpreted as an unknown-type value
(that is, a zero-terminated string) at runtime. This could
result in disclosure of server memory following the text value. (bsc#1216962)
* CVE-2023-5869: Detect integer overflow while
computing new array dimensions. When assigning new elements to
array subscripts that are outside the current array bounds, an
undetected integer overflow could occur in edge cases. Memory
stomps that are potentially exploitable for arbitrary code
execution are possible, and so is disclosure of server memory. (bsc#1216961)
* CVE-2023-5870: Prevent the pg_signal_backend role
from signalling background workers and autovacuum processes.
The documentation says that pg_signal_backend cannot issue
signals to superuser-owned processes. It was able to signal
these background processes, though, because they advertise a
role OID of zero. Treat that as indicating superuser ownership.
The security implications of cancelling one of these process
types are fairly small so far as the core code goes (we'll just
start another one), but extensions might add background workers
that are more vulnerable.
Also ensure that the is_superuser parameter is set correctly in
such processes. No specific security consequences are known for
that oversight, but it might be significant for some extensions.
(bsc#1216960)
Changes in postgresql16:
- Upgrade to 16.1:
* https://www.postgresql.org/about/news/2715
* https://www.postgresql.org/docs/16/release-16.html
* https://www.postgresql.org/docs/16/release-16-1.html
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
Changes in postgresql15:
- Update to 15.5 https://www.postgresql.org/docs/15/release-15-5.html
- The libs and mini package are now provided by postgresql16.
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- Change the unix domain socket location from /var/run to /run.
Changes in postgresql:
- Interlock version and release of all noarch packages except for
the postgresql-docs.
- bsc#1122892: Add a sysconfig variable for initdb.
- Overhaul postgresql-README.SUSE and move it from the binary
package to the noarch wrapper package.
- bsc#1179231: Add an explanation for the /tmp -> /run/postgresql
move and permission change.
- Add postgresql-README as a separate source file.
- bsc#1209208: Drop hard dependency on systemd
- bsc#1206796: Refine the distinction of where to use sysusers and
use bcond to have the expression only in one place.
ImportantSUSE bug 1122892SUSE bug 1179231SUSE bug 1206796SUSE bug 1209208SUSE bug 1216022SUSE bug 1216734SUSE bug 1216960SUSE bug 1216961SUSE bug 1216962CVE-2023-5868 at SUSECVE-2023-5868 at NVDCVE-2023-5869 at SUSECVE-2023-5869 at NVDCVE-2023-5870 at SUSECVE-2023-5870 at NVDcpe:/o:opensuse:leap:15.5Security update for libreoffice (Moderate)openSUSE Leap 15.5
This update for fixes the following issues:
libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800):
- For the highlights of changes of version 7.6 please consult the official release notes:
* https://wiki.documentfoundation.org/ReleaseNotes/7.6
- You can check for each minor release notes here:
* https://wiki.documentfoundation.org/Releases/7.6.2/RC1
* https://wiki.documentfoundation.org/Releases/7.6.1/RC2
* https://wiki.documentfoundation.org/Releases/7.6.1/RC1
* https://wiki.documentfoundation.org/Releases/7.6.0/RC3
* https://wiki.documentfoundation.org/Releases/7.6.0/RC2
* https://wiki.documentfoundation.org/Releases/7.6.0/RC1
- Security issues fixed:
* CVE-2023-1183: Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243)
- Updated bundled dependencies:
* boost version update from 1_80_0 to 1_82_0
* curl version update from 8.0.1 to 8.2.1
* icu4c-data version update from 72_1 to 73_2
* icu4c version update from 72_1 to 73_2
* pdfium version update from 5408 to 5778
* poppler version update from 22.12.0 to 23.06.0
* poppler-data version update from 0.4.11 to 0.4.12
* skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to
skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404
- New bundled dependencies:
* graphite2-minimal-1.3.14.tgz
* harfbuzz-8.0.0.tar.xz
- New build dependencies:
* frozen-devel
* liborcus-0_18-0
* libixion
* mdds-2_1
- New runtime dependencies:
* `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595)
frozen was implemented:
- New Libreoffice package dependency
libixion was updated to version 0.18.1:
- Updated to 0.18.1:
* Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on
two 32-bit unsigned integer types being used with std::variant.
- Updated to 0.18.0:
* Removed the formula_model_access interface from model_context, and switched
to using model_context directly everywhere.
* Revised formula_tokens_t type to remove use of std::unique_ptr for each
formula_token instance. This should improve memory locality when
iterating through an array of formula token values. A similar change has
also been made to lexer_tokens_t and lexer_token types.
* Added 41 built-in functions
* Added support for multi-sheet references in Excel A1 and Excel R1C1
grammers.
liborcus was updated to version 0.18.1:
- Updated to 0.18.1:
* sax parser:
+ added support for optionally skipping multiple BOM's in the beginning of
XML stream. This affects all XML-based file format filters such as
xls-xml (aka Excel 2003 XML).
* xml-map:
+ fixed a bug where an XML document consisting of simple single-column
records were not properly converted to sheet data
* xls-xml:
+ fixed a bug where the filter would always pass border color even when it
was not set
* buildsystem:
+ added new configure switches --without-benchmark and --without-doc-example
to optinally skip building of these two directories
mdds-2_1 was implemented:
- New Libreoffice package dependency
ModerateSUSE bug 1209243SUSE bug 1212444SUSE bug 1215595CVE-2023-1183 at SUSECVE-2023-1183 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20231114 release. (bsc#1215278)
- CVE-2023-23583: Fixed potential CPU deadlocks or privilege escalation. (bsc#1215278)
ImportantSUSE bug 1215278CVE-2023-23583 at SUSECVE-2023-23583 at NVDcpe:/o:opensuse:leap:15.5Security update for avahi (Moderate)openSUSE Leap 15.5
This update for avahi fixes the following issues:
- CVE-2023-38470: Ensure each label is at least one byte long (bsc#1215947).
- CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419).
ModerateSUSE bug 1215947SUSE bug 1216419CVE-2023-38470 at SUSECVE-2023-38470 at NVDCVE-2023-38473 at SUSECVE-2023-38473 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Moderate)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129).
ModerateSUSE bug 1216129CVE-2023-45322 at SUSECVE-2023-45322 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Moderate)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u392 (icedtea-3.29.0) October 2023 CPU:
- CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379).
- CVE-2023-22081: Fixed certificate path validation issue during client authentication (bsc#1216374).
- CVE-2015-4000: Fixed Logjam issue in SLES12SP5 (bsc#1211968).
ModerateSUSE bug 1211968SUSE bug 1216374SUSE bug 1216379CVE-2015-4000 at SUSECVE-2015-4000 at NVDCVE-2023-22067 at SUSECVE-2023-22067 at NVDCVE-2023-22081 at SUSECVE-2023-22081 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2-mod_jk (Important)openSUSE Leap 15.5
This update for apache2-mod_jk fixes the following issues:
Update to version 1.2.49:
Apache
* Retrieve default request id from mod_unique_id. It can also be
taken from an arbitrary environment variable by configuring
'JkRequestIdIndicator'.
* Don't delegate the generatation of the response body to httpd
when the status code represents an error if the request used
the HEAD method.
* Only export the main module symbol. Visibility of module
internal symbols led to crashes when conflicting with library
symbols. Based on a patch provided by Josef Čejka.
* Remove support for implicit mapping of requests to workers.
All mappings must now be explicit.
IIS
* Set default request id as a GUID. It can also be taken from an
arbitrary request header by configuring 'request_id_header'.
* Fix non-empty check for the Translate header.
Common
* Fix compiler warning when initializing and copying fixed
length strings.
* Add a request id to mod_jk log lines.
* Enable configure to find the correct sizes for pid_t and
pthread_t when building on MacOS.
* Fix Clang 15/16 compatability. Pull request #6 provided by
Sam James.
* Improve XSS hardening in status worker.
* Add additional bounds and error checking when reading AJP
messages.
Docs
* Remove support for the Netscape / Sun ONE / Oracle iPlanet Web
Server as the product has been retired.
* Remove links to the old JK2 documentation. The JK2
documentation is still available, it is just no longer linked
from the current JK documentation.
* Restructure subsections in changelog starting with version
1.2.45.
Changes for 1.2.47 and 1.2.48 updates:
* Add: Apache: Extend trace level logging of method entry/exit to
aid debugging of request mapping issues.
* Fix: Apache: Fix a bug in the normalization checks that prevented
file based requests, such as SSI file includes, from being processed.
* Fix: Apache: When using JkAutoAlias, ensure that files that include
spaces in their name are accessible.
* Update: Common: Update the documentation to reflect that the source
code for the Apache Tomcat Connectors has moved from Subversion to Git.
* Fix: Common: When using set_session_cookie, ensure that an updated session
cookie is issued if the load-balancer has to failover to a different worker.
* Update: Common: Update config.guess and config.sub from
https://git.savannah.gnu.org/git/config.git.
* Update: Common: Update release script for migration to git.
Update to version 1.2.46
Fixes:
* Apache: Fix regression in 1.2.44 which resulted in
socket_connect_timeout to be interpreted in units of seconds
instead of milliseconds on platforms that provide poll(). (rjung)
* Security: CVE-2018-11759 Connector path traversal [bsc#1114612]
Update to version 1.2.45
Fixes:
* Correct regression in 1.2.44 that broke request handling for
OPTIONS * requests. (rjung)
* Improve path parameter parsing so that the session ID specified
by the session_path worker property for load-balanced workers
can be extracted from a path parameter in any segment of the
URI, rather than only from the final segment. (markt)
* Apache: Improve path parameter handling so that JkStripSession
can remove session IDs that are specified on path parameters in any
segment of the URI rather than only the final segment. (markt)
* IIS: Improve path parameter handling so that strip_session can
remove session IDs that are specified on path parameters in any
segment of the URI rather than only the final segment. (markt)
Updates:
* Apache: Update the documentation to note additional
limitations of the JkAutoAlias directive. (markt)
Code:
* Common: Optimize path parameter handling. (rjung)
Update to version 1.2.44
Updates:
* Remove the Novell Netware make files and Netware specific source
code since there has not been a supported version of Netware
available for over five years. (markt)
* Apache: Update the documentation to use httpd 2.4.x style access
control directives. (markt)
* Update PCRE bundled with the ISAPI redirector to 8.42. (rjung)
* Update config.guess and config.sub from
https://git.savannah.gnu.org/git/config.git. (rjung)
Fixes:
* Common: Use Local, rather than Global, mutexs on Windows to
better support multi-user environments. (markt)
* Apache: Use poll rather than select to avoid the limitations of
select triggering an httpd crash. Patch provided by Koen Wilde. (markt)
* ISAPI: Remove the check that rejects requests that contain path
segments that match WEB-INF or META-INF as it duplicates a check
that Tomcat performs and, because ISAPI does not have visibility of
the current context path, it is impossible to implement this check
without valid requests being rejected. (markt)
* Refactor normalisation of request URIs to a common location and align
the normalisation implementation for mod_jk with that implemented by
Tomcat. (markt)
Add:
* Clarify the behvaiour of lb workers when all ajp13 workers fail with
particular reference to the role of the retries attribute. (markt)
* Add the new load-balancer worker property lb_retries to improve the
control over the number of retries. Based on a patch provided by
Frederik Nosi. (markt)
* Add a note to the documentation that the CollapseSlashes options are
now effectively hard-coded to CollpaseSlashesAll due to the changes
made to align normalization with that implemented in Tomcat. (markt)
ImportantSUSE bug 1114612CVE-2018-11759 at SUSECVE-2018-11759 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-setuptools (Moderate)openSUSE Leap 15.5
This update for python3-setuptools fixes the following issues:
- CVE-2022-40897: Fixed Regular Expression Denial of Service (ReDoS) in package_index.py (bsc#1206667).
ModerateSUSE bug 1206667CVE-2022-40897 at SUSECVE-2022-40897 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Important)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Important)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
ImportantSUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:opensuse:leap:15.5Security update for maven, maven-resolver, sbt, xmvn (Moderate)openSUSE Leap 15.5
This update for maven, maven-resolver, sbt, xmvn fixes the following issues:
- CVE-2023-46122: Fixed an arbitrary file write when extracting a
crafted zip file with sbt (bsc#1216529).
- Upgraded maven to version 3.9.4
- Upgraded maven-resolver to version 1.9.15.
ModerateSUSE bug 1162112SUSE bug 1216529CVE-2023-46122 at SUSECVE-2023-46122 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2023-44271: Fixed uncontrolled resource consumption when textlength in an ImageDraw instance operates on a long text argument (bsc#1216894).
ImportantSUSE bug 1216894CVE-2023-44271 at SUSECVE-2023-44271 at NVDcpe:/o:opensuse:leap:15.5Security update for strongswan (Important)openSUSE Leap 15.5
This update for strongswan fixes the following issues:
- CVE-2023-41913: Fixed a bug in charon-tkm related to handling DH public values that can lead to remote code execution (bsc#1216901).
ImportantSUSE bug 1216901CVE-2023-41913 at SUSECVE-2023-41913 at NVDcpe:/o:opensuse:leap:15.5Security update for squid (Important)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2023-46728: Remove gopher support (bsc#1216926).
- Fixed overread in HTTP request header parsing (bsc#1217274).
ImportantSUSE bug 1216926SUSE bug 1217274CVE-2023-46728 at SUSECVE-2023-46728 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230)
* Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338)
* CVE-2023-5721: Queued up rendering could have allowed websites to clickjack
* CVE-2023-5732: Address bar spoofing via bidirectional characters
* CVE-2023-5724: Large WebGL draw could have led to a crash
* CVE-2023-5725: WebExtensions could open arbitrary URLs
* CVE-2023-5726: Full screen notification obscured by file open dialog on macOS
* CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows
* CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.
* CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1
ImportantSUSE bug 1216338SUSE bug 1217230CVE-2023-5721 at SUSECVE-2023-5721 at NVDCVE-2023-5724 at SUSECVE-2023-5724 at NVDCVE-2023-5725 at SUSECVE-2023-5725 at NVDCVE-2023-5726 at SUSECVE-2023-5726 at NVDCVE-2023-5727 at SUSECVE-2023-5727 at NVDCVE-2023-5728 at SUSECVE-2023-5728 at NVDCVE-2023-5730 at SUSECVE-2023-5730 at NVDCVE-2023-5732 at SUSECVE-2023-5732 at NVDcpe:/o:opensuse:leap:15.5Security update for vim (Important)openSUSE Leap 15.5
This update for vim fixes the following issues:
Updated to version 9.0 with patch level 2103, fixes the following security problems
* CVE-2023-5344: vim: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940)
* CVE-2023-5441: vim: segfault in exmode when redrawing (bsc#1216001)
* CVE-2023-5535: vim: use-after-free from buf_contents_changed() (bsc#1216167)
* CVE-2023-46246: vim: Integer Overflow in :history command (bsc#1216696)
* CVE-2023-4738: vim: heap-buffer-overflow in vim_regsub_both (bsc#1214922)
* CVE-2023-4735: vim: OOB Write ops.c (bsc#1214924)
* CVE-2023-4734: vim: segmentation fault in function f_fullcommand (bsc#1214925)
* CVE-2023-4733: vim: use-after-free in function buflist_altfpos (bsc#1215004)
* CVE-2023-4752: vim: Heap Use After Free in function ins_compl_get_exp (bsc#1215006)
* CVE-2023-4781: vim: heap-buffer-overflow in function vim_regsub_both (bsc#1215033)
ImportantSUSE bug 1214922SUSE bug 1214924SUSE bug 1214925SUSE bug 1215004SUSE bug 1215006SUSE bug 1215033SUSE bug 1215940SUSE bug 1216001SUSE bug 1216167SUSE bug 1216696CVE-2023-46246 at SUSECVE-2023-46246 at NVDCVE-2023-4733 at SUSECVE-2023-4733 at NVDCVE-2023-4734 at SUSECVE-2023-4734 at NVDCVE-2023-4735 at SUSECVE-2023-4735 at NVDCVE-2023-4738 at SUSECVE-2023-4738 at NVDCVE-2023-4752 at SUSECVE-2023-4752 at NVDCVE-2023-4781 at SUSECVE-2023-4781 at NVDCVE-2023-5344 at SUSECVE-2023-5344 at NVDCVE-2023-5441 at SUSECVE-2023-5441 at NVDCVE-2023-5535 at SUSECVE-2023-5535 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.42.2 (bsc#1217210):
- CVE-2023-41983: Processing web content may lead to a denial-of-service.
- CVE-2023-42852: Processing web content may lead to arbitrary code execution.
Already previously fixed:
- CVE-2022-32919: Visiting a website that frames malicious content may lead to UI spoofing (fixed already in 2.38.4).
- CVE-2022-32933: A website may be able to track the websites a user visited in private browsing mode (fixed already in 2.38.0).
- CVE-2022-46705: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).
- CVE-2022-46725: Visiting a malicious website may lead to address bar spoofing (fixed already in 2.38.4).
- CVE-2023-32359: A user’s password may be read aloud by a text-to-speech accessibility feature (fixed already in 2.42.0).
ImportantSUSE bug 1217210CVE-2022-32919 at SUSECVE-2022-32919 at NVDCVE-2022-32933 at SUSECVE-2022-32933 at NVDCVE-2022-46705 at SUSECVE-2022-46705 at NVDCVE-2022-46725 at SUSECVE-2022-46725 at NVDCVE-2023-32359 at SUSECVE-2023-32359 at NVDCVE-2023-41983 at SUSECVE-2023-41983 at NVDCVE-2023-42852 at SUSECVE-2023-42852 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 Fix Pack 15:
* Oracle October 17 2023 CPU [bsc#1216640]
Security fixes:
- CVE-2023-22081: Fixed enhanced TLS connections (bsc#1216374)
- CVE-2023-22067: Fixed IOR deserialization issue in CORBA (bsc#1216379)
- CVE-2023-22025: Fixed memory corruption issue on x86_64 with AVX-512 (bsc#1216339)
- CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214)
Bug fixes:
- IBM Java idlj compiler switch definition because IBM java idlj seems to confuse char and wchar for typedef types (bsc#1204264).
ImportantSUSE bug 1204264SUSE bug 1216339SUSE bug 1216374SUSE bug 1216379SUSE bug 1216640SUSE bug 1217214CVE-2023-22025 at SUSECVE-2023-22025 at NVDCVE-2023-22067 at SUSECVE-2023-22067 at NVDCVE-2023-22081 at SUSECVE-2023-22081 at NVDCVE-2023-5676 at SUSECVE-2023-5676 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch (Important)openSUSE Leap 15.5
This update for openvswitch fixes the following issues:
- CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002).
ImportantSUSE bug 1216002CVE-2023-5366 at SUSECVE-2023-5366 at NVDcpe:/o:opensuse:leap:15.5Security update for xrdp (Moderate)openSUSE Leap 15.5
This update for xrdp fixes the following issues:
- CVE-2023-42822: Fixed unchecked access to font glyph info (bsc#1215803).
ModerateSUSE bug 1215803CVE-2023-42822 at SUSECVE-2023-42822 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm (Important)openSUSE Leap 15.5
This update for slurm fixes the following issues:
- CVE-2023-41914: Fixed a filesystem handling race conditions that could have led to an attacker taking control of an arbitrary file, or removing entire directoy contents (bsc#1216207).
Bug fixes:
- Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869).
ImportantSUSE bug 1216207SUSE bug 1216869CVE-2023-41914 at SUSECVE-2023-41914 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm_22_05 (Important)openSUSE Leap 15.5
This update for slurm_22_05 fixes the following issues:
- CVE-2023-41914: Fixed a filesystem handling race condition that could have led to an attacker taking control of an arbitrary file, or removing entire directory contents (bsc#1216207).
Bug fixes:
- Add missing dependencies to slurm-config to plugins package. These should help to tie down the slurm version and help to avoid a package mix (bsc#1216869).
- Add missing Provides:, Conflicts: and Obsoletes: to slurm-cray, slurm-hdf5 and slurm-testsuite to avoid package conflicts (bsc#1208810).
ImportantSUSE bug 1208810SUSE bug 1216207SUSE bug 1216869CVE-2023-41914 at SUSECVE-2023-41914 at NVDcpe:/o:opensuse:leap:15.5Security update for xerces-c (Important)openSUSE Leap 15.5
This update for xerces-c fixes the following issues:
- CVE-2023-37536: Fixed an integer overflow that could have led to a out-of-bounds memory accesses (bsc#1216156).
ImportantSUSE bug 1216156CVE-2023-37536 at SUSECVE-2023-37536 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 115.5.0 MFSA 2023-52 (bsc#1217230)
* CVE-2023-6204: Out-of-bound memory access in WebGL2 blitFramebuffer
* CVE-2023-6205: Use-after-free in MessagePort::Entangled
* CVE-2023-6206: Clickjacking permission prompts using the fullscreen transition
* CVE-2023-6207: Use-after-free in ReadableByteStreamQueueEntry::Buffer
* CVE-2023-6208: Using Selection API would copy contents into X11 primary selection.
* CVE-2023-6209: Incorrect parsing of relative URLs starting with '///'
* CVE-2023-6212: Memory safety bugs
ImportantSUSE bug 1217230CVE-2023-6204 at SUSECVE-2023-6204 at NVDCVE-2023-6205 at SUSECVE-2023-6205 at NVDCVE-2023-6206 at SUSECVE-2023-6206 at NVDCVE-2023-6207 at SUSECVE-2023-6207 at NVDCVE-2023-6208 at SUSECVE-2023-6208 at NVDCVE-2023-6209 at SUSECVE-2023-6209 at NVDCVE-2023-6212 at SUSECVE-2023-6212 at NVDcpe:/o:opensuse:leap:15.5Security update for squashfs (Important)openSUSE Leap 15.5
This update for squashfs fixes the following issues:
- CVE-2015-4645,CVE-2015-4646: Multiple buffer overflows fixed in squashfs-tools (bsc#935380)
- CVE-2021-40153: Fixed an issue where an attacker might have been able to write a file outside of destination (bsc#1189936)
- CVE-2021-41072: Fixed an issue where an attacker might have been
able to write a file outside the destination directory via a
symlink (bsc#1190531).
update to 4.6.1:
* Race condition which can cause corruption of the 'fragment
table' fixed. This is a regression introduced in August 2022,
and it has been seen when tailend packing is used (-tailends option).
* Fix build failure when the tools are being built without
extended attribute (XATTRs) support.
* Fix XATTR error message when an unrecognised prefix is
found
* Fix incorrect free of pointer when an unrecognised XATTR
prefix is found.
* Major improvements in extended attribute handling,
pseudo file handling, and miscellaneous new options and
improvements
* Extended attribute handling improved in Mksquashfs and
Sqfstar
* New Pseudo file xattr definition to add extended
attributes to files.
* New xattrs-add Action to add extended attributes to files
* Extended attribute handling improved in Unsquashfs
* Other major improvements
* Unsquashfs can now output Pseudo files to standard out.
* Mksquashfs can now input Pseudo files from standard in.
* Squashfs filesystems can now be converted (different
block size compression etc) without unpacking to an
intermediate filesystem or mounting, by piping the output of
Unsquashfs to Mksquashfs.
* Pseudo files are now supported by Sqfstar.
* 'Non-anchored' excludes are now supported by Unsquashfs.
update to 4.5.1 (bsc#1190531, CVE-2021-41072):
* This release adds Manpages for Mksquashfs(1), Unsquashfs(1),
Sqfstar(1) and Sqfscat(1).
* The -help text output from the utilities has been improved
and extended as well (but the Manpages are now more
comprehensive).
* CVE-2021-41072 which is a writing outside of destination
exploit, has been fixed.
* The number of hard-links in the filesystem is now also
displayed by Mksquashfs in the output summary.
* The number of hard-links written by Unsquashfs is now
also displayed in the output summary.
* Unsquashfs will now write to a pre-existing destination
directory, rather than aborting.
* Unsquashfs now allows '.' to used as the destination, to
extract to the current directory.
* The Unsquashfs progress bar now tracks empty files and
hardlinks, in addition to data blocks.
* -no-hardlinks option has been implemented for Sqfstar.
* More sanity checking for 'corrupted' filesystems, including
checks for multiply linked directories and directory loops.
* Options that may cause filesystems to be unmountable have
been moved into a new 'experts' category in the Mksquashfs
help text (and Manpage).
* Maximum cpiostyle filename limited to PATH_MAX. This
prevents attempts to overflow the stack, or cause system
calls to fail with a too long pathname.
* Don't always use 'max open file limit' when calculating
length of queues, as a very large file limit can cause
Unsquashfs to abort. Instead use the smaller of max open
file limit and cache size.
* Fix Mksquashfs silently ignoring Pseudo file definitions
when appending.
* Don't abort if no XATTR support has been built in, and
there's XATTRs in the filesystem. This is a regression
introduced in 2019 in Version 4.4.
* Fix duplicate check when the last file block is sparse.
update to 4.5:
* Mksquashfs now supports 'Actions'.
* New sqfstar command which will create a Squashfs image from a tar archive.
* Tar style handling of source pathnames in Mksquashfs.
* Cpio style handling of source pathnames in Mksquashfs.
* New option to throttle the amount of CPU and I/O.
* Mksquashfs now allows no source directory to be specified.
* New Pseudo file 'R' definition which allows a Regular file
o be created with data stored within the Pseudo file.
* Symbolic links are now followed in extract files
* Unsquashfs now supports 'exclude' files.
* Max depth traversal option added.
* Unsquashfs can now output a 'Pseudo file' representing the
input Squashfs filesystem.
* New -one-file-system option in Mksquashfs.
* New -no-hardlinks option in Mksquashfs.
* Exit code in Unsquashfs changed to distinguish between
non-fatal errors (exit 2), and fatal errors (exit 1).
* Xattr id count added in Unsquashfs '-stat' output.
* Unsquashfs 'write outside directory' exploit fixed.
* Error handling in Unsquashfs writer thread fixed.
* Fix failure to truncate destination if appending aborted.
* Prevent Mksquashfs reading the destination file.
ImportantSUSE bug 1189936SUSE bug 1190531SUSE bug 935380CVE-2015-4645 at SUSECVE-2015-4645 at NVDCVE-2015-4646 at SUSECVE-2015-4646 at NVDCVE-2021-40153 at SUSECVE-2021-40153 at NVDCVE-2021-41072 at SUSECVE-2021-41072 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-Twisted (Moderate)openSUSE Leap 15.5
This update for python3-Twisted fixes the following issues:
- CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588)
ModerateSUSE bug 1216588CVE-2023-46137 at SUSECVE-2023-46137 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Twisted (Moderate)openSUSE Leap 15.5
This update for python-Twisted fixes the following issues:
- CVE-2023-46137: Fixed issue inside serializing pipelined HTTP requests. (bsc#1216588)
ModerateSUSE bug 1216588CVE-2023-46137 at SUSECVE-2023-46137 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openj9 (Moderate)openSUSE Leap 15.5
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u392 build 08 with OpenJ9 0.41.0 virtual machine
- CVE-2023-22067: Fixed an IOR deserialization issue in CORBA (bsc#1216379).
- CVE-2023-22081: Fixed a certificate path validation issue during client authentication (bsc#1216374).
- CVE-2023-5676: Fixed receiving a signal before initialization may lead to an infinite loop or unexpected crash (bsc#1217214).
ModerateSUSE bug 1216374SUSE bug 1216379SUSE bug 1217214CVE-2023-22067 at SUSECVE-2023-22067 at NVDCVE-2023-22081 at SUSECVE-2023-22081 at NVDCVE-2023-5676 at SUSECVE-2023-5676 at NVDcpe:/o:opensuse:leap:15.5Security update for sqlite3 (Important)openSUSE Leap 15.5
This update for sqlite3 fixes the following issues:
- CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660).
ImportantSUSE bug 1210660CVE-2023-2137 at SUSECVE-2023-2137 at NVDcpe:/o:opensuse:leap:15.5Security update for traceroute (Moderate)openSUSE Leap 15.5
This update for traceroute fixes the following issues:
- CVE-2023-46316: wrapper scripts do not properly parse command lines (bsc#1216591).
ModerateSUSE bug 1216591CVE-2023-46316 at SUSECVE-2023-46316 at NVDcpe:/o:opensuse:leap:15.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)openSUSE Leap 15.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
Update to version 1.1.0
- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.1.0
Update to version 1.0.1
- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.1
ImportantCVE-2023-44487 at SUSECVE-2023-44487 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Important)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922).
Bug fixes:
- The default /etc/ssl/openssl3.cnf file will include any configuration
files that other packages might place into /etc/ssl/engines3.d/ and
/etc/ssl/engdef3.d/.
- Create the two new necessary directores for the above
patch. [bsc#1194187, bsc#1207472]
ImportantSUSE bug 1194187SUSE bug 1207472SUSE bug 1216922CVE-2023-5678 at SUSECVE-2023-5678 at NVDcpe:/o:opensuse:leap:15.5Security update for haproxy (Moderate)openSUSE Leap 15.5
This update for haproxy fixes the following issues:
- CVE-2023-45539: Fixed misinterpretation of a path_end rule with # as part of the URI component (bsc#1217653).
ModerateSUSE bug 1217653CVE-2023-45539 at SUSECVE-2023-45539 at NVDcpe:/o:opensuse:leap:15.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)openSUSE Leap 15.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.58.0
- Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.0
Importantcpe:/o:opensuse:leap:15.5Security update for openvswitch3 (Important)openSUSE Leap 15.5
This update for openvswitch3 fixes the following issues:
- CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002).
ImportantSUSE bug 1216002CVE-2023-5366 at SUSECVE-2023-5366 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573).
- CVE-2023-46219: HSTS long file name clears contents (bsc#1217574).
ModerateSUSE bug 1217573SUSE bug 1217574CVE-2023-46218 at SUSECVE-2023-46218 at NVDCVE-2023-46219 at SUSECVE-2023-46219 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware (Important)openSUSE Leap 15.5
This update for kernel-firmware fixes the following issues:
Update AMD ucode to 20231030 (bsc#1215831):
- CVE-2022-23820: Failure to validate the AMD SMM communication buffer may allow an attacker to corrupt the SMRAM potentially leading to arbitrary code execution.
- CVE-2021-46774: Insufficient input validation in ABL may enable a privileged attacker to perform arbitrary DRAM writes, potentially resulting in code execution and privilege escalation.
- CVE-2023-20533: Insufficient DRAM address validation in System Management Unit (SMU) may allow an attacker using DMA to read/write from/to invalid DRAM address potentially resulting in denial-of-service.
0 CVE-2023-20519: A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest integrity.
- CVE-2023-20566: Improper address validation in ASP with SNP enabled may potentially allow an attacker to compromise guest memory integrity.
- CVE-2023-20521: TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of service.
- CVE-2021-46766: Improper clearing of sensitive data in the ASP Bootloader may expose secret keys to a privileged attacker accessing ASP SRAM, potentially leading to a loss of confidentiality.
- CVE-2022-23830: SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity.
- CVE-2023-20526: Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
- CVE-2021-26345: Failure to validate the value in APCB may allow an attacker with physical access to tamper with the APCB token to force an out-of-bounds memory read potentially resulting in a denial of service.
- CVE-2023-20592: Issue with INVD instruction aka CacheWarpAttack (bsc#1215823).
ImportantSUSE bug 1215823SUSE bug 1215831CVE-2021-26345 at SUSECVE-2021-26345 at NVDCVE-2021-46766 at SUSECVE-2021-46766 at NVDCVE-2021-46774 at SUSECVE-2021-46774 at NVDCVE-2022-23820 at SUSECVE-2022-23820 at NVDCVE-2022-23830 at SUSECVE-2022-23830 at NVDCVE-2023-20519 at SUSECVE-2023-20519 at NVDCVE-2023-20521 at SUSECVE-2023-20521 at NVDCVE-2023-20526 at SUSECVE-2023-20526 at NVDCVE-2023-20533 at SUSECVE-2023-20533 at NVDCVE-2023-20566 at SUSECVE-2023-20566 at NVDCVE-2023-20592 at SUSECVE-2023-20592 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch (Important)openSUSE Leap 15.5
This update for openvswitch fixes the following issues:
- CVE-2023-5366: Fixed missing masks on a final stage with ports trie (bsc#1216002).
ImportantSUSE bug 1216002CVE-2023-5366 at SUSECVE-2023-5366 at NVDcpe:/o:opensuse:leap:15.5Security update for qemu (Important)openSUSE Leap 15.5
This update for qemu fixes the following issues:
- CVE-2021-3638: hw/display/ati_2d: Fix buffer overflow in ati_2d_blt (bsc#1188609)
- CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request (bsc#1213925)
- CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake (bsc#1212850)
- [openSUSE] roms/ipxe: Backport 0aa2e4ec9635, in preparation of binutils 2.41 (bsc#1215311)
- target/s390x: Fix the 'ignored match' case in VSTRS (bsc#1213210)
- linux-user/elfload: Enable vxe2 on s390x (bsc#1213210)
ImportantSUSE bug 1188609SUSE bug 1212850SUSE bug 1213210SUSE bug 1213925SUSE bug 1215311CVE-2021-3638 at SUSECVE-2021-3638 at NVDCVE-2023-3180 at SUSECVE-2023-3180 at NVDCVE-2023-3354 at SUSECVE-2023-3354 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2023-47235: Fixed denial of service caused by malformed BGP UPDATE message with an EOR is processed (bsc#1216896).
- CVE-2023-47234: Fixed denial of service caused by crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute (bsc#1216897).
- CVE-2023-38407: Fixed read beyond the end of the stream during labeled unicast parsing (bsc#1216899).
- CVE-2023-38406: Fixed mishandling of nlri length of zero, aka a 'flowspec overflow (bsc#1216900).
ImportantSUSE bug 1216896SUSE bug 1216897SUSE bug 1216899SUSE bug 1216900CVE-2023-38406 at SUSECVE-2023-38406 at NVDCVE-2023-38407 at SUSECVE-2023-38407 at NVDCVE-2023-47234 at SUSECVE-2023-47234 at NVDCVE-2023-47235 at SUSECVE-2023-47235 at NVDcpe:/o:opensuse:leap:15.5Security update for suse-build-key (Important)openSUSE Leap 15.5
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
ImportantSUSE bug 1216410SUSE bug 1217215cpe:/o:opensuse:leap:15.5Security update for gimp (Important)openSUSE Leap 15.5
This update for gimp fixes the following issues:
- CVE-2023-44441: Fixed Heap-based Buffer Overflow in DDS (bsc#1217160).
- CVE-2023-44442: Fixed Heap-based Buffer Overflow in PSD (bsc#1217161).
- CVE-2023-44443: Fixed Integer Overflow in PSP (bsc#1217162).
- CVE-2023-44444: Fixed Off-By-One om PSP (bsc#1217163).
ImportantSUSE bug 1217160SUSE bug 1217161SUSE bug 1217162SUSE bug 1217163CVE-2023-44441 at SUSECVE-2023-44441 at NVDCVE-2023-44442 at SUSECVE-2023-44442 at NVDCVE-2023-44443 at SUSECVE-2023-44443 at NVDCVE-2023-44444 at SUSECVE-2023-44444 at NVDcpe:/o:opensuse:leap:15.5Security update for squid (Important)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2023-49285: Fixed buffer over read bug on HTTP Message processing flow (bsc#1217813)
- CVE-2023-49286: Fixed Denial of Service vulnerability in helper process management (bsc#1217815)
- Fix X-Forwarded-For Stack Overflow (bsc#1217654)
ImportantSUSE bug 1217654SUSE bug 1217813SUSE bug 1217815CVE-2023-49285 at SUSECVE-2023-49285 at NVDCVE-2023-49286 at SUSECVE-2023-49286 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20 (Important)openSUSE Leap 15.5
This update for go1.20 fixes the following issues:
Update to go1.20.12:
- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows
ImportantSUSE bug 1206346SUSE bug 1216943SUSE bug 1217833SUSE bug 1217834CVE-2023-39326 at SUSECVE-2023-39326 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDCVE-2023-45285 at SUSECVE-2023-45285 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
Update to go1.21.5:
- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/go: go mod download needs to support toolchain upgrades
- cmd/compile: invalid pointer found on stack when compiled with -race
- os: NTFS deduped file changed from regular to irregular
- net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
- runtime: self-deadlock on mheap_.lock
- crypto/rand: Legacy RtlGenRandom use on Windows
ImportantSUSE bug 1212475SUSE bug 1216943SUSE bug 1217833SUSE bug 1217834CVE-2023-39326 at SUSECVE-2023-39326 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDCVE-2023-45285 at SUSECVE-2023-45285 at NVDcpe:/o:opensuse:leap:15.5Security update for hplip (Moderate)openSUSE Leap 15.5
This update for hplip fixes the following issues:
- Fixed insecure /tmp file paths inside hppsfilter booklet printing (bsc#1214399)
ModerateSUSE bug 1214399cpe:/o:opensuse:leap:15.5Security update for catatonit, containerd, runc (Important)openSUSE Leap 15.5
This update of runc and containerd fixes the following issues:
containerd:
- Update to containerd v1.7.8. Upstream release notes:
https://github.com/containerd/containerd/releases/tag/v1.7.8
* CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528)
catatonit:
- Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
- Update to catatont v0.1.7
* This release adds the ability for catatonit to be used as the only
process in a pause container, by passing the -P flag (in this mode no
subprocess is spawned and thus no signal forwarding is done).
- Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to
socket activation or features somewhat adjacent to socket activation (such as
passing file descriptors).
runc:
- Update to runc v1.1.10. Upstream changelog is available from
https://github.com/opencontainers/runc/releases/tag/v1.1.10
ImportantSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
The following non-security bugs were fixed:
- ACPI: FPDT: properly handle invalid FPDT subtables (git-fixes).
- ACPI: resource: Do IRQ override on TongFang GMxXGxx (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA (git-fixes).
- ACPI: sysfs: Fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- ALSA: hda/realtek - ALC287 Realtek I2S speaker platform support (git-fixes).
- ALSA: hda/realtek - Add Dell ALC295 to pin fall back table (git-fixes).
- ALSA: hda/realtek - Enable internal speaker of ASUS K6500ZC (git-fixes).
- ALSA: hda/realtek: Add quirk for ASUS UX7602ZM (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS 2024 Zenbooks (git-fixes).
- ALSA: hda/realtek: Add quirks for HP Laptops (git-fixes).
- ALSA: hda/realtek: Add support dual speaker for Dell (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G10 (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 255 G8 (git-fixes).
- ALSA: hda: ASUS UM5302LA: Added quirks for cs35L41/10431A83 on i2c bus (git-fixes).
- ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140).
- ALSA: hda: Fix possible null-ptr-deref when assigning a stream (git-fixes).
- ALSA: hda: cs35l41: Fix unbalanced pm_runtime_get() (git-fixes).
- ALSA: hda: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ALSA: hda: intel-dsp-config: Fix JSL Chromebook quirk detection (git-fixes).
- ALSA: info: Fix potential deadlock at disconnection (git-fixes).
- ALSA: usb-audio: add quirk flag to enable native DSD for McIntosh devices (git-fixes).
- ARM: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak when parsing UUIDs fails (git-fixes).
- ASoC: SOF: core: Ensure sof_ops_free() is still called when probe never ran (git-fixes).
- ASoC: ams-delta.c: use component after check (git-fixes).
- ASoC: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- ASoC: cs35l41: Undo runtime PM changes at driver exit time (git-fixes).
- ASoC: cs35l41: Verify PM runtime resume errors in IRQ handler (git-fixes).
- ASoC: fsl: Fix PM disable depth imbalance in fsl_easrc_probe (git-fixes).
- ASoC: fsl: mpc5200_dma.c: Fix warning of Function parameter or member not described (git-fixes).
- ASoC: hdmi-codec: register hpd callback on component probe (git-fixes).
- ASoC: rt5650: fix the wrong result of key button (git-fixes).
- ASoC: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- ASoC: ti: omap-mcbsp: Fix runtime PM underflow warnings (git-fixes).
- Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE (git-fixes).
- Bluetooth: btusb: Add RTW8852BE device 13d3:3570 to device tables (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0cb8:0xc559 (git-fixes).
- Bluetooth: btusb: Add date->evt_skb is NULL check (git-fixes).
- Documentation: networking: correct possessive 'its' (bsc#1215458).
- Drivers: hv: vmbus: Remove unused extern declaration vmbus_ontimer() (git-fixes).
- Fix termination state for idr_for_each_entry_ul() (git-fixes).
- HID: Add quirk for Dell Pro Wireless Keyboard and Mouse KM5221W (git-fixes).
- HID: hyperv: Replace one-element array with flexible-array member (git-fixes).
- HID: hyperv: avoid struct memcpy overrun warning (git-fixes).
- HID: hyperv: remove unused struct synthhid_msg (git-fixes).
- HID: lenovo: Detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- HID: logitech-hidpp: Do not restart IO, instead defer hid_connect() only (git-fixes).
- HID: logitech-hidpp: Move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- HID: logitech-hidpp: Remove HIDPP_QUIRK_NO_HIDINPUT quirk (git-fixes).
- HID: logitech-hidpp: Revert 'Do not restart communication if not necessary' (git-fixes).
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- Input: synaptics-rmi4 - handle reset delay when using SMBus trsnsport (git-fixes).
- Input: xpad - add VID for Turtle Beach controllers (git-fixes).
- NFS: Fix access to page->mapping (bsc#1216788).
- PCI/ASPM: Fix L1 substate handling in aspm_attr_store_common() (git-fixes).
- PCI/sysfs: Protect driver's D3cold preference from user space (git-fixes).
- PCI: Disable ATS for specific Intel IPU E2000 devices (bsc#1215458).
- PCI: Extract ATS disabling to a helper function (bsc#1215458).
- PCI: Prevent xHCI driver from claiming AMD VanGogh USB3 DRD device (git-fixes).
- PCI: Use FIELD_GET() in Sapphire RX 5600 XT Pulse quirk (git-fixes).
- PCI: Use FIELD_GET() to extract Link Width (git-fixes).
- PCI: exynos: Do not discard .remove() callback (git-fixes).
- PCI: keystone: Do not discard .probe() callback (git-fixes).
- PCI: keystone: Do not discard .remove() callback (git-fixes).
- PCI: tegra194: Use FIELD_GET()/FIELD_PREP() with Link Width fields (git-fixes).
- PCI: vmd: Correct PCI Header Type Register's multi-function check (git-fixes).
- PM / devfreq: rockchip-dfi: Make pmu regmap mandatory (git-fixes).
- PM: hibernate: Use __get_safe_page() rather than touching the list (git-fixes).
- USB: dwc2: write HCINT with INTMASK applied (bsc#1214286).
- USB: dwc3: qcom: fix ACPI platform device leak (git-fixes).
- USB: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- USB: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- USB: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- USB: serial: option: add Fibocom L7xx modules (git-fixes).
- USB: serial: option: add Luat Air72*U series products (git-fixes).
- USB: serial: option: do not claim interface 4 for ZTE MF290 (git-fixes).
- USB: serial: option: fix FM101R-GL defines (git-fixes).
- USB: usbip: fix stub_dev hub disconnect (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: Add Cortex-A520 CPU part definition (git-fixes)
- arm64: allow kprobes on EL0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass ESR_ELx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out EL1 SSBS emulation hook (git-fixes)
- arm64: report EL1 UNDEFs better (git-fixes)
- arm64: rework BTI exception handling (git-fixes)
- arm64: rework EL0 MRS emulation (git-fixes)
- arm64: rework FPAC exception handling (git-fixes)
- arm64: split EL0/EL1 UNDEF handlers (git-fixes)
- ata: pata_isapnp: Add missing error check for devm_ioport_map() (git-fixes).
- atl1c: Work around the DMA RX overflow issue (git-fixes).
- atm: iphase: Do PCI error checks on own line (git-fixes).
- blk-mq: Do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: Add device 0bda:887b to device tables (git-fixes).
- bluetooth: Add device 13d3:3571 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is OK (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -EINVAL on incorrect CAN ID formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix TX state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize CAN ID checks in isotp_bind() (git-fixes).
- can: isotp: set max PDU size to 64 kByte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: Fix comment (git-fixes).
- clk: Sanitize possible_parent_show to Handle Return Value of of_clk_get_parent_name (git-fixes).
- clk: imx: Select MXC_CLK for CLK_IMX8QXP (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: Fix elcdif_pll clock (git-fixes).
- clk: keystone: pll: fix a couple NULL vs IS_ERR() checks (git-fixes).
- clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: Fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: Fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config IPQ_APSS_6018 should depend on QCOM_SMEM (git-fixes).
- clk: qcom: gcc-sm8150: Fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks (git-fixes).
- clk: qcom: mmcc-msm8998: Do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: Fix the SMMU GDSC (git-fixes).
- clk: scmi: Free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: Add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: Update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: Update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() API (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: Fix potential memory leak (git-fixes).
- crypto: caam/jr - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix Chacha20 + Poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - Fix a erroneous check after snprintf() (git-fixes).
- dmaengine: pxa_dma: Remove an erroneous BUG_ON() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: Fix PM disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- drm/amd/display: Avoid NULL dereference of timing generator (git-fixes).
- drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox (git-fixes).
- drm/amd/display: Refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: Handle non-terminated overdrive commands (git-fixes).
- drm/amd: Disable ASPM for VI w/ all Intel systems (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga (git-fixes).
- drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 (git-fixes).
- drm/amd: Move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amd: Update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (git-fixes).
- drm/amdgpu: Fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: Remove unnecessary domain argument (git-fixes).
- drm/amdgpu: Reserve fences for VM update (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use ATRM for external devices (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of RAS err_event_athub (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: Fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: Fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: Fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: Add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: Fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: Fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: Manually disable HPD only if it was enabled (git-fixes).
- drm/bridge: lt8912b: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt8912b: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: Register and attach our DSI device at probe (git-fixes).
- drm/bridge: lt9611uxc: Switch to devm MIPI-DSI helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: tc358768: Clean up clock period code (git-fixes).
- drm/bridge: tc358768: Disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: Fix bit updates (git-fixes).
- drm/bridge: tc358768: Fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: Fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: Print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: Rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: Use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: Use struct videomode (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/dp_mst: Fix NULL deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: Fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: Use size_add() in call to struct_size() (git-fixes).
- drm/i915: Fix potential spectre vulnerability (git-fixes).
- drm/i915: Flush WC GGTT only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: Fix iommu fault by swapping FBs after updating plane state (git-fixes).
- drm/mediatek: Fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: Create devm device attachment (git-fixes).
- drm/mipi-dsi: Create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for DP CTS EDID checksum (git-fixes).
- drm/msm/dsi: free TX buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free TX buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 bus flags (git-fixes).
- drm/panel: simple: Fix Innolux G101ICE-L01 timings (git-fixes).
- drm/panel: st7703: Pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: Fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: cdn-dp: Fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: vop: Fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: Fix color for RGB888/BGR888 format on VOP full (git-fixes).
- drm/rockchip: vop: Fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix DRM_SYNCOBJ_WAIT_FLAGS_WAIT_AVAILABLE (git-fixes).
- drm/ttm: Reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: Remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: Fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: Fix NO_EOT_PACKET settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: Fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: Release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: omapfb: Drop unused remove function (git-fixes).
- fbdev: uvesafb: Call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: Correct allocated size for contexts (git-fixes).
- hid: cp2112: Fix duplicate workqueue initialization (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (git-fixes).
- hv_netvsc: Mark VF as slave before exposing it to user-mode (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and VF register_netdevice (git-fixes).
- hwmon: (coretemp) Fix potentially truncated sysfs attribute name (git-fixes).
- i2c: core: Run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: sun6i-p2wi: Prevent potential division by zero (git-fixes).
- i3c: Fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: Fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data (git-fixes).
- i3c: master: svc: fix SDA keep low when polling IBIWON timeout happen (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix wrong data return when IBI happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: Fix NULL deref bugs with drm_dbg() calls (git-fixes).
- idpf: add RX splitq napi poll support (bsc#1215458).
- idpf: add SRIOV support and other ndo_ops (bsc#1215458).
- idpf: add TX splitq napi poll support (bsc#1215458).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and MAC filter support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for RX queues (bsc#1215458).
- idpf: configure resources for TX queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- irqchip/stm32-exti: add missing DT IRQ flag translation (git-fixes).
- leds: pwm: Do not disable the PWM when the LED should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: Do not use SMBUS calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: Correctly initialise try compose rectangle (git-fixes).
- media: ccs: Fix driver quirk struct documentation (git-fixes).
- media: cedrus: Fix clock/reset sequence (git-fixes).
- media: cobalt: Use FIELD_GET() to extract Link Width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: Fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: Fix VFE-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: Fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: Fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: Fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: Drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: Add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: Add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: Add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: Set pdata.hpdet_channel for ACPI enumerated devs (git-fixes).
- mfd: core: Ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: Fix double put in dln2_probe (git-fixes).
- misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#PED-7237, git-fixes).
- mmc: block: Be sure to wait while busy in CQE error recovery (git-fixes).
- mmc: block: Do not lose cache flush during CQE error recovery (git-fixes).
- mmc: block: Retry commands in CQE error recovery (git-fixes).
- mmc: cqhci: Fix task clearing in CQE error recovery (git-fixes).
- mmc: cqhci: Increase recovery halt timeout (git-fixes).
- mmc: cqhci: Warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: Remove setting of CMD_CFG_ERROR (git-fixes).
- mmc: sdhci-pci-gli: A workaround to allow GL9750 to enter ASPM L1.2 (git-fixes).
- mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER (git-fixes).
- mmc: sdhci_am654: fix start loop index for TAP value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee MODULE_DEVICE_TABLE built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: Byte swap OTP info (git-fixes).
- mtd: rawnand: arasan: Include ECC syndrome along with in-band data while checking for ECC failure (git-fixes).
- net-memcg: Fix scope of sockmem pressure indicators (bsc#1216759).
- net: Avoid address overwrite in kernel_connect (bsc#1216861).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: mana: Fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- nvme: update firmware version after commit (bsc#1215292).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: Return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: Split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: Support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: Uncore frequency control via TPMI (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: Provide cluster level control (bsc#1217147).
- platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: Fix double free reported by Smatch (bsc#1217147).
- platform/x86/intel/tpmi: Process CPU package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: Display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: Move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: Use sysfs API to create attributes (bsc#1217147).
- platform/x86/intel/vsec: Add TPMI ID (bsc#1217147).
- platform/x86/intel/vsec: Enhance and Export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: Support private data (bsc#1217147).
- platform/x86/intel/vsec: Use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: Intel TPMI enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: Fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: Add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: Conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: Prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-frequency: Move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e (git-fixes).
- platform/x86: wmi: Fix opening of char device (git-fixes).
- platform/x86: wmi: Fix probe failure when failing to register WMI devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- powerpc/perf/hv-24x7: Update domain value check (bsc#1215931).
- powerpc/vas: Limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: Fix double shift bug (git-fixes).
- pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume (git-fixes).
- pwm: sti: Reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: Check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: Check for unplug in rtl_phy_patch_request() (git-fixes).
- regmap: Ensure range selector registers are updated after cache sync (git-fixes).
- regmap: debugfs: Fix a erroneous check after snprintf() (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- s390/ap: fix AP bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of DAT pages (LTC#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (LTC#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (LTC#203997 bsc#1217086).
- s390/crashdump: fix TOD programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes LTC#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for ERP requests (git-fixes bsc#1217598).
- s390/ipl: add missing IPL_TYPE_ECKD_DUMP case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (LTC#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (LTC#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix PTRACE_GET_LAST_BREAK error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kABI for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: Calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: Copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: Correct maximum PCI function value for RAS fw logging (bsc#1217731).
- scsi: lpfc: Eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: Enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: Fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: Fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: Introduce LOG_NODE_VERBOSE messaging flag (bsc#1217124).
- scsi: lpfc: Refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: Reject received PRLIs with only initiator fcn role for NPIV ports (bsc#1217124).
- scsi: lpfc: Remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: Return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: Treat IOERR_SLI_DOWN I/O completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: Update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: Validate ELS LS_ACC completion payload (bsc#1217124).
- scsi: qla2xxx: Fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: Use FIELD_GET() to extract PCIe capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: Fix ksft print formats (git-fixes).
- selftests/resctrl: Ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: Reduce failures due to outliers in MBA/MBM tests (git-fixes).
- selftests/resctrl: Remove duplicate feature check from CMT test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: Revert 'serial: exar: Add support for Sealevel 7xxxC serial cards' (git-fixes).
- serial: meson: Use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: Handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: Fix missing IRQ check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: Add Brainboxes Oxford Semiconductor-based quirks (git-fixes).
- tty: 8250: Add support for Brainboxes UP cards (git-fixes).
- tty: 8250: Add support for Intashield IS-100 (git-fixes).
- tty: 8250: Add support for Intashield IX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes PX cards (git-fixes).
- tty: 8250: Add support for additional Brainboxes UC cards (git-fixes).
- tty: 8250: Fix port count of PX-257 (git-fixes).
- tty: 8250: Fix up PX-803/PX-857 (git-fixes).
- tty: 8250: Remove UC-257 and UC-431 (git-fixes).
- tty: Fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard LOCKUP on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: Add check for kstrdup() in vcc_probe() (git-fixes).
- usb: cdnsp: Fix deadlock issue during using NCM gadget (git-fixes).
- usb: chipidea: Fix DMA overwrite for Tegra (git-fixes).
- usb: chipidea: Simplify Tegra DMA alignment code (git-fixes).
- usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc3: Fix default mode initialization (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: Always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: storage: set 1.50 as the lower bcdDevice for older 'Super Top' compatibility (git-fixes).
- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: Skip hard reset when in error recovery (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: Do not touch the CE interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple PCI devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: Use FW rate for non-data frames (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize IRQs before NAPI (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of MSDU in A-MSDU calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix EDCA limit set by BT coexistence (git-fixes).
- wifi: rtw88: debug: Fix the NULL vs IS_ERR() bug for debugfs_create_file() (git-fixes).
- x86/alternative: Add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: Clear SVM feature if disabled by BIOS (bsc#1214700).
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (git-fixes).
- x86/fpu: Set X86_FEATURE_OSXSAVE feature after enabling OSXSAVE in CR4 (git-fixes).
- x86/hyperv: Add HV_EXPOSE_INVARIANT_TSC define (git-fixes).
- x86/hyperv: Improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: Make hv_get_nmi_reason public (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/sev: Do not try to parse for the CC blob on non-AMD hardware (git-fixes).
- x86/sev: Fix calculation of end address based on number of pages (git-fixes).
- x86/sev: Use the GHCB protocol when available for SNP CPUID requests (git-fixes).
- x86: Move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert AGF log flags to unsigned (git-fixes).
- xfs: convert AGI log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize AG block number formatting in ftrace output (git-fixes).
- xfs: standardize AG number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Enable RPM on controllers that support low-power states (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1207948SUSE bug 1210447SUSE bug 1214286SUSE bug 1214700SUSE bug 1214840SUSE bug 1214976SUSE bug 1215123SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1215802SUSE bug 1215931SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216527SUSE bug 1216584SUSE bug 1216687SUSE bug 1216693SUSE bug 1216759SUSE bug 1216788SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217095SUSE bug 1217124SUSE bug 1217140SUSE bug 1217147SUSE bug 1217195SUSE bug 1217196SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217511SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5633 at SUSECVE-2023-5633 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095)
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-46813: Fixed SEV-ES local priv escalation (bsc#1212649).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
- acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
- acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
- acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
- alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
- alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
- alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
- alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
- alsa: hda/realtek: add quirks for hp laptops (git-fixes).
- alsa: hda/realtek: add support dual speaker for dell (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
- alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-fixes).
- alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
- alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
- alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
- alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
- alsa: info: fix potential deadlock at disconnection (git-fixes).
- alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: add cortex-a520 cpu part definition (git-fixes)
- arm64: allow kprobes on el0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass esr_elx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out el1 ssbs emulation hook (git-fixes)
- arm64: report el1 undefs better (git-fixes)
- arm64: rework bti exception handling (git-fixes)
- arm64: rework el0 mrs emulation (git-fixes)
- arm64: rework fpac exception handling (git-fixes)
- arm64: split el0/el1 undef handlers (git-fixes)
- arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- asoc: ams-delta.c: use component after check (git-fixes).
- asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
- asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
- asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes).
- asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
- asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
- asoc: rt5650: fix the wrong result of key button (git-fixes).
- asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes).
- asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
- ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
- atl1c: work around the dma rx overflow issue (git-fixes).
- atm: iphase: do pci error checks on own line (git-fixes).
- blk-mq: do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: add device 0bda:887b to device tables (git-fixes).
- bluetooth: add device 13d3:3571 to device tables (git-fixes).
- bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
- bluetooth: btusb: add date->evt_skb is null check (git-fixes).
- bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-fixes).
- bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
- can: isotp: set max pdu size to 64 kbyte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: fix comment (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
- clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
- clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
- clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
- clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-fixes).
- clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
- clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes).
- clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() api (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
- crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
- disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures.
- dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use c syntax highlight in driver.rst (bsc#1215458).
- documentation: networking: correct possessive 'its' (bsc#1215458).
- drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-fixes).
- drm/amd/display: avoid null dereference of timing generator (git-fixes).
- drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes).
- drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
- drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
- drm/amd: move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amd: update `update_pcie_parameters` functions to use uint8_t arguments (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use atrm for external devices (git-fixes).
- drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
- drm/amdgpu: remove unnecessary domain argument (git-fixes).
- drm/amdgpu: reserve fences for vm update (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-fixes).
- drm/bridge: lt8912b: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: tc358768: clean up clock period code (git-fixes).
- drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: fix bit updates (git-fixes).
- drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: use struct videomode (git-fixes).
- drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
- drm/i915: fix potential spectre vulnerability (git-fixes).
- drm/i915: flush wc ggtt only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes).
- drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: create devm device attachment (git-fixes).
- drm/mipi-dsi: create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
- drm/msm/dsi: free tx buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
- drm/panel: st7703: pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-fixes).
- drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
- drm/ttm: reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable]
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: omapfb: drop unused remove function (git-fixes).
- fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- fix termination state for idr_for_each_entry_ul() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: correct allocated size for contexts (git-fixes).
- hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
- hid: cp2112: fix duplicate workqueue initialization (git-fixes).
- hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
- hid: hyperv: remove unused struct synthhid_msg (git-fixes).
- hid: hyperv: replace one-element array with flexible-array member (git-fixes).
- hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes).
- hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
- hid: logitech-hidpp: revert 'do not restart communication if not necessary' (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
- hv_netvsc: fix race of register_netdevice_notifier and vf register (git-fixes).
- hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
- hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
- i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
- i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
- i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-fixes).
- i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and mac filter support (bsc#1215458).
- idpf: add rx splitq napi poll support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: add sriov support and other ndo_ops (bsc#1215458).
- idpf: add tx splitq napi poll support (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for rx queues (bsc#1215458).
- idpf: configure resources for tx queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-fixes).
- iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-fixes).
- input: xpad - add vid for turtle beach controllers (git-fixes).
- irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well.
- kernel-source: move provides after sources
- kernel/fork: beware of __put_task_struct() calling context (bsc#1216761).
- leds: pwm: do not disable the pwm when the led should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: do not use smbus calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: correctly initialise try compose rectangle (git-fixes).
- media: ccs: fix driver quirk struct documentation (git-fixes).
- media: cedrus: fix clock/reset sequence (git-fixes).
- media: cobalt: use field_get() to extract link width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-fixes).
- mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: fix double put in dln2_probe (git-fixes).
- misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes).
- mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
- mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
- mmc: block: retry commands in cqe error recovery (git-fixes).
- mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
- mmc: cqhci: increase recovery halt timeout (git-fixes).
- mmc: cqhci: warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
- mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-fixes).
- mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-fixes).
- mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee module_device_table built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
- mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes).
- net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: avoid address overwrite in kernel_connect (bsc#1216861).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nfs: fix access to page->mapping (bsc#1216788).
- nvme: update firmware version after commit (bsc#1215292).
- pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
- pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
- pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
- pci: extract ats disabling to a helper function (bsc#1215458).
- pci: exynos: do not discard .remove() callback (git-fixes).
- pci: keystone: do not discard .probe() callback (git-fixes).
- pci: keystone: do not discard .remove() callback (git-fixes).
- pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes).
- pci: tegra194: use field_get()/field_prep() with link width fields (git-fixes).
- pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
- pci: use field_get() to extract link width (git-fixes).
- pci: vmd: correct pci header type register's multi-function check (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147).
- platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147).
- platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
- platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147).
- platform/x86/intel/vsec: add tpmi id (bsc#1217147).
- platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: support private data (bsc#1217147).
- platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-fixes).
- platform/x86: wmi: fix opening of char device (git-fixes).
- platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
- pm: hibernate: use __get_safe_page() rather than touching the list (git-fixes).
- powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
- powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
- pwm: fix double shift bug (git-fixes).
- pwm: sti: reduce number of allocations and drop usage of chip_data (git-fixes).
- quota: fix slow quotaoff (bsc#1216621).
- r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
- r8152: release firmware if we have an error in probe (git-fixes).
- r8152: run the unload routine if we have errors during probe (git-fixes).
- regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
- regmap: ensure range selector registers are updated after cache sync (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- revert 'i2c: pxa: move to generic gpio recovery' (git-fixes).
- revert 'mmc: core: capture correct oemid-bits for emmc cards' (git-fixes).
- revert 'tracing: fix warning in trace_buffered_event_disable()' (bsc#1217036)
- revert amdgpu patches that caused a regression (bsc#1215802)
- rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/ so carry this in ignored_configs_re instead.
- rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler.
- rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
- run scripts/renamepatches for sle15-sp4
- s390/ap: fix ap bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086).
- s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598).
- s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731).
- scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
- scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124).
- scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
- scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: use field_get() to extract pcie capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: fix ksft print formats (git-fixes).
- selftests/resctrl: ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-fixes).
- selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: revert 'serial: exar: add support for sealevel 7xxxc serial cards' (git-fixes).
- serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
- tty: 8250: add support for additional brainboxes px cards (git-fixes).
- tty: 8250: add support for additional brainboxes uc cards (git-fixes).
- tty: 8250: add support for brainboxes up cards (git-fixes).
- tty: 8250: add support for intashield is-100 (git-fixes).
- tty: 8250: add support for intashield ix cards (git-fixes).
- tty: 8250: fix port count of px-257 (git-fixes).
- tty: 8250: fix up px-803/px-857 (git-fixes).
- tty: 8250: remove uc-257 and uc-431 (git-fixes).
- tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
- update ath11k hibernation fix patch set (bsc#1207948)
- update metadata s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-unknown (bsc#1214976 git-fixes).
- usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
- usb: chipidea: fix dma overwrite for tegra (git-fixes).
- usb: chipidea: simplify tegra dma alignment code (git-fixes).
- usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc2: write hcint with intmask applied (bsc#1214286).
- usb: dwc3: fix default mode initialization (git-fixes).
- usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
- usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: serial: option: add fibocom l7xx modules (git-fixes).
- usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
- usb: serial: option: fix fm101r-gl defines (git-fixes).
- usb: storage: set 1.50 as the lower bcddevice for older 'super top' compatibility (git-fixes).
- usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
- usb: usbip: fix stub_dev hub disconnect (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: do not touch the ce interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
- wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
- wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes).
- x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
- x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
- x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-fixes).
- x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: make hv_get_nmi_reason public (git-fixes).
- x86/sev: do not try to parse for the cc blob on non-amd hardware (git-fixes).
- x86/sev: fix calculation of end address based on number of pages (git-fixes).
- x86/sev: use the ghcb protocol when available for snp cpuid requests (git-fixes).
- x86: move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert agf log flags to unsigned (git-fixes).
- xfs: convert agi log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: make the start pointer passed to btree update_lastrec functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize ag block number formatting in ftrace output (git-fixes).
- xfs: standardize ag number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
- xhci: enable rpm on controllers that support low-power states (git-fixes).
ImportantSUSE bug 1207948SUSE bug 1210447SUSE bug 1212649SUSE bug 1214286SUSE bug 1214700SUSE bug 1214840SUSE bug 1214976SUSE bug 1215095SUSE bug 1215123SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1215802SUSE bug 1215931SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216527SUSE bug 1216584SUSE bug 1216621SUSE bug 1216687SUSE bug 1216693SUSE bug 1216759SUSE bug 1216761SUSE bug 1216788SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217095SUSE bug 1217124SUSE bug 1217140SUSE bug 1217147SUSE bug 1217195SUSE bug 1217196SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217511SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-3777 at SUSECVE-2023-3777 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46813 at SUSECVE-2023-46813 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5633 at SUSECVE-2023-5633 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2006: Fixed a race condition in the RxRPC network protocol (bsc#1210447).
- CVE-2023-25775: Fixed improper access control in the Intel Ethernet Controller RDMA driver (bsc#1216959).
- CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976).
- CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965).
- CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420).
- CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058).
- CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259).
- CVE-2023-46862: Fixed a NULL pointer dereference in io_uring_show_fdinfo() (bsc#1216693).
- CVE-2023-5158: Fixed a denial of service in vringh_kiov_advance() in drivers/vhost/vringh.c in the host side of a virtio ring (bsc#1215710).
- CVE-2023-5633: Fixed a use-after-free flaw in the way memory objects were handled when they were being used to store a surface (bsc#1216527).
- CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584).
- CVE-2023-6039: Fixed a use-after-free in lan78xx_disconnect in drivers/net/usb/lan78xx.c (bsc#1217068).
- CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332).
The following non-security bugs were fixed:
- acpi: fpdt: properly handle invalid fpdt subtables (git-fixes).
- acpi: resource: do irq override on tongfang gmxxgxx (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1402cva (git-fixes).
- acpi: sysfs: fix create_pnp_modalias() and create_of_modalias() (git-fixes).
- alsa: hda/realtek - add dell alc295 to pin fall back table (git-fixes).
- alsa: hda/realtek - alc287 realtek i2s speaker platform support (git-fixes).
- alsa: hda/realtek - enable internal speaker of asus k6500zc (git-fixes).
- alsa: hda/realtek: add quirk for asus ux7602zm (git-fixes).
- alsa: hda/realtek: add quirks for asus 2024 zenbooks (git-fixes).
- alsa: hda/realtek: add quirks for hp laptops (git-fixes).
- alsa: hda/realtek: add support dual speaker for dell (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g10 (git-fixes).
- alsa: hda/realtek: enable mute led on hp 255 g8 (git-fixes).
- alsa: hda: asus um5302la: added quirks for cs35l41/10431a83 on i2c bus (git-fixes).
- alsa: hda: cs35l41: fix unbalanced pm_runtime_get() (git-fixes).
- alsa: hda: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- alsa: hda: disable power-save on kontron singlepc (bsc#1217140).
- alsa: hda: fix possible null-ptr-deref when assigning a stream (git-fixes).
- alsa: hda: intel-dsp-config: fix jsl chromebook quirk detection (git-fixes).
- alsa: info: fix potential deadlock at disconnection (git-fixes).
- alsa: usb-audio: add quirk flag to enable native dsd for mcintosh devices (git-fixes).
- arm/xen: fix xen_vcpu_info allocation alignment (git-fixes).
- arm64: add cortex-a520 cpu part definition (git-fixes)
- arm64: allow kprobes on el0 handlers (git-fixes)
- arm64: armv8_deprecated move emulation functions (git-fixes)
- arm64: armv8_deprecated: fix unused-function error (git-fixes)
- arm64: armv8_deprecated: fold ops into insn_emulation (git-fixes)
- arm64: armv8_deprecated: move aarch32 helper earlier (git-fixes)
- arm64: armv8_deprecated: rework deprected instruction handling (git-fixes)
- arm64: consistently pass esr_elx to die() (git-fixes)
- arm64: die(): pass 'err' as long (git-fixes)
- arm64: factor insn read out of call_undef_hook() (git-fixes)
- arm64: factor out el1 ssbs emulation hook (git-fixes)
- arm64: report el1 undefs better (git-fixes)
- arm64: rework bti exception handling (git-fixes)
- arm64: rework el0 mrs emulation (git-fixes)
- arm64: rework fpac exception handling (git-fixes)
- arm64: split el0/el1 undef handlers (git-fixes)
- arm: 9321/1: memset: cast the constant byte to unsigned char (git-fixes).
- asoc: ams-delta.c: use component after check (git-fixes).
- asoc: codecs: wsa-macro: fix uninitialized stack variables with name prefix (git-fixes).
- asoc: cs35l41: undo runtime pm changes at driver exit time (git-fixes).
- asoc: cs35l41: verify pm runtime resume errors in irq handler (git-fixes).
- asoc: fsl: fix pm disable depth imbalance in fsl_easrc_probe (git-fixes).
- asoc: fsl: mpc5200_dma.c: fix warning of function parameter or member not described (git-fixes).
- asoc: hdmi-codec: register hpd callback on component probe (git-fixes).
- asoc: intel: skylake: fix mem leak when parsing uuids fails (git-fixes).
- asoc: rt5650: fix the wrong result of key button (git-fixes).
- asoc: simple-card: fixup asoc_simple_probe() error handling (git-fixes).
- asoc: sof: core: ensure sof_ops_free() is still called when probe never ran (git-fixes).
- asoc: ti: omap-mcbsp: fix runtime pm underflow warnings (git-fixes).
- ata: pata_isapnp: add missing error check for devm_ioport_map() (git-fixes).
- atl1c: work around the dma rx overflow issue (git-fixes).
- atm: iphase: do pci error checks on own line (git-fixes).
- blk-mq: do not clear driver tags own mapping (bsc#1217366).
- blk-mq: fix null pointer dereference in blk_mq_clear_rq_mapping() (bsc#1217366).
- bluetooth: add device 0bda:887b to device tables (git-fixes).
- bluetooth: add device 13d3:3571 to device tables (git-fixes).
- bluetooth: btusb: add 0bda:b85b for fn-link rtl8852be (git-fixes).
- bluetooth: btusb: add date->evt_skb is null check (git-fixes).
- bluetooth: btusb: add realtek rtl8852be support id 0x0cb8:0xc559 (git-fixes).
- bluetooth: btusb: add rtw8852be device 13d3:3570 to device tables (git-fixes).
- btrfs: always log symlinks in full mode (bsc#1214840).
- can: dev: can_put_echo_skb(): do not crash kernel if can_priv::echo_skb is accessed out of bounds (git-fixes).
- can: dev: can_restart(): do not crash kernel if carrier is ok (git-fixes).
- can: dev: can_restart(): fix race condition between controller restart and netif_carrier_on() (git-fixes).
- can: isotp: add local echo tx processing for consecutive frames (git-fixes).
- can: isotp: fix race between isotp_sendsmg() and isotp_release() (git-fixes).
- can: isotp: fix tx state handling for echo tx processing (git-fixes).
- can: isotp: handle wait_event_interruptible() return values (git-fixes).
- can: isotp: isotp_bind(): return -einval on incorrect can id formatting (git-fixes).
- can: isotp: isotp_sendmsg(): fix tx state detection and wait behavior (git-fixes).
- can: isotp: remove re-binding of bound socket (git-fixes).
- can: isotp: sanitize can id checks in isotp_bind() (git-fixes).
- can: isotp: set max pdu size to 64 kbyte (git-fixes).
- can: isotp: split tx timer into transmission and timeout (git-fixes).
- can: sja1000: fix comment (git-fixes).
- clk: imx: imx8mq: correct error handling path (git-fixes).
- clk: imx: imx8qxp: fix elcdif_pll clock (git-fixes).
- clk: imx: select mxc_clk for clk_imx8qxp (git-fixes).
- clk: keystone: pll: fix a couple null vs is_err() checks (git-fixes).
- clk: mediatek: clk-mt2701: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6765: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6779: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt6797: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629-eth: add check for mtk_alloc_clk_data (git-fixes).
- clk: mediatek: clk-mt7629: add check for mtk_alloc_clk_data (git-fixes).
- clk: npcm7xx: fix incorrect kfree (git-fixes).
- clk: qcom: clk-rcg2: fix clock rate overflow for high parent frequencies (git-fixes).
- clk: qcom: config ipq_apss_6018 should depend on qcom_smem (git-fixes).
- clk: qcom: gcc-sm8150: fix gcc_sdcc2_apps_clk_src (git-fixes).
- clk: qcom: ipq6018: drop the clk_set_rate_parent flag from pll clocks (git-fixes).
- clk: qcom: mmcc-msm8998: do not check halt bit on some branch clks (git-fixes).
- clk: qcom: mmcc-msm8998: fix the smmu gdsc (git-fixes).
- clk: sanitize possible_parent_show to handle return value of of_clk_get_parent_name (git-fixes).
- clk: scmi: free scmi_clk allocated when the clocks with invalid info are skipped (git-fixes).
- clk: ti: add ti_dt_clk_name() helper to use clock-output-names (git-fixes).
- clk: ti: change ti_clk_register[_omap_hw]() api (git-fixes).
- clk: ti: fix double free in of_ti_divider_clk_setup() (git-fixes).
- clk: ti: update component clocks to use ti_dt_clk_name() (git-fixes).
- clk: ti: update pll and clockdomain clocks to use ti_dt_clk_name() (git-fixes).
- clocksource/drivers/timer-atmel-tcb: fix initialization on sam9 hardware (git-fixes).
- clocksource/drivers/timer-imx-gpt: fix potential memory leak (git-fixes).
- crypto: caam/jr - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: caam/qi2 - fix chacha20 + poly1305 self test failure (git-fixes).
- crypto: hisilicon/hpre - fix a erroneous check after snprintf() (git-fixes).
- disable loongson drivers loongson is a mips architecture, it does not make sense to build loongson drivers on other architectures.
- dmaengine: pxa_dma: remove an erroneous bug_on() in pxad_free_desc() (git-fixes).
- dmaengine: ste_dma40: fix pm disable depth imbalance in d40_probe (git-fixes).
- dmaengine: stm32-mdma: correct desc prep when channel running (git-fixes).
- dmaengine: ti: edma: handle irq_of_parse_and_map() errors (git-fixes).
- doc/readme.suse: adjust heading style (jsc#ped-5021) * underscore all headings as a preparation for markdown conversion. * use title-style capitalization for the document name and sentence-style capitalization for section headings, as recommended in the current suse documentation style guide.
- doc/readme.suse: bring information about compiling up to date (jsc#ped-5021) * when building the kernel, do not mention to initially change the current directory to /usr/src/linux because later description discourages it and specifies to use 'make -c /usr/src/linux'. * avoid writing additional details in parentheses, incorporate them instead properly in the text. * fix the obsolete name of /etc/modprobe.d/unsupported-modules -> /etc/modprobe.d/10-unsupported-modules.conf. * drop a note that a newly built kernel should be added to the boot manager because that normally happens automatically when running 'make install'. * update a link to the kernel module packages manual. * when preparing a build for external modules, mention use of the upstream recommended 'make modules_prepare' instead of a pair of 'make prepare' + 'make scripts'. * fix some typos+grammar.
- doc/readme.suse: bring the overview section up to date (jsc#ped-5021) * update information in the overview section that was no longer accurate. * improve wording and fix some typos+grammar.
- doc/readme.suse: convert the document to markdown (jsc#ped-5021)
- doc/readme.suse: minor content clean up (jsc#ped-5021) * mark the user's build directory as a variable, not a command: 'make -c $(your_build_dir)' -> 'make -c $your_build_dir'. * unify how to get the current directory: 'm=$(pwd)' -> 'm=$pwd'. * 'git' / 'git' -> 'git'.
- doc/readme.suse: reflow text to 80-column width (jsc#ped-5021)
- doc/readme.suse: update information about (un)supported modules (jsc#ped-5021) * update the list of taint flags. convert it to a table that matches the upstream documentation format and describe specifically flags that are related to module support status. * fix some typos and wording.
- doc/readme.suse: update information about config files (jsc#ped-5021) * use version variables to describe a name of the /boot/config-... file instead of using specific example versions which get outdated quickly. * replace removed silentoldconfig with oldconfig. * mention that oldconfig can automatically pick a base config from '/boot/config-$(uname -r)'. * avoid writing additional details in parentheses, incorporate them instead properly in the text.
- doc/readme.suse: update information about custom patches (jsc#ped-5021) * replace mention of various patches.* directories with only patches.suse as the typical location for patches. * replace i386 with x86_64 in the example how to define a config addon. * fix some typos and wording.
- doc/readme.suse: update information about dud (jsc#ped-5021) remove a dead link to description of device update disks found previously on novell.com. replace it with a short section summarizing what dud is and reference the mkdud + mksusecd tools and their documentation for more information.
- doc/readme.suse: update information about module paths (jsc#ped-5021) * use version variables to describe names of the /lib/modules/$version-$release-$flavor/... directories instead of using specific example versions which get outdated quickly. * note: keep the /lib/modules/ prefix instead of using the new /usr/lib/modules/ location for now. the updated readme is expected to be incorporated to various branches that are not yet usrmerged.
- doc/readme.suse: update the references list (jsc#ped-5021) * remove the reference to linux documentation project. it has been inactive for years and mostly contains old manuals that are not relevant for contemporary systems and hardware. * update the name and link to lwn.net. the original name 'linux weekly news' has been deemphasized over time by its authors. * update the link to kernel newbies website. * update the reference to the linux kernel module programming guide. the document has not been updated for over a decade but it looks its content is still relevant for today. * point kernel module packages manual to the current version. * add a reference to suse soliddriver program.
- doc/readme.suse: update title information (jsc#ped-5021) * drop the mention of kernel versions from the readme title. * remove information about the original authors of the document. rely as in case of other readmes on git metadata to get information about all contributions. * strip the table of contents. the document is short and easy to navigate just by scrolling through it.
- docs: net: move the probe and open/close sections of driver.rst up (bsc#1215458).
- docs: net: reformat driver.rst from a list to sections (bsc#1215458).
- docs: net: use c syntax highlight in driver.rst (bsc#1215458).
- documentation: networking: correct possessive 'its' (bsc#1215458).
- drivers: hv: vmbus: remove unused extern declaration vmbus_ontimer() (git-fixes).
- drm/amd/display: avoid null dereference of timing generator (git-fixes).
- drm/amd/display: change the dmcub mailbox memory location from fb to inbox (git-fixes).
- drm/amd/display: refactor dm_get_plane_scale helper (git-fixes).
- drm/amd/display: remove useless check in should_enable_fbc() (git-fixes).
- drm/amd/display: use full update for clip size increase of large plane source (git-fixes).
- drm/amd/pm: handle non-terminated overdrive commands (git-fixes).
- drm/amd: disable aspm for vi w/ all intel systems (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for polaris and tonga (git-fixes).
- drm/amd: fix ubsan array-index-out-of-bounds for smu7 (git-fixes).
- drm/amd: move helper for dynamic speed switch check out of smu13 (git-fixes).
- drm/amdgpu/vkms: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: add drv_vram_usage_va for virt data exchange (bsc#1215802).
- drm/amdgpu: add vram reservation based on vram_usagebyfirmware_v2_2 (git-fixes).
- drm/amdgpu: do not use atrm for external devices (git-fixes).
- drm/amdgpu: fix a null pointer access when the smc_rreg pointer is null (git-fixes).
- drm/amdgpu: fix error handling in amdgpu_bo_list_get() (git-fixes).
- drm/amdgpu: fix potential null pointer derefernce (git-fixes).
- drm/amdgpu: fix software pci_unplug on some chips (git-fixes).
- drm/amdgpu: not to save bo in the case of ras err_event_athub (git-fixes).
- drm/amdgpu: remove unnecessary domain argument (git-fixes).
- drm/amdgpu: reserve fences for vm update (git-fixes).
- drm/amdgpu: skip vram reserve on firmware_v2_2 for bare-metal (bsc#1215802).
- drm/amdkfd: fix a race condition of vram buffer unref in svm code (git-fixes).
- drm/amdkfd: fix shift out-of-bounds issue (git-fixes).
- drm/amdkfd: fix some race conditions in vram buffer alloc/free of svm code (git-fixes).
- drm/bridge: fix kernel-doc typo in desc of output_bus_cfg in drm_bridge_state (git-fixes).
- drm/bridge: lt8912b: add missing drm_bridge_attach call (git-fixes).
- drm/bridge: lt8912b: fix bridge_detach (git-fixes).
- drm/bridge: lt8912b: fix crash on bridge detach (git-fixes).
- drm/bridge: lt8912b: manually disable hpd only if it was enabled (git-fixes).
- drm/bridge: lt8912b: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt8912b: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: lt9611uxc: fix the race in the error path (git-fixes).
- drm/bridge: lt9611uxc: register and attach our dsi device at probe (git-fixes).
- drm/bridge: lt9611uxc: switch to devm mipi-dsi helpers (git-fixes).
- drm/bridge: tc358768: clean up clock period code (git-fixes).
- drm/bridge: tc358768: disable non-continuous clock mode (git-fixes).
- drm/bridge: tc358768: fix bit updates (git-fixes).
- drm/bridge: tc358768: fix tc358768_ns_to_cnt() (git-fixes).
- drm/bridge: tc358768: fix use of uninitialized variable (git-fixes).
- drm/bridge: tc358768: print logical values, not raw register values (git-fixes).
- drm/bridge: tc358768: remove unused variable (git-fixes).
- drm/bridge: tc358768: rename dsibclk to hsbyteclk (git-fixes).
- drm/bridge: tc358768: use dev for dbg prints, not priv->dev (git-fixes).
- drm/bridge: tc358768: use struct videomode (git-fixes).
- drm/dp_mst: fix null deref in get_mst_branch_device_by_guid_helper() (git-fixes).
- drm/gma500: fix call trace when psb_gem_mm_init() fails (git-fixes).
- drm/gud: use size_add() in call to struct_size() (git-fixes).
- drm/i915/pmu: check if pmu is closed before stopping event (git-fixes).
- drm/i915: fix potential spectre vulnerability (git-fixes).
- drm/i915: flush wc ggtt only on required platforms (git-fixes).
- drm/komeda: drop all currently held locks if deadlock happens (git-fixes).
- drm/mediatek: fix iommu fault by swapping fbs after updating plane state (git-fixes).
- drm/mediatek: fix iommu fault during crtc enabling (git-fixes).
- drm/mipi-dsi: create devm device attachment (git-fixes).
- drm/mipi-dsi: create devm device registration (git-fixes).
- drm/msm/dp: skip validity check for dp cts edid checksum (git-fixes).
- drm/msm/dsi: free tx buffer in unbind (git-fixes).
- drm/msm/dsi: use msm_gem_kernel_put to free tx buffer (git-fixes).
- drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference (git-fixes).
- drm/panel: fix a possible null pointer dereference (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 bus flags (git-fixes).
- drm/panel: simple: fix innolux g101ice-l01 timings (git-fixes).
- drm/panel: st7703: pick different reset sequence (git-fixes).
- drm/qxl: prevent memory leak (git-fixes).
- drm/radeon: fix a possible null pointer dereference (git-fixes).
- drm/radeon: possible buffer overflow (git-fixes).
- drm/rockchip: cdn-dp: fix some error handling paths in cdn_dp_probe() (git-fixes).
- drm/rockchip: fix type promotion bug in rockchip_gem_iommu_map() (git-fixes).
- drm/rockchip: vop: fix call to crtc reset helper (git-fixes).
- drm/rockchip: vop: fix color for rgb888/bgr888 format on vop full (git-fixes).
- drm/rockchip: vop: fix reset of state in duplicate state crtc funcs (git-fixes).
- drm/syncobj: fix drm_syncobj_wait_flags_wait_available (git-fixes).
- drm/ttm: reorder sys manager cleanup step (git-fixes).
- drm/vc4: fix typo (git-fixes).
- drm/vmwgfx: remove the duplicate bo_free function (bsc#1216527)
- drm/vmwgfx: rename vmw_buffer_object to vmw_bo (bsc#1216527)
- drm: bridge: it66121: fix invalid connector dereference (git-fixes).
- drm: mediatek: mtk_dsi: fix no_eot_packet settings/handling (git-fixes).
- drm: vmwgfx_surface.c: copy user-array safely (git-fixes).
- dt-bindings: usb: hcd: add missing phy name to example (git-fixes).
- dt-bindings: usb: qcom,dwc3: fix example wakeup interrupt types (git-fixes).
- ensure ia32_emulation is always enabled for kernel-obs-build if ia32_emulation is disabled by default, ensure it is enabled back for obs kernel to allow building 32bit binaries (jsc#ped-3184) [ms: always pass the parameter, no need to grep through the config which may not be very reliable]
- fbdev: atyfb: only use ioremap_uc() on i386 and ia64 (git-fixes).
- fbdev: fsl-diu-fb: mark wr_reg_wa() static (git-fixes).
- fbdev: imsttfb: fix a resource leak in probe (git-fixes).
- fbdev: imsttfb: fix double free in probe() (git-fixes).
- fbdev: imsttfb: fix error path of imsttfb_probe() (git-fixes).
- fbdev: imsttfb: release framebuffer and dealloc cmap on error path (git-fixes).
- fbdev: omapfb: drop unused remove function (git-fixes).
- fbdev: uvesafb: call cn_del_callback() at the end of uvesafb_exit() (git-fixes).
- firewire: core: fix possible memory leak in create_units() (git-fixes).
- firmware/imx-dsp: fix use_after_free in imx_dsp_setup_channels() (git-fixes).
- fix termination state for idr_for_each_entry_ul() (git-fixes).
- fix x86/mm: print the encryption features in hyperv is disabled
- gpio: mockup: fix kerneldoc (git-fixes).
- gpio: mockup: remove unused field (git-fixes).
- gpu: host1x: correct allocated size for contexts (git-fixes).
- hid: add quirk for dell pro wireless keyboard and mouse km5221w (git-fixes).
- hid: cp2112: fix duplicate workqueue initialization (git-fixes).
- hid: hyperv: avoid struct memcpy overrun warning (git-fixes).
- hid: hyperv: remove unused struct synthhid_msg (git-fixes).
- hid: hyperv: replace one-element array with flexible-array member (git-fixes).
- hid: lenovo: detect quirk-free fw on cptkbd and stop applying workaround (git-fixes).
- hid: logitech-hidpp: do not restart io, instead defer hid_connect() only (git-fixes).
- hid: logitech-hidpp: move get_wireless_feature_index() check to hidpp_connect_event() (git-fixes).
- hid: logitech-hidpp: remove hidpp_quirk_no_hidinput quirk (git-fixes).
- hid: logitech-hidpp: revert 'do not restart communication if not necessary' (git-fixes).
- hv: simplify sysctl registration (git-fixes).
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (git-fixes).
- hv_netvsc: fix race of netvsc and vf register_netdevice (git-fixes).
- hv_netvsc: fix race of register_netdevice_notifier and vf register (git-fixes).
- hv_netvsc: mark vf as slave before exposing it to user-mode (git-fixes).
- hwmon: (coretemp) fix potentially truncated sysfs attribute name (git-fixes).
- i2c: aspeed: fix i2c bus hang in slave read (git-fixes).
- i2c: core: run atomic i2c xfer when !preemptible (git-fixes).
- i2c: designware: disable tx_empty irq while waiting for block length byte (git-fixes).
- i2c: dev: copy userspace array safely (git-fixes).
- i2c: i801: fix potential race in i801_block_transaction_byte_by_byte (git-fixes).
- i2c: iproc: handle invalid slave state (git-fixes).
- i2c: muxes: i2c-demux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-gpmux: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: muxes: i2c-mux-pinctrl: use of_get_i2c_adapter_by_node() (git-fixes).
- i2c: stm32f7: fix pec handling in case of smbus transfers (git-fixes).
- i2c: sun6i-p2wi: prevent potential division by zero (git-fixes).
- i3c: fix potential refcount leak in i3c_master_register_new_i3c_devs (git-fixes).
- i3c: master: cdns: fix reading status register (git-fixes).
- i3c: master: mipi-i3c-hci: fix a kernel panic for accessing dat_data (git-fixes).
- i3c: master: svc: fix check wrong status register in irq handler (git-fixes).
- i3c: master: svc: fix ibi may not return mandatory data byte (git-fixes).
- i3c: master: svc: fix race condition in ibi work thread (git-fixes).
- i3c: master: svc: fix sda keep low when polling ibiwon timeout happen (git-fixes).
- i3c: master: svc: fix wrong data return when ibi happen during start frame (git-fixes).
- i3c: mipi-i3c-hci: fix out of bounds access in hci_dma_irq_handler (git-fixes).
- i915/perf: fix null deref bugs with drm_dbg() calls (git-fixes).
- idpf: add controlq init and reset checks (bsc#1215458).
- idpf: add core init and interrupt request (bsc#1215458).
- idpf: add create vport and netdev configuration (bsc#1215458).
- idpf: add ethtool callbacks (bsc#1215458).
- idpf: add module register and probe functionality (bsc#1215458).
- idpf: add ptypes and mac filter support (bsc#1215458).
- idpf: add rx splitq napi poll support (bsc#1215458).
- idpf: add singleq start_xmit and napi poll (bsc#1215458).
- idpf: add splitq start_xmit (bsc#1215458).
- idpf: add sriov support and other ndo_ops (bsc#1215458).
- idpf: add tx splitq napi poll support (bsc#1215458).
- idpf: cancel mailbox work in error path (bsc#1215458).
- idpf: configure resources for rx queues (bsc#1215458).
- idpf: configure resources for tx queues (bsc#1215458).
- idpf: fix potential use-after-free in idpf_tso() (bsc#1215458).
- idpf: initialize interrupts and enable vport (bsc#1215458).
- idpf: set scheduling mode for completion queue (bsc#1215458).
- iio: adc: xilinx-xadc: correct temperature offset/scale for ultrascale (git-fixes).
- iio: adc: xilinx-xadc: do not clobber preset voltage/temperature thresholds (git-fixes).
- iio: exynos-adc: request second interupt only when touchscreen mode is used (git-fixes).
- input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (git-fixes).
- input: synaptics-rmi4 - handle reset delay when using smbus trsnsport (git-fixes).
- input: xpad - add vid for turtle beach controllers (git-fixes).
- irqchip/stm32-exti: add missing dt irq flag translation (git-fixes).
- kabi/severities: ignore kabi in rxrpc (bsc#1210447) the rxrpc module is built since sle15-sp3 but it is not shipped as part of any sle product, only in leap (in kernel-*-optional).
- kernel-binary: suse-module-tools is also required when installed requires(pre) adds dependency for the specific sciptlet. however, suse-module-tools also ships modprobe.d files which may be needed at posttrans time or any time the kernel is on the system for generating ramdisk. add plain requires as well.
- kernel-source: move provides after sources
- leds: pwm: do not disable the pwm when the led should be off (git-fixes).
- leds: trigger: ledtrig-cpu:: fix 'output may be truncated' issue for 'cpu' (git-fixes).
- leds: turris-omnia: do not use smbus calls (git-fixes).
- lsm: fix default return value for inode_getsecctx (git-fixes).
- lsm: fix default return value for vm_enough_memory (git-fixes).
- media: bttv: fix use after free error due to btv->timeout timer (git-fixes).
- media: ccs: correctly initialise try compose rectangle (git-fixes).
- media: ccs: fix driver quirk struct documentation (git-fixes).
- media: cedrus: fix clock/reset sequence (git-fixes).
- media: cobalt: use field_get() to extract link width (git-fixes).
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (git-fixes).
- media: i2c: max9286: fix some redundant of_node_put() calls (git-fixes).
- media: imon: fix access to invalid resource for the second interface (git-fixes).
- media: lirc: drop trailing space from scancode transmit (git-fixes).
- media: qcom: camss: fix missing vfe_lite clocks check (git-fixes).
- media: qcom: camss: fix pm_domain_on sequence in probe (git-fixes).
- media: qcom: camss: fix vfe-17x vfe_disable_output() (git-fixes).
- media: qcom: camss: fix vfe_get() error jump (git-fixes).
- media: sharp: fix sharp encoding (git-fixes).
- media: siano: drop unnecessary error check for debugfs_create_dir/file() (git-fixes).
- media: venus: hfi: add checks to handle capabilities from firmware (git-fixes).
- media: venus: hfi: add checks to perform sanity on queue pointers (git-fixes).
- media: venus: hfi: fix the check to handle session buffer requirement (git-fixes).
- media: venus: hfi_parser: add check to keep the number of codecs within range (git-fixes).
- media: vidtv: mux: add check and kfree for kstrdup (git-fixes).
- media: vidtv: psi: add check for kstrdup (git-fixes).
- media: vivid: avoid integer overflow (git-fixes).
- mfd: arizona-spi: set pdata.hpdet_channel for acpi enumerated devs (git-fixes).
- mfd: core: ensure disabled devices are skipped without aborting (git-fixes).
- mfd: dln2: fix double put in dln2_probe (git-fixes).
- misc: fastrpc: clean buffers on remote invocation failures (git-fixes).
- misc: pci_endpoint_test: add device id for r-car s4-8 pcie controller (git-fixes).
- mm/hmm: fault non-owner device private entries (bsc#1216844, jsc#ped-7237, git-fixes).
- mmc: block: be sure to wait while busy in cqe error recovery (git-fixes).
- mmc: block: do not lose cache flush during cqe error recovery (git-fixes).
- mmc: block: retry commands in cqe error recovery (git-fixes).
- mmc: cqhci: fix task clearing in cqe error recovery (git-fixes).
- mmc: cqhci: increase recovery halt timeout (git-fixes).
- mmc: cqhci: warn of halt or task clear failure (git-fixes).
- mmc: meson-gx: remove setting of cmd_cfg_error (git-fixes).
- mmc: sdhci-pci-gli: a workaround to allow gl9750 to enter aspm l1.2 (git-fixes).
- mmc: sdhci-pci-gli: gl9750: mask the replay timer timeout of aer (git-fixes).
- mmc: sdhci_am654: fix start loop index for tap value parsing (git-fixes).
- mmc: vub300: fix an error code (git-fixes).
- modpost: fix tee module_device_table built on big-endian host (git-fixes).
- mt76: dma: use kzalloc instead of devm_kzalloc for txwi (git-fixes).
- mtd: cfi_cmdset_0001: byte swap otp info (git-fixes).
- mtd: rawnand: arasan: include ecc syndrome along with in-band data while checking for ecc failure (git-fixes).
- net-memcg: fix scope of sockmem pressure indicators (bsc#1216759).
- net: add macro netif_subqueue_completed_wake (bsc#1215458).
- net: avoid address overwrite in kernel_connect (bsc#1216861).
- net: fix use-after-free in tw_timer_handler (bsc#1217195).
- net: ieee802154: adf7242: fix some potential buffer overflow in adf7242_stats_show() (git-fixes).
- net: mana: fix return type of mana_start_xmit() (git-fixes).
- net: piggy back on the memory barrier in bql when waking queues (bsc#1215458).
- net: provide macros for commonly copied lockless queue stop/wake code (bsc#1215458).
- net: usb: ax88179_178a: fix failed operations during ax88179_reset (git-fixes).
- net: usb: smsc95xx: fix uninit-value access in smsc95xx_read_reg (git-fixes).
- nfs: fix access to page->mapping (bsc#1216788).
- nvme: update firmware version after commit (bsc#1215292).
- pci/aspm: fix l1 substate handling in aspm_attr_store_common() (git-fixes).
- pci/sysfs: protect driver's d3cold preference from user space (git-fixes).
- pci: disable ats for specific intel ipu e2000 devices (bsc#1215458).
- pci: extract ats disabling to a helper function (bsc#1215458).
- pci: exynos: do not discard .remove() callback (git-fixes).
- pci: keystone: do not discard .probe() callback (git-fixes).
- pci: keystone: do not discard .remove() callback (git-fixes).
- pci: prevent xhci driver from claiming amd vangogh usb3 drd device (git-fixes).
- pci: tegra194: use field_get()/field_prep() with link width fields (git-fixes).
- pci: use field_get() in sapphire rx 5600 xt pulse quirk (git-fixes).
- pci: use field_get() to extract link width (git-fixes).
- pci: vmd: correct pci header type register's multi-function check (git-fixes).
- pcmcia: cs: fix possible hung task and memory leak pccardd() (git-fixes).
- pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() (git-fixes).
- pcmcia: ds: fix refcount leak in pcmcia_device_add() (git-fixes).
- pinctrl: avoid reload of p state in list iteration (git-fixes).
- platform/x86/intel-uncore-freq: return error on write frequency (bsc#1217147).
- platform/x86/intel-uncore-freq: split common and enumeration part (bsc#1217147).
- platform/x86/intel-uncore-freq: support for cluster level controls (bsc#1217147).
- platform/x86/intel-uncore-freq: tpmi: provide cluster level control (bsc#1217147).
- platform/x86/intel-uncore-freq: uncore frequency control via tpmi (bsc#1217147).
- platform/x86/intel/tpmi: add tpmi external interface for tpmi feature drivers (bsc#1217147).
- platform/x86/intel/tpmi: fix double free reported by smatch (bsc#1217147).
- platform/x86/intel/tpmi: process cpu package mapping (bsc#1217147).
- platform/x86/intel/uncore-freq: display uncore current frequency (bsc#1217147).
- platform/x86/intel/uncore-freq: move to uncore-frequency folder (bsc#1217147).
- platform/x86/intel/uncore-freq: use sysfs api to create attributes (bsc#1217147).
- platform/x86/intel/vsec: add tpmi id (bsc#1217147).
- platform/x86/intel/vsec: enhance and export intel_vsec_add_aux() (bsc#1217147).
- platform/x86/intel/vsec: support private data (bsc#1217147).
- platform/x86/intel/vsec: use mutex for ida_alloc() and ida_free() (bsc#1217147).
- platform/x86/intel: intel tpmi enumeration driver (bsc#1217147).
- platform/x86/intel: tpmi: fix double free in tpmi_create_device() (bsc#1217147).
- platform/x86: intel-uncore-freq: add client processors (bsc#1217147).
- platform/x86: intel-uncore-freq: conditionally create attribute for read frequency (bsc#1217147).
- platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (bsc#1217147).
- platform/x86: intel-uncore-freq: prevent driver loading in guests (bsc#1217147).
- platform/x86: intel-uncore-freq: use sysfs_emit() to instead of scnprintf() (bsc#1217147).
- platform/x86: intel-uncore-frequency: move to intel sub-directory (bsc#1217147).
- platform/x86: intel-uncore-frequency: use default_groups in kobj_type (bsc#1217147).
- platform/x86: thinkpad_acpi: add battery quirk for thinkpad x120e (git-fixes).
- platform/x86: wmi: fix opening of char device (git-fixes).
- platform/x86: wmi: fix probe failure when failing to register wmi devices (git-fixes).
- platform/x86: wmi: remove unnecessary initializations (git-fixes).
- pm / devfreq: rockchip-dfi: make pmu regmap mandatory (git-fixes).
- pm: hibernate: use __get_safe_page() rather than touching the list (git-fixes).
- powerpc/perf/hv-24x7: update domain value check (bsc#1215931).
- powerpc/vas: limit open window failure messages in log bufffer (bsc#1216687 ltc#203927).
- powerpc: do not clobber f0/vs0 during fp|altivec register save (bsc#1217780).
- pwm: brcmstb: utilize appropriate clock apis in suspend/resume (git-fixes).
- pwm: fix double shift bug (git-fixes).
- pwm: sti: reduce number of allocations and drop usage of chip_data (git-fixes).
- r8152: cancel hw_phy_work if we have an error in probe (git-fixes).
- r8152: check for unplug in r8153b_ups_en() / r8153c_ups_en() (git-fixes).
- r8152: check for unplug in rtl_phy_patch_request() (git-fixes).
- r8152: increase usb control msg timeout to 5000ms as per spec (git-fixes).
- r8152: release firmware if we have an error in probe (git-fixes).
- r8152: run the unload routine if we have errors during probe (git-fixes).
- regmap: debugfs: fix a erroneous check after snprintf() (git-fixes).
- regmap: ensure range selector registers are updated after cache sync (git-fixes).
- regmap: prevent noinc writes from clobbering cache (git-fixes).
- revert 'i2c: pxa: move to generic gpio recovery' (git-fixes).
- revert 'mmc: core: capture correct oemid-bits for emmc cards' (git-fixes).
- revert 'tracing: fix warning in trace_buffered_event_disable()' (bsc#1217036)
- rpm/check-for-config-changes: add as_wruss to ignored_configs_re add as_wruss as an ignored_configs_re entry in check-for-config-changes to fix build on x86_32. there was a fix submitted to upstream but it was not accepted: https://lore.kernel.org/all/20231031140504.gczuejkmpxsredh3ma@fat_crate.local/ so carry this in ignored_configs_re instead.
- rpm/check-for-config-changes: add have_shadow_call_stack to ignored_configs_re not supported by our compiler.
- rpm/mkspec-dtb: add riscv64 dtb-allwinner subpackage
- run scripts/renamepatches for sle15-sp4
- s390/ap: fix ap bus crash on early config change callback invocation (git-fixes bsc#1217687).
- s390/cio: unregister device when the only path is gone (git-fixes bsc#1217609).
- s390/cmma: fix detection of dat pages (ltc#203997 bsc#1217086).
- s390/cmma: fix handling of swapper_pg_dir and invalid_pg_dir (ltc#203997 bsc#1217086).
- s390/cmma: fix initial kernel address space page table walk (ltc#203997 bsc#1217086).
- s390/crashdump: fix tod programmable field size (git-fixes bsc#1217205).
- s390/dasd: fix hanging device after request requeue (git-fixes ltc#203629 bsc#1215124).
- s390/dasd: protect device queue against concurrent access (git-fixes bsc#1217515).
- s390/dasd: use correct number of retries for erp requests (git-fixes bsc#1217598).
- s390/ipl: add missing ipl_type_eckd_dump case to ipl_init() (git-fixes bsc#1217511).
- s390/ipl: add missing secure/has_secure file to ipl type 'unknown' (bsc#1214976 git-fixes).
- s390/mm: add missing arch_set_page_dat() call to gmap allocations (ltc#203997 bsc#1217086).
- s390/mm: add missing arch_set_page_dat() call to vmem_crst_alloc() (ltc#203997 bsc#1217086).
- s390/pkey: fix/harmonize internal keyblob headers (git-fixes bsc#1217200).
- s390/ptrace: fix ptrace_get_last_break error handling (git-fixes bsc#1217599).
- sbitmap: fix batched wait_cnt accounting (bsc#1217095 bsc#1217196).
- sbitmap: fix up kabi for sbitmap_queue_wake_up() (bsc#1217095 bsc#1217196).
- sbsa_gwdt: calculate timeout with 64-bit math (git-fixes).
- scsi: lpfc: copyright updates for 14.2.0.16 patches (bsc#1217731).
- scsi: lpfc: correct maximum pci function value for ras fw logging (bsc#1217731).
- scsi: lpfc: eliminate unnecessary relocking in lpfc_check_nlp_post_devloss() (bsc#1217731).
- scsi: lpfc: enhance driver logging for selected discovery events (bsc#1217731).
- scsi: lpfc: fix list_entry null check warning in lpfc_cmpl_els_plogi() (bsc#1217731).
- scsi: lpfc: fix possible file string name overflow when updating firmware (bsc#1217731).
- scsi: lpfc: introduce log_node_verbose messaging flag (bsc#1217124).
- scsi: lpfc: refactor and clean up mailbox command memory free (bsc#1217731).
- scsi: lpfc: reject received prlis with only initiator fcn role for npiv ports (bsc#1217124).
- scsi: lpfc: remove unnecessary zero return code assignment in lpfc_sli4_hba_setup (bsc#1217124).
- scsi: lpfc: return early in lpfc_poll_eratt() when the driver is unloading (bsc#1217731).
- scsi: lpfc: treat ioerr_sli_down i/o completion status the same as pci offline (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.15 (bsc#1217124).
- scsi: lpfc: update lpfc version to 14.2.0.16 (bsc#1217731).
- scsi: lpfc: validate els ls_acc completion payload (bsc#1217124).
- scsi: qla2xxx: fix double free of dsd_list during driver load (git-fixes).
- scsi: qla2xxx: use field_get() to extract pcie capability fields (git-fixes).
- selftests/efivarfs: create-read: fix a resource leak (git-fixes).
- selftests/pidfd: fix ksft print formats (git-fixes).
- selftests/resctrl: ensure the benchmark commands fits to its array (git-fixes).
- selftests/resctrl: reduce failures due to outliers in mba/mbm tests (git-fixes).
- selftests/resctrl: remove duplicate feature check from cmt test (git-fixes).
- seq_buf: fix a misleading comment (git-fixes).
- serial: exar: revert 'serial: exar: add support for sealevel 7xxxc serial cards' (git-fixes).
- serial: meson: use platform_get_irq() to get the interrupt (git-fixes).
- soc: qcom: llcc: handle a second device without data corruption (git-fixes).
- spi: nxp-fspi: use the correct ioremap function (git-fixes).
- spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies (git-fixes).
- spi: tegra: fix missing irq check in tegra_slink_probe() (git-fixes).
- staging: media: ipu3: remove ftrace-like logging (git-fixes).
- string.h: add array-wrappers for (v)memdup_user() (git-fixes).
- supported.conf: marked idpf supported
- thermal: core: prevent potential string overflow (git-fixes).
- treewide: spelling fix in comment (git-fixes).
- tty/sysrq: replace smp_processor_id() with get_cpu() (git-fixes).
- tty: 8250: add brainboxes oxford semiconductor-based quirks (git-fixes).
- tty: 8250: add support for additional brainboxes px cards (git-fixes).
- tty: 8250: add support for additional brainboxes uc cards (git-fixes).
- tty: 8250: add support for brainboxes up cards (git-fixes).
- tty: 8250: add support for intashield is-100 (git-fixes).
- tty: 8250: add support for intashield ix cards (git-fixes).
- tty: 8250: fix port count of px-257 (git-fixes).
- tty: 8250: fix up px-803/px-857 (git-fixes).
- tty: 8250: remove uc-257 and uc-431 (git-fixes).
- tty: fix uninit-value access in ppp_sync_receive() (git-fixes).
- tty: n_gsm: fix race condition in status line change on dead connections (git-fixes).
- tty: serial: meson: fix hard lockup on crtscts mode (git-fixes).
- tty: tty_jobctrl: fix pid memleak in disassociate_ctty() (git-fixes).
- tty: vcc: add check for kstrdup() in vcc_probe() (git-fixes).
- update metadata patches.suse/s390-ipl-add-missing-secure-has_secure-file-to-ipl-type-unknown (bsc#1214976 git-fixes).
- usb: cdnsp: fix deadlock issue during using ncm gadget (git-fixes).
- usb: chipidea: fix dma overwrite for tegra (git-fixes).
- usb: chipidea: simplify tegra dma alignment code (git-fixes).
- usb: dwc2: fix possible null pointer dereference caused by driver concurrency (git-fixes).
- usb: dwc2: write hcint with intmask applied (bsc#1214286).
- usb: dwc3: fix default mode initialization (git-fixes).
- usb: dwc3: qcom: fix acpi platform device leak (git-fixes).
- usb: dwc3: qcom: fix resource leaks on probe deferral (git-fixes).
- usb: dwc3: qcom: fix software node leak on probe errors (git-fixes).
- usb: dwc3: qcom: fix wakeup after probe deferral (git-fixes).
- usb: dwc3: set the dma max_seg_size (git-fixes).
- usb: gadget: f_ncm: always set current gadget in ncm_bind() (git-fixes).
- usb: raw-gadget: properly handle interrupted requests (git-fixes).
- usb: serial: option: add fibocom l7xx modules (git-fixes).
- usb: serial: option: do not claim interface 4 for zte mf290 (git-fixes).
- usb: serial: option: fix fm101r-gl defines (git-fixes).
- usb: storage: set 1.50 as the lower bcddevice for older 'super top' compatibility (git-fixes).
- usb: typec: tcpm: fix null pointer dereference in tcpm_pd_svdm() (git-fixes).
- usb: typec: tcpm: skip hard reset when in error recovery (git-fixes).
- usb: usbip: fix stub_dev hub disconnect (git-fixes).
- virtchnl: add virtchnl version 2 ops (bsc#1215458).
- wifi: ath10k: do not touch the ce interrupt registers after power up (git-fixes).
- wifi: ath10k: fix clang-specific fortify warning (git-fixes).
- wifi: ath11k: debugfs: fix to work with multiple pci devices (git-fixes).
- wifi: ath11k: fix dfs radar event locking (git-fixes).
- wifi: ath11k: fix gtk offload status event locking (git-fixes).
- wifi: ath11k: fix htt pktlog locking (git-fixes).
- wifi: ath11k: fix temperature event locking (git-fixes).
- wifi: ath9k: fix clang-specific fortify warnings (git-fixes).
- wifi: iwlwifi: call napi_synchronize() before freeing rx/tx queues (git-fixes).
- wifi: iwlwifi: empty overflow queue during flush (git-fixes).
- wifi: iwlwifi: honor the enable_ini value (git-fixes).
- wifi: iwlwifi: pcie: synchronize irqs before napi (git-fixes).
- wifi: iwlwifi: use fw rate for non-data frames (git-fixes).
- wifi: mac80211: do not return unset power in ieee80211_get_tx_power() (git-fixes).
- wifi: mac80211: fix # of msdu in a-msdu calculation (git-fixes).
- wifi: mt76: mt7603: rework/fix rx pse hang check (git-fixes).
- wifi: rtlwifi: fix edca limit set by bt coexistence (git-fixes).
- wifi: rtw88: debug: fix the null vs is_err() bug for debugfs_create_file() (git-fixes).
- x86/alternative: add a __alt_reloc_selftest() prototype (git-fixes).
- x86/cpu: clear svm feature if disabled by bios (bsc#1214700).
- x86/cpu: fix amd erratum #1485 on zen4-based cpus (git-fixes).
- x86/fpu: set x86_feature_osxsave feature after enabling osxsave in cr4 (git-fixes).
- x86/hyperv: add hv_expose_invariant_tsc define (git-fixes).
- x86/hyperv: fix a warning in mshyperv.h (git-fixes).
- x86/hyperv: improve code for referencing hyperv_pcpu_input_arg (git-fixes).
- x86/hyperv: make hv_get_nmi_reason public (git-fixes).
- x86/sev: do not try to parse for the cc blob on non-amd hardware (git-fixes).
- x86/sev: fix calculation of end address based on number of pages (git-fixes).
- x86/sev: use the ghcb protocol when available for snp cpuid requests (git-fixes).
- x86: move gds_ucode_mitigated() declaration to header (git-fixes).
- xfs: add attr state machine tracepoints (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- xfs: constify btree function parameters that are not modified (git-fixes).
- xfs: convert agf log flags to unsigned (git-fixes).
- xfs: convert agi log flags to unsigned (git-fixes).
- xfs: convert attr type flags to unsigned (git-fixes).
- xfs: convert bmap extent type flags to unsigned (git-fixes).
- xfs: convert bmapi flags to unsigned (git-fixes).
- xfs: convert btree buffer log flags to unsigned (git-fixes).
- xfs: convert buffer flags to unsigned (git-fixes).
- xfs: convert buffer log item flags to unsigned (git-fixes).
- xfs: convert da btree operations flags to unsigned (git-fixes).
- xfs: convert dquot flags to unsigned (git-fixes).
- xfs: convert inode lock flags to unsigned (git-fixes).
- xfs: convert log item tracepoint flags to unsigned (git-fixes).
- xfs: convert log ticket and iclog flags to unsigned (git-fixes).
- xfs: convert quota options flags to unsigned (git-fixes).
- xfs: convert scrub type flags to unsigned (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'blkno', 'block', or 'bno' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'count' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'len' (git-fixes).
- xfs: disambiguate units for ftrace fields tagged 'offset' (git-fixes).
- xfs: make the key parameters to all btree key comparison functions const (git-fixes).
- xfs: make the key parameters to all btree query range functions const (git-fixes).
- xfs: make the keys and records passed to btree inorder functions const (git-fixes).
- xfs: make the pointer passed to btree set_root functions const (git-fixes).
- xfs: make the start pointer passed to btree alloc_block functions const (git-fixes).
- xfs: mark the record passed into btree init_key functions as const (git-fixes).
- xfs: mark the record passed into xchk_btree functions as const (git-fixes).
- xfs: remove xfs_btree_cur_t typedef (git-fixes).
- xfs: rename i_disk_size fields in ftrace output (git-fixes).
- xfs: resolve fork names in trace output (git-fixes).
- xfs: standardize ag block number formatting in ftrace output (git-fixes).
- xfs: standardize ag number formatting in ftrace output (git-fixes).
- xfs: standardize daddr formatting in ftrace output (git-fixes).
- xfs: standardize inode generation formatting in ftrace output (git-fixes).
- xfs: standardize inode number formatting in ftrace output (git-fixes).
- xfs: standardize remaining xfs_buf length tracepoints (git-fixes).
- xfs: standardize rmap owner number formatting in ftrace output (git-fixes).
- xhci: Loosen RPM as default policy to cover for AMD xHC 1.1 (git-fixes).
- xhci: enable rpm on controllers that support low-power states (git-fixes).
ImportantSUSE bug 1084909SUSE bug 1207948SUSE bug 1210447SUSE bug 1214286SUSE bug 1214700SUSE bug 1214840SUSE bug 1214976SUSE bug 1215123SUSE bug 1215124SUSE bug 1215292SUSE bug 1215420SUSE bug 1215458SUSE bug 1215710SUSE bug 1215802SUSE bug 1215931SUSE bug 1216058SUSE bug 1216105SUSE bug 1216259SUSE bug 1216527SUSE bug 1216584SUSE bug 1216687SUSE bug 1216693SUSE bug 1216759SUSE bug 1216788SUSE bug 1216844SUSE bug 1216861SUSE bug 1216909SUSE bug 1216959SUSE bug 1216965SUSE bug 1216976SUSE bug 1217036SUSE bug 1217068SUSE bug 1217086SUSE bug 1217095SUSE bug 1217124SUSE bug 1217140SUSE bug 1217147SUSE bug 1217195SUSE bug 1217196SUSE bug 1217200SUSE bug 1217205SUSE bug 1217332SUSE bug 1217366SUSE bug 1217511SUSE bug 1217515SUSE bug 1217598SUSE bug 1217599SUSE bug 1217609SUSE bug 1217687SUSE bug 1217731SUSE bug 1217780CVE-2023-2006 at SUSECVE-2023-2006 at NVDCVE-2023-25775 at SUSECVE-2023-25775 at NVDCVE-2023-39197 at SUSECVE-2023-39197 at NVDCVE-2023-39198 at SUSECVE-2023-39198 at NVDCVE-2023-4244 at SUSECVE-2023-4244 at NVDCVE-2023-45863 at SUSECVE-2023-45863 at NVDCVE-2023-45871 at SUSECVE-2023-45871 at NVDCVE-2023-46862 at SUSECVE-2023-46862 at NVDCVE-2023-5158 at SUSECVE-2023-5158 at NVDCVE-2023-5633 at SUSECVE-2023-5633 at NVDCVE-2023-5717 at SUSECVE-2023-5717 at NVDCVE-2023-6039 at SUSECVE-2023-6039 at NVDCVE-2023-6176 at SUSECVE-2023-6176 at NVDcpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Important)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
- CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765).
- CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766).
ImportantSUSE bug 1217765SUSE bug 1217766CVE-2023-6377 at SUSECVE-2023-6377 at NVDCVE-2023-6478 at SUSECVE-2023-6478 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Important)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2023-6377: Fixed Out-of-bounds memory write in XKB button actions(bsc#1217765).
- CVE-2023-6478: Fixed Out-of-bounds memory read in RRChangeOutputProperty and RRChangeProviderProperty (bsc#1217766).
ImportantSUSE bug 1217765SUSE bug 1217766CVE-2023-6377 at SUSECVE-2023-6377 at NVDCVE-2023-6478 at SUSECVE-2023-6478 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.42.3 (bsc#1217844):
- Fix flickering while playing videos with DMA-BUF sink.
- Fix color picker being triggered in the inspector when typing 'tan'.
- Do not special case the 'sans' font family name.
- Fix build failure with libxml2 version 2.12.0 due to an API change.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2023-42916, CVE-2023-42917.
ImportantSUSE bug 1217844CVE-2023-42916 at SUSECVE-2023-42916 at NVDCVE-2023-42917 at SUSECVE-2023-42917 at NVDcpe:/o:opensuse:leap:15.5Security update for python-cryptography (Moderate)openSUSE Leap 15.5
This update for python-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-cryptography (Moderate)openSUSE Leap 15.5
This update for python3-cryptography fixes the following issues:
- CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592).
ModerateSUSE bug 1217592CVE-2023-49083 at SUSECVE-2023-49083 at NVDcpe:/o:opensuse:leap:15.5Security update for tracker-miners (Important)openSUSE Leap 15.5
This update for tracker-miners fixes the following issues:
- CVE-2023-5557: Fixed a sandbox escape by adding seccomp rules and applying it to the whole process (bsc#1216199)
- rebuild against current ICU 73.
ImportantSUSE bug 1216199CVE-2023-5557 at SUSECVE-2023-5557 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Important)openSUSE Leap 15.5
This update for tiff fixes the following issues:
- CVE-2023-2731: Fix null pointer deference in LZWDecode() (bsc#1211478).
- CVE-2023-1916: Fix out-of-bounds read in extractImageSection() (bsc#1210231).
- CVE-2023-26965: Fix heap-based use after free in loadImage() (bsc#1212398).
- CVE-2022-40090: Fix infinite loop in TIFFReadDirectory() (bsc#1214680).
ImportantSUSE bug 1199483SUSE bug 1210231SUSE bug 1211478SUSE bug 1212398SUSE bug 1214680CVE-2022-1622 at SUSECVE-2022-1622 at NVDCVE-2022-40090 at SUSECVE-2022-40090 at NVDCVE-2023-1916 at SUSECVE-2023-1916 at NVDCVE-2023-26965 at SUSECVE-2023-26965 at NVDCVE-2023-2731 at SUSECVE-2023-2731 at NVDcpe:/o:opensuse:leap:15.5Security update for cosign (Moderate)openSUSE Leap 15.5
This update for cosign fixes the following issues:
Updated to 2.2.1 (jsc#SLE-23879)
- Enhancements:
* CVE-2023-46737: Possible endless data attack from attacker-controlled registry (bsc#1216933)
* feat: Support basic auth and bearer auth login to registry (#3310)
* add support for ignoring certificates with pkcs11 (#3334)
* Support ReplaceOp in Signatures (#3315)
* feat: added ability to get image digest back via triangulate (#3255)
* feat: add `--only` flag in `cosign copy` to copy sign, att & sbom (#3247)
* feat: add support attaching a Rekor bundle to a container (#3246)
* feat: add support outputting rekor response on signing (#3248)
* feat: improve dockerfile verify subcommand (#3264)
* Add guard flag for experimental OCI 1.1 verify. (#3272)
* Deprecate SBOM attachments (#3256)
* feat: dedent line in cosign copy doc (#3244)
* feat: add platform flag to cosign copy command (#3234)
* Add SLSA 1.0 attestation support to cosign. Closes #2860 (#3219)
* attest: pass OCI remote opts to att resolver. (#3225)
- Bug Fixes:
* Merge pull request from GHSA-vfp6-jrw2-99g9
* fix: allow cosign download sbom when image is absent (#3245)
* ci: add a OCI registry test for referrers support (#3253)
* Fix ReplaceSignatures (#3292)
* Stop using deprecated in_toto.ProvenanceStatement (#3243)
* Fixes #3236, disable SCT checking for a cosign verification when using .. (#3237)
* fix: update error in `SignedEntity` to be more descriptive (#3233)
* Fail timestamp verification if no root is provided (#3224)
- Documentation:
* Add some docs about verifying in an air-gapped environment (#3321)
* Update CONTRIBUTING.md (#3268)
* docs: improves the Contribution guidelines (#3257)
* Remove security policy (#3230)
- Others:
* Set go to min 1.21 and update dependencies (#3327)
* Update contact for code of conduct (#3266)
* Update .ko.yaml (#3240)
Updated to 2.2.0 (jsc#SLE-23879)
- Enhancements
* switch to uploading DSSE types to rekor instead of intoto (#3113)
* add 'cosign sign' command-line parameters for mTLS (#3052)
* improve error messages around bundle != payload hash (#3146)
* make VerifyImageAttestation function public (#3156)
* Switch to cryptoutils function for SANS (#3185)
* Handle HTTP_1_1_REQUIRED errors in github provider (#3172)
- Bug Fixes
* Fix nondeterminsitic timestamps (#3121)
- Documentation
* doc: Add example of sign-blob with key in env var (#3152)
* add deprecation notice for cosign-releases GCS bucket (#3148)
* update doc links (#3186)
Updated to 2.1.1 (jsc#SLE-23879)
- Bug Fixes
* wait for the workers become available again to continue the execution (#3084)
* fix help text when in a container (#3082)
Updated to 2.1.0 (jsc#SLE-23879)
- Breaking Change: The predicate is now a required flag in the attest commands, set via the --type flag.
- Enhancements
* Verify sigs and attestations in parallel (#3066)
* Deep inspect attestations when filtering download (#3031)
* refactor bundle validation code, add support for DSSE rekor type (#3016)
* Allow overriding remote options (#3049)
* feat: adds no cert found on sig exit code (#3038)
* Make predicate a required flag in attest commands (#3033)
* Added support for attaching Time stamp authority Response in attach command (#3001)
* Add sign --sign-container-identity CLI (#2984)
* Feature: Allow cosign to sign digests before they are uploaded. (#2959)
* accepts attachment-tag-prefix for cosign copy (#3014)
* Feature: adds '--allow-insecure-registry' for cosign load (#3000)
* download attestation: support --platform flag (#2980)
* Cleanup: Add Digest to the SignedEntity interface. (#2960)
* verify command: support keyless verification using only a provided certificate chain with non-fulcio roots (#2845)
* verify: use workers to limit the paralellism when verifying images with --max-workers flag (#3069)
- Bug Fixes
* Fix pkg/cosign/errors (#3050)
* Fix: update doc to refer to github-actions oidc provider (#3040)
* Fix: prefer GitHub OIDC provider if enabled (#3044)
* Fix --sig-only in cosign copy (#3074)
- Documentation
* Fix links to sigstore/docs in markdown files (#3064)
Update to 2.0.2 (jsc#SLE-23879)
- Enhancements
* Update sigstore/sigstore to v1.6.2 to pick up TUF CDN change (#2891)
* feat: Make cosign copy faster (#2901)
* remove sget (#2885)
* Require a payload to be provided with a signature (#2785)
- Bug Fixes
* cmd: Change error message from KeyParseError to PubKeyParseError for verify-blob. (#2876)
* Use SOURCE_DATE_EPOCH for OCI CreatedAt times (#2878)
- Documentation
* Remove experimental warning from Fulcio flags (#2923)
* add missing oidc provider (#2922)
* Add zot as a supported registry (#2920)
* deprecates kms_support docs (#2900)
* chore(docs) deprecate note for usage docs (#2906)
* adds note of deprecation for examples.md docs (#2899)
ModerateSUSE bug 1216933CVE-2023-46737 at SUSECVE-2023-46737 at NVDcpe:/o:opensuse:leap:15.5Security update for ncurses (Moderate)openSUSE Leap 15.5
This update for ncurses fixes the following issues:
- CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014)
- Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384)
ModerateSUSE bug 1201384SUSE bug 1218014CVE-2023-50495 at SUSECVE-2023-50495 at NVDcpe:/o:opensuse:leap:15.5Security update for freerdp (Moderate)openSUSE Leap 15.5
This update for freerdp fixes the following issues:
- CVE-2023-39350: Fixed incorrect offset calculation leading to DoS (bsc#1214856).
- CVE-2023-39351: Fixed Null Pointer Dereference leading DoS in RemoteFX (bsc#1214857).
- CVE-2023-39352: Fixed Invalid offset validation leading to Out Of Bound Write (bsc#1214858).
- CVE-2023-39353: Fixed Missing offset validation leading to Out Of Bound Read (bsc#1214859).
- CVE-2023-39354: Fixed Out-Of-Bounds Read in nsc_rle_decompress_data (bsc#1214860).
- CVE-2023-39356: Fixed Missing offset validation leading to Out-of-Bounds Read in gdi_multi_opaque_rect (bsc#1214862).
- CVE-2023-40181: Fixed Integer-Underflow leading to Out-Of-Bound Read in zgfx_decompress_segment (bsc#1214863).
- CVE-2023-40186: Fixed IntegerOverflow leading to Out-Of-Bound Write Vulnerability in gdi_CreateSurface (bsc#1214864).
- CVE-2023-40188: Fixed Out-Of-Bounds Read in general_LumaToYUV444 (bsc#1214866).
- CVE-2023-40567: Fixed Out-Of-Bounds Write in clear_decompress_bands_data (bsc#1214867).
- CVE-2023-40569: Fixed Out-Of-Bounds Write in progressive_decompress (bsc#1214868).
- CVE-2023-40574: Fixed Out-Of-Bounds Write in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214869).
- CVE-2023-40575: Fixed Out-Of-Bounds Read in general_YUV444ToRGB_8u_P3AC4R_BGRX (bsc#1214870).
- CVE-2023-40576: Fixed Out-Of-Bounds Read in RleDecompress (bsc#1214871).
- CVE-2023-40589: Fixed Global-Buffer-Overflow in ncrush_decompress (bsc#1214872).
ModerateSUSE bug 1214856SUSE bug 1214857SUSE bug 1214858SUSE bug 1214859SUSE bug 1214860SUSE bug 1214862SUSE bug 1214863SUSE bug 1214864SUSE bug 1214866SUSE bug 1214867SUSE bug 1214868SUSE bug 1214869SUSE bug 1214870SUSE bug 1214871SUSE bug 1214872CVE-2023-39350 at SUSECVE-2023-39350 at NVDCVE-2023-39351 at SUSECVE-2023-39351 at NVDCVE-2023-39352 at SUSECVE-2023-39352 at NVDCVE-2023-39353 at SUSECVE-2023-39353 at NVDCVE-2023-39354 at SUSECVE-2023-39354 at NVDCVE-2023-39356 at SUSECVE-2023-39356 at NVDCVE-2023-40181 at SUSECVE-2023-40181 at NVDCVE-2023-40186 at SUSECVE-2023-40186 at NVDCVE-2023-40188 at SUSECVE-2023-40188 at NVDCVE-2023-40567 at SUSECVE-2023-40567 at NVDCVE-2023-40569 at SUSECVE-2023-40569 at NVDCVE-2023-40574 at SUSECVE-2023-40574 at NVDCVE-2023-40575 at SUSECVE-2023-40575 at NVDCVE-2023-40576 at SUSECVE-2023-40576 at NVDCVE-2023-40589 at SUSECVE-2023-40589 at NVDcpe:/o:opensuse:leap:15.5Security update for libsass (Moderate)openSUSE Leap 15.5
This update for libsass fixes the following issues:
- CVE-2022-26592: Fixed Stack Overflow vulnerability in libsass 3.6.5 via the CompoundSelector:has_real_parent_ref function (bsc#1214576)
- CVE-2022-43358: Fixed Stack overflow vulnerability in ast_selectors.cpp (bsc#1214575).
- CVE-2022-43357: Fixed Stack overflow vulnerability in ast_selectors.cpp (bsc#1214573).
ModerateSUSE bug 1214573SUSE bug 1214575SUSE bug 1214576CVE-2022-26592 at SUSECVE-2022-26592 at NVDCVE-2022-43357 at SUSECVE-2022-43357 at NVDCVE-2022-43358 at SUSECVE-2022-43358 at NVDcpe:/o:opensuse:leap:15.5Security update for avahi (Moderate)openSUSE Leap 15.5
This update for avahi fixes the following issues:
- CVE-2023-38472: Fixed reachable assertion in avahi_rdata_parse (bsc#1216853).
ModerateSUSE bug 1216853CVE-2023-38472 at SUSECVE-2023-38472 at NVDcpe:/o:opensuse:leap:15.5Security update for openssh (Important)openSUSE Leap 15.5
This update for openssh fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950).
the following non-security bug was fixed:
- Fix the 'no route to host' error when connecting via ProxyJump
ImportantSUSE bug 1214788SUSE bug 1217950CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2023-47641: Fixed inconsistent interpretation of the http protocol, if
content-length and transport-encoding are in the same header with
transport-encoding value of 'chunked*' (bsc#1217174)
ModerateSUSE bug 1217174CVE-2023-47641 at SUSECVE-2023-47641 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Important)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2023-46751: Fixed dangling pointer in gdev_prn_open_printer_seekable() (bsc#1217871).
ImportantSUSE bug 1217871CVE-2023-46751 at SUSECVE-2023-46751 at NVDcpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Important)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
- CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765).
ImportantSUSE bug 1217765CVE-2023-6377 at SUSECVE-2023-6377 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
- Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974).
* CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782).
* CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023).
* CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).
* CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).
* CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669).
* CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118).
* CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).
* CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).
* CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
* CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123).
* CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863).
- Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230)
* CVE-2023-6204 (bmo#1841050)
Out-of-bound memory access in WebGL2 blitFramebuffer
* CVE-2023-6205 (bmo#1854076)
Use-after-free in MessagePort::Entangled
* CVE-2023-6206 (bmo#1857430)
Clickjacking permission prompts using the fullscreen
transition
* CVE-2023-6207 (bmo#1861344)
Use-after-free in ReadableByteStreamQueueEntry::Buffer
* CVE-2023-6208 (bmo#1855345)
Using Selection API would copy contents into X11 primary
selection.
* CVE-2023-6209 (bmo#1858570)
Incorrect parsing of relative URLs starting with '///'
* CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
bmo#1862782)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
and Thunderbird 115.5 ImportantSUSE bug 1217230SUSE bug 1217974CVE-2023-6204 at SUSECVE-2023-6204 at NVDCVE-2023-6205 at SUSECVE-2023-6205 at NVDCVE-2023-6206 at SUSECVE-2023-6206 at NVDCVE-2023-6207 at SUSECVE-2023-6207 at NVDCVE-2023-6208 at SUSECVE-2023-6208 at NVDCVE-2023-6209 at SUSECVE-2023-6209 at NVDCVE-2023-6212 at SUSECVE-2023-6212 at NVDCVE-2023-6856 at SUSECVE-2023-6856 at NVDCVE-2023-6857 at SUSECVE-2023-6857 at NVDCVE-2023-6858 at SUSECVE-2023-6858 at NVDCVE-2023-6859 at SUSECVE-2023-6859 at NVDCVE-2023-6860 at SUSECVE-2023-6860 at NVDCVE-2023-6861 at SUSECVE-2023-6861 at NVDCVE-2023-6862 at SUSECVE-2023-6862 at NVDCVE-2023-6863 at SUSECVE-2023-6863 at NVDCVE-2023-6864 at SUSECVE-2023-6864 at NVDCVE-2023-6865 at SUSECVE-2023-6865 at NVDCVE-2023-6867 at SUSECVE-2023-6867 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.20-openssl (Important)openSUSE Leap 15.5
This update for go1.20-openssl fixes the following issues:
Update to version 1.20.12.1:
- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- cmd/go: TestScript/mod_get_direct fails with 'Filename too long' on Windows
ImportantSUSE bug 1206346SUSE bug 1216943SUSE bug 1217833SUSE bug 1217834CVE-2023-39326 at SUSECVE-2023-39326 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDCVE-2023-45285 at SUSECVE-2023-45285 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21-openssl (Important)openSUSE Leap 15.5
This update for go1.21-openssl fixes the following issues:
Update to version 1.21.5.1:
- CVE-2023-45285: cmd/go: git VCS qualifier in module path uses git:// scheme (bsc#1217834).
- CVE-2023-45284: path/filepath: Clean removes ending slash for volume on Windows in Go 1.21.4 (bsc#1216943).
- CVE-2023-39326: net/http: limit chunked data overhead (bsc#1217833).
- cmd/go: go mod download needs to support toolchain upgrades
- cmd/compile: invalid pointer found on stack when compiled with -race
- os: NTFS deduped file changed from regular to irregular
- net: TCPConn.ReadFrom hangs when io.Reader is TCPConn or UnixConn, Linux kernel < 5.1
- cmd/compile: internal compiler error: panic during prove while compiling: unexpected induction with too many parents
- syscall: TestOpenFileLimit unintentionally runs on non-Unix platforms
- runtime: self-deadlock on mheap_.lock
- crypto/rand: Legacy RtlGenRandom use on Windows
ImportantSUSE bug 1212475SUSE bug 1216943SUSE bug 1217833SUSE bug 1217834CVE-2023-39326 at SUSECVE-2023-39326 at NVDCVE-2023-45284 at SUSECVE-2023-45284 at NVDCVE-2023-45285 at SUSECVE-2023-45285 at NVDcpe:/o:opensuse:leap:15.5Security update for libreoffice (Important)openSUSE Leap 15.5
This update for libreoffice fixes the following issues:
- CVE-2023-6186: Fixed link targets allow arbitrary script execution (bsc#1217578).
- CVE-2023-6185: Fixed Improper input validation enabling arbitrary Gstreamer pipeline injection (bsc#1217577).
ImportantSUSE bug 1217577SUSE bug 1217578CVE-2023-6185 at SUSECVE-2023-6185 at NVDCVE-2023-6186 at SUSECVE-2023-6186 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Important)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2023-6377: Fixed out-of-bounds memory write in XKB button actions (bsc#1217765).
ImportantSUSE bug 1217765CVE-2023-6377 at SUSECVE-2023-6377 at NVDcpe:/o:opensuse:leap:15.5Security update for docker, rootlesskit (Important)openSUSE Leap 15.5
This update for docker, rootlesskit fixes the following issues:
docker:
- Update to Docker 24.0.7-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513
* Deny containers access to /sys/devices/virtual/powercap by default.
- CVE-2020-8694 bsc#1170415
- CVE-2020-8695 bsc#1170446
- CVE-2020-12912 bsc#1178760
- Update to Docker 24.0.6-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323
- Add a docker.socket unit file, but with socket activation effectively
disabled to ensure that Docker will always run even if you start the socket
individually. Users should probably just ignore this unit file. bsc#1210141
- Update to Docker 24.0.5-ce. See upstream changelong online at
https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229
This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180)
rootlesskit:
- new package, for docker rootless support. (jsc#PED-6180)
ImportantSUSE bug 1170415SUSE bug 1170446SUSE bug 1178760SUSE bug 1210141SUSE bug 1213229SUSE bug 1213500SUSE bug 1215323SUSE bug 1217513CVE-2020-12912 at SUSECVE-2020-12912 at NVDCVE-2020-8694 at SUSECVE-2020-8694 at NVDCVE-2020-8695 at SUSECVE-2020-8695 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Moderate)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
Update to 3.6.19:
- CVE-2023-6175: NetScreen file parser crash (bsc#1217272).
ModerateSUSE bug 1217272CVE-2023-6175 at SUSECVE-2023-6175 at NVDcpe:/o:opensuse:leap:15.5Security update for rabbitmq-server (Moderate)openSUSE Leap 15.5
This update for rabbitmq-server fixes the following issues:
- CVE-2023-46118: Introduce HTTP request body limit for definition uploads (bsc#1216582).
ModerateSUSE bug 1216582CVE-2023-46118 at SUSECVE-2023-46118 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-46836: Fixed BTC/SRSO fixes not fully effective (bsc#1216807).
- CVE-2023-46835: Fixed mismatch in IOMMU quarantine page table levels on x86/AMD (bsc#1216654).
Update to Xen 4.17.3 bug fix release (bsc#1027519).
ImportantSUSE bug 1027519SUSE bug 1216654SUSE bug 1216807CVE-2023-46835 at SUSECVE-2023-46835 at NVDCVE-2023-46836 at SUSECVE-2023-46836 at NVDcpe:/o:opensuse:leap:15.5Security update for zbar (Moderate)openSUSE Leap 15.5
This update for zbar fixes the following issues:
- CVE-2023-40889: Fixed heap-based buffer overflow in the qr_reader_match_centers function (bsc#1214770).
- CVE-2023-40890: Fixed stack-based buffer overflow in the lookup_sequence function (bsc#1214771).
ModerateSUSE bug 1214770SUSE bug 1214771CVE-2023-40889 at SUSECVE-2023-40889 at NVDCVE-2023-40890 at SUSECVE-2023-40890 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtbase (Moderate)openSUSE Leap 15.5
This update for libqt5-qtbase fixes the following issues:
- CVE-2023-37369: Fixed buffer overflow in QXmlStreamReader (bsc#1214327).
- libq5-qtbase was rebuild against icu 73. jsc#PED-6193
ModerateSUSE bug 1214327CVE-2023-37369 at SUSECVE-2023-37369 at NVDcpe:/o:opensuse:leap:15.5Security update for tinyxml (Moderate)openSUSE Leap 15.5
This update for tinyxml fixes the following issues:
- CVE-2023-34194: Fixed reachable assertion may lead to denial of service (bsc#1218040).
ModerateSUSE bug 1218040CVE-2023-34194 at SUSECVE-2023-34194 at NVDcpe:/o:opensuse:leap:15.5Security update for ppp (Moderate)openSUSE Leap 15.5
This update for ppp fixes the following issues:
- CVE-2022-4603: Fixed improper validation of array index of the component pppdump (bsc#1218251).
ModerateSUSE bug 1218251CVE-2022-4603 at SUSECVE-2022-4603 at NVDcpe:/o:opensuse:leap:15.5Security update for jbigkit (Low)openSUSE Leap 15.5
This update for jbigkit fixes the following issues:
- CVE-2022-1210: Fixed denial of service in TIFF File Handler (bsc#1198146).
LowSUSE bug 1198146CVE-2022-1210 at SUSECVE-2022-1210 at NVDcpe:/o:opensuse:leap:15.5Security update for distribution (Moderate)openSUSE Leap 15.5
This update for distribution fixes the following issues:
distribution was updated to 2.8.3 (bsc#1216491):
* Pass `BUILDTAGS` argument to `go build`
* Enable Go build tags
* `reference`: replace deprecated function `SplitHostname`
* Dont parse errors as JSON unless Content-Type is set to JSON
* update to go 1.20.8
* Set `Content-Type` header in registry client `ReadFrom`
* deprecate reference package, migrate to github.com/distribution/reference
* `digestset`: deprecate package in favor of `go-digest/digestset`
* Do not close HTTP request body in HTTP handler
ModerateSUSE bug 1216491cpe:/o:opensuse:leap:15.5Security update for postfix (Important)openSUSE Leap 15.5
This update for postfix fixes the following issues:
- CVE-2023-51764: Fixed new SMTP smuggling attack (bsc#1218304).
ImportantSUSE bug 1218304SUSE bug 1218314CVE-2023-51764 at SUSECVE-2023-51764 at NVDcpe:/o:opensuse:leap:15.5Security update for gnutls (Moderate)openSUSE Leap 15.5
This update for gnutls fixes the following issues:
- CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277).
ModerateSUSE bug 1217277CVE-2023-5981 at SUSECVE-2023-5981 at NVDcpe:/o:opensuse:leap:15.5Security update for python-pip (Low)openSUSE Leap 15.5
This update for python-pip fixes the following issues:
- CVE-2023-5752: Fixed injection of arbitrary configuration through Mercurial parameter (bsc#1217353).
LowSUSE bug 1217353CVE-2023-5752 at SUSECVE-2023-5752 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Critical)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 (bsc#1221850).
- CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (bmo#1886852).
Firefox Extended Support Release 115.9.0 ESR (bsc#1221327):
- CVE-2024-0743: Crash in NSS TLS method (bmo#1867408).
- CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape
vector (bmo#1872920).
- CVE-2024-2607: JIT code failed to save return registers on Armv7-A (bmo#1879939).
- CVE-2024-2608: Integer overflow could have led to out of bounds write (bmo#1880692).
- CVE-2024-2616: Improve handling of out-of-memory conditions in ICU (bmo#1846197).
- CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (bmo#1780432).
- CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce
leakage (bmo#1871112).
- CVE-2024-2611: Clickjacking vulnerability could have led to a user
accidentally granting permissions (bmo#1876675).
- CVE-2024-2612: Self referencing object could have potentially led to a use-
after-free (bmo#1879444).
- CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9,
and Thunderbird 115.9 (bmo#1685358, bmo#1861016, bmo#1880405,
bmo#1881093).
CriticalSUSE bug 1220048SUSE bug 1221327SUSE bug 1221850CVE-2023-5388 at SUSECVE-2023-5388 at NVDCVE-2024-0743 at SUSECVE-2024-0743 at NVDCVE-2024-1546 at SUSECVE-2024-1546 at NVDCVE-2024-1547 at SUSECVE-2024-1547 at NVDCVE-2024-1548 at SUSECVE-2024-1548 at NVDCVE-2024-1549 at SUSECVE-2024-1549 at NVDCVE-2024-1550 at SUSECVE-2024-1550 at NVDCVE-2024-1551 at SUSECVE-2024-1551 at NVDCVE-2024-1552 at SUSECVE-2024-1552 at NVDCVE-2024-1553 at SUSECVE-2024-1553 at NVDCVE-2024-2605 at SUSECVE-2024-2605 at NVDCVE-2024-2607 at SUSECVE-2024-2607 at NVDCVE-2024-2608 at SUSECVE-2024-2608 at NVDCVE-2024-2610 at SUSECVE-2024-2610 at NVDCVE-2024-2611 at SUSECVE-2024-2611 at NVDCVE-2024-2612 at SUSECVE-2024-2612 at NVDCVE-2024-2614 at SUSECVE-2024-2614 at NVDCVE-2024-2616 at SUSECVE-2024-2616 at NVDCVE-2024-29944 at SUSECVE-2024-29944 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Important)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens in expat (bsc#1219559).
- CVE-2023-6597: Fixed symlink race condition in tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2024-0450: Fixed 'quoted-overlap' in zipfile module (bsc#1221854).
The following non-security bugs were fixed:
- Use the system-wide crypto-policies (bsc#1211301).
ImportantSUSE bug 1211301SUSE bug 1219559SUSE bug 1219666SUSE bug 1221854CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDcpe:/o:opensuse:leap:15.5Security update for avahi (Moderate)openSUSE Leap 15.5
This update for avahi fixes the following issues:
- CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594).
- CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598).
ModerateSUSE bug 1216594SUSE bug 1216598CVE-2023-38469 at SUSECVE-2023-38469 at NVDCVE-2023-38471 at SUSECVE-2023-38471 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-actionpack-5_1 (Low)openSUSE Leap 15.5
This update for rubygem-actionpack-5_1 fixes the following issues:
- CVE-2020-8166: Fixed ability to forge per-form CSRF tokens given a global CSRF (bsc#1172182).
LowSUSE bug 1172182SUSE bug 1215707CVE-2020-8166 at SUSECVE-2020-8166 at NVDcpe:/o:opensuse:leap:15.5Security update for PackageKit (Moderate)openSUSE Leap 15.5
This update for PackageKit fixes the following issues:
- CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544).
- Dropped unnecessary executable permission (bsc#1209138).
ModerateSUSE bug 1209138SUSE bug 1218544CVE-2024-0217 at SUSECVE-2024-0217 at NVDcpe:/o:opensuse:leap:15.5Security update for qpid-proton (Important)openSUSE Leap 15.5
This update for qpid-proton fixes the following issues:
- CVE-2019-0223: Fixed TLS Man in the Middle Vulnerability (bsc#1133158).
The following non-security bugs were fixed:
- Fix build with OpenSSL 3.0.0 (bsc#1172267)
- Sort linked .o files to make package build reproducible (bsc#1041090)
- Fix build with gcc8 (bsc#1084627)
- Move libqpid-proton-core to a different package to fix a rpmlint
error (bsc#1191783)
ImportantSUSE bug 1041090SUSE bug 1084627SUSE bug 1133158SUSE bug 1172267SUSE bug 1191783CVE-2019-0223 at SUSECVE-2019-0223 at NVDcpe:/o:opensuse:leap:15.5Security update for netty, netty-tcnative (Important)openSUSE Leap 15.5
This update for netty, netty-tcnative fixes the following issues:
- CVE-2024-29025: Fixed out of memory due to large number of form fields (bsc#1222045).
ImportantSUSE bug 1222045CVE-2024-29025 at SUSECVE-2024-29025 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-DBD-SQLite (Moderate)openSUSE Leap 15.5
This update for perl-DBD-SQLite fixes the following issues:
- rebuild against current system sqlite. (bsc#1218946)
ModerateSUSE bug 1218946cpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Important)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
Security fixes:
- CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582)
- CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access (bsc#1218583)
- CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584)
- CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585)
Other:
- Fix vmware graphics driver crash (bsc#1218176)
- Fix xserver crash when Xinerama is enabled (bsc#1218240)
ImportantSUSE bug 1218176SUSE bug 1218240SUSE bug 1218582SUSE bug 1218583SUSE bug 1218584SUSE bug 1218585CVE-2023-6816 at SUSECVE-2023-6816 at NVDCVE-2024-0229 at SUSECVE-2024-0229 at NVDCVE-2024-21885 at SUSECVE-2024-21885 at NVDCVE-2024-21886 at SUSECVE-2024-21886 at NVDcpe:/o:opensuse:leap:15.5Security update for libvirt (Moderate)openSUSE Leap 15.5
This update for libvirt fixes the following issues:
- CVE-2024-2494: Add a check for negative array lengths before allocation to prevent potential DoS. (bsc#1221815)
- CVE-2024-2496: Fixed NULL pointer dereference in udevConnectListAllInterfaces() (bsc#1221468).
- CVE-2024-1441: Fix off-by-one error in udevListInterfacesByStatus (bsc#1221237)
- qemu: domain: Fix logic when tainting domain (bsc#1220512)
- conf: Remove some firmware validation checks (bsc#1216980)
- libxl: Fix connection to modular network daemon (bsc#1214223)
ModerateSUSE bug 1214223SUSE bug 1216980SUSE bug 1220512SUSE bug 1221237SUSE bug 1221468SUSE bug 1221815CVE-2024-1441 at SUSECVE-2024-1441 at NVDCVE-2024-2494 at SUSECVE-2024-2494 at NVDCVE-2024-2496 at SUSECVE-2024-2496 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-28746: Register File Data Sampling (bsc#1221332)
- CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334)
- CVE-2023-46841: Hhadow stack vs exceptions from emulation stubs (bsc#1219885)
ModerateSUSE bug 1027519SUSE bug 1219885SUSE bug 1221332SUSE bug 1221334CVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-46841 at SUSECVE-2023-46841 at NVDCVE-2024-2193 at SUSECVE-2024-2193 at NVDcpe:/o:opensuse:leap:15.5Security update for qemu (Important)openSUSE Leap 15.5
This update for qemu fixes the following issues:
- CVE-2024-26327: Fixed buffer overflow via invalid SR/IOV NumVFs value (bsc#1220062).
- CVE-2024-24474: Fixed integer overflow results in buffer overflow via SCSI command (bsc#1220134).
- CVE-2023-6693: Fixed stack buffer overflow in virtio_net_flush_tx() (bsc#1218484).
- CVE-2023-1544: Fixed out-of-bounds read in pvrdma_ring_next_elem_read() (bsc#1209554).
- CVE-2024-26328: Fixed invalid NumVFs value handled in NVME SR/IOV implementation (bsc#1220065).
The following non-security bug was fixed:
- Removing in-use mediated device should fail with error message instead of hang (bsc#1205316).
ImportantSUSE bug 1205316SUSE bug 1209554SUSE bug 1218484SUSE bug 1220062SUSE bug 1220065SUSE bug 1220134CVE-2023-1544 at SUSECVE-2023-1544 at NVDCVE-2023-6693 at SUSECVE-2023-6693 at NVDCVE-2024-24474 at SUSECVE-2024-24474 at NVDCVE-2024-26327 at SUSECVE-2024-26327 at NVDCVE-2024-26328 at SUSECVE-2024-26328 at NVDcpe:/o:opensuse:leap:15.5Security update for squid (Important)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2024-25617: Fixes denial of service in HTTP header parser (bsc#1219960)
- CVE-2024-25111: Fixes Chunked Encoding Stack Overflow (bsc#1216715)
ImportantSUSE bug 1216715SUSE bug 1219960CVE-2024-25111 at SUSECVE-2024-25111 at NVDCVE-2024-25617 at SUSECVE-2024-25617 at NVDcpe:/o:opensuse:leap:15.5Security update for gradle, gradle-bootstrap (Important)openSUSE Leap 15.5
This update for gradle, gradle-bootstrap fixes the following issues:
- CVE-2021-29429: Fixed information disclosure through temporary directory permissions (bsc#1184799).
- CVE-2019-15052: Fixed authentication credentials disclosure (bsc#1145903).
gradle:
- Fixed RPM package building issues due to changed dependencies
gradle-bootstrap:
- Added missing dependency of aopalliance
ImportantSUSE bug 1145903SUSE bug 1184799CVE-2019-15052 at SUSECVE-2019-15052 at NVDCVE-2021-29429 at SUSECVE-2021-29429 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22 (Important)openSUSE Leap 15.5
This update for go1.22 fixes the following issues:
- CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400)
Other changes:
- go minor release upgrade to 1.22.2 (bsc#1218424)
ImportantSUSE bug 1218424SUSE bug 1221400CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
- CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400)
Other changes:
- go minor release upgrade to 1.21.9 (bsc#1212475)
ImportantSUSE bug 1212475SUSE bug 1221400CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:opensuse:leap:15.5Security update for expat (Important)openSUSE Leap 15.5
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
ImportantSUSE bug 1219559SUSE bug 1221289CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-28757 at SUSECVE-2024-28757 at NVDcpe:/o:opensuse:leap:15.5Security update for ncurses (Moderate)openSUSE Leap 15.5
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
ModerateSUSE bug 1220061CVE-2023-45918 at SUSECVE-2023-45918 at NVDcpe:/o:opensuse:leap:15.5Security update for c-ares (Moderate)openSUSE Leap 15.5
This update for c-ares fixes the following issues:
- CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279).
ModerateSUSE bug 1220279CVE-2024-25629 at SUSECVE-2024-25629 at NVDcpe:/o:opensuse:leap:15.5Security update for helm (Moderate)openSUSE Leap 15.5
This update for helm fixes the following issues:
- CVE-2024-25620: Fixed with dependency management path traversal (bsc#1219969).
- CVE-2024-26147: Fixed uninitialized variable in yaml parsing (bsc#1220207).
ModerateSUSE bug 1219969SUSE bug 1220207CVE-2024-25620 at SUSECVE-2024-25620 at NVDCVE-2024-26147 at SUSECVE-2024-26147 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Moderate)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Updated to Intel CPU Microcode 20240312 release. (bsc#1221323)
- CVE-2023-39368: Protection mechanism failure of bus lock regulator
for some Intel Processors may allow an unauthenticated user to
potentially enable denial of service via network access
- CVE-2023-38575: Non-transparent sharing of return predictor targets
between contexts in some Intel Processors may allow an authorized
user to potentially enable information disclosure via local access.
- CVE-2023-28746: Information exposure through microarchitectural
state after transient execution from some register files for some
Intel Atom Processors may allow an authenticated user to potentially
enable information disclosure via local access.
- CVE-2023-22655 Protection mechanism failure in some 3rd and 4th
Generation Intel Xeon Processors when using Intel SGX or Intel TDX
may allow a privileged user to potentially enable escalation of
privilege via local access.
- CVE-2023-43490: Incorrect calculation in microcode keying mechanism
for some Intel Xeon D Processors with Intel? SGX may allow a
privileged user to potentially enable information disclosure via
local access.
ModerateSUSE bug 1221323CVE-2023-22655 at SUSECVE-2023-22655 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-38575 at SUSECVE-2023-38575 at NVDCVE-2023-39368 at SUSECVE-2023-39368 at NVDCVE-2023-43490 at SUSECVE-2023-43490 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Important)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2023-6816: Fixed heap buffer overflow in DeviceFocusEvent and ProcXIQueryPointer (bsc#1218582)
- CVE-2024-0229: Fixed reattaching to different master device may lead to out-of-bounds memory access (bsc#1218583)
- CVE-2024-21885: Fixed heap buffer overflow in XISendDeviceHierarchyEvent (bsc#1218584)
- CVE-2024-21886: Fixed heap buffer overflow in DisableDevice (bsc#1218585)
ImportantSUSE bug 1218582SUSE bug 1218583SUSE bug 1218584SUSE bug 1218585CVE-2023-6816 at SUSECVE-2023-6816 at NVDCVE-2024-0229 at SUSECVE-2024-0229 at NVDCVE-2024-21885 at SUSECVE-2024-21885 at NVDCVE-2024-21886 at SUSECVE-2024-21886 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah (Important)openSUSE Leap 15.5
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
ImportantSUSE bug 1219563SUSE bug 1220568SUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:opensuse:leap:15.5Security update for podman (Important)openSUSE Leap 15.5
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
ImportantSUSE bug 1221677CVE-2024-1753 at SUSECVE-2024-1753 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 115.9 (bsc#1221327)
- CVE-2024-0743: Crash in NSS TLS method
- CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector
- CVE-2024-2607: JIT code failed to save return registers on Armv7-A
- CVE-2024-2608: Integer overflow could have led to out of bounds write
- CVE-2024-2616: Improve handling of out-of-memory conditions in ICU
- CVE-2023-5388: NSS susceptible to timing attack against RSA decryption
- CVE-2024-2610: Improper handling of html and body tags enabled CSP nonce leakage
- CVE-2024-2611: Clickjacking vulnerability could have led to a user accidentally granting permissions
- CVE-2024-2612: Self referencing object could have potentially led to a use- after-free
- CVE-2024-2614: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
ImportantSUSE bug 1221327CVE-2023-5388 at SUSECVE-2023-5388 at NVDCVE-2024-0743 at SUSECVE-2024-0743 at NVDCVE-2024-2605 at SUSECVE-2024-2605 at NVDCVE-2024-2607 at SUSECVE-2024-2607 at NVDCVE-2024-2608 at SUSECVE-2024-2608 at NVDCVE-2024-2610 at SUSECVE-2024-2610 at NVDCVE-2024-2611 at SUSECVE-2024-2611 at NVDCVE-2024-2612 at SUSECVE-2024-2612 at NVDCVE-2024-2614 at SUSECVE-2024-2614 at NVDCVE-2024-2616 at SUSECVE-2024-2616 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- KVM: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- KVM: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- KVM: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (git-fixes).
- Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (git-fixes).
- Revert 'md: unlock mddev before reap sync_thread in action_store' (git-fixes).
- Revert 'swiotlb: panic if nslabs is too small' (git-fixes).
- Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (git-fixes).
- USB: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- USB: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- USB: serial: option: add Quectel EG912Y module support (git-fixes).
- USB: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix 'rodata=on' when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: oMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: pL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kernel-source: Remove config-options.changes (jsc#PED-5021)
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up '%Ld/%Lu' which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1211162SUSE bug 1211226SUSE bug 1212139SUSE bug 1212584SUSE bug 1214117SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1215952SUSE bug 1216032SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217822SUSE bug 1217927SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218092SUSE bug 1218139SUSE bug 1218184SUSE bug 1218229SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218397SUSE bug 1218447SUSE bug 1218461SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218643CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
ModerateSUSE bug 1221665SUSE bug 1221667CVE-2024-2004 at SUSECVE-2024-2004 at NVDCVE-2024-2398 at SUSECVE-2024-2398 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262)
ImportantSUSE bug 1222262CVE-2024-28219 at SUSECVE-2024-28219 at NVDcpe:/o:opensuse:leap:15.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)openSUSE Leap 15.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- rebuild against current security and bugfixes.
Importantcpe:/o:opensuse:leap:15.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)openSUSE Leap 15.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- rebuild against current security updates
- Install qemu-hw-usb-host to enable USB passthrough (bsc#1221538)
- Group together arch specific parts of the code
- Cleanup after writing config files with augtool
ImportantSUSE bug 1221538cpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2024-0450: Fixed 'quoted-overlap' in zipfile module is python310 (bsc#1221854)
- CVE-2023-52425: Fixed denial of service caused by processing large tokens in expat module in python310 (bsc#1219559)
- CVE-2023-6597: Fixed tempfile.TemporaryDirectory fails on removing dir in some edge cases related to symlinks in python310 (bsc#1219666)
Other changes:
- Revert %autopatch due to missing parameter support (bsc#1189495)
- Extended crypto-policies support (bsc#1211301)
ImportantSUSE bug 1189495SUSE bug 1211301SUSE bug 1219559SUSE bug 1219666SUSE bug 1221854CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- CVE-2024-0793: Fixed a DoS caused via a malformed HPA v1 manifest. (bsc#1219964)
ModerateSUSE bug 1219964CVE-2024-0793 at SUSECVE-2024-0793 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- CVE-2024-0793: Fixed a DoS caused via a malformed HPA v1 manifest. (bsc#1219964)
ModerateSUSE bug 1219964CVE-2024-0793 at SUSECVE-2024-0793 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- Upgrade from v1.25.14 to v1.25.16
- CVE-2024-0793: Fixed a DoS caused via a malformed HPA v1 manifest. (bsc#1219964)
ModerateSUSE bug 1062303SUSE bug 1219964CVE-2024-0793 at SUSECVE-2024-0793 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- Upgrade from v1.26.9 to v1.26.14
- CVE-2024-0793: Fixed a DoS caused via a malformed HPA v1 manifest. (bsc#1219964)
ModerateSUSE bug 1219964CVE-2024-0793 at SUSECVE-2024-0793 at NVDcpe:/o:opensuse:leap:15.5Security update for nghttp2 (Important)openSUSE Leap 15.5
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
ImportantSUSE bug 1221399CVE-2024-28182 at SUSECVE-2024-28182 at NVDcpe:/o:opensuse:leap:15.5Security update for util-linux (Important)openSUSE Leap 15.5
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
ImportantSUSE bug 1207987SUSE bug 1221831CVE-2024-28085 at SUSECVE-2024-28085 at NVDcpe:/o:opensuse:leap:15.5Security update for qt6-base (Moderate)openSUSE Leap 15.5
This update for qt6-base fixes the following issues:
- CVE-2024-30161: Fixed QNetworkReply header data access via a dangling pointer (bsc#1221926).
ModerateSUSE bug 1221926CVE-2024-30161 at SUSECVE-2024-30161 at NVDcpe:/o:opensuse:leap:15.5Security update for less (Important)openSUSE Leap 15.5
This update for less fixes the following issues:
- CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).
ImportantSUSE bug 1219901CVE-2022-48624 at SUSECVE-2022-48624 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat10 (Important)openSUSE Leap 15.5
This update for tomcat10 fixes the following issues:
- CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386)
- CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385)
Other fixes:
- Update to Tomcat 10.1.20
* Catalina
+ Fix: Minor performance improvement for building filter chains.
Based on ideas from #702 by Luke Miao. (remm)
+ Fix: Align error handling for Writer and OutputStream. Ensure
use of either once the response has been recycled triggers a
NullPointerException provided that discardFacades is configured with
the default value of true. (markt)
+ Fix: 68692: The standard thread pool implementations that are
configured using the Executor element now implement ExecutorService
for better support NIO2. (remm)
+ Fix: 68495: When restoring a saved POST request after a
successful FORM authentication, ensure that neither the URI, the
query string nor the protocol are corrupted when restoring the
request body. (markt)
+ Fix: After forwarding a request, attempt to unwrap the
response in order to suspend it, instead of simply closing it if it
was wrapped. Add a new suspendWrappedResponseAfterForward boolean
attribute on Context to control the bahavior, defaulting to false.
(remm)
+ Fix: 68721: Workaround a possible cause of duplicate class
definitions when using ClassFileTransformers and the transformation
of a class also triggers the loading of the same class. (markt)
+ Fix: The rewrite valve should not do a rewrite if the output
is identical to the input. (remm)
+ Update: Add a new valveSkip (or VS) rule flag to the rewrite
valve to allow skipping over the next valve in the Catalina pipeline.
(remm)
+ Update: Add highConcurrencyStatus attribute to the
SemaphoreValve to optionally allow the valve to return an error
status code to the client when a permit cannot be acquired from the
semaphore. (remm)
+ Add: Add checking of the 'age' of the running Tomcat instance
since its build-date to the SecurityListener, and log a warning if
the server is old. (schultz)
+ Fix: When using the AsyncContext, throw an
IllegalStateException, rather than allowing an NullPointerException,
if an attempt is made to use the AsyncContext after it has been
recycled. (markt)
+ Fix: Correct JPMS and OSGi meta-data for tomcat-embed-core.jar
by removing reference to org.apache.catalina.ssi package that is no
longer included in the JAR. Based on pull request #684 by Jendrik
Johannes. (markt)
+ Fix: Fix ServiceBindingPropertySource so that trailing \r\n
sequences are correctly removed from files containing property values
when configured to do so. Bug identified by Coverity Scan. (markt)
+ Add: Add improvements to the CSRF prevention filter including
the ability to skip adding nonces for resource name and subtree URL
patterns. (schultz)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
+ Fix: 68089: Further improve the performance of request
attribute access for ApplicationHttpRequest and ApplicationRequest.
(markt)
+ Fix: 68559: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
* Coyote
+ Fix: Improve the HTTP/2 stream prioritisation process. If a
stream uses all of the connection windows and still has content to
write, it will now be added to the backlog immediately rather than
waiting until the write attempt for the remaining content. (markt)
+ Fix: Add threadsMaxIdleTime attribute to the endpoint, to
allow configuring the amount of time before an internal executor will
scale back to the configured minSpareThreads size. (remm)
+ Fix: Correct a regression in the support for user provided
SSLContext instances that broke the
org.apache.catalina.security.TLSCertificateReloadListener. (markt)
+ Fix: Setting a null value for a cookie attribute should remove
the attribute. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that
once a connection is marked to be closed, further asynchronous
processing cannot change that. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that
once the call to AsyncListener.onError() has returned to the
container, only container threads can access the AsyncContext. This
protects against various race conditions that woudl otherwise occur
if application threads continued to access the AsyncContext.
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. In particular, most of
the HTTP/2 debug logging has been changed to trace level. (remm)
+ Fix: Add support for user provided SSLContext instances
configured on SSLHostConfigCertificate instances. Based on pull
request #673 provided by Hakan Altındağ. (markt)
+ Fix: Partial fix for 68558: Cache the result of converting to
String for request URI, HTTP header names and the request
Content-Type value to improve performance by reducing repeated byte[]
to String conversions. (markt)
+ Fix: Improve error reporting to HTTP/2 clients for header
processing errors by reporting problems at the end of the frame where
the error was detected rather than at the end of the headers. (markt)
+ Fix: Remove the remaining reference to a stream once the
stream has been recycled. This makes the stream eligible for garbage
collection earlier and thereby improves scalability. (markt)
* Jasper
+ Add: Add support for specifying Java 22 (with the value 22) as
the compiler source and/or compiler target for JSP compilation. If
used with an Eclipse JDT compiler version that does not support these
values, a warning will be logged and the default will used. (markt)
+ Fix: Handle the case where the JSP engine forwards a
request/response to a Servlet that uses an OutputStream rather than a
Writer. This was triggering an IllegalStateException on code paths
where there was a subsequent attempt to obtain a Writer. (markt)
+ Fix: Correctly handle the case where a tag library is packaged
in a JAR file and the web application is deployed as a WAR file
rather than an unpacked directory. (markt)
+ Fix: 68546: Generate optimal size and types for JSP imports
maps, as suggested by John Engebretson. (remm)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
* Cluster
+ Fix: Avoid updating request count stats on async. (remm)
* WebSocket
+ Fix: Correct a regression in the fix for 66508 that could
cause an UpgradeProcessor leak in some circumstances. (markt)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
+ Fix: Ensure that WebSocket connection closure completes if the
connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection. (markt)
* Web applications
Add: Add support for responses in JSON format from the examples
application RequestHeaderExample. (schultz)
* Other
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: 57130: Allow digest.(sh|bat) to accept password from a
file or stdin. (csutherl/schultz)
+ Update: Update Checkstyle to 10.14.1. (markt)
+ Fix: Correct the remaining OSGi contract references in the
manifest files to refer to the Jakarta EE contract names rather than
the Java EE contract names. Based on pull request #685 provided by
Paul A. Nicolucci. (markt)
+ Update: Update Checkstyle to 10.13.0. (markt)
+ Update: Update JSign to 6.0. (markt)
+ Update: Update the packaged version of the Tomcat Migration
Tool for Jakarta EE to 1.0.7. (markt)
+ Update: Update Tomcat Native to 2.0.7. (markt)
+ Update: Add strings for debug level messages. (remm)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
ImportantSUSE bug 1221385SUSE bug 1221386CVE-2024-23672 at SUSECVE-2024-23672 at NVDCVE-2024-24549 at SUSECVE-2024-24549 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-Net-CIDR-Lite (Moderate)openSUSE Leap 15.5
This update for perl-Net-CIDR-Lite fixes the following issues:
- CVE-2021-47154: Fixed leading zeroes in IPv4 octets may allow attackers to bypass certain access controls (bsc#1221564).
ModerateSUSE bug 1221564CVE-2021-47154 at SUSECVE-2021-47154 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2024-28219: Fixed buffer overflow in _imagingcms.c (bsc#1222262)
Other fixes:
- Re-enabled build tests for s390x and ppc (bsc#1222553)
ImportantSUSE bug 1222262SUSE bug 1222553CVE-2024-28219 at SUSECVE-2024-28219 at NVDcpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Important)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
- CVE-2024-31080: Fixed ProcXIGetSelectedEvents to use unswapped length (bsc#1222309).
- CVE-2024-31081: Fixed ProcXIPassiveGrabDevice to use unswapped length to send reply (bsc#1222310).
- CVE-2024-31082: Fixed ProcAppleDRICreatePixmap to use unswapped length to send reply (bsc#1222311).
- CVE-2024-31083: Fixed refcounting of glyphs during ProcRenderAddGlyphs (bsc#1222312).
Other fixes:
- Fixed regression for security fix for CVE-2024-31083 when using Android Studio (bnc#1222442)
ImportantSUSE bug 1222309SUSE bug 1222310SUSE bug 1222311SUSE bug 1222312SUSE bug 1222442CVE-2024-31080 at SUSECVE-2024-31080 at NVDCVE-2024-31081 at SUSECVE-2024-31081 at NVDCVE-2024-31082 at SUSECVE-2024-31082 at NVDCVE-2024-31083 at SUSECVE-2024-31083 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Important)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2024-31080: Fixed ProcXIGetSelectedEvents to use unswapped length (bsc#1222309).
- CVE-2024-31081: Fixed ProcXIPassiveGrabDevice to use unswapped length to send reply (bsc#1222310).
- CVE-2024-31083: Fixed refcounting of glyphs during ProcRenderAddGlyphs (bsc#1222312).
Other fixes:
- Fixed regression for security fix for CVE-2024-31083 when using Android Studio (bnc#1222442)
ImportantSUSE bug 1222309SUSE bug 1222310SUSE bug 1222312SUSE bug 1222442CVE-2024-31080 at SUSECVE-2024-31080 at NVDCVE-2024-31081 at SUSECVE-2024-31081 at NVDCVE-2024-31083 at SUSECVE-2024-31083 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
- CVE-2024-23252: Fixed denial of service via crafted web content (bsc#1222010).
- CVE-2024-23254: Fixed possible audio data exilftration cross-origin via malicious website (bsc#1222010).
- CVE-2024-23263: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010).
- CVE-2024-23280: Fixed possible user fingeprint via malicious crafted web content (bsc#1222010).
- CVE-2024-23284: Fixed lack of Content Security Policy enforcing via malicious crafted web content (bsc#1222010).
- CVE-2023-42950: Fixed arbitrary code execution via crafted web content (bsc#1222010).
- CVE-2023-42956: Fixed denial of service via crafted web content (bsc#1222010).
- CVE-2023-42843: Fixed address bar spoofing via malicious website (bsc#1222010).
Other fixes:
- Update to version 2.44.0 (bsc#1222010):
+ Make the DOM accessibility tree reachable from UI process with
GTK4.
+ Removed the X11 and WPE renderers in favor of DMA-BUF.
+ Improved vblank synchronization when rendering.
+ Removed key event reinjection in GTK4 to make keyboard
shortcuts work in web sites.
+ Fix gamepads detection by correctly handling focused window in
GTK4.
ImportantSUSE bug 1222010CVE-2023-42843 at SUSECVE-2023-42843 at NVDCVE-2023-42950 at SUSECVE-2023-42950 at NVDCVE-2023-42956 at SUSECVE-2023-42956 at NVDCVE-2024-23252 at SUSECVE-2024-23252 at NVDCVE-2024-23254 at SUSECVE-2024-23254 at NVDCVE-2024-23263 at SUSECVE-2024-23263 at NVDCVE-2024-23280 at SUSECVE-2024-23280 at NVDCVE-2024-23284 at SUSECVE-2024-23284 at NVDcpe:/o:opensuse:leap:15.5Security update for gnutls (Moderate)openSUSE Leap 15.5
This update for gnutls fixes the following issues:
- CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746)
- CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747)
Other fixes:
- jitterentropy: Release the memory of the entropy collector when
using jitterentropy with phtreads as there is also a
pre-intitization done in the main thread (bsc#1221242)
ModerateSUSE bug 1221242SUSE bug 1221746SUSE bug 1221747CVE-2024-28834 at SUSECVE-2024-28834 at NVDCVE-2024-28835 at SUSECVE-2024-28835 at NVDcpe:/o:opensuse:leap:15.5Security update for cloud-init (Moderate)openSUSE Leap 15.5
This update for cloud-init contains the following fixes:
- Move fdupes call back to %install.(bsc#1214169)
- Update to version 23.3. (bsc#1216011)
* (bsc#1215794)
* (bsc#1215740)
* (bsc#1216007)
+ Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390)
+ Fix cc_keyboard in mantic (LP: #2030788)
+ ec2: initialize get_instance_userdata return value to bytes (#4387)
[Noah Meyerhans]
+ cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley]
+ Fix pip-managed ansible
+ status: treat SubState=running and MainPID=0 as service exited
+ azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson]
+ collect-logs fix memory usage (SC-1590) (#4289)
[Alec Warren] (LP: #1980150)
+ cc_mounts: Use fallocate to create swapfile on btrfs (#4369)
+ Undocument nocloud-net (#4318)
+ feat(akamai): add akamai to settings.py and apport.py (#4370)
+ read-version: fallback to get_version when git describe fails (#4366)
+ apt: fix cloud-init status --wait blocking on systemd v 253 (#4364)
+ integration tests: Pass username to pycloudlib (#4324)
+ Bump pycloudlib to 1!5.1.0 (#4353)
+ cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272)
[dermotbradley]
+ analyze: fix (unexpected) timestamp parsing (#4347) [Mina Galić]
+ cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Galić]
+ subp: Fix spurious test failure on FreeBSD (#4355) [Mina Galić]
+ cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Galić]
+ util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Galić]
+ cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Galić]
+ unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource
(#4328) [Ani Sinha]
+ Fix test_tools.py collection (#4315)
+ cc_keyboard: add Alpine support (#4278) [dermotbradley]
+ Flake8 fixes (#4340) [Robert Schweikert]
+ cc_mounts: Fix swapfile not working on btrfs (#4319) [王煎饼] (LP: #1884127)
+ ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281)
[Wei Zhou]
+ ec2: Support double encoded userdata (#4275) [Noah Meyerhans]
+ cc_mounts: xfs is a Linux only FS (#4334) [Mina Galić]
+ tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336)
[Chris Patterson]
+ change openEuler to openeuler and fix some bugs in openEuler (#4317)
[sxt1001]
+ Replace flake8 with ruff (#4314)
+ NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64
(#4291) [Ani Sinha]
+ cc_ssh_import_id: add Alpine support and add doas support (#4277)
[dermotbradley]
+ sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539)
+ Added support for Akamai Connected Cloud (formerly Linode) (#4167)
[Will Smith]
+ Fix reference before assignment (#4292)
+ Overhaul module reference page (#4237) [Sally]
+ replaced spaces with commas for setting passenv (#4269) [Alec Warren]
+ DS VMware: modify a few log level (#4284) [PengpengSun]
+ tools/read-version refactors and unit tests (#4268)
+ Ensure get_features() grabs all features (#4285)
+ Don't always require passlib dependency (#4274)
+ tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275)
+ Fix NoCloud kernel commandline key parsing (#4273)
+ testing: Clear all LRU caches after each test (#4249)
+ Remove the crypt dependency (#2139) [Gon?ri Le Bouder]
+ logging: keep current file mode of log file if its stricter than the
new mode (#4250) [Ani Sinha]
+ Remove default membership in redundant groups (#4258)
[Dave Jones] (LP: #1923363)
+ doc: improve datasource_creation.rst (#4262)
+ Remove duplicate Integration testing button (#4261) [Rishita Shaw]
+ tools/read-version: fix the tool so that it can handle version parsing
errors (#4234) [Ani Sinha]
+ net/dhcp: add udhcpc support (#4190) [Jean-Fran?ois Roche]
+ DS VMware: add i386 arch dir to deployPkg plugin search path
[PengpengSun]
+ LXD moved from linuxcontainers.org to Canonical [Simon Deziel]
+ cc_mounts.py: Add note about issue with creating mounts inside mounts
(#4232) [dermotbradley]
+ lxd: install lxd from snap, not deb if absent in image
+ landscape: use landscape-config to write configuration
+ Add deprecation log during init of DataSourceDigitalOcean (#4194)
[tyb-truth]
+ doc: fix typo on apt.primary.arches (#4238) [Dan Bungert]
+ Inspect systemd state for cloud-init status (#4230)
+ instance-data: add system-info and features to combined-cloud-config
(#4224)
+ systemd: Block login until config stage completes (#2111) (LP: #2013403)
+ tests: proposed should invoke apt-get install -t=<release>-proposed
(#4235)
+ cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley]
+ Remove feature flag override ability (#4228)
+ tests: drop stray unrelated file presence test (#4227)
+ Update LXD URL (#4223) [Sally]
+ schema: add network v1 schema definition and validation functions
+ tests: daily PPA for devel series is version 99.daily update tests to
match (#4225)
+ instance-data: write /run/cloud-init/combined-cloud-config.json
+ mount parse: Fix matching non-existent directories (#4222) [Mina Galić]
+ Specify build-system for pep517 (#4218)
+ Fix network v2 metric rendering (#4220)
+ Migrate content out of FAQ page (SD-1187) (#4205) [Sally]
+ setup: fix generation of init templates (#4209) [Mina Galić]
+ docs: Correct some bootcmd example wording
+ fix changelog
+ tests: reboot client to assert x-shellscript-per-boot is triggered
+ nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204)
(LP: 4203, #2025180)
+ Add docstring and typing to mergemanydict (#4200)
+ BSD: add dsidentify to early startup scripts (#4182) [Mina Galić]
+ handler: report errors on skipped merged cloud-config.txt parts
(LP: #1999952)
+ Add cloud-init summit writeups (#4179) [Sally]
+ tests: Update test_clean_log for oci (#4187)
+ gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163)
+ tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184)
+ Ephemeral Networking for FreeBSD (#2165) [Mina Galić]
+ Clarify directory syntax for nocloud local filesystem. (#4178)
+ Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha]
+ Test static routes and netplan 0.106
+ FreeBSD fix parsing of mount and mount options (#2146) [Mina Galić]
+ test: add tracking bug id (#4164)
+ tests: can't match MAC for LXD container veth due to netplan 0.106
(#4162)
+ Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar]
+ BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Galić]
+ launching salt-minion in masterless mode (#4110) [Denis Halturin]
+ tools: fix run-container builds for rockylinux/8 git hash mismatch
(#4161)
+ fix doc lint: spellchecker tripped up (#4160) [Mina Galić]
+ Support Ephemeral Networking for BSD (#2127)
+ Added / fixed support for static routes on OpenBSD and FreeBSD (#2157)
[Kadir Mueller]
+ cc_rsyslog: Refactor for better multi-platform support (#4119)
[Mina Galić] (LP: #1798055)
+ tests: fix test_lp1835584 (#4154)
+ cloud.cfg mod names: docs and rename salt_minion and set_password (#4153)
+ vultr: remove check_route check (#2151) [Jonas Chevalier]
+ Update SECURITY.md (#4150) [Indrranil Pawar]
+ Update CONTRIBUTING.rst (#4149) [Indrranil Pawar]
+ Update .github-cla-signers (#4151) [Indrranil Pawar]
+ Standardise module names in cloud.cfg.tmpl to only use underscore
(#4128) [dermotbradley]
+ Modify PR template so autoclose works
From 23.2.2
+ Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271)
(LP: #2028562)
+ Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784)
From 23.2.1
+ nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204)
(Fixes: 4203) (LP: #2025180)
From 23.2
+ BSD: simplify finding MBR partitions by removing duplicate code
[Mina Galić]
+ tests: bump pycloudlib version for mantic builds
+ network-manager: Set higher autoconnect priority for nm keyfiles (#3671)
[Ani Sinha]
+ alpine.py: change the locale file used (#4139) [dermotbradley]
+ cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Galić]
+ config: drop refresh_rmc_and_interface as RHEL 7 no longer supported
[Robert Schweikert]
+ docs: Add feedback button to docs
+ net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh
plugin (#4132) [Ani Sinha]
+ For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley]
+ network_manager: add a method for ipv6 static IP configuration (#4127)
[Ani Sinha]
+ correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley]
+ nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115)
[Ani Sinha]
+ Add templates for GitHub Issues
+ Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela]
+ FreeBSD: Fix user account locking (#4114) [Mina Galić] (GH: #1854594)
+ FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Galić]
+ Update tests in Azure TestCanDevBeReformatted class (#2771)
[Ksenija Stanojevic]
+ Replace Launchpad references with GitHub Issues
+ Fix KeyError in iproute pformat (#3287) [Dmitry Zykov]
+ schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance
+ azure/errors: introduce reportable errors for imds (#3647)
[Chris Patterson]
+ FreeBSD (and friends): better identify MBR slices (#2168)
[Mina Galić] (LP: #2016350)
+ azure/errors: add host reporting for dhcp errors (#2167)
[Chris Patterson]
+ net: purge blacklist_drivers across net and azure (#2160)
[Chris Patterson]
+ net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153)
[Chris Patterson]
+ tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d
(#2251)
+ net: refactor find_candidate_nics_on_linux() to use get_interfaces()
(#2159) [Chris Patterson]
+ resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden]
+ Remove mount NTFS error message (#2134) [Ksenija Stanojevic]
+ integration tests: fix image specification parsing (#2166)
+ ci: add hypothesis scheduled GH check (#2149)
+ Move supported distros list to docs (#2162)
+ Fix logger, use instance rather than module function (#2163)
+ README: Point to Github Actions build status (#2158)
+ Revert 'fix linux-specific code on bsd (#2143)' (#2161)
+ Do not generate dsa and ed25519 key types when crypto FIPS mode is
enabled (#2142) [Ani Sinha] (LP: 2017761)
+ Add documentation label automatically (#2156)
+ sources/azure: report success to host and introduce kvp module (#2141)
[Chris Patterson]
+ setup.py: use pkg-config for udev/rules path (#2137) [dankm]
+ openstack/static: honor the DNS servers associated with a network
(#2138) [Gon?ri Le Bouder]
+ fix linux-specific code on bsd (#2143)
+ cli: schema validation of jinja template user-data (SC-1385) (#2132)
(LP: #1881925)
+ gce: activate network discovery on every boot (#2128)
+ tests: update integration test to assert 640 across reboots (#2145)
+ Make user/vendor data sensitive and remove log permissions (#2144)
(LP: #2013967)
+ Update kernel command line docs (SC-1457) (#2133)
+ docs: update network configuration path links (#2140) [d1r3ct0r]
+ sources/azure: report failures to host via kvp (#2136) [Chris Patterson]
+ net: Document use of `ip route append` to add routes (#2130)
+ dhcp: Add missing mocks (#2135)
+ azure/imds: retry fetching metadata up to 300 seconds (#2121)
[Chris Patterson]
+ [1/2] DHCP: Refactor dhcp client code (#2122)
+ azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson]
+ azure/errors: introduce reportable errors (#2129) [Chris Patterson]
+ users: schema permit empty list to indicate create no users
+ azure: introduce identity module (#2116) [Chris Patterson]
+ Standardize disabling cloud-init on non-systemd (#2112)
+ Update .github-cla-signers (#2126) [Rob Tongue]
+ NoCloud: Use seedfrom protocol to determine mode (#2107)
+ rhel: Remove sysvinit files. (#2114)
+ tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson]
+ Fix NoCloud kernel commandline semi-colon args
+ run-container: make the container/VM timeout configurable (#2118)
[Paride Legovini]
+ suse: Remove sysvinit files. (#2115)
+ test: Backport assert_call_count for old requests (#2119)
+ Add 'licebmi' as contributor (#2113) [Mark Martinez]
+ Adapt DataSourceScaleway to upcoming IPv6 support (#2033)
[Louis Bouchard]
+ rhel: make sure previous-hostname file ends with a new line (#2108)
[Ani Sinha]
+ Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai]
+ Cleanup ephemeral IP routes on exception (#2100) [sxt1001]
+ commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291)
+ Standardize kernel commandline user interface (#2093)
+ config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson]
+ Fix test_dhclient_exits_with_error (#2105)
+ net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083)
[Chris Patterson]
+ sources/azure: move pps handling out of _poll_imds() (#2075)
[Chris Patterson]
+ tests: bump pycloudlib version (#2102)
+ schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098)
+ sources/azure/imds: don't count timeout errors as connection errors
(#2074) [Chris Patterson]
+ Fix Python 3.12 unit test failures (#2099)
+ integration tests: Refactor instance checking (#1989)
+ ci: migrate remaining jobs from travis to gh (#2085)
+ missing ending quote in instancedata docs(#2094) [Hong L]
+ refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r]
+ tests/vmware: fix test_no_data_access_method failure (#2092)
[Chris Patterson]
+ Don't change permissions of netrules target (#2076) (LP: #2011783)
+ tests/sources: patch util.get_cmdline() for datasource tests (#2091)
[Chris Patterson]
+ macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090)
(LP: #2008888)
+ Fedora: Enable CA handling (#2086) [František Zatloukal]
+ Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa]
+ cc_ansible: complete the examples and doc (#2082) [Yves]
+ bddeb: for dev package, derive debhelper-compat from host system
+ apport: only prompt for cloud_name when instance-data.json is absent
+ datasource: Optimize datasource detection, fix bugs (#2060)
+ Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi]
+ sources/azure: add networking check for all source PPS (#2061)
[Chris Patterson]
+ do not attempt dns resolution on ip addresses (#2040)
+ chore: fix style tip (#2071)
+ Fix metadata IP in instancedata.rst (#2063) [Brian Haley]
+ util: Pass deprecation schedule in deprecate_call() (#2064)
+ config: Update grub-dpkg docs (#2058)
+ docs: Cosmetic improvements and styling (#2057) [s-makin]
+ cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner]
+ tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059)
+ oracle-ds: prefer system_cfg over ds network config source (#1998)
(LP: #1956788)
+ Remove dead code (#2038)
+ source: Force OpenStack when it is only option (#2045) (LP: #2008727)
+ cc_ubuntu_advantage: improve UA logs discovery
+ sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson]
+ tests: fix test_schema (#2042)
+ dhcp: Cleanup unused kwarg (#2037)
+ sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027)
[PengpengSun]
+ dhclient_hook: remove vestigal dhclient_hook command (#2015)
+ log: Add standardized deprecation tooling (SC-1312) (#2026)
+ Enable SUSE based distros for ca handling (#2036) [Robert Schweikert]
From 23.1.2
+ Make user/vendor data sensitive and remove log permissions
(LP: #2013967) (CVE-2023-1786)
- Remove six dependency (bsc#1198269)
- Update to version 22.4 (bsc#1201010)
ModerateSUSE bug 1198269SUSE bug 1201010SUSE bug 1214169SUSE bug 1215740SUSE bug 1215794SUSE bug 1216007SUSE bug 1216011CVE-2023-1786 at SUSECVE-2023-1786 at NVDcpe:/o:opensuse:leap:15.5Security update for vim (Important)openSUSE Leap 15.5
This update for vim fixes the following issues:
Updated to version 9.1.0111, fixes the following security problems
- CVE-2023-48231: Use-After-Free in win_close() (bsc#1217316).
- CVE-2023-48232: Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320).
- CVE-2023-48233: overflow with count for :s command (bsc#1217321).
- CVE-2023-48234: overflow in nv_z_get_count (bsc#1217324).
- CVE-2023-48235: overflow in ex address parsing (CVE-2023-48235).
- CVE-2023-48236: overflow in get_number (bsc#1217329).
- CVE-2023-48237: overflow in shift_line (bsc#1217330).
- CVE-2023-48706: heap-use-after-free in ex_substitute (bsc#1217432).
- CVE-2024-22667: stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581).
- CVE-2023-4750: Heap use-after-free in function bt_quickfix (bsc#1215005).
ImportantSUSE bug 1215005SUSE bug 1217316SUSE bug 1217320SUSE bug 1217321SUSE bug 1217324SUSE bug 1217326SUSE bug 1217329SUSE bug 1217330SUSE bug 1217432SUSE bug 1219581CVE-2023-4750 at SUSECVE-2023-4750 at NVDCVE-2023-48231 at SUSECVE-2023-48231 at NVDCVE-2023-48232 at SUSECVE-2023-48232 at NVDCVE-2023-48233 at SUSECVE-2023-48233 at NVDCVE-2023-48234 at SUSECVE-2023-48234 at NVDCVE-2023-48235 at SUSECVE-2023-48235 at NVDCVE-2023-48236 at SUSECVE-2023-48236 at NVDCVE-2023-48237 at SUSECVE-2023-48237 at NVDCVE-2023-48706 at SUSECVE-2023-48706 at NVDCVE-2024-22667 at SUSECVE-2024-22667 at NVDcpe:/o:opensuse:leap:15.5Security update for emacs (Moderate)openSUSE Leap 15.5
This update for emacs fixes the following issues:
- CVE-2024-30203: Fixed treating inline MIME contents as trusted (bsc#1222053)
- CVE-2024-30204: Fixed LaTeX preview enabled by default for e-mail attachments (bsc#1222052)
- CVE-2024-30205: Fixed Org mode considering contents of remote files as trusted (bsc#1222050)
ModerateSUSE bug 1222050SUSE bug 1222052SUSE bug 1222053CVE-2024-30203 at SUSECVE-2024-30203 at NVDCVE-2024-30204 at SUSECVE-2024-30204 at NVDCVE-2024-30205 at SUSECVE-2024-30205 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed denial of service due to Xen bug check triggered by HVM hypercalls (XSA-454) in xen x86 (bsc#1221984)
- CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455) in xen x86 (bsc#1222302)
- CVE-2024-2201: Fixed memory disclosure via Native Branch History Injection (XSA-456) in xen x86 (bsc#1222453)
Other fixes:
- Update to Xen 4.17.4 (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1221984SUSE bug 1222302SUSE bug 1222453CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-31142 at SUSECVE-2024-31142 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs20 (Important)openSUSE Leap 15.5
This update for nodejs20 fixes the following issues:
Update to 20.12.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
ImportantSUSE bug 1220053SUSE bug 1222244SUSE bug 1222384SUSE bug 1222530SUSE bug 1222603CVE-2024-24806 at SUSECVE-2024-24806 at NVDCVE-2024-27982 at SUSECVE-2024-27982 at NVDCVE-2024-27983 at SUSECVE-2024-27983 at NVDCVE-2024-30260 at SUSECVE-2024-30260 at NVDCVE-2024-30261 at SUSECVE-2024-30261 at NVDcpe:/o:opensuse:leap:15.5Security update for eclipse, maven-surefire, tycho (Moderate)openSUSE Leap 15.5
This update for eclipse, maven-surefire, tycho fixes the following issues:
eclipse received the following security fix:
- CVE-2023-4218: Fixed a bug where parsing files with xml content laeds to XXE attacks. (bsc#1216992)
maven-sunfire was updated from version 2.22.0 to 2.22.2:
- Changes in version 2.22.2:
* Bugs fixed:
+ Fixed JUnit Runner that writes to System.out corrupts Surefire’s STDOUT when using JUnit’s Vintage
Engine
- Changes in version 2.22.1:
* Bugs fixed:
+ Fixed Surefire unable to run testng suites in parallel
+ Fixed Git wrongly considering PNG files as changed when there is no change
+ Fixed the surefire XSD published on maven site lacking of some rerun element
+ Fixed XML Report elements rerunError, rerunFailure, flakyFailure, flakyError
+ Fixed overriding platform version through project/plugin dependencies
+ Fixed mixed up characters in standard output
+ Logs in Parallel Tests are mixed up when `forkMode=never` or `forkCount=0`
+ MIME type for javascript is now officially application/javascript
* Improvements:
+ Elapsed time in XML Report should satisfy pattern in XSD.
+ Fix old test resources TEST-*.xml in favor of continuing with SUREFIRE-1550
+ Nil element “failureMessage” in failsafe-summary.xml should have self closed tag
+ Removed obsolete module `surefire-setup-integration-tests`
+ Support Java 11
+ Surefire should support parameterized reportsDirectory
* Dependency upgrades:
+ Upgraded maven-plugins parent to version 32
+ Upgraded maven-plugins parent to version 33
tycho received the following bug fixes:
- Fixed build against maven-surefire 2.22.1 and newer
- Fixed build against newer plexus-compiler
- Fixed issues with plexus-archiver 4.4.0 and newer
- Require explicitely artifacts that will not be required automatically any more
ModerateSUSE bug 1216992CVE-2023-4218 at SUSECVE-2023-4218 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Important)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
Update to 18.20.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
ImportantSUSE bug 1220053SUSE bug 1222244SUSE bug 1222384SUSE bug 1222530SUSE bug 1222603CVE-2024-24806 at SUSECVE-2024-24806 at NVDCVE-2024-27982 at SUSECVE-2024-27982 at NVDCVE-2024-27983 at SUSECVE-2024-27983 at NVDCVE-2024-30260 at SUSECVE-2024-30260 at NVDCVE-2024-30261 at SUSECVE-2024-30261 at NVDcpe:/o:opensuse:leap:15.5Security update for texlive (Low)openSUSE Leap 15.5
This update for texlive fixes the following issues:
- CVE-2023-46048: Fixed NULL pointer dereference in texk/web2c/pdftexdir/writet1.c (bsc#1222126)
- CVE-2023-46051: Fixed NULL pointer dereference in texk/web2c/pdftexdir/tounicode.c (bsc#1222127)
LowSUSE bug 1222126SUSE bug 1222127CVE-2023-46048 at SUSECVE-2023-46048 at NVDCVE-2023-46051 at SUSECVE-2023-46051 at NVDcpe:/o:opensuse:leap:15.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)openSUSE Leap 15.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Improve the OrdinalPodInterfaceName mechanism (bsc#1222699)
Also containers were rebuilt against the current released updates.
ImportantSUSE bug 1222699cpe:/o:opensuse:leap:15.5Security update for pgadmin4 (Important)openSUSE Leap 15.5
This update for pgadmin4 fixes the following issues:
- CVE-2024-2044: Fixed unsafe deserialization and Remote Code Execution by an authenticated user (bsc#1221172)
ImportantSUSE bug 1221172CVE-2024-2044 at SUSECVE-2024-2044 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat (Important)openSUSE Leap 15.5
This update for tomcat fixes the following issues:
- CVE-2024-24549: Fixed denial of service during header validation for HTTP/2 stream (bsc#1221386)
- CVE-2024-23672: Fixed denial of service due to malicious WebSocket client keeping connection open (bsc#1221385)
Other fixes:
- Update to Tomcat 9.0.87
* Catalina
+ Fix: Minor performance improvement for building filter chains. Based
on ideas from #702 by Luke Miao. (remm)
+ Fix: Align error handling for Writer and OutputStream. Ensure use of
either once the response has been recycled triggers a
NullPointerException provided that discardFacades is configured with
the default value of true. (markt)
+ Fix: 68692: The standard thread pool implementations that are configured
using the Executor element now implement ExecutorService for better
support NIO2. (remm)
+ Fix: 68495: When restoring a saved POST request after a successful FORM
authentication, ensure that neither the URI, the query string nor the
protocol are corrupted when restoring the request body. (markt)
+ Fix: 68721: Workaround a possible cause of duplicate class definitions
when using ClassFileTransformers and the transformation of a class also
triggers the loading of the same class. (markt)
+ Fix: The rewrite valve should not do a rewrite if the output is
identical to the input. (remm)
+ Update: Add a new valveSkip (or VS) rule flag to the rewrite valve to
allow skipping over the next valve in the Catalina pipeline. (remm)
+ Fix: Correct JPMS and OSGi meta-data for tomcat-enbed-core.jar by
removing reference to org.apache.catalina.ssi package that is no longer
included in the JAR. Based on pull request #684 by Jendrik Johannes.
(markt)
+ Fix: Fix ServiceBindingPropertySource so that trailing \r\n sequences
are correctly removed from files containing property values when
configured to do so. Bug identified by Coverity Scan. (markt)
+ Add: Add improvements to the CSRF prevention filter including the
ability to skip adding nonces for resource name and subtree URL patterns.
(schultz)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: 68089: Further improve the performance of request attribute
access for ApplicationHttpRequest and ApplicationRequest. (markt)
+ Fix: 68559: Allow asynchronous error handling to write to the
response after an error during asynchronous processing. (markt)
* Coyote
+ Fix: Improve the HTTP/2 stream prioritisation process. If a stream
uses all of the connection windows and still has content to write, it
will now be added to the backlog immediately rather than waiting until
the write attempt for the remaining content. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
a connection is marked to be closed, further asynchronous processing
cannot change that. (markt)
+ Fix: Make asynchronous error handling more robust. Ensure that once
the call to AsyncListener.onError() has returned to the container, only
container threads can access the AsyncContext. This protects against
various race conditions that woudl otherwise occur if application threads
continued to access the AsyncContext.
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. In particular, most of the
HTTP/2 debug logging has been changed to trace level. (remm)
+ Fix: Add support for user provided SSLContext instances configured
on SSLHostConfigCertificate instances. Based on pull request #673
provided by Hakan Altındağ. (markt)
+ Fix: Improve the Tomcat Native shutdown process to reduce the likelihood
of a JVM crash during Tomcat shutdown. (markt)
+ Fix: Partial fix for 68558: Cache the result of converting to String
for request URI, HTTP header names and the request Content-Type value to
improve performance by reducing repeated byte[] to String conversions.
(markt)
+ Fix: Improve error reporting to HTTP/2 clients for header processing
errors by reporting problems at the end of the frame where the error was
detected rather than at the end of the headers. (markt)
+ Fix: Remove the remaining reference to a stream once the stream has
been recycled. This makes the stream eligible for garbage collection
earlier and thereby improves scalability. (markt)
* Jasper
+ Add: Add support for specifying Java 22 (with the value 22) as the
compiler source and/or compiler target for JSP compilation. If used with
an Eclipse JDT compiler version that does not support these values, a
warning will be logged and the default will used. (markt)
+ Fix: 68546: Generate optimal size and types for JSP imports maps, as
suggested by John Engebretson. (remm)
+ Fix: Review usage of debug logging and downgrade trace or data
dumping operations from debug level to trace. (remm)
* Cluster
+ Fix: Avoid updating request count stats on async. (remm)
* WebSocket
+ Fix: Correct a regression in the fix for 66508 that could cause an
UpgradeProcessor leak in some circumstances. (markt)
+ Fix: Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace. (remm)
+ Fix: Ensure that WebSocket connection closure completes if the
connection is closed when the server side has used the proprietary
suspend/resume feature to suspend the connection. (markt)
* Web applications
+ Add: Add support for responses in JSON format from the examples
application RequestHeaderExample. (schultz)
* Other
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Update Checkstyle to 10.13.0. (markt)
+ Update: Update JSign to 6.0. (markt)
+ Update: Add strings for debug level messages. (remm)
+ Update: Update Tomcat Native to 1.3.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
ImportantSUSE bug 1221385SUSE bug 1221386CVE-2024-23672 at SUSECVE-2024-23672 at NVDCVE-2024-24549 at SUSECVE-2024-24549 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Important)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
Security fixes:
- CVE-2024-24476: Fixed a denial of service in ws_manuf_lookup_str() (bsc#1220181)
Other fixes:
- Wireshark 3.6.22:
- Further features, bug fixes and updated protocol support as listed in:
https://www.wireshark.org/docs/relnotes/wireshark-3.6.22.html
ImportantSUSE bug 1220181CVE-2024-24476 at SUSECVE-2024-24476 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 115.10.0 ESR (MSFA 2024-19) (bsc#1222535):
- CVE-2024-3852: GetBoundName in the JIT returned the wrong object
- CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
- CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection
- CVE-2024-2609: Permission prompt input delay could expire when not in focus
- CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
- CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
- CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows
- CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
- CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10
ImportantSUSE bug 1222535CVE-2024-2609 at SUSECVE-2024-2609 at NVDCVE-2024-3302 at SUSECVE-2024-3302 at NVDCVE-2024-3852 at SUSECVE-2024-3852 at NVDCVE-2024-3854 at SUSECVE-2024-3854 at NVDCVE-2024-3857 at SUSECVE-2024-3857 at NVDCVE-2024-3859 at SUSECVE-2024-3859 at NVDCVE-2024-3861 at SUSECVE-2024-3861 at NVDCVE-2024-3863 at SUSECVE-2024-3863 at NVDCVE-2024-3864 at SUSECVE-2024-3864 at NVDcpe:/o:opensuse:leap:15.5Security update for graphviz (Low)openSUSE Leap 15.5
This update for graphviz fixes the following issues:
- CVE-2023-46045: Fixed out-of-bounds read via a crafted config6a file (bsc#1219491)
LowSUSE bug 1219491CVE-2023-46045 at SUSECVE-2023-46045 at NVDcpe:/o:opensuse:leap:15.5Security update for pam (Moderate)openSUSE Leap 15.5
This update for pam fixes the following issues:
- CVE-2024-22365: Fixed a local denial of service during PAM login
due to a missing check during path manipulation (bsc#1218475).
- Check localtime_r() return value to fix crashing (bsc#1217000)
ModerateSUSE bug 1217000SUSE bug 1218475CVE-2024-22365 at SUSECVE-2024-22365 at NVDcpe:/o:opensuse:leap:15.5Security update for apache-commons-configuration2 (Moderate)openSUSE Leap 15.5
This update for apache-commons-configuration2 fixes the following issues:
- CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797).
- CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793).
ModerateSUSE bug 1221793SUSE bug 1221797CVE-2024-29131 at SUSECVE-2024-29131 at NVDCVE-2024-29133 at SUSECVE-2024-29133 at NVDcpe:/o:opensuse:leap:15.5Security update for shim (Important)openSUSE Leap 15.5
This update for shim fixes the following issues:
- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
- Limit the requirement of fde-tpm-helper-macros to the distro with
suse_version 1600 and above (bsc#1219460)
Update to version 15.8:
Security issues fixed:
- mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546)
- avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547)
- Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548)
- Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549)
- pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550)
- pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551)
The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now.
- Generate dbx during build so we don't include binary files in sources
- Don't require grub so shim can still be used with systemd-boot
- Update shim-install to fix boot failure of ext4 root file system
on RAID10 (bsc#1205855)
- Adopt the macros from fde-tpm-helper-macros to update the
signature in the sealed key after a bootloader upgrade
- Update shim-install to amend full disk encryption support
- Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
- Use the long name to specify the grub2 key protector
- cryptodisk: support TPM authorized policies
- Do not use tpm_record_pcrs unless the command is in command.lst
- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
enable the NX compatibility flag when using post-process-pe after
discussed with grub2 experts in mail. It's useful for further development
and testing. (bsc#1205588)
ImportantSUSE bug 1198101SUSE bug 1205588SUSE bug 1205855SUSE bug 1210382SUSE bug 1213945SUSE bug 1215098SUSE bug 1215099SUSE bug 1215100SUSE bug 1215101SUSE bug 1215102SUSE bug 1215103SUSE bug 1219460CVE-2022-28737 at SUSECVE-2022-28737 at NVDCVE-2023-40546 at SUSECVE-2023-40546 at NVDCVE-2023-40547 at SUSECVE-2023-40547 at NVDCVE-2023-40548 at SUSECVE-2023-40548 at NVDCVE-2023-40549 at SUSECVE-2023-40549 at NVDCVE-2023-40550 at SUSECVE-2023-40550 at NVDCVE-2023-40551 at SUSECVE-2023-40551 at NVDcpe:/o:opensuse:leap:15.5Security update for glibc (Important)openSUSE Leap 15.5
This update for glibc fixes the following issues:
- iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)
ImportantSUSE bug 1222992CVE-2024-2961 at SUSECVE-2024-2961 at NVDcpe:/o:opensuse:leap:15.5Security update for polkit (Low)openSUSE Leap 15.5
This update for polkit fixes the following issues:
- Change permissions for rules folders (bsc#1209282)
LowSUSE bug 1209282cpe:/o:opensuse:leap:15.5Security update for apache-commons-configuration (Moderate)openSUSE Leap 15.5
This update for apache-commons-configuration fixes the following issues:
- CVE-2024-29131: Fixed StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator() (bsc#1221797).
- CVE-2024-29133: Fixed StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree (bsc#1221793).
ModerateSUSE bug 1221793SUSE bug 1221797CVE-2024-29131 at SUSECVE-2024-29131 at NVDCVE-2024-29133 at SUSECVE-2024-29133 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtbase (Moderate)openSUSE Leap 15.5
This update for libqt5-qtbase fixes the following issues:
- CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413).
ModerateSUSE bug 1218413CVE-2023-51714 at SUSECVE-2023-51714 at NVDcpe:/o:opensuse:leap:15.5Security update for libssh (Important)openSUSE Leap 15.5
This update for libssh fixes the following issues:
Security fixes:
- CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209)
- CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126)
- CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186)
- CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188)
- CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190)
Other fixes:
- Update to version 0.9.8
- Allow @ in usernames when parsing from URI composes
- Update to version 0.9.7
- Fix several memory leaks in GSSAPI handling code
ImportantSUSE bug 1211188SUSE bug 1211190SUSE bug 1218126SUSE bug 1218186SUSE bug 1218209CVE-2023-1667 at SUSECVE-2023-1667 at NVDCVE-2023-2283 at SUSECVE-2023-2283 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDCVE-2023-6004 at SUSECVE-2023-6004 at NVDCVE-2023-6918 at SUSECVE-2023-6918 at NVDcpe:/o:opensuse:leap:15.5Security update for opensc (Moderate)openSUSE Leap 15.5
This update for opensc fixes the following issues:
- CVE-2023-5992: Fixed side-channel leaks while stripping encryption PKCS#1 padding (bsc#1219386)
ModerateSUSE bug 1219386CVE-2023-5992 at SUSECVE-2023-5992 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.24 (Low)openSUSE Leap 15.5
This update for kubernetes1.24 fixes the following issues:
- CVE-2024-3177: Fixed bypass of mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1222539)
LowSUSE bug 1222539CVE-2024-3177 at SUSECVE-2024-3177 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Low)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- CVE-2024-3177: Fixed bypass of mountable secrets policy imposed by the ServiceAccount admission plugin (bsc#1222539)
LowSUSE bug 1222539CVE-2024-3177 at SUSECVE-2024-3177 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- Revert 'Limit kernel-source-azure build to architectures for which we build binaries (bsc#1108281).'
- Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (git-fixes).
- Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (git-fixes).
- Revert 'md: unlock mddev before reap sync_thread in action_store' (git-fixes).
- Revert 'swiotlb: panic if nslabs is too small' (git-fixes).
- Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix 'rodata=on' when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: oMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: pL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kernel-source: Remove config-options.changes (jsc#PED-5021)
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- kvm: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- usb: serial: option: add Quectel EG912Y module support (git-fixes).
- usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up '%Ld/%Lu' which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
ImportantSUSE bug 1108281SUSE bug 1179610SUSE bug 1183045SUSE bug 1211162SUSE bug 1211226SUSE bug 1212139SUSE bug 1212584SUSE bug 1214117SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1215952SUSE bug 1216032SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217822SUSE bug 1217927SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218092SUSE bug 1218139SUSE bug 1218184SUSE bug 1218229SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218397SUSE bug 1218447SUSE bug 1218461SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218643CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 115.10.1
Security fixes (MFSA 2024-20) (bsc#1222535):
- CVE-2024-3852: GetBoundName in the JIT returned the wrong object (bmo#1883542)
- CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement (bmo#1884552)
- CVE-2024-3857: Incorrect JITting of arguments led to use-after-free during garbage collection (bmo#1886683)
- CVE-2024-2609: Permission prompt input delay could expire when not in focus (bmo#1866100)
- CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (bmo#1874489)
- CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move (bmo#1883158)
- CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on Windows (bmo#1885855)
- CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames (bmo#1881183, https://kb.cert.org/vuls/id/421644)
- CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (bmo#1888333)
Other Fixes:
* fixed: Thunderbird processes did not exit cleanly; user
intervention was required via task manager (bmo#1891889)
* unresolved: After changing password on an IMAP account, the
account could become locked due to too many failed login
attempts (bmo#1862111)
* fixed: Creating a tag in General Settings with a number as
the tag name did not work (bmo#1881124)
* fixed: Quick Filter button selections did not persist after
restart (bmo#1847265)
* fixed: Collapsing and expanding message list headers
sometimes caused header to scroll out of view (bmo#1862197)
* fixed: Single message with no children inside a parent thread
sometimes displayed incorrectly as a thread with a duplicate
of itself as its child (bmo#1427546)
* fixed: 'Get selected messages' menu items did not work
(bmo#1867091)
* fixed: 'Download and Sync Messages' dialog was too short when
using Russian locale, obscuring OK button (bmo#1881795)
* fixed: After changing password on an IMAP account, the
account could become locked due to too many failed login
attempts (bmo#1862111)
* fixed: Retrieving multiline POP3 message from server failed
if message chunk ended in newline instead of carriage return
and newline (bmo#1883760)
* fixed: IMAP, POP3, and SMTP Exchange autoconfiguration did
not support encryption configuration (bmo#1876992)
* fixed: Non-empty address book search bar interfered with
displaying/editing contacts (bmo#1833031)
* fixed: Deleting attendees from 'Invite Attendees' view
removed attendees from view, but not from invite
(bmo#1874450)
* fixed: Splitter arrow between task list and task description
did not behave as expected (bmo#1889562)
* fixed: Performance improvements and code cleanup
(bmo#1878257,bmo#1883550)
* fixed: Security fixes
* unresolved: Thunderbird processes did not exit cleanly; user
intervention was required via task manager (bmo#1891889)
ImportantSUSE bug 1222535CVE-2024-2609 at SUSECVE-2024-2609 at NVDCVE-2024-3302 at SUSECVE-2024-3302 at NVDCVE-2024-3852 at SUSECVE-2024-3852 at NVDCVE-2024-3854 at SUSECVE-2024-3854 at NVDCVE-2024-3857 at SUSECVE-2024-3857 at NVDCVE-2024-3859 at SUSECVE-2024-3859 at NVDCVE-2024-3861 at SUSECVE-2024-3861 at NVDCVE-2024-3863 at SUSECVE-2024-3863 at NVDCVE-2024-3864 at SUSECVE-2024-3864 at NVDcpe:/o:opensuse:leap:15.5Security update for qemu (Important)openSUSE Leap 15.5
This update for qemu fixes the following issues:
- CVE-2024-3447: Fixed heap buffer overflow in sdhci_write_dataport() (bsc#1222845)
- CVE-2023-6683: Fixed NULL pointer dereference in qemu_clipboard_request() (bsc#1218889)
- CVE-2024-3446: Fixed DMA reentrancy issue leads to double free vulnerability (bsc#1222843)
- CVE-2023-3019: Fixed heap use-after-free in e1000e_write_packet_to_guest() (bsc#1213269)
ImportantSUSE bug 1213269SUSE bug 1218889SUSE bug 1222843SUSE bug 1222845CVE-2023-3019 at SUSECVE-2023-3019 at NVDCVE-2023-6683 at SUSECVE-2023-6683 at NVDCVE-2024-3446 at SUSECVE-2024-3446 at NVDCVE-2024-3447 at SUSECVE-2024-3447 at NVDcpe:/o:opensuse:leap:15.5Security update for python-idna (Moderate)openSUSE Leap 15.5
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842).
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:opensuse:leap:15.5Security update for python-gunicorn (Important)openSUSE Leap 15.5
This update for python-gunicorn fixes the following issues:
- CVE-2024-1135: Fixed HTTP Request Smuggling (bsc#1222950)
ImportantSUSE bug 1222950CVE-2024-1135 at SUSECVE-2024-1135 at NVDcpe:/o:opensuse:leap:15.5Security update for php7 (Moderate)openSUSE Leap 15.5
This update for php7 fixes the following issues:
- CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857)
- CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858)
ModerateSUSE bug 1222857SUSE bug 1222858CVE-2024-2756 at SUSECVE-2024-2756 at NVDCVE-2024-3096 at SUSECVE-2024-3096 at NVDcpe:/o:opensuse:leap:15.5Security update for php8 (Moderate)openSUSE Leap 15.5
This update for php8 fixes the following issues:
- CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857)
- CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858)
ModerateSUSE bug 1222857SUSE bug 1222858CVE-2024-2756 at SUSECVE-2024-2756 at NVDCVE-2024-3096 at SUSECVE-2024-3096 at NVDcpe:/o:opensuse:leap:15.5Security update for openCryptoki (Moderate)openSUSE Leap 15.5
This update for openCryptoki fixes the following issues:
Upgrade openCryptoki to version 3.23 (jsc#PED-3360, jsc#PED-3361)
* EP11: Add support for FIPS-session mode
* CVE-2024-0914: Updates to harden against RSA timing attacks (bsc#1219217)
* Bug fixes
- provide user(pkcs11) and group(pkcs11)
Upgrade to version 3.22 (jsc#PED-3361)
- CCA: Add support for the AES-XTS key type using CPACF protected keys
- p11sak: Add support for managing certificate objects
- p11sak: Add support for public sessions (no-login option)
- p11sak: Add support for logging in as SO (security Officer)
- p11sak: Add support for importing/exporting Edwards and Montgomery keys
- p11sak: Add support for importing of RSA-PSS keys and certificates
- CCA/EP11/Soft/ICA: Ensure that the 2 key parts of an AES-XTS key are different
Update to version 3.21 (jsc#PED-3360, jsc#PED-3361)
- EP11 and CCA: Support concurrent HSM master key changes
- CCA: protected-key option
- pkcsslotd: no longer run as root user and further hardening
- p11sak: Add support for additional key types (DH, DSA, generic secret)
- p11sak: Allow wildcards in label filter
- p11sak: Allow to specify hex value for CKA_ID attribute
- p11sak: Support sorting when listing keys
- p11sak: New commands: set-key-attr, copy-key to modify and copy keys
- p11sak: New commands: import-key, export-key to import and export keys
- Remove support for --disable-locks (transactional memory)
- Updates to harden against RSA timing attacks
- Bug fixes
ModerateSUSE bug 1219217CVE-2024-0914 at SUSECVE-2024-0914 at NVDcpe:/o:opensuse:leap:15.5Feature update for python-M2Crypto (Low)openSUSE Leap 15.5
This update for python-M2Crypto fixes the following issue:
- Build for modern python stack
- Adds python311-M2Crypto
LowSUSE bug 1205042SUSE bug 1212757SUSE bug 1217782CVE-2020-25657 at SUSECVE-2020-25657 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Low)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
- CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
- CVE-2024-21085: Fixed Pack200 excessive memory allocation (JDK-8322114,bsc#1222984)
- CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes:
- Update to version jdk8u412 (icedtea-3.31.0) (April 2024 CPU)
* Security fixes
+ JDK-8318340: Improve RSA key implementations
* Import of OpenJDK 8 u412 build 08
+ JDK-8011180: Delete obsolete scripts
+ JDK-8016451: Scary messages emitted by
build.tools.generatenimbus.PainterGenerator during build
+ JDK-8021961: setAlwaysOnTop doesn't behave correctly in
Linux/Solaris under certain scenarios
+ JDK-8023735: [TESTBUG][macosx]
runtime/XCheckJniJsig/XCheckJSig.java fails on MacOS X
+ JDK-8074860: Structured Exception Catcher missing around
CreateJavaVM on Windows
+ JDK-8079441: Intermittent failures on Windows with 'Unexpected
exit from test [exit code: 1080890248]' (0x406d1388)
+ JDK-8155590: Dubious collection management in
sun.net.www.http.KeepAliveCache
+ JDK-8168518: rcache interop with krb5-1.15
+ JDK-8183503: Update hotspot tests to allow for unique test
classes directory
+ JDK-8186095: upgrade to jtreg 4.2 b08
+ JDK-8186199: [windows] JNI_DestroyJavaVM not covered by SEH
+ JDK-8192931: Regression test
java/awt/font/TextLayout/CombiningPerf.java fails
+ JDK-8208655: use JTreg skipped status in hotspot tests
+ JDK-8208701: Fix for JDK-8208655 causes test failures in CI
tier1
+ JDK-8208706: compiler/tiered/
/ConstantGettersTransitionsTest.java fails to compile
+ JDK-8213410: UseCompressedOops requirement check fails fails
on 32-bit system
+ JDK-8222323: ChildAlwaysOnTopTest.java fails with
'RuntimeException: Failed to unset alwaysOnTop'
+ JDK-8224768: Test ActalisCA.java fails
+ JDK-8251155: HostIdentifier fails to canonicalize hostnames
starting with digits
+ JDK-8251551: Use .md filename extension for README
+ JDK-8268678: LetsEncryptCA.java test fails as Let’s Encrypt
Authority X3 is retired
+ JDK-8270280: security/infra/java/security/cert/
/CertPathValidator/certification/LetsEncryptCA.java OCSP
response error
+ JDK-8270517: Add Zero support for LoongArch
+ JDK-8272708: [Test]: Cleanup: test/jdk/security/infra/java/
/security/cert/CertPathValidator/certification/BuypassCA.java
no longer needs ocspEnabled
+ JDK-8276139: TestJpsHostName.java not reliable, better to
expand HostIdentifierCreate.java test
+ JDK-8288132: Update test artifacts in QuoVadis CA interop
tests
+ JDK-8297955: LDAP CertStore should use LdapName and not
String for DNs
+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash
+ JDK-8308592: Framework for CA interoperability testing
+ JDK-8312126: NullPointerException in CertStore.getCRLs after
8297955
+ JDK-8315042: NPE in PKCS7.parseOldSignedData
+ JDK-8315757: [8u] Add cacerts JTREG tests to GHA tier1 test
set
+ JDK-8320713: Bump update version of OpenJDK: 8u412
+ JDK-8321060: [8u] hotspot needs to recognise VS2022
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322750: Test 'api/java_awt/interactive/
/SystemTrayTests.html' failed because A blue ball icon is
added outside of the system tray
+ JDK-8323202: [8u] Remove get_source.sh and hgforest.sh
+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/
/platform/docker/TestDockerMemoryMetrics.java always fail
because OOM killed
+ JDK-8324530: Build error with gcc 10
+ JDK-8325150: (tz) Update Timezone Data to 2024a
* Bug fixes
+ Support make 4.4
- Do not recommend timezone-java8 (bsc#1213470)
- Use %patch -P N instead of deprecated %patchN.
LowSUSE bug 1213470SUSE bug 1222979SUSE bug 1222983SUSE bug 1222984SUSE bug 1222986CVE-2024-21011 at SUSECVE-2024-21011 at NVDCVE-2024-21068 at SUSECVE-2024-21068 at NVDCVE-2024-21085 at SUSECVE-2024-21085 at NVDCVE-2024-21094 at SUSECVE-2024-21094 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2024-27913: Fixed a denial of service issue via a malformed OSPF LSA packet (bsc#1220548).
- CVE-2024-31948: Fixed denial of service due to malformed Prefix SID attribute in BGP Update packet (bsc#1222518).
ImportantSUSE bug 1220548SUSE bug 1222518CVE-2024-27913 at SUSECVE-2024-27913 at NVDCVE-2024-31948 at SUSECVE-2024-31948 at NVDcpe:/o:opensuse:leap:15.5Security update for jasper (Important)openSUSE Leap 15.5
This update for jasper fixes the following issues:
- CVE-2024-31744: Fixed denial of service through assertion failure in jpc_streamlist_remove() (bsc#1223155).
ImportantSUSE bug 1223155CVE-2024-31744 at SUSECVE-2024-31744 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
NOTE: This update has been retracted due to a bug in the BHI CPU sidechannel mitigation, which led to incorrect selection of other CPU mitigations.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix VA-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: Correct GPL license name (git-fixes).
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during AER recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it (git-fixes).
- drm/amd/display: Add function for validate and update new stream (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm/amd/display: Copy DC context in the commit streams (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to access PHY (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: Fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (git-fixes).
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes).
- drm/amd/display: Return the correct HDCP error code (stable-fixes).
- drm/amd/display: Revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-fixes).
- drm/amd/display: Update OTG instance in the commit stream (git-fixes).
- drm/amd/display: Update correct DCN314 register header (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy p-state (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes).
- drm/amd/display: Use min transition for all SubVP plane add/remove (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off ODM before committing more streams (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: handle range offsets in VRR ranges (stable-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (git-fixes).
- drm/amdgpu: Force order between a read and write to the same address (git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes).
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/ttm: Do not leak a resource on eviction error (git-fixes).
- drm/ttm: Do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-fixes).
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: Mark interrupt as managed (git-fixes).
- iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- iommu/vt-d: Allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: Do not issue ATS Invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes).
- kabi: PCI: Add locking to RMW PCI Express Capability Register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-commit).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion msg (git-fixes).
- make NVIDIA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should wait on the reshape (git-fixes).
- md: Do not ignore suspended array in md_check_recovery() (git-fixes).
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
- md: Whenassemble the array, consult the superblock of the freshest device (git-fixes).
- md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: Fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: Fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: Fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: Fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: Remove duplicate assignment (git-fixes)
- rdma/mana_ib: Fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing Eth segment (git-fixes)
- rdma/mlx5: relax DEVX access upon modify commands (git-fixes)
- rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert 'PCI: tegra194: Enable support for 256 Byte payload' (git-fixes).
- revert 'Revert 'drm/amdgpu/display: change pipe policy for DCN 2.0'' (git-fixes).
- revert 'SUNRPC dont update timeout value on connection reset' (git-fixes).
- revert 'drm/amd: Disable PSR-SU on Parade 0803 TCON' (git-fixes).
- revert 'drm/amd: Disable S/G for APUs when 64GB or more host memory' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for DCN 2.0' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for DCN 2.1' (git-fixes).
- revert 'drm/vc4: hdmi: Enforce the minimum rate at runtime_resume' (git-fixes).
- revert 'fbdev: flush deferred IO before closing (git-fixes).' (bsc#1221814)
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: Add an IS_ERR() check back to where it was (git-fixes).
- sunrpc: ECONNRESET might require a rebind (git-fixes).
- sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: Fix a suspicious RCU usage warning (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1200465SUSE bug 1205316SUSE bug 1207948SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1214852SUSE bug 1215221SUSE bug 1215322SUSE bug 1217339SUSE bug 1217829SUSE bug 1217959SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218321SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1218643SUSE bug 1218777SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1219834SUSE bug 1220114SUSE bug 1220176SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220325SUSE bug 1220328SUSE bug 1220337SUSE bug 1220340SUSE bug 1220365SUSE bug 1220366SUSE bug 1220398SUSE bug 1220411SUSE bug 1220413SUSE bug 1220433SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220469SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220492SUSE bug 1220703SUSE bug 1220735SUSE bug 1220736SUSE bug 1220775SUSE bug 1220790SUSE bug 1220797SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220845SUSE bug 1220848SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220883SUSE bug 1220885SUSE bug 1220887SUSE bug 1220898SUSE bug 1220917SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1220933SUSE bug 1220937SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221044SUSE bug 1221045SUSE bug 1221046SUSE bug 1221048SUSE bug 1221055SUSE bug 1221056SUSE bug 1221058SUSE bug 1221060SUSE bug 1221061SUSE bug 1221062SUSE bug 1221066SUSE bug 1221067SUSE bug 1221068SUSE bug 1221069SUSE bug 1221070SUSE bug 1221071SUSE bug 1221077SUSE bug 1221082SUSE bug 1221090SUSE bug 1221097SUSE bug 1221156SUSE bug 1221252SUSE bug 1221273SUSE bug 1221274SUSE bug 1221276SUSE bug 1221277SUSE bug 1221291SUSE bug 1221293SUSE bug 1221298SUSE bug 1221337SUSE bug 1221338SUSE bug 1221375SUSE bug 1221379SUSE bug 1221551SUSE bug 1221553SUSE bug 1221613SUSE bug 1221614SUSE bug 1221616SUSE bug 1221618SUSE bug 1221631SUSE bug 1221633SUSE bug 1221713SUSE bug 1221725SUSE bug 1221777SUSE bug 1221814SUSE bug 1221816SUSE bug 1221830SUSE bug 1221951SUSE bug 1222033SUSE bug 1222056SUSE bug 1222060SUSE bug 1222070SUSE bug 1222073SUSE bug 1222117SUSE bug 1222274SUSE bug 1222291SUSE bug 1222300SUSE bug 1222304SUSE bug 1222317SUSE bug 1222331SUSE bug 1222355SUSE bug 1222356SUSE bug 1222360SUSE bug 1222366SUSE bug 1222373SUSE bug 1222619SUSE bug 1222952CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2022-48628 at SUSECVE-2022-48628 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52453 at SUSECVE-2023-52453 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52462 at SUSECVE-2023-52462 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52481 at SUSECVE-2023-52481 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52486 at SUSECVE-2023-52486 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52493 at SUSECVE-2023-52493 at NVDCVE-2023-52494 at SUSECVE-2023-52494 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52518 at SUSECVE-2023-52518 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-52563 at SUSECVE-2023-52563 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52587 at SUSECVE-2023-52587 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52594 at SUSECVE-2023-52594 at NVDCVE-2023-52595 at SUSECVE-2023-52595 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52598 at SUSECVE-2023-52598 at NVDCVE-2023-52599 at SUSECVE-2023-52599 at NVDCVE-2023-52600 at SUSECVE-2023-52600 at NVDCVE-2023-52601 at SUSECVE-2023-52601 at NVDCVE-2023-52602 at SUSECVE-2023-52602 at NVDCVE-2023-52603 at SUSECVE-2023-52603 at NVDCVE-2023-52604 at SUSECVE-2023-52604 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52606 at SUSECVE-2023-52606 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52608 at SUSECVE-2023-52608 at NVDCVE-2023-52612 at SUSECVE-2023-52612 at NVDCVE-2023-52615 at SUSECVE-2023-52615 at NVDCVE-2023-52617 at SUSECVE-2023-52617 at NVDCVE-2023-52619 at SUSECVE-2023-52619 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-52623 at SUSECVE-2023-52623 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-52632 at SUSECVE-2023-52632 at NVDCVE-2023-52637 at SUSECVE-2023-52637 at NVDCVE-2023-52639 at SUSECVE-2023-52639 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-25739 at SUSECVE-2024-25739 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26599 at SUSECVE-2024-26599 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26612 at SUSECVE-2024-26612 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26620 at SUSECVE-2024-26620 at NVDCVE-2024-26627 at SUSECVE-2024-26627 at NVDCVE-2024-26629 at SUSECVE-2024-26629 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26645 at SUSECVE-2024-26645 at NVDCVE-2024-26646 at SUSECVE-2024-26646 at NVDCVE-2024-26651 at SUSECVE-2024-26651 at NVDCVE-2024-26654 at SUSECVE-2024-26654 at NVDCVE-2024-26659 at SUSECVE-2024-26659 at NVDCVE-2024-26664 at SUSECVE-2024-26664 at NVDCVE-2024-26667 at SUSECVE-2024-26667 at NVDCVE-2024-26670 at SUSECVE-2024-26670 at NVDCVE-2024-26695 at SUSECVE-2024-26695 at NVDCVE-2024-26717 at SUSECVE-2024-26717 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg (Important)openSUSE Leap 15.5
This update for ffmpeg fixes the following issues:
- CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070)
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235)
Adding references for already fixed issues:
- CVE-2021-38091: Fixed integer overflow in function filter16_sobel in libavfilter/vf_convolution.c (bsc#1190732)
- CVE-2021-38090: Fixed integer overflow in function filter16_roberts in libavfilter/vf_convolution.c (bsc#1190731)
- CVE-2020-20898: Fixed integer overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c (bsc#1190724)
- CVE-2020-20901: Fixed buffer overflow vulnerability in function filter_frame in libavfilter/vf_fieldorder.c (bsc#1190728)
- CVE-2020-20900: Fixed buffer overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190727)
- CVE-2020-20894: Fixed buffer Overflow vulnerability in function gaussian_blur in libavfilter/vf_edgedetect.c (bsc#1190721)
ImportantSUSE bug 1190721SUSE bug 1190724SUSE bug 1190727SUSE bug 1190728SUSE bug 1190731SUSE bug 1190732SUSE bug 1223070SUSE bug 1223235CVE-2020-20894 at SUSECVE-2020-20894 at NVDCVE-2020-20898 at SUSECVE-2020-20898 at NVDCVE-2020-20900 at SUSECVE-2020-20900 at NVDCVE-2020-20901 at SUSECVE-2020-20901 at NVDCVE-2021-38090 at SUSECVE-2021-38090 at NVDCVE-2021-38091 at SUSECVE-2021-38091 at NVDCVE-2021-38094 at SUSECVE-2021-38094 at NVDCVE-2023-49502 at SUSECVE-2023-49502 at NVDCVE-2024-31578 at SUSECVE-2024-31578 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg-4 (Important)openSUSE Leap 15.5
This update for ffmpeg-4 fixes the following issues:
- CVE-2024-31578: Fixed heap use-after-free via av_hwframe_ctx_init() when vulkan_frames init failed (bsc#1223070)
- CVE-2023-49502: Fixed heap buffer overflow via the ff_bwdif_filter_intra_c function in libavfilter/bwdifdsp.c (bsc#1223235)
- CVE-2023-51793: Fixed heap buffer overflow in the image_copy_plane function in libavutil/imgutils.c (bsc#1223272)
ImportantSUSE bug 1223070SUSE bug 1223235SUSE bug 1223272CVE-2023-49502 at SUSECVE-2023-49502 at NVDCVE-2023-51793 at SUSECVE-2023-51793 at NVDCVE-2024-31578 at SUSECVE-2024-31578 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2022-48628: Fixed possible lock in ceph (bsc#1220848).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52462: Fixed check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-25743: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
The following non-security bugs were fixed:
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: add rx dma channel for spdif (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix usb otg vbus (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on armada socs (git-fixes)
- arm64: dts: rockchip: add es8316 codec for rock pi 4 (git-fixes)
- arm64: dts: rockchip: add spdif node for rock pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix va-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: fix pci device id table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: initialize backlight_properties on init (git-fixes).
- backlight: lm3639: fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: fully initialize backlight_properties during probe (git-fixes).
- blocklayoutdriver: fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: Remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: Remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: correct gpl license name (git-fixes).
- bpf, sockmap: fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant null check (git-fixes).
- clk: zynq: prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: do not access trcidr1 for identification (bsc#1220775)
- coresight: etm4x: fix accesses to trcseqrstevr and trcseqstr (bsc#1220775)
- coresight: etm: override trcidr3.ccitmin on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during aer recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/readme.suse: update information about module support status (jsc#ped-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: add fams validation before trying to use it (git-fixes).
- drm/amd/display: add fb_damage_clips support (git-fixes).
- drm/amd/display: add function for validate and update new stream (git-fixes).
- drm/amd/display: add odm case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off odm before committing more streams (git-fixes).
- drm/amd/display: avoid abm when odm combine is enabled for edp (git-fixes).
- drm/amd/display: blocking invalid 420 modes on hdmi tmds for dcn31 (git-fixes).
- drm/amd/display: check if link state is valid (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: copy dc context in the commit streams (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: disable psr-su on parade 0803 tcon again (git-fixes).
- drm/amd/display: enable fast plane updates on dcn3.2 and above (git-fixes).
- drm/amd/display: enable new commit sequence only for dcn32x (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: exit idle optimizations before attempt to access phy (git-fixes).
- drm/amd/display: expand kernel doc for dc (git-fixes).
- drm/amd/display: fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: fix a null pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: fix abm disablement (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when psr-su is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: fix the delta clamping for shaper lut (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: for prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: guard against invalid rptr/wptr being set (git-fixes).
- drm/amd/display: guard dcn31 phyd32clk logic against chip family (git-fixes).
- drm/amd/display: handle range offsets in vrr ranges (stable-fixes).
- drm/amd/display: handle seamless boot stream (git-fixes).
- drm/amd/display: handle virtual hardware detect (git-fixes).
- drm/amd/display: include surface of unaffected streams (git-fixes).
- drm/amd/display: include udelay when waiting for inbox0 ack (git-fixes).
- drm/amd/display: increase frame warning limit with kasan or kcsan in dml (git-fixes).
- drm/amd/display: keep phy active for dp config (git-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: remove min_dst_y_next_start check for z8 (git-fixes).
- drm/amd/display: restore rptr/wptr for dmcub as workaround (git-fixes).
- drm/amd/display: return the correct hdcp error code (stable-fixes).
- drm/amd/display: revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: rework comments on dc file (git-fixes).
- drm/amd/display: rework context change check (git-fixes).
- drm/amd/display: set minimum requirement for using psr-su on phoenix (git-fixes).
- drm/amd/display: set minimum requirement for using psr-su on rembrandt (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update correct dcn314 register header (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: update min z8 residency time to 2100 for dcn314 (git-fixes).
- drm/amd/display: update otg instance in the commit stream (git-fixes).
- drm/amd/display: use dram speed from validation for dummy p-state (git-fixes).
- drm/amd/display: use dtbclk as refclk instead of dprefclk (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/display: use min transition for all subvp plane add/remove (git-fixes).
- drm/amd/display: write to correct dirty_rect (git-fixes).
- drm/amd/display: wrong colorimetry workaround (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/pm: fix error of maco flag setting code (git-fixes).
- drm/amd/smu: use averagegfxclkfrequency* to replace previous gfx curr clock (git-fixes).
- drm/amd: enable pcie pme from d3 (git-fixes).
- drm/amdgpu/pm: fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: enable gpu reset for s3 abort cases on raven series (stable-fixes).
- drm/amdgpu: fix missing break in atom_arg_imm case of atom_get_src_int() (git-fixes).
- drm/amdgpu: force order between a read and write to the same address (git-fixes).
- drm/amdgpu: lower cs errors to debug severity (git-fixes).
- drm/amdgpu: match against exact bootloader status (git-fixes).
- drm/amdgpu: unset context priority is now invalid (git-fixes).
- drm/amdgpu: update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdkfd: fix tlb flush after unmap for gfx9.4.2 (stable-fixes).
- drm/bridge: tc358762: instruct dsi host to generate hse packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: add quirk for osvr hdk 2.0 (git-fixes).
- drm/etnaviv: restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: tolerate devdata==null in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: do not generate the command streamer for all the ccs (git-fixes).
- drm/i915/gt: reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: fix dependency of some timeouts on hz (git-fixes).
- drm/i915: add missing ccs documentation (git-fixes).
- drm/i915: call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: dsi: fix dsi rgb666 formats and definitions (git-fixes).
- drm/mediatek: fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of intf_cfg2_data_hctl_en (git-fixes).
- drm/msm/dpu: improve dsc allocation (git-fixes).
- drm/msm/dpu: only enable dsc_mode_multiplex if dsc_merge is enabled (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: auo,b101uan08.3: fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panel: move aux b116xw03 out of panel-edp back to panel-simple (git-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant null check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: fix pm disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: fix initial plane zpos values (git-fixes).
- drm/tidss: fix sync-lost issue with two displays (git-fixes).
- drm/ttm: do not leak a resource on eviction error (git-fixes).
- drm/ttm: do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm/vmwgfx: fix possible null pointer derefence with invalid contexts (git-fixes).
- drm: do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: add quirk for acer switch v 10 (sw5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775)
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: calculate correct ring size when page_size is not 4 kbytes (git-fixes).
- hv_netvsc: fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: register vf in netvsc_probe if net_device_register missed (git-fixes).
- i2c: aspeed: fix the dummy irq expected print (git-fixes).
- i2c: i801: avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: Fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: initialize empty dlh bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- input: xpad - add Lenovo Legion Go controllers (git-fixes).
- iommu/amd: mark interrupt as managed (git-fixes).
- iommu/dma: trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/mediatek-v1: fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: fix forever loop in error handling (git-fixes).
- iommu/vt-d: allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: do not issue ats invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: fix pasid directory pointer coherency (git-fixes).
- iommu/vt-d: set no execute enable bit in pasid table entry (git-fixes).
- kabi: pci: add locking to rmw pci express capability register accessors (kabi).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-commit).
- leds: aw2013: unlock mutex before destroying it (git-fixes).
- lib/cmdline: fix an invalid format specifier in an assertion msg (git-fixes).
- make nvidiA Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an i/o should wait on the reshape (git-fixes).
- md: do not ignore suspended array in md_check_recovery() (git-fixes).
- md: do not leave 'md_recovery_frozen' in error path of md_set_readonly() (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- md: introduce md_ro_state (git-fixes).
- md: make sure md_do_sync() will set md_recovery_done (git-fixes).
- md: whenassemble the array, consult the superblock of the freshest device (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant null check (git-fixes).
- media: staging: ipu3-imgu: set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: fix chroma difference threshold (git-fixes).
- media: sun8i-di: fix coefficient writes (git-fixes).
- media: sun8i-di: fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: fix printing of stack records (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm,page_owner: fix refcount imbalance (bsc#1222366).
- mm,page_owner: update metadata for tail pages (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: avoid negative index with array access (git-fixes).
- mmc: core: fix switch on gp3 partition (git-fixes).
- mmc: core: initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix dma api overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned dma requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- net/bnx2x: prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime pm count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: fix rx dma datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- nfc: nci: fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix LISTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect dat corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using rcu properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: Use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: Fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: Enable BDF to SID translation properly (git-fixes).
- pci: qcom: Use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pinctrl: mediatek: drop bogus slew rate register range for mt8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- pnfs/flexfiles: check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pnfs: fix a hang in nfs4_evict_inode() (git-fixes).
- pnfs: fix the pnfs block driver's calculation of layoutget size (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/device: fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: remove duplicate assignment (git-fixes)
- rdma/mana_ib: fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing eth segment (git-fixes)
- rdma/mlx5: relax devx access upon modify commands (git-fixes)
- rdma/rtrs-clt: check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- revert 'drm/amd: disable psr-su on parade 0803 tcon' (git-fixes).
- revert 'drm/amd: disable s/g for apus when 64gb or more host memory' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for dcn 2.0' (git-fixes).
- revert 'drm/amdgpu/display: change pipe policy for dcn 2.1' (git-fixes).
- revert 'drm/vc4: hdmi: enforce the minimum rate at runtime_resume' (git-fixes).
- revert 'fbdev: flush deferred io before closing (git-fixes).' (bsc#1221814)
- revert 'pci: tegra194: enable support for 256 byte payload' (git-fixes).
- revert 'revert 'drm/amdgpu/display: change pipe policy for dcn 2.0'' (git-fixes).
- revert 'sunrpc dont update timeout value on connection reset' (git-fixes).
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: add an is_err() check back to where it was (git-fixes).
- sunrpc: econnreset might require a rebind (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix a suspicious rcu usage warning (git-fixes).
- sunrpc: fix rpc client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1200465SUSE bug 1205316SUSE bug 1207948SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1214852SUSE bug 1215221SUSE bug 1215322SUSE bug 1217339SUSE bug 1217829SUSE bug 1217959SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218321SUSE bug 1218336SUSE bug 1218479SUSE bug 1218562SUSE bug 1218643SUSE bug 1218777SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1219443SUSE bug 1219834SUSE bug 1220114SUSE bug 1220176SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220325SUSE bug 1220328SUSE bug 1220337SUSE bug 1220340SUSE bug 1220365SUSE bug 1220366SUSE bug 1220393SUSE bug 1220398SUSE bug 1220411SUSE bug 1220413SUSE bug 1220433SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220469SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220492SUSE bug 1220703SUSE bug 1220735SUSE bug 1220736SUSE bug 1220775SUSE bug 1220790SUSE bug 1220797SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220845SUSE bug 1220848SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220883SUSE bug 1220885SUSE bug 1220887SUSE bug 1220898SUSE bug 1220917SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220930SUSE bug 1220931SUSE bug 1220932SUSE bug 1220933SUSE bug 1220937SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221044SUSE bug 1221045SUSE bug 1221046SUSE bug 1221048SUSE bug 1221055SUSE bug 1221056SUSE bug 1221058SUSE bug 1221060SUSE bug 1221061SUSE bug 1221062SUSE bug 1221066SUSE bug 1221067SUSE bug 1221068SUSE bug 1221069SUSE bug 1221070SUSE bug 1221071SUSE bug 1221077SUSE bug 1221082SUSE bug 1221090SUSE bug 1221097SUSE bug 1221156SUSE bug 1221252SUSE bug 1221273SUSE bug 1221274SUSE bug 1221276SUSE bug 1221277SUSE bug 1221291SUSE bug 1221293SUSE bug 1221298SUSE bug 1221337SUSE bug 1221338SUSE bug 1221375SUSE bug 1221379SUSE bug 1221551SUSE bug 1221553SUSE bug 1221613SUSE bug 1221614SUSE bug 1221616SUSE bug 1221618SUSE bug 1221631SUSE bug 1221633SUSE bug 1221713SUSE bug 1221725SUSE bug 1221777SUSE bug 1221814SUSE bug 1221816SUSE bug 1221830SUSE bug 1221951SUSE bug 1222033SUSE bug 1222056SUSE bug 1222060SUSE bug 1222070SUSE bug 1222073SUSE bug 1222117SUSE bug 1222274SUSE bug 1222291SUSE bug 1222300SUSE bug 1222304SUSE bug 1222317SUSE bug 1222331SUSE bug 1222355SUSE bug 1222356SUSE bug 1222360SUSE bug 1222366SUSE bug 1222373SUSE bug 1222619SUSE bug 1222952CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2022-48628 at SUSECVE-2022-48628 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52453 at SUSECVE-2023-52453 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52462 at SUSECVE-2023-52462 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52481 at SUSECVE-2023-52481 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52486 at SUSECVE-2023-52486 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52493 at SUSECVE-2023-52493 at NVDCVE-2023-52494 at SUSECVE-2023-52494 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52518 at SUSECVE-2023-52518 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-52563 at SUSECVE-2023-52563 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52587 at SUSECVE-2023-52587 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52594 at SUSECVE-2023-52594 at NVDCVE-2023-52595 at SUSECVE-2023-52595 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52598 at SUSECVE-2023-52598 at NVDCVE-2023-52599 at SUSECVE-2023-52599 at NVDCVE-2023-52600 at SUSECVE-2023-52600 at NVDCVE-2023-52601 at SUSECVE-2023-52601 at NVDCVE-2023-52602 at SUSECVE-2023-52602 at NVDCVE-2023-52603 at SUSECVE-2023-52603 at NVDCVE-2023-52604 at SUSECVE-2023-52604 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52606 at SUSECVE-2023-52606 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52608 at SUSECVE-2023-52608 at NVDCVE-2023-52612 at SUSECVE-2023-52612 at NVDCVE-2023-52615 at SUSECVE-2023-52615 at NVDCVE-2023-52617 at SUSECVE-2023-52617 at NVDCVE-2023-52619 at SUSECVE-2023-52619 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-52623 at SUSECVE-2023-52623 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-52632 at SUSECVE-2023-52632 at NVDCVE-2023-52637 at SUSECVE-2023-52637 at NVDCVE-2023-52639 at SUSECVE-2023-52639 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-25739 at SUSECVE-2024-25739 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-25743 at SUSECVE-2024-25743 at NVDCVE-2024-26599 at SUSECVE-2024-26599 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26612 at SUSECVE-2024-26612 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26620 at SUSECVE-2024-26620 at NVDCVE-2024-26627 at SUSECVE-2024-26627 at NVDCVE-2024-26629 at SUSECVE-2024-26629 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26645 at SUSECVE-2024-26645 at NVDCVE-2024-26646 at SUSECVE-2024-26646 at NVDCVE-2024-26651 at SUSECVE-2024-26651 at NVDCVE-2024-26654 at SUSECVE-2024-26654 at NVDCVE-2024-26659 at SUSECVE-2024-26659 at NVDCVE-2024-26664 at SUSECVE-2024-26664 at NVDCVE-2024-26667 at SUSECVE-2024-26667 at NVDCVE-2024-26670 at SUSECVE-2024-26670 at NVDCVE-2024-26695 at SUSECVE-2024-26695 at NVDCVE-2024-26717 at SUSECVE-2024-26717 at NVDcpe:/o:opensuse:leap:15.5Security update for cosign (Moderate)openSUSE Leap 15.5
This update for cosign fixes the following issues:
- CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments (bsc#1222835)
- CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts (bsc#1222837)
Other fixes:
- Updated to 2.2.4 (jsc#SLE-23879)
* Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661)
* ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526)
* fix semgrep issues for dgryski.semgrep-go ruleset (#3541)
* Honor creation timestamp for signatures again (#3549)
* Features
* Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578)
ModerateSUSE bug 1222835SUSE bug 1222837CVE-2024-29902 at SUSECVE-2024-29902 at NVDCVE-2024-29903 at SUSECVE-2024-29903 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
- CVE-2021-47182: Fixed buffer length handling in scsi_mode_sense() in scsi core (bsc#1222662).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209635).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52453: Fixed data corruption in hisi_acc_vfio_pci (bsc#1220337).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52481: Fixed speculative unprivileged load in Cortex-A520 (bsc#1220887).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52486: Fixed possible use-after-free in drm (bsc#1221277).
- CVE-2023-52488: Fixed data corruption due to error on incrementing register address in regmap functions for FIFO in serial sc16is7xx (bsc#1221162).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52493: Fixed possible soft lockup in bus/mhi/host (bsc#1221274).
- CVE-2023-52494: Fixed missing alignment check for event ring read pointer in bus/mhi/host (bsc#1221273).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52503: Fixed use-after-free in amdtee_close_session due to race condition with amdtee_open_session in tee amdtee (bsc#1220915).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52518: Fixed information leak in bluetooth/hci_codec (bsc#1221056).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52561: Fixed denial of service due to missing reserved attribute on cont splash memory region in arm64 dts qcom sdm845-db845c (bsc#1220935).
- CVE-2023-52563: Fixed memory leak on ->hpd_notify callback() in drm/meson (bsc#1220937).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52587: Fixed mcast list locking in IB/ipoib (bsc#1221082).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52594: Fixed potential array-index-out-of-bounds read in ath9k_htc_txstatus() (bsc#1221045).
- CVE-2023-52595: Fixed possible deadlock in wifi/rt2x00 (bsc#1221046).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52598: Fixed wrong setting of fpc register in s390/ptrace (bsc#1221060).
- CVE-2023-52599: Fixed array-index-out-of-bounds in diNewExt() in jfs (bsc#1221062).
- CVE-2023-52600: Fixed uaf in jfs_evict_inode() (bsc#1221071).
- CVE-2023-52601: Fixed array-index-out-of-bounds in dbAdjTree() in jfs (bsc#1221068).
- CVE-2023-52602: Fixed slab-out-of-bounds Read in dtSearch() in jfs (bsc#1221070).
- CVE-2023-52603: Fixed array-index-out-of-bounds in dtSplitRoot() (bsc#1221066).
- CVE-2023-52604: Fixed array-index-out-of-bounds in dbAdjTree() (bsc#1221067).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52606: Fixed possible kernel stack corruption in powerpc/lib (bsc#1221069).
- CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061).
- CVE-2023-52608: Fixed possible race condition in firmware/arm_scmi (bsc#1221375).
- CVE-2023-52612: Fixed req->dst buffer overflow in crypto/scomp (bsc#1221616).
- CVE-2023-52615: Fixed page fault dead lock on mmap-ed hwrng (bsc#1221614).
- CVE-2023-52617: Fixed stdev_release() crash after surprise hot remove (bsc#1221613).
- CVE-2023-52619: Fixed possible crash when setting number of cpus to an odd number in pstore/ram (bsc#1221618).
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2023-52623: Fixed suspicious RCU usage in SUNRPC (bsc#1222060).
- CVE-2023-52627: Fixed null pointer dereference due to lack of callback functions in iio adc ad7091r (bsc#1222051)
- CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117).
- CVE-2023-52632: Fixed lock dependency warning with srcu in drm/amdkfd (bsc#1222274).
- CVE-2023-52636: Fixed denial of service due to wrongly init the cursor when preparing sparse read in msgr2 in libceph (bsc#1222247).
- CVE-2023-52637: Fixed UAF in j1939_sk_match_filter() in can/k1939 (bsc#1222291).
- CVE-2023-52639: Fixed race during shadow creation in KVM/s390/vsie Fixed (bsc#1222300).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336).
- CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479).
- CVE-2024-0841: Fixed null pointer dereference in hugetlbfs_fill_super() (bsc#1219264).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-23850: Fixed denial of service due to assertion failure due to subvolume readed before root item insertion in btrfs_get_root_ref in btrfs (bsc#1219126).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26599: Fixed out-of-bounds access in of_pwm_single_xlate() (bsc#1220365).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26612: Fixed Oops in fscache_put_cache() This function dereferences (bsc#1221291).
- CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293).
- CVE-2024-26620: Fixed possible device model violation in s390/vfio-ap (bsc#1221298).
- CVE-2024-26627: Fixed possible hard lockup in scsi (bsc#1221090).
- CVE-2024-26629: Fixed possible protocol violation via RELEASE_LOCKOWNER in nfsd (bsc#1221379).
- CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830).
- CVE-2024-26645: Fixed missing visibility when inserting an element into tracing_map (bsc#1222056).
- CVE-2024-26646: Fixed potential memory corruption when resuming from suspend or hibernation in thermal/intel/hfi (bsc#1222070).
- CVE-2024-26651: Fixed possible oops via malicious devices in sr9800 (bsc#1221337).
- CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304).
- CVE-2024-26659: Fixed wrong handling of isoc Babble and Buffer Overrun events in xhci (bsc#1222317).
- CVE-2024-26660: Fixed buffer overflow in dcn301_stream_encoder_create in drm amd display (bsc#1222266)
- CVE-2024-26664: Fixed out-of-bounds memory access in create_core_data() in hwmon coretemp (bsc#1222355).
- CVE-2024-26667: Fixed null pointer reference in dpu_encoder_helper_phys_cleanup in drm/msm/dpu (bsc#1222331).
- CVE-2024-26670: Fixed ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround in kernel arm64 (bsc#1222356).
- CVE-2024-26680: Fixed denial of service due to DMA mapping for PTP hwts ring in net atlantic (bsc#1222427).
- CVE-2024-26681: Fixed denial of service in nsim_dev_trap_report_work() in netdevsim (bsc#1222431).
- CVE-2024-26684: Fixed handling of DPP safety error for DMA channels in net stmmac xgmac (bsc#1222445).
- CVE-2024-26685: Fixed denial of service in end_buffer_async_write() in nilfs2 (bsc#1222437).
- CVE-2024-26689: Fixed use-after-free in encode_cap_msg() in ceph (bsc#1222503).
- CVE-2024-26695: Fixed null pointer dereference in __sev_platform_shutdown_locked in crypto ccp (bsc#1222373).
- CVE-2024-26696: Fixed denial of service in nilfs_lookup_dirty_data_buffers() in nilfs2 (bsc#1222549).
- CVE-2024-26697: Fixed data corruption in dsync block recovery for small block sizes in nilfs2 (bsc#1222550).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26717: Fixed null pointer dereference on failed power up in HID i2c-hid-of (bsc#1222360).
- CVE-2024-26718: Fixed memory corruption in tasklet_unlock via disabling tasklets in dm-crypt and dm-verify (bsc#1222416).
- CVE-2024-26722: Fixed denial of service in rt5645_jack_detect_work() due to mutex left locked forever in ASoC rt5645 (bsc#1222520).
- CVE-2024-26727: Fixed denial of service due to assertion failure during subvolume creation (bsc#1222536).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26736: Fixed buffer overflow in afs_update_volume_status() in afs (bsc#1222586).
- CVE-2024-26737: Fixed use-after-free due to race between bpf_timer_cancel_and_free and bpf_timer_cancel in bpf (bsc#1222557).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677)
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449)
- CVE-2024-26745: Fixed null pointer dereference due to IOMMU table not initialized for kdump over SR-IOV (bsc#1220492, bsc#1222678).
- CVE-2024-26747: Fixed null pointer issue when put module's reference in usb roles (bsc#1222609).
- CVE-2024-26749: Fixed use-after-free at cdns3_gadget_ep_disable() in usb cdns3 (bsc#1222680).
- CVE-2024-26751: Fixed denial of service due to gpiod_lookup_table search loop not ending correctly (bsc#1222724)
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26760: Fixed null pointer dereference on error case in bio_put() in scsi target pscsi (bsc#1222596)
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26766: Fixed off-by-one error in sdma.h tx->num_descs in ib/hfi1 (bsc#1222726)
- CVE-2024-26769: Fixed deadlock on delete association path in nvmet-fc (bsc#1222727).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26776: Fixed null pointer dereference due to null value returned by interrupt handler in spi hisi-sfc-v3xx (bsc#1222764)
- CVE-2024-26779: Fixed denial of service due to race condition on enabling fast-xmit in wifi mac80211 (bsc#1222772).
- CVE-2024-26787: Fixed DMA API overlapping mappings in mmc mmci stm32 (bsc#1222781)
- CVE-2024-26790: Fixed denial of service on 16 bytes unaligned read in dmaengine fsl-qdma (bsc#1222784)
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26798: Fixed denial of service due to wrongly restore fond data upon failure in fbcon (bsc#1222798).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26807: Fixed memory corruption due to wrong pointer reference in spi cadence-qspi (bsc#1222801)
- CVE-2024-26848: Fixed denial of service due to endless loop in directory parsing in afs (bsc#1223030).
The following non-security bugs were fixed:
- Revert 'PCI: tegra194: Enable support for 256 Byte payload' (git-fixes).
- Revert 'Revert 'drm/amdgpu/display: change pipe policy for DCN 2.0'' (git-fixes).
- Revert 'SUNRPC dont update timeout value on connection reset' (git-fixes).
- Revert 'drm/amd: Disable PSR-SU on Parade 0803 TCON' (git-fixes).
- Revert 'drm/amd: Disable S/G for APUs when 64GB or more host memory' (git-fixes).
- Revert 'drm/amdgpu/display: change pipe policy for DCN 2.0' (git-fixes).
- Revert 'drm/amdgpu/display: change pipe policy for DCN 2.1' (git-fixes).
- Revert 'drm/vc4: hdmi: Enforce the minimum rate at runtime_resume' (git-fixes).
- Revert 'fbdev: flush deferred IO before closing (git-fixes).' (bsc#1221814)
- acpi: CPPC: enable AMD CPPC V2 support for family 17h processors (git-fixes).
- acpi: processor_idle: Fix memory leak in acpi_processor_power_exit() (git-fixes).
- acpi: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes).
- acpi: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override (git-fixes).
- acpi: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes).
- acpi: scan: Fix device check notification handling (git-fixes).
- acpica: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes).
- alsa: aaci: Delete unused variable in aaci_do_suspend (git-fixes).
- alsa: aoa: avoid false-positive format truncation warning (git-fixes).
- alsa: aw2: avoid casting function pointers (git-fixes).
- alsa: ctxfi: avoid casting function pointers (git-fixes).
- alsa: hda/realtek - ALC285 reduce pop noise from Headphone port (stable-fixes).
- alsa: hda/realtek - Add Headset Mic supported Acer NB platform (stable-fixes).
- alsa: hda/realtek - Fix headset Mic no show at resume back for Lenovo ALC897 platform (git-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) (git-fixes).
- alsa: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes).
- alsa: hda/realtek: fix ALC285 issues on HP Envy x360 laptops (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LED For HP mt440 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for HP EliteBook (stable-fixes).
- alsa: seq: fix function cast warnings (git-fixes).
- alsa: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes).
- alsa: usb-audio: Stop parsing channels bits when all channels are found (git-fixes).
- arm64: dts: allwinner: h6: Add RX DMA channel for SPDIF (git-fixes)
- arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes)
- arm64: dts: imx8mm-kontron: Add support for ultra high speed modes on (git-fixes)
- arm64: dts: imx8mm-venice-gw71xx: fix USB OTG VBUS (git-fixes)
- arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes)
- arm64: dts: rockchip: add ES8316 codec for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: add SPDIF node for ROCK Pi 4 (git-fixes)
- arm64: dts: rockchip: fix regulator name on rk3399-rock-4 (git-fixes)
- arm64: dts: rockchip: set num-cs property for spi on px30 (git-fixes)
- arm64: mm: fix VA-range sanity check (git-fixes)
- arm64: set __exception_irq_entry with __irq_entry as a default (git-fixes)
- asoc: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet (stable-fixes).
- asoc: amd: acp: Add missing error handling in sof-mach (git-fixes).
- asoc: amd: acp: fix for acp_init function error handling (git-fixes).
- asoc: madera: Fix typo in madera_set_fll_clks shift value (git-fixes).
- asoc: meson: Use dev_err_probe() helper (stable-fixes).
- asoc: meson: aiu: fix function pointer type mismatch (git-fixes).
- asoc: meson: axg-tdm-interface: add frame rate constraint (git-fixes).
- asoc: meson: axg-tdm-interface: fix mclk setup without mclk-fs (git-fixes).
- asoc: meson: t9015: fix function pointer type mismatch (git-fixes).
- asoc: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes).
- asoc: rcar: adg: correct TIMSEL setting for SSI9 (git-fixes).
- asoc: rt5645: Make LattePanda board DMI match more precise (stable-fixes).
- asoc: rt5682-sdw: fix locking sequence (git-fixes).
- asoc: rt711-sdca: fix locking sequence (git-fixes).
- asoc: rt711-sdw: fix locking sequence (git-fixes).
- asoc: wm8962: Enable both SPKOUTR_ENA and SPKOUTL_ENA in mono mode (stable-fixes).
- asoc: wm8962: Enable oscillator if selecting WM8962_FLL_OSC (stable-fixes).
- asoc: wm8962: Fix up incorrect error message in wm8962_set_fll (stable-fixes).
- ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes).
- ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes).
- backlight: da9052: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lm3630a: Do not set bl->props.brightness in get_brightness (git-fixes).
- backlight: lm3630a: Initialize backlight_properties on init (git-fixes).
- backlight: lm3639: Fully initialize backlight_properties during probe (git-fixes).
- backlight: lp8788: Fully initialize backlight_properties during probe (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove bch_crc64_update (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- blocklayoutdriver: Fix reference leak of pnfs_device_node (git-fixes).
- bluetooth: hci_core: Fix possible buffer overflow (git-fixes).
- bluetooth: mgmt: Remove leftover queuing of power_off work (git-fixes).
- bluetooth: remove HCI_POWER_OFF_TIMEOUT (git-fixes).
- bluetooth: remove superfluous call to hci_conn_check_pending() (git-fixes).
- bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security (stable-fixes).
- bpf, scripts: Correct GPL license name (git-fixes).
- bpf, sockmap: Fix preempt_rt splat when using raw_spin_lock_t (git-fixes).
- can: softing: remove redundant NULL check (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: zynq: Prevent null pointer dereference caused by kmalloc failure (git-fixes).
- comedi: comedi_test: Prevent timers rescheduling during deletion (git-fixes).
- coresight: etm4x: Do not access TRCIDR1 for identification (bsc#1220775)
- coresight: etm4x: Fix accesses to TRCSEQRSTEVR and TRCSEQSTR (bsc#1220775)
- coresight: etm: Override TRCIDR3.CCITMIN on errata affected cpus (bsc#1220775)
- cpufreq: amd-pstate: Fix min_perf assignment in amd_pstate_adjust_perf() (git-fixes).
- cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value (git-fixes).
- crypto: arm/sha - fix function cast warnings (git-fixes).
- crypto: qat - avoid division by zero (git-fixes).
- crypto: qat - fix deadlock in backlog processing (git-fixes).
- crypto: qat - fix double free during reset (git-fixes).
- crypto: qat - fix state machines cleanup paths (bsc#1218321).
- crypto: qat - fix unregistration of compression algorithms (git-fixes).
- crypto: qat - fix unregistration of crypto algorithms (git-fixes).
- crypto: qat - ignore subsequent state up commands (git-fixes).
- crypto: qat - increase size of buffers (git-fixes).
- crypto: qat - resolve race condition during AER recovery (git-fixes).
- crypto: xilinx - call finalize with bh disabled (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes).
- dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc-guide: kernel-doc: tell about object-like macros (git-fixes).
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- drivers: hv: vmbus: Calculate ring buffer size for more efficient use of memory (git-fixes).
- drm/amd/display: Add FAMS validation before trying to use it (git-fixes).
- drm/amd/display: Add function for validate and update new stream (git-fixes).
- drm/amd/display: Avoid ABM when ODM combine is enabled for eDP (git-fixes).
- drm/amd/display: Blocking invalid 420 modes on HDMI TMDS for DCN31 (git-fixes).
- drm/amd/display: Check if link state is valid (git-fixes).
- drm/amd/display: Copy DC context in the commit streams (git-fixes).
- drm/amd/display: Disable PSR-SU on Parade 0803 TCON again (git-fixes).
- drm/amd/display: Enable fast plane updates on DCN3.2 and above (git-fixes).
- drm/amd/display: Enable new commit sequence only for DCN32x (git-fixes).
- drm/amd/display: Exit idle optimizations before attempt to access PHY (git-fixes).
- drm/amd/display: Expand kernel doc for DC (git-fixes).
- drm/amd/display: Fix a bug when searching for insert_above_mpcc (git-fixes).
- drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' (git-fixes).
- drm/amd/display: Fix possible underflow for displays with large vblank (git-fixes).
- drm/amd/display: Fix the delta clamping for shaper LUT (git-fixes).
- drm/amd/display: Fix underflow issue on 175hz timing (git-fixes).
- drm/amd/display: For prefetch mode > 0, extend prefetch if possible (git-fixes).
- drm/amd/display: Guard DCN31 PHYD32CLK logic against chip family (git-fixes).
- drm/amd/display: Guard against invalid RPTR/WPTR being set (git-fixes).
- drm/amd/display: Handle seamless boot stream (git-fixes).
- drm/amd/display: Handle virtual hardware detect (git-fixes).
- drm/amd/display: Include surface of unaffected streams (git-fixes).
- drm/amd/display: Include udelay when waiting for INBOX0 ACK (git-fixes).
- drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml (git-fixes).
- drm/amd/display: Keep PHY active for dp config (git-fixes).
- drm/amd/display: Prevent vtotal from being set to 0 (git-fixes).
- drm/amd/display: Remove min_dst_y_next_start check for Z8 (git-fixes).
- drm/amd/display: Restore rptr/wptr for DMCUB as workaround (git-fixes).
- drm/amd/display: Return the correct HDCP error code (stable-fixes).
- drm/amd/display: Revert vblank change that causes null pointer crash (git-fixes).
- drm/amd/display: Rework comments on dc file (git-fixes).
- drm/amd/display: Rework context change check (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Phoenix (git-fixes).
- drm/amd/display: Set minimum requirement for using PSR-SU on Rembrandt (git-fixes).
- drm/amd/display: Update OTG instance in the commit stream (git-fixes).
- drm/amd/display: Update correct DCN314 register header (git-fixes).
- drm/amd/display: Update min Z8 residency time to 2100 for DCN314 (git-fixes).
- drm/amd/display: Use DRAM speed from validation for dummy p-state (git-fixes).
- drm/amd/display: Use DTBCLK as refclk instead of DPREFCLK (git-fixes).
- drm/amd/display: Use min transition for all SubVP plane add/remove (git-fixes).
- drm/amd/display: Write to correct dirty_rect (git-fixes).
- drm/amd/display: Wrong colorimetry workaround (git-fixes).
- drm/amd/display: add FB_DAMAGE_CLIPS support (git-fixes).
- drm/amd/display: add ODM case when looking for first split pipe (git-fixes).
- drm/amd/display: always switch off ODM before committing more streams (git-fixes).
- drm/amd/display: clean code-style issues in dcn30_set_mpc_shaper_3dlut (git-fixes).
- drm/amd/display: dc.h: eliminate kernel-doc warnings (git-fixes).
- drm/amd/display: ensure async flips are only accepted for fast updates (git-fixes).
- drm/amd/display: fix ABM disablement (git-fixes).
- drm/amd/display: fix a NULL pointer dereference in amdgpu_dm_i2c_xfer() (git-fixes).
- drm/amd/display: fix dc/core/dc.c kernel-doc (git-fixes).
- drm/amd/display: fix hw rotated modes when PSR-SU is enabled (git-fixes).
- drm/amd/display: fix kernel-doc issues in dc.h (git-fixes).
- drm/amd/display: fix unbounded requesting for high pixel rate modes on dcn315 (git-fixes).
- drm/amd/display: handle range offsets in VRR ranges (stable-fixes).
- drm/amd/display: perform a bounds check before filling dirty rectangles (git-fixes).
- drm/amd/display: set per pipe dppclk to 0 when dpp is off (git-fixes).
- drm/amd/display: update extended blank for dcn314 onwards (git-fixes).
- drm/amd/display: use low clocks for no plane configs (git-fixes).
- drm/amd/pm: Fix error of MACO flag setting code (git-fixes).
- drm/amd/pm: fix a memleak in aldebaran_tables_init (git-fixes).
- drm/amd/smu: use AverageGfxclkFrequency* to replace previous GFX Curr Clock (git-fixes).
- drm/amd: Enable PCIe PME from D3 (git-fixes).
- drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes).
- drm/amdgpu/pm: make gfxclock consistent for sienna cichlid (git-fixes).
- drm/amdgpu/pm: make mclk consistent for smu 13.0.7 (git-fixes).
- drm/amdgpu/smu13: drop compute workload workaround (git-fixes).
- drm/amdgpu: Enable gpu reset for S3 abort cases on Raven series (stable-fixes).
- drm/amdgpu: Fix missing break in ATOM_ARG_IMM Case of atom_get_src_int() (git-fixes).
- drm/amdgpu: Force order between a read and write to the same address (git-fixes).
- drm/amdgpu: Match against exact bootloader status (git-fixes).
- drm/amdgpu: Unset context priority is now invalid (git-fixes).
- drm/amdgpu: Update min() to min_t() in 'amdgpu_info_ioctl' (git-fixes).
- drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes).
- drm/amdgpu: lower CS errors to debug severity (git-fixes).
- drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes).
- drm/bridge: tc358762: Instruct DSI host to generate HSE packets (git-fixes).
- drm/display: fix typo (git-fixes).
- drm/edid: Add quirk for OSVR HDK 2.0 (git-fixes).
- drm/etnaviv: Restore some id values (git-fixes).
- drm/exynos: do not return negative values from .get_modes() (stable-fixes).
- drm/exynos: fix a possible null-pointer dereference due to data race in exynos_drm_crtc_atomic_disable() (git-fixes).
- drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes).
- drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes).
- drm/i915/gt: Reset queue_priority_hint on parking (git-fixes).
- drm/i915/gt: Use i915_vm_put on ppgtt_create error paths (git-fixes).
- drm/i915/selftests: Fix dependency of some timeouts on HZ (git-fixes).
- drm/i915: Add missing CCS documentation (git-fixes).
- drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled (git-fixes).
- drm/i915: Check before removing mm notifier (git-fixes).
- drm/lima: fix a memleak in lima_heap_alloc (git-fixes).
- drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip (git-fixes).
- drm/mediatek: dsi: Fix DSI RGB666 formats and definitions (git-fixes).
- drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled (git-fixes).
- drm/msm/dpu: add division of drm_display_mode's hskew parameter (git-fixes).
- drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN (git-fixes).
- drm/msm/dpu: improve DSC allocation (git-fixes).
- drm/panel-edp: use put_sync in unprepare (git-fixes).
- drm/panel: Move AUX B116XW03 out of panel-edp back to panel-simple (git-fixes).
- drm/panel: auo,b101uan08.3: Fine tune the panel power sequence (git-fixes).
- drm/panel: boe-tv101wum-nl6: Fine tune the panel power sequence (git-fixes).
- drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes).
- drm/panfrost: fix power transition timeout warnings (git-fixes).
- drm/probe-helper: warn about negative .get_modes() (stable-fixes).
- drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes).
- drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes).
- drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() (git-fixes).
- drm/radeon/ni_dpm: remove redundant NULL check (git-fixes).
- drm/radeon: remove dead code in ni_mc_load_microcode() (git-fixes).
- drm/rockchip: dsi: Clean up 'usage_mode' when failing to attach (git-fixes).
- drm/rockchip: inno_hdmi: Fix video timing (git-fixes).
- drm/rockchip: lvds: do not overwrite error code (git-fixes).
- drm/rockchip: lvds: do not print scary message when probing defer (git-fixes).
- drm/tegra: dpaux: Fix PM disable depth imbalance in tegra_dpaux_probe (git-fixes).
- drm/tegra: dsi: Add missing check for of_find_device_by_node (git-fixes).
- drm/tegra: dsi: Fix missing pm_runtime_disable() in the error handling path of tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Fix some error handling paths in tegra_dsi_probe() (git-fixes).
- drm/tegra: dsi: Make use of the helper function dev_err_probe() (stable-fixes).
- drm/tegra: hdmi: Convert to devm_platform_ioremap_resource() (stable-fixes).
- drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() (git-fixes).
- drm/tegra: output: Fix missing i2c_put_adapter() in the error handling paths of tegra_output_probe() (git-fixes).
- drm/tegra: put drm_gem_object ref on error in tegra_fb_create (git-fixes).
- drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() (git-fixes).
- drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() (git-fixes).
- drm/tidss: Fix initial plane zpos values (git-fixes).
- drm/tidss: Fix sync-lost issue with two displays (git-fixes).
- drm/ttm: Do not leak a resource on eviction error (git-fixes).
- drm/ttm: Do not print error message if eviction was interrupted (git-fixes).
- drm/vc4: Add module dependency on hdmi-codec (git-fixes).
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes).
- drm/vmwgfx: Fix possible null pointer derefence with invalid contexts (git-fixes).
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (git-fixes).
- drm: Do not treat 0 as -1 in drm_fixp2int_ceil (git-fixes).
- drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Acer Switch V 10 (SW5-017) (git-fixes).
- firewire: core: use long bus reset on gap count error (stable-fixes).
- fix 'coresight: etm4x: Change etm4_platform_driver driver for MMIO devices' (bsc#1220775) Hunk with clk_put(drvdata->pclk) was incorrectly moved to another function.
- force config_TCG_TIS_CORE=m on aarch64 for workaround kconfig issues
- group-source-files.pl: Quote filenames (boo#1221077). The kernel source now contains a file with a space in the name. Add quotes in group-source-files.pl to avoid splitting the filename. Also use -print0 / -0 when updating timestamps.
- hid: amd_sfh: Update HPD sensor structure elements (git-fixes).
- hid: lenovo: Add middleclick_workaround sysfs knob for cptkbd (git-fixes).
- hid: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes).
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (git-fixes).
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (git-fixes).
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (git-fixes).
- i2c: aspeed: Fix the dummy irq expected print (git-fixes).
- i2c: i801: Avoid potential double call to gpiod_remove_lookup_table (git-fixes).
- i2c: wmt: Fix an error handling path in wmt_i2c_probe() (git-fixes).
- ib/ipoib: fix mcast list locking (git-fixes)
- iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes).
- iio: pressure: dlhl60d: Initialize empty DLH bytes (git-fixes).
- input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes).
- input: synaptics-rmi4 - fix UAF of IRQ domain on driver removal (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes).
- iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/amd: Mark interrupt as managed (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes).
- iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek-v1: Fix an error handling path in mtk_iommu_v1_probe() (git-fixes).
- iommu/mediatek: Fix forever loop in error handling (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow to use flush-queue when first level is default (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Do not issue ATS Invalidation request when device is disconnected (git-fixes).
- iommu/vt-d: Fix PASID directory pointer coherency (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu/vt-d: Set No Execute Enable bit in PASID table entry (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- kABI: PCI: Add locking to RMW PCI Express Capability Register accessors (kabi).
- kabi: Adjust trace_iterator.wait_index (git-fixes).
- kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes).
- kernel-binary: Fix i386 build Fixes: 89eaf4cdce05 ('rpm templates: Move macro definitions below buildrequires')
- kernel-binary: Move build script to the end All other spec templates have the build script at the end, only kernel-binary has it in the middle. Align with the other templates.
- kernel-binary: certs: Avoid trailing space
- kernel-binary: vdso: fix filelist for non-usrmerged kernel Fixes: a6ad8af207e6 ('rpm templates: Always define usrmerged')
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kvm: s390: only deliver the set service event bits (git-fixes bsc#1221631).
- leds: aw2013: Unlock mutex before destroying it (git-fixes).
- lib/cmdline: Fix an invalid format specifier in an assertion msg (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- make nvidia Grace-Hopper TPM related drivers build-ins (bsc#1221156)
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- md: fix data corruption for raid456 when reshape restart while grow up (git-fixes).
- media: dvb-frontends: avoid stack overflow warnings with clang (git-fixes).
- media: edia: dvbdev: fix a use-after-free (git-fixes).
- media: em28xx: annotate unchecked call to media_device_register() (git-fixes).
- media: go7007: add check of return value of go7007_read_addr() (git-fixes).
- media: go7007: fix a memleak in go7007_load_encoder (git-fixes).
- media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak (git-fixes).
- media: pvrusb2: fix pvr2_stream_callback casts (git-fixes).
- media: pvrusb2: fix uaf in pvr2_context_set_notify (git-fixes).
- media: pvrusb2: remove redundant NULL check (git-fixes).
- media: staging: ipu3-imgu: Set fields before media_entity_pads_init() (git-fixes).
- media: sun8i-di: Fix chroma difference threshold (git-fixes).
- media: sun8i-di: Fix coefficient writes (git-fixes).
- media: sun8i-di: Fix power on/off sequences (git-fixes).
- media: tc358743: register v4l2 async device only after successful setup (git-fixes).
- media: ttpci: fix two memleaks in budget_av_attach (git-fixes).
- media: usbtv: Remove useless locks in usbtv_video_free() (git-fixes).
- media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity (git-fixes).
- media: v4l2-tpg: fix some memleaks in tpg_alloc (git-fixes).
- media: xc4000: Fix atomicity violation in xc4000_get_frequency (git-fixes).
- mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mfd: syscon: Call of_node_put() only when of_parse_phandle() takes a ref (git-fixes).
- mm,page_owner: Defer enablement of static branch (bsc#1222366).
- mm,page_owner: Fix accounting of pages when migrating (bsc#1222366).
- mm,page_owner: Fix printing of stack records (bsc#1222366).
- mm,page_owner: Fix refcount imbalance (bsc#1222366).
- mm,page_owner: Update metadata for tail pages (bsc#1222366).
- mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366).
- mm,page_owner: drop unnecessary check (bsc#1222366).
- mm,page_owner: fix recursion (bsc#1222366).
- mm/vmalloc: huge vmalloc backing pages should be split rather than compound (bsc#1217829).
- mmc: core: Avoid negative index with array access (git-fixes).
- mmc: core: Fix switch on gp3 partition (git-fixes).
- mmc: core: Initialize mmc_blk_ioc_data (git-fixes).
- mmc: mmci: stm32: fix DMA API overlapping mappings warning (git-fixes).
- mmc: mmci: stm32: use a buffer for unaligned DMA requests (git-fixes).
- mmc: tmio: avoid concurrent runs of mmc_request_done() (git-fixes).
- mmc: wmt-sdmmc: remove an incorrect release_mem_region() call in the .remove function (git-fixes).
- mtd: maps: physmap-core: fix flash size larger than 32-bit (git-fixes).
- mtd: rawnand: lpc32xx_mlc: fix irq handler prototype (git-fixes).
- mtd: rawnand: meson: fix scrambling mode value in command macro (git-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net/bnx2x: Prevent access to a freed page in page_pool (bsc#1215322).
- net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes).
- net: Fix features skip in for_each_netdev_feature() (git-fixes).
- net: lan78xx: fix runtime PM count underflow on link stop (git-fixes).
- net: ll_temac: platform_get_resource replaced by wrong function (git-fixes).
- net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes).
- net: phy: fix phy_get_internal_delay accessing an empty array (git-fixes).
- net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes).
- nfs: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- nfs: fix an off by one in root_nfs_cat() (git-fixes).
- nfs: rename nfs_client_kset to nfs_kset (git-fixes).
- nfsd: change LISTXATTRS cookie encoding to big-endian (git-fixes).
- nfsd: convert the callback workqueue to use delayed_work (git-fixes).
- nfsd: do not take fi_lock in nfsd_break_deleg_cb() (git-fixes).
- nfsd: fix file memleak on client_opens_release (git-fixes).
- nfsd: fix liSTXATTRS returning a short list with eof=TRUE (git-fixes).
- nfsd: fix liSTXATTRS returning more bytes than maxcount (git-fixes).
- nfsd: fix nfsd4_listxattr_validate_cookie (git-fixes).
- nfsd: lock_rename() needs both directories to live on the same fs (git-fixes).
- nfsd: reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes).
- nfsd: reset cb_seq_status after NFS4ERR_DELAY (git-fixes).
- nfsd: retransmit callbacks after client reconnects (git-fixes).
- nfsd: use vfs setgid helper (git-fixes).
- nfsv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (git-fixes).
- nfsv4.1: fix SP4_MACH_CRED protection for pnfs IO (git-fixes).
- nfsv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes).
- nfsv4.2: fix listxattr maximum XDR buffer size (git-fixes).
- nfsv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes).
- nfsv4.2: fix wrong shrinker_id (git-fixes).
- nfsv4: fix a nfs4_state_manager() race (git-fixes).
- nfsv4: fix a state manager thread deadlock regression (git-fixes).
- nilfs2: fix failure to detect DAT corruption in btree and direct mappings (git-fixes).
- nilfs2: prevent kernel bug at submit_bh_wbc() (git-fixes).
- nouveau/dmem: handle kcalloc() allocation failure (git-fixes).
- nouveau: reset the bo resource bus info after an eviction (git-fixes).
- ntfs: fix use-after-free in ntfs_ucsncmp() (bsc#1221713).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- nvme-fc: do not wait in vain when unloading module (git-fixes).
- nvme: fix reconnection fail due to reserved tag allocation (git-fixes).
- nvmet-fc: abort command when there is no binding (git-fixes).
- nvmet-fc: avoid deadlock on delete association path (git-fixes).
- nvmet-fc: defer cleanup using RCU properly (git-fixes).
- nvmet-fc: hold reference on hostport match (git-fixes).
- nvmet-fc: release reference on target port (git-fixes).
- nvmet-fc: take ref count on tgtport before delete assoc (git-fixes).
- nvmet-fcloop: swap the list_add_tail arguments (git-fixes).
- nvmet-tcp: fix nvme tcp ida memory leak (git-fixes).
- pNFS/flexfiles: Check the layout validity in ff_layout_mirror_prepare_stats (git-fixes).
- pNFS: Fix a hang in nfs4_evict_inode() (git-fixes).
- pNFS: Fix the pnfs block driver's calculation of layoutget size (git-fixes).
- pci/aer: Block runtime suspend when handling errors (git-fixes).
- pci/aer: fix rootport attribute paths in ABI docs (git-fixes).
- pci/aspm: use RMW accessors for changing LNKCTL (git-fixes).
- pci/dpc: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- pci/dpc: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- pci/dpc: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- pci/dpc: print all TLP Prefixes, not just the first (git-fixes).
- pci/msi: prevent MSI hardware interrupt number truncation (bsc#1218777)
- pci/p2pdma: Fix a sleeping issue in a RCU read section (git-fixes).
- pci/pm: Drain runtime-idle callbacks before driver removal (git-fixes).
- pci: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- pci: add locking to RMW PCI Express Capability Register accessors (git-fixes).
- pci: dwc: endpoint: Fix advertised resizable BAR size (git-fixes).
- pci: dwc: endpoint: Fix dw_pcie_ep_raise_msix_irq() alignment support (git-fixes).
- pci: dwc: fix a 64bit bug in dw_pcie_ep_raise_msix_irq() (git-fixes).
- pci: fu740: Set the number of MSI vectors (git-fixes).
- pci: lengthen reset delay for VideoPropulsion Torrent QN16e card (git-fixes).
- pci: make link retraining use RMW accessors for changing LNKCTL (git-fixes).
- pci: mark 3ware-9650SE Root Port Extended Tags as broken (git-fixes).
- pci: mediatek-gen3: Fix translation window size calculation (git-fixes).
- pci: mediatek: Clear interrupt status before dispatching handler (git-fixes).
- pci: qcom: enable BDF to SID translation properly (git-fixes).
- pci: qcom: use DWC helpers for modifying the read-only DBI registers (git-fixes).
- pci: rockchip: Do not advertise MSI-X in PCIe capabilities (git-fixes).
- pci: rockchip: Fix window mapping and address translation for endpoint (git-fixes).
- pci: rockchip: Use 64-bit mask on MSI 64-bit PCI address (git-fixes).
- pci: switchtec: Fix an error handling path in switchtec_pci_probe() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- pinctrl: mediatek: Drop bogus slew rate register range for MT8192 (git-fixes).
- platform/mellanox: mlxreg-hotplug: Remove redundant NULL-check (git-fixes).
- pm: suspend: Set mem_sleep_current during kernel command line setup (git-fixes).
- powerpc/64s: POWER10 CPU Kconfig build option (bsc#1194869).
- powerpc/boot: Disable power10 features after BOOTAFLAGS assignment (bsc#1194869).
- powerpc/boot: Fix boot wrapper code generation with CONFIG_POWER10_CPU (bsc#1194869).
- powerpc/lib/sstep: Do not use __{get/put}_user() on kernel addresses (bsc#1194869).
- powerpc/lib/sstep: Remove unneeded #ifdef __powerpc64__ (bsc#1194869).
- powerpc/lib/sstep: Use l1_dcache_bytes() instead of opencoding (bsc#1194869).
- powerpc/lib/sstep: use truncate_if_32bit() (bsc#1194869).
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/pseries: Fix potential memleak in papr_get_attr() (bsc#1200465 ltc#197256 jsc#SLE-18130 git-fixes).
- powerpc/sstep: Use bitwise instead of arithmetic operator for flags (bsc#1194869).
- powerpc: add compile-time support for lbarx, lharx (bsc#1194869).
- pwm: mediatek: Update kernel doc for struct pwm_mediatek_of_data (git-fixes).
- qedf: Do not process stag work during unload (bsc#1214852).
- qedf: Wait for stag work during unload (bsc#1214852).
- raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1221097).
- ras/amd/fmpm: Add debugfs interface to print record entries (jsc#PED-7619).
- ras/amd/fmpm: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619).
- ras/amd/fmpm: Fix build when debugfs is not enabled (jsc#PED-7619).
- ras/amd/fmpm: Fix off by one when unwinding on error (jsc#PED-7619).
- ras/amd/fmpm: Safely handle saved records of various sizes (jsc#PED-7619).
- ras/amd/fmpm: Save SPA values (jsc#PED-7619).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (git-fixes).
- ras: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- ras: export helper to get ras_debugfs_dir (jsc#PED-7619).
- rdma/cm: add timeout to cm_destroy_id wait (git-fixes)
- rdma/device: Fix a race between mad_client and cm_client init (git-fixes)
- rdma/hns: fix mis-modifying default congestion control algorithm (git-fixes)
- rdma/ipoib: Fix error code return in ipoib_mcast_join (git-fixes)
- rdma/irdma: Remove duplicate assignment (git-fixes)
- rdma/mana_ib: Fix bug in creation of dma regions (git-fixes).
- rdma/mlx5: fix fortify source warning while accessing Eth segment (git-fixes)
- rdma/mlx5: relax DEVX access upon modify commands (git-fixes)
- rdma/rtrs-clt: Check strnlen return len in sysfs mpath_policy_store() (git-fixes)
- rdma/srpt: do not register event handler until srpt device is fully setup (git-fixes)
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes).
- s390/pai: fix attr_event_free upper limit for pai device drivers (git-fixes bsc#1221633).
- s390/vfio-ap: realize the VFIO_DEVICE_GET_IRQ_INFO ioctl (bsc#1205316).
- s390/vfio-ap: realize the VFIO_DEVICE_SET_IRQS ioctl (bsc#1205316).
- s390/vfio-ap: wire in the vfio_device_ops request callback (bsc#1205316).
- s390/vtime: fix average steal time calculation (git-fixes bsc#1221951).
- sched/rt: Disallow writing invalid values to sched_rt_period_us (bsc#1220176).
- sched/rt: sysctl_sched_rr_timeslice show default timeslice after reset (bsc#1220176).
- scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777).
- scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777).
- scsi: lpfc: Correct size for wqe for memset() (bsc#1221777).
- scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777).
- scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777).
- scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777).
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777).
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777).
- scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959).
- scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777).
- scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777).
- scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777).
- scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777).
- scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777).
- scsi: qedf: Remove set but unused variable 'page' (bsc#1214852).
- scsi: qedf: Remove unused 'num_handled' variable (bsc#1214852).
- scsi: qedf: Remove unused declaration (bsc#1214852).
- scsi: qla2xxx: Change debug message during driver unload (bsc1221816).
- scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816).
- scsi: qla2xxx: Fix N2N stuck connection (bsc1221816).
- scsi: qla2xxx: Fix command flush on cable pull (bsc1221816).
- scsi: qla2xxx: Fix double free of fcport (bsc1221816).
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816).
- scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816).
- scsi: qla2xxx: Prevent command send on chip reset (bsc1221816).
- scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816).
- scsi: qla2xxx: Update manufacturer detail (bsc1221816).
- scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816).
- scsi: storvsc: Fix ring buffer size calculation (git-fixes).
- scsi: target: core: Silence the message about unknown VPD pages (bsc#1221252).
- selftests/bpf: add generic BPF program tester-loader (bsc#1222033).
- serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes).
- serial: max310x: fix syntax error in IRQ error message (git-fixes).
- slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes).
- soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes).
- spi: lm70llp: fix links in doc and comments (git-fixes).
- spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes).
- sr9800: Add check for usbnet_get_endpoints (git-fixes).
- stackdepot: rename pool_index to pool_index_plus_1 (git-fixes).
- staging: vc04_services: fix information leak in create_component() (git-fixes).
- sunrpc: Add an IS_ERR() check back to where it was (git-fixes).
- sunrpc: ECONNRESET might require a rebind (git-fixes).
- sunrpc: Fix RPC client cleaned up the freed pipefs dentries (git-fixes).
- sunrpc: Fix a suspicious RCU usage warning (git-fixes).
- sunrpc: fix a memleak in gss_import_v2_context (git-fixes).
- sunrpc: fix some memleaks in gssx_dec_option_array (git-fixes).
- svcrdma: Drop connection after an RDMA Read error (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
- tty: serial: fsl_lpuart: avoid idle preamble pending if CTS is enabled (git-fixes).
- tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes).
- tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes).
- ubifs: Queue up space reservation tasks if retrying many times (git-fixes).
- ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes).
- ubifs: Set page uptodate in the correct place (git-fixes).
- ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes).
- ubifs: fix sort function prototype (git-fixes).
- usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes).
- usb: cdc-wdm: close race between read and workqueue (git-fixes).
- usb: core: Fix deadlock in usb_deauthorize_interface() (git-fixes).
- usb: dwc2: gadget: Fix exiting from clock gating (git-fixes).
- usb: dwc2: gadget: LPM flow fix (git-fixes).
- usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes).
- usb: dwc2: host: Fix hibernation flow (git-fixes).
- usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes).
- usb: dwc3: Properly set system wakeup (git-fixes).
- usb: gadget: ncm: Fix handling of zero block length packets (git-fixes).
- usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes).
- usb: port: Do not try to peer unused USB ports based on location (git-fixes).
- usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes).
- usb: typec: ucsi: Check for notifications after init (git-fixes).
- usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes).
- usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes).
- usb: usb-storage: Prevent divide-by-0 error in isd200_ata_command (git-fixes).
- usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes).
- vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- vt: fix unicode buffer corruption when deleting characters (git-fixes).
- watchdog: stm32_iwdg: initialize default timeout (git-fixes).
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (git-fixes).
- wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948).
- wifi: ath11k: initialize rx_mcs_80 and rx_mcs_160 before use (git-fixes).
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (git-fixes).
- wifi: b43: Disable QoS for bcm4331 (git-fixes).
- wifi: b43: Stop correct queue in DMA worker when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled (git-fixes).
- wifi: b43: Stop/wake correct queue in PIO Tx path when QoS is disabled (git-fixes).
- wifi: brcmfmac: fix copyright year mentioned in platform_data header (git-fixes).
- wifi: brcmsmac: avoid function pointer casts (git-fixes).
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (git-fixes).
- wifi: iwlwifi: fix EWRD table validity check (git-fixes).
- wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes).
- wifi: iwlwifi: mvm: do not set replay counters to 0xff (git-fixes).
- wifi: iwlwifi: mvm: report beacon protection failures (git-fixes).
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes).
- wifi: iwlwifi: mvm: use FW rate for non-data only on new devices (git-fixes).
- wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() (git-fixes).
- wifi: mwifiex: debugfs: Drop unnecessary error check for debugfs_create_dir() (git-fixes).
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (git-fixes).
- wifi: rtw88: 8821c: Fix false alarm count (git-fixes).
- wifi: wilc1000: fix RCU usage in connect path (git-fixes).
- wifi: wilc1000: fix declarations ordering (stable-fixes).
- wifi: wilc1000: fix multi-vif management when deleting a vif (git-fixes).
- wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces (git-fixes).
- x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes).
- x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes).
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xhci: handle isoc Babble and Buffer Overrun events properly (git-fixes).
- xhci: process isoc TD properly when there was a transaction error mid TD (git-fixes).
ImportantSUSE bug 1177529SUSE bug 1192145SUSE bug 1194869SUSE bug 1200465SUSE bug 1205316SUSE bug 1207948SUSE bug 1209635SUSE bug 1209657SUSE bug 1212514SUSE bug 1213456SUSE bug 1214852SUSE bug 1215221SUSE bug 1215322SUSE bug 1217339SUSE bug 1217829SUSE bug 1217959SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218321SUSE bug 1218336SUSE bug 1218479SUSE bug 1218643SUSE bug 1218777SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1219834SUSE bug 1220114SUSE bug 1220176SUSE bug 1220237SUSE bug 1220251SUSE bug 1220320SUSE bug 1220337SUSE bug 1220340SUSE bug 1220365SUSE bug 1220366SUSE bug 1220398SUSE bug 1220411SUSE bug 1220413SUSE bug 1220439SUSE bug 1220443SUSE bug 1220445SUSE bug 1220466SUSE bug 1220478SUSE bug 1220482SUSE bug 1220484SUSE bug 1220486SUSE bug 1220487SUSE bug 1220492SUSE bug 1220703SUSE bug 1220775SUSE bug 1220790SUSE bug 1220797SUSE bug 1220831SUSE bug 1220833SUSE bug 1220836SUSE bug 1220839SUSE bug 1220840SUSE bug 1220843SUSE bug 1220870SUSE bug 1220871SUSE bug 1220872SUSE bug 1220878SUSE bug 1220879SUSE bug 1220883SUSE bug 1220885SUSE bug 1220887SUSE bug 1220898SUSE bug 1220901SUSE bug 1220915SUSE bug 1220918SUSE bug 1220920SUSE bug 1220921SUSE bug 1220926SUSE bug 1220927SUSE bug 1220929SUSE bug 1220932SUSE bug 1220935SUSE bug 1220937SUSE bug 1220938SUSE bug 1220940SUSE bug 1220954SUSE bug 1220955SUSE bug 1220959SUSE bug 1220960SUSE bug 1220961SUSE bug 1220965SUSE bug 1220969SUSE bug 1220978SUSE bug 1220979SUSE bug 1220981SUSE bug 1220982SUSE bug 1220983SUSE bug 1220985SUSE bug 1220986SUSE bug 1220987SUSE bug 1220989SUSE bug 1220990SUSE bug 1221009SUSE bug 1221012SUSE bug 1221015SUSE bug 1221022SUSE bug 1221039SUSE bug 1221040SUSE bug 1221044SUSE bug 1221045SUSE bug 1221046SUSE bug 1221048SUSE bug 1221055SUSE bug 1221056SUSE bug 1221058SUSE bug 1221060SUSE bug 1221061SUSE bug 1221062SUSE bug 1221066SUSE bug 1221067SUSE bug 1221068SUSE bug 1221069SUSE bug 1221070SUSE bug 1221071SUSE bug 1221077SUSE bug 1221082SUSE bug 1221090SUSE bug 1221097SUSE bug 1221156SUSE bug 1221162SUSE bug 1221252SUSE bug 1221273SUSE bug 1221274SUSE bug 1221276SUSE bug 1221277SUSE bug 1221291SUSE bug 1221293SUSE bug 1221298SUSE bug 1221337SUSE bug 1221338SUSE bug 1221375SUSE bug 1221379SUSE bug 1221551SUSE bug 1221553SUSE bug 1221613SUSE bug 1221614SUSE bug 1221616SUSE bug 1221618SUSE bug 1221631SUSE bug 1221633SUSE bug 1221713SUSE bug 1221725SUSE bug 1221777SUSE bug 1221791SUSE bug 1221814SUSE bug 1221816SUSE bug 1221830SUSE bug 1221951SUSE bug 1222011SUSE bug 1222033SUSE bug 1222051SUSE bug 1222056SUSE bug 1222060SUSE bug 1222070SUSE bug 1222073SUSE bug 1222117SUSE bug 1222247SUSE bug 1222266SUSE bug 1222274SUSE bug 1222291SUSE bug 1222300SUSE bug 1222304SUSE bug 1222317SUSE bug 1222331SUSE bug 1222355SUSE bug 1222356SUSE bug 1222360SUSE bug 1222366SUSE bug 1222373SUSE bug 1222416SUSE bug 1222422SUSE bug 1222427SUSE bug 1222428SUSE bug 1222431SUSE bug 1222437SUSE bug 1222445SUSE bug 1222449SUSE bug 1222503SUSE bug 1222520SUSE bug 1222536SUSE bug 1222549SUSE bug 1222550SUSE bug 1222557SUSE bug 1222585SUSE bug 1222586SUSE bug 1222596SUSE bug 1222609SUSE bug 1222610SUSE bug 1222619SUSE bug 1222630SUSE bug 1222632SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222669SUSE bug 1222677SUSE bug 1222678SUSE bug 1222680SUSE bug 1222706SUSE bug 1222720SUSE bug 1222724SUSE bug 1222726SUSE bug 1222727SUSE bug 1222764SUSE bug 1222772SUSE bug 1222781SUSE bug 1222784SUSE bug 1222798SUSE bug 1222801SUSE bug 1222952SUSE bug 1223030SUSE bug 1223067SUSE bug 1223068CVE-2021-46925 at SUSECVE-2021-46925 at NVDCVE-2021-46926 at SUSECVE-2021-46926 at NVDCVE-2021-46927 at SUSECVE-2021-46927 at NVDCVE-2021-46929 at SUSECVE-2021-46929 at NVDCVE-2021-46930 at SUSECVE-2021-46930 at NVDCVE-2021-46931 at SUSECVE-2021-46931 at NVDCVE-2021-46933 at SUSECVE-2021-46933 at NVDCVE-2021-46936 at SUSECVE-2021-46936 at NVDCVE-2021-47082 at SUSECVE-2021-47082 at NVDCVE-2021-47087 at SUSECVE-2021-47087 at NVDCVE-2021-47091 at SUSECVE-2021-47091 at NVDCVE-2021-47093 at SUSECVE-2021-47093 at NVDCVE-2021-47094 at SUSECVE-2021-47094 at NVDCVE-2021-47095 at SUSECVE-2021-47095 at NVDCVE-2021-47096 at SUSECVE-2021-47096 at NVDCVE-2021-47097 at SUSECVE-2021-47097 at NVDCVE-2021-47098 at SUSECVE-2021-47098 at NVDCVE-2021-47099 at SUSECVE-2021-47099 at NVDCVE-2021-47100 at SUSECVE-2021-47100 at NVDCVE-2021-47101 at SUSECVE-2021-47101 at NVDCVE-2021-47102 at SUSECVE-2021-47102 at NVDCVE-2021-47104 at SUSECVE-2021-47104 at NVDCVE-2021-47105 at SUSECVE-2021-47105 at NVDCVE-2021-47107 at SUSECVE-2021-47107 at NVDCVE-2021-47108 at SUSECVE-2021-47108 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2022-4744 at SUSECVE-2022-4744 at NVDCVE-2022-48626 at SUSECVE-2022-48626 at NVDCVE-2022-48629 at SUSECVE-2022-48629 at NVDCVE-2022-48630 at SUSECVE-2022-48630 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-35827 at SUSECVE-2023-35827 at NVDCVE-2023-4881 at SUSECVE-2023-4881 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52450 at SUSECVE-2023-52450 at NVDCVE-2023-52453 at SUSECVE-2023-52453 at NVDCVE-2023-52454 at SUSECVE-2023-52454 at NVDCVE-2023-52469 at SUSECVE-2023-52469 at NVDCVE-2023-52470 at SUSECVE-2023-52470 at NVDCVE-2023-52474 at SUSECVE-2023-52474 at NVDCVE-2023-52476 at SUSECVE-2023-52476 at NVDCVE-2023-52477 at SUSECVE-2023-52477 at NVDCVE-2023-52481 at SUSECVE-2023-52481 at NVDCVE-2023-52484 at SUSECVE-2023-52484 at NVDCVE-2023-52486 at SUSECVE-2023-52486 at NVDCVE-2023-52488 at SUSECVE-2023-52488 at NVDCVE-2023-52492 at SUSECVE-2023-52492 at NVDCVE-2023-52493 at SUSECVE-2023-52493 at NVDCVE-2023-52494 at SUSECVE-2023-52494 at NVDCVE-2023-52497 at SUSECVE-2023-52497 at NVDCVE-2023-52500 at SUSECVE-2023-52500 at NVDCVE-2023-52501 at SUSECVE-2023-52501 at NVDCVE-2023-52502 at SUSECVE-2023-52502 at NVDCVE-2023-52503 at SUSECVE-2023-52503 at NVDCVE-2023-52504 at SUSECVE-2023-52504 at NVDCVE-2023-52507 at SUSECVE-2023-52507 at NVDCVE-2023-52508 at SUSECVE-2023-52508 at NVDCVE-2023-52509 at SUSECVE-2023-52509 at NVDCVE-2023-52510 at SUSECVE-2023-52510 at NVDCVE-2023-52511 at SUSECVE-2023-52511 at NVDCVE-2023-52513 at SUSECVE-2023-52513 at NVDCVE-2023-52515 at SUSECVE-2023-52515 at NVDCVE-2023-52517 at SUSECVE-2023-52517 at NVDCVE-2023-52518 at SUSECVE-2023-52518 at NVDCVE-2023-52519 at SUSECVE-2023-52519 at NVDCVE-2023-52520 at SUSECVE-2023-52520 at NVDCVE-2023-52523 at SUSECVE-2023-52523 at NVDCVE-2023-52524 at SUSECVE-2023-52524 at NVDCVE-2023-52525 at SUSECVE-2023-52525 at NVDCVE-2023-52528 at SUSECVE-2023-52528 at NVDCVE-2023-52529 at SUSECVE-2023-52529 at NVDCVE-2023-52532 at SUSECVE-2023-52532 at NVDCVE-2023-52561 at SUSECVE-2023-52561 at NVDCVE-2023-52563 at SUSECVE-2023-52563 at NVDCVE-2023-52564 at SUSECVE-2023-52564 at NVDCVE-2023-52566 at SUSECVE-2023-52566 at NVDCVE-2023-52567 at SUSECVE-2023-52567 at NVDCVE-2023-52569 at SUSECVE-2023-52569 at NVDCVE-2023-52574 at SUSECVE-2023-52574 at NVDCVE-2023-52575 at SUSECVE-2023-52575 at NVDCVE-2023-52576 at SUSECVE-2023-52576 at NVDCVE-2023-52582 at SUSECVE-2023-52582 at NVDCVE-2023-52583 at SUSECVE-2023-52583 at NVDCVE-2023-52587 at SUSECVE-2023-52587 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52594 at SUSECVE-2023-52594 at NVDCVE-2023-52595 at SUSECVE-2023-52595 at NVDCVE-2023-52597 at SUSECVE-2023-52597 at NVDCVE-2023-52598 at SUSECVE-2023-52598 at NVDCVE-2023-52599 at SUSECVE-2023-52599 at NVDCVE-2023-52600 at SUSECVE-2023-52600 at NVDCVE-2023-52601 at SUSECVE-2023-52601 at NVDCVE-2023-52602 at SUSECVE-2023-52602 at NVDCVE-2023-52603 at SUSECVE-2023-52603 at NVDCVE-2023-52604 at SUSECVE-2023-52604 at NVDCVE-2023-52605 at SUSECVE-2023-52605 at NVDCVE-2023-52606 at SUSECVE-2023-52606 at NVDCVE-2023-52607 at SUSECVE-2023-52607 at NVDCVE-2023-52608 at SUSECVE-2023-52608 at NVDCVE-2023-52612 at SUSECVE-2023-52612 at NVDCVE-2023-52615 at SUSECVE-2023-52615 at NVDCVE-2023-52617 at SUSECVE-2023-52617 at NVDCVE-2023-52619 at SUSECVE-2023-52619 at NVDCVE-2023-52621 at SUSECVE-2023-52621 at NVDCVE-2023-52623 at SUSECVE-2023-52623 at NVDCVE-2023-52627 at SUSECVE-2023-52627 at NVDCVE-2023-52628 at SUSECVE-2023-52628 at NVDCVE-2023-52632 at SUSECVE-2023-52632 at NVDCVE-2023-52636 at SUSECVE-2023-52636 at NVDCVE-2023-52637 at SUSECVE-2023-52637 at NVDCVE-2023-52639 at SUSECVE-2023-52639 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-7042 at SUSECVE-2023-7042 at NVDCVE-2023-7192 at SUSECVE-2023-7192 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-25739 at SUSECVE-2024-25739 at NVDCVE-2024-25742 at SUSECVE-2024-25742 at NVDCVE-2024-26599 at SUSECVE-2024-26599 at NVDCVE-2024-26600 at SUSECVE-2024-26600 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26612 at SUSECVE-2024-26612 at NVDCVE-2024-26614 at SUSECVE-2024-26614 at NVDCVE-2024-26620 at SUSECVE-2024-26620 at NVDCVE-2024-26627 at SUSECVE-2024-26627 at NVDCVE-2024-26629 at SUSECVE-2024-26629 at NVDCVE-2024-26642 at SUSECVE-2024-26642 at NVDCVE-2024-26645 at SUSECVE-2024-26645 at NVDCVE-2024-26646 at SUSECVE-2024-26646 at NVDCVE-2024-26651 at SUSECVE-2024-26651 at NVDCVE-2024-26654 at SUSECVE-2024-26654 at NVDCVE-2024-26659 at SUSECVE-2024-26659 at NVDCVE-2024-26660 at SUSECVE-2024-26660 at NVDCVE-2024-26664 at SUSECVE-2024-26664 at NVDCVE-2024-26667 at SUSECVE-2024-26667 at NVDCVE-2024-26670 at SUSECVE-2024-26670 at NVDCVE-2024-26680 at SUSECVE-2024-26680 at NVDCVE-2024-26681 at SUSECVE-2024-26681 at NVDCVE-2024-26684 at SUSECVE-2024-26684 at NVDCVE-2024-26685 at SUSECVE-2024-26685 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26695 at SUSECVE-2024-26695 at NVDCVE-2024-26696 at SUSECVE-2024-26696 at NVDCVE-2024-26697 at SUSECVE-2024-26697 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26717 at SUSECVE-2024-26717 at NVDCVE-2024-26718 at SUSECVE-2024-26718 at NVDCVE-2024-26722 at SUSECVE-2024-26722 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26736 at SUSECVE-2024-26736 at NVDCVE-2024-26737 at SUSECVE-2024-26737 at NVDCVE-2024-26743 at SUSECVE-2024-26743 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26747 at SUSECVE-2024-26747 at NVDCVE-2024-26749 at SUSECVE-2024-26749 at NVDCVE-2024-26751 at SUSECVE-2024-26751 at NVDCVE-2024-26754 at SUSECVE-2024-26754 at NVDCVE-2024-26760 at SUSECVE-2024-26760 at NVDCVE-2024-26763 at SUSECVE-2024-26763 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26769 at SUSECVE-2024-26769 at NVDCVE-2024-26771 at SUSECVE-2024-26771 at NVDCVE-2024-26776 at SUSECVE-2024-26776 at NVDCVE-2024-26779 at SUSECVE-2024-26779 at NVDCVE-2024-26787 at SUSECVE-2024-26787 at NVDCVE-2024-26790 at SUSECVE-2024-26790 at NVDCVE-2024-26793 at SUSECVE-2024-26793 at NVDCVE-2024-26798 at SUSECVE-2024-26798 at NVDCVE-2024-26805 at SUSECVE-2024-26805 at NVDCVE-2024-26807 at SUSECVE-2024-26807 at NVDCVE-2024-26848 at SUSECVE-2024-26848 at NVDcpe:/o:opensuse:leap:15.5Security update for skopeo (Important)openSUSE Leap 15.5
This update for skopeo fixes the following issues:
- Update to version 1.14.2:
* [release-1.14] Bump Skopeo to v1.14.2
* [release-1.14] Bump c/image to v5.29.2, c/common to v0.57.3 (fixes bsc#1219563)
- Update to version 1.14.1:
* Bump to v1.14.1
* fix(deps): update module github.com/containers/common to v0.57.2
* fix(deps): update module github.com/containers/image/v5 to v5.29.1
* chore(deps): update dependency containers/automation_images to v20240102
* Fix libsubid detection
* fix(deps): update module golang.org/x/term to v0.16.0
* fix(deps): update golang.org/x/exp digest to 02704c9
* chore(deps): update dependency containers/automation_images to v20231208
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containers/common to v0.57.1
* fix(deps): update golang.org/x/exp digest to 6522937
* DOCS: add Gentoo in install.md
* DOCS: Update to add Arch Linux in install.md
* fix(deps): update module golang.org/x/term to v0.15.0
* Bump to v1.14.1-dev
- Update to version 1.14.0:
* Bump to v1.14.0
* fix(deps): update module github.com/containers/common to v0.57.0
* chore(deps): update dependency containers/automation_images to v20231116
* fix(deps): update module github.com/containers/image/v5 to v5.29.0
* Add documentation and smoke tests for the new --compat-auth-file options
* Update c/image and c/common to latest
* fix(deps): update module github.com/containers/storage to v1.51.0
* fix(deps): update module golang.org/x/term to v0.14.0
* fix(deps): update module github.com/spf13/cobra to v1.8.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
* fix(deps): update github.com/containers/common digest to 3e5caa0
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
* fix(deps): update module github.com/containers/ocicrypt to v1.1.9
* Update github.com/klauspost/compress to v1.17.2
* chore(deps): update module github.com/docker/docker to v24.0.7+incompatible [security]
* Fix ENTRYPOINT documentation, drop others.
* Remove unused environment variables in Cirrus
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
* chore(deps): update dependency containers/automation_images to v20231004
* chore(deps): update module golang.org/x/net to v0.17.0 [security]
* copy: Note support for `zstd:chunked`
* fix(deps): update module golang.org/x/term to v0.13.0
* fix(deps): update module github.com/docker/distribution to v2.8.3+incompatible
* fix(deps): update github.com/containers/common digest to 745eaa4
* Packit: switch to @containers/packit-build team for copr failure notification comments
* Packit: tag @lsm5 on copr build failures
* vendor of containers/common
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
* fix(deps): update module github.com/containers/common to v0.56.0
* Cirrus: Remove multi-arch skopeo image builds
* fix(deps): update module github.com/containers/image/v5 to v5.28.0
* Increase the golangci-lint timeout
* fix(deps): update module github.com/containers/storage to v1.50.2
* fix(deps): update module github.com/containers/storage to v1.50.1
* fix(deps): update golang.org/x/exp digest to 9212866
* Fix a man page link
* fix(deps): update github.com/containers/image/v5 digest to 58d5eb6
* GHA: Closed issue/PR comment-lock test
* fix(deps): update module github.com/containers/common to v0.55.4
* fix(deps): update module github.com/containers/storage to v1.49.0
* rpm: spdx compatible license field
* chore(deps): update dependency golangci/golangci-lint to v1.54.2
* chore(deps): update dependency containers/automation_images to v20230816
* Packit: set eln target correctly
* packit: Build PRs into default packit COPRs
* DOCS: Update Go version requirement info
* DOCS: Add information about the cross-build
* fix(deps): update module github.com/containers/ocicrypt to v1.1.8
* fix(deps): update module github.com/containers/common to v0.55.3
* Update c/image after https://github.com/containers/image/pull/2070
* chore(deps): update dependency golangci/golangci-lint to v1.54.1
* chore(deps): update dependency containers/automation_images to v20230809
* fix(deps): update golang.org/x/exp digest to 352e893
* chore(deps): update dependency containers/automation_images to v20230807
* Update to Go 1.19
* fix(deps): update module golang.org/x/term to v0.11.0
* Update c/image for golang.org/x/exp
* RPM: define gobuild macro for rhel/centos stream
* Fix handling the unexpected return value combination from IsRunningImageAllowed
* Close the PolicyContext, as required by the API
* Use globalOptions.getPolicyContext instead of an image-targeted SystemContext
* Packit: remove pre-sync action
* fix(deps): update module github.com/containers/common to v0.55.2
* proxy: Change the imgid to uint64
* [CI:BUILD] Packit: install golist before updating downstream spec
* Update module golang.org/x/term to v0.10.0
* Bump to v1.14.0-dev
* Bump to v1.13.0
- Bump go version to 1.21 (bsc#1215611)
- Update to version 1.13.2:
* [release-1.13] Bump to v1.13.2
* [release-1.31] Bump c/common v0.55.3
* Packit: remove pre-sync action
* [release-1.13] Bump to v1.13.2-dev
- Update to version 1.13.1:
* [release-1.13] Bump to v1.13.1
* [release-1.13] Bump c/common to v0.55.2
* [release-1.13 backport] [CI:BUILD] Packit: install golist before updating downstream spec
* [release-1.13] Bump to v1.13.1-dev
- Update to version 1.13.0:
* Bump to v1.13.0
* proxy: Policy verification of OCI Image before pulling
* Update module github.com/opencontainers/image-spec to v1.1.0-rc4
* Update module github.com/containers/common to v0.55.1
* Update module github.com/containers/common to v0.54.0
* Update module github.com/containers/image/v5 to v5.26.0
* [CI:BUILD] RPM: fix ELN builds
* Update module github.com/containers/storage to v1.47.0
* Packit: easier to read distro conditionals
* Update dependency golangci/golangci-lint to v1.53.3
* Help Renovate manage the golangci-lint version
* Minor: Cleanup renovate configuration
* Update dependency containers/automation_images to v20230614
* Update module golang.org/x/term to v0.9.0
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
* Update module github.com/sirupsen/logrus to v1.9.3
* Update dependency containers/automation_images to v20230601
* Update golang.org/x/exp digest to 2e198f4
* Update github.com/containers/image/v5 digest to e14c1c5
* Update module github.com/stretchr/testify to v1.8.4
* Update module github.com/stretchr/testify to v1.8.3
* Update dependency containers/automation_images to v20230517
* Update module github.com/sirupsen/logrus to v1.9.2
* Update module github.com/docker/distribution to v2.8.2+incompatible
* Trigger an update of the ostree_ext container image
* Update c/image with https://github.com/containers/image/pull/1944
* Update module github.com/containers/common to v0.53.0
* Update module golang.org/x/term to v0.8.0
* Update dependency containers/automation_images to v20230426
* Update golang.org/x/exp digest to 47ecfdc
* Emphasize the semantics of --preserve-digests a tiny bit
* Improve the static build documentation a tiny bit
* Bump to v1.12.1-dev
ImportantSUSE bug 1215611SUSE bug 1219563cpe:/o:opensuse:leap:15.5Security update for java-11-openjdk (Low)openSUSE Leap 15.5
This update for java-11-openjdk fixes the following issues:
- CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
- CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987)
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
- CVE-2024-21085: Fixed denial of service due to Pack200 excessive memory allocation (JDK-8322114,bsc#1222984)
- CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes:
- Upgrade to upstream tag jdk-11.0.23+9 (April 2024 CPU)
* Security fixes
+ JDK-8318340: Improve RSA key implementations
* Other changes
+ JDK-6928542: Chinese characters in RTF are not decoded
+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/
/bug4517214.java fails on MacOS
+ JDK-7148092: [macosx] When Alt+down arrow key is pressed,
the combobox popup does not appear.
+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking
+ JDK-8054572: [macosx] JComboBox paints the border incorrectly
+ JDK-8058176: [mlvm] tests should not allow code cache
exhaustion
+ JDK-8067651: LevelTransitionTest.java, fix trivial methods
levels logic
+ JDK-8068225: nsk/jdi/EventQueue/remove_l/remove_l005
intermittently times out
+ JDK-8156889: ListKeychainStore.sh fails in some virtualized
environments
+ JDK-8166275: vm/mlvm/meth/stress/compiler/deoptimize keeps
timeouting
+ JDK-8166554: Avoid compilation blocking in
OverloadCompileQueueTest.java
+ JDK-8169475: WheelModifier.java fails by timeout
+ JDK-8180266: Convert sun/security/provider/KeyStore/DKSTest.sh
to Java Jtreg Test
+ JDK-8186610: move ModuleUtils to top-level testlibrary
+ JDK-8192864: defmeth tests can hide failures
+ JDK-8193543: Regression automated test '/open/test/jdk/java/
/awt/TrayIcon/SystemTrayInstance/SystemTrayInstanceTest.java'
fails
+ JDK-8198668: MemoryPoolMBean/isUsageThresholdExceeded/
/isexceeded001/TestDescription.java still failing
+ JDK-8202282: [TESTBUG] appcds TestCommon
.makeCommandLineForAppCDS() can be removed
+ JDK-8202790: DnD test DisposeFrameOnDragTest.java does not
clean up
+ JDK-8202931: [macos] java/awt/Choice/ChoicePopupLocation/
/ChoicePopupLocation.java fails
+ JDK-8207211: [TESTBUG] Remove excessive output from
CDS/AppCDS tests
+ JDK-8207214: Broken links in JDK API serialized-form page
+ JDK-8207855: Make applications/jcstress invoke tests in
batches
+ JDK-8208243: vmTestbase/gc/lock/jni/jnilock002/
/TestDescription.java fails in jdk/hs nightly
+ JDK-8208278: [mlvm] [TESTBUG] vm.mlvm.mixed.stress.java
.findDeadlock.INDIFY_Test Deadlocked threads are not always
detected
+ JDK-8208623: [TESTBUG] runtime/LoadClass/LongBCP.java fails
in AUFS file system
+ JDK-8208699: remove unneeded imports from runtime tests
+ JDK-8208704: runtime/appcds/MultiReleaseJars.java timed out
often in hs-tier7 testing
+ JDK-8208705: [TESTBUG] The -Xlog:cds,cds+hashtables vm option
is not always required for appcds tests
+ JDK-8209549: remove VMPropsExt from TEST.ROOT
+ JDK-8209595: MonitorVmStartTerminate.java timed out
+ JDK-8209946: [TESTBUG] CDS tests should use '@run driver'
+ JDK-8211438: [Testbug] runtime/XCheckJniJsig/XCheckJSig.java
looks for libjsig in wrong location
+ JDK-8211978: Move testlibrary/jdk/testlibrary/
/SimpleSSLContext.java and testkeys to network testlibrary
+ JDK-8213622: Windows VS2013 build failure - ''snprintf':
identifier not found'
+ JDK-8213926: WB_EnqueueInitializerForCompilation requests
compilation for NULL
+ JDK-8213927: G1 ignores AlwaysPreTouch when
UseTransparentHugePages is enabled
+ JDK-8214908: add ctw tests for jdk.jfr and jdk.management.jfr
modules
+ JDK-8214915: CtwRunner misses export for jdk.internal.access
+ JDK-8216408: XMLStreamWriter setDefaultNamespace(null) throws
NullPointerException
+ JDK-8217475: Unexpected StackOverflowError in 'process
reaper' thread
+ JDK-8218754: JDK-8068225 regression in JDIBreakpointTest
+ JDK-8219475: javap man page needs to be updated
+ JDK-8219585: [TESTBUG] sun/management/jmxremote/bootstrap/
/JMXInterfaceBindingTest.java passes trivially when it
shouldn't
+ JDK-8219612: [TESTBUG] compiler.codecache.stress.Helper
.TestCaseImpl can't be defined in different runtime package as
its nest host
+ JDK-8225471: Test utility jdk.test.lib.util.FileUtils
.areAllMountPointsAccessible needs to tolerate duplicates
+ JDK-8226706: (se) Reduce the number of outer loop iterations
on Windows in java/nio/channels/Selector/RacyDeregister.java
+ JDK-8226905: unproblem list applications/ctw/modules/* tests
on windows
+ JDK-8226910: make it possible to use jtreg's -match via
run-test framework
+ JDK-8227438: [TESTLIB] Determine if file exists by
Files.exists in function FileUtils.deleteFileIfExistsWithRetry
+ JDK-8231585: java/lang/management/ThreadMXBean/
/MaxDepthForThreadInfoTest.java fails with
java.lang.NullPointerException
+ JDK-8232839: JDI AfterThreadDeathTest.java failed due to
'FAILED: Did not get expected IllegalThreadStateException on a
StepRequest.enable()'
+ JDK-8233453: MLVM deoptimize stress test timed out
+ JDK-8234309: LFGarbageCollectedTest.java fails with parse
Exception
+ JDK-8237222: [macos] java/awt/Focus/UnaccessibleChoice/
/AccessibleChoiceTest.java fails
+ JDK-8237777: 'Dumping core ...' is shown despite claiming
that '# No core dump will be written.'
+ JDK-8237834: com/sun/jndi/ldap/LdapDnsProviderTest.java
failing with LDAP response read timeout
+ JDK-8238274: (sctp) JDK-7118373 is not fixed for SctpChannel
+ JDK-8239801: [macos] java/awt/Focus/UnaccessibleChoice/
/AccessibleChoiceTest.java fails
+ JDK-8244679: JVM/TI GetCurrentContendedMonitor/contmon001
failed due to '(IsSameObject#3) unexpected monitor object:
0x000000562336DBA8'
+ JDK-8246222: Rename javac test T6395981.java to be more
informative
+ JDK-8247818: GCC 10 warning stringop-overflow with symbol code
+ JDK-8249087: Always initialize _body[0..1] in Symbol
constructor
+ JDK-8251349: Add TestCaseImpl to
OverloadCompileQueueTest.java's build dependencies
+ JDK-8251904: vmTestbase/nsk/sysdict/vm/stress/btree/btree010/
/btree010.java fails with ClassNotFoundException:
nsk.sysdict.share.BTree0LLRLRLRRLR
+ JDK-8253543: sanity/client/SwingSet/src/
/ButtonDemoScreenshotTest.java failed with 'AssertionError:
All pixels are not black'
+ JDK-8253739: java/awt/image/MultiResolutionImage/
/MultiResolutionImageObserverTest.java fails
+ JDK-8253820: Save test images and dumps with timestamps from
client sanity suite
+ JDK-8255277: randomDelay in DrainDeadlockT and
LoggingDeadlock do not randomly delay
+ JDK-8255546: Missing coverage for
javax.smartcardio.CardPermission and ResponseAPDU
+ JDK-8255743: Relax SIGFPE match in in
runtime/ErrorHandling/SecondaryErrorTest.java
+ JDK-8257505: nsk/share/test/StressOptions stressTime is
scaled in getter but not when printed
+ JDK-8259801: Enable XML Signature secure validation mode by
default
+ JDK-8264135: UnsafeGetStableArrayElement should account for
different JIT implementation details
+ JDK-8265349: vmTestbase/../stress/compiler/deoptimize/
/Test.java fails with OOME due to CodeCache exhaustion.
+ JDK-8269025: jsig/Testjsig.java doesn't check exit code
+ JDK-8269077: TestSystemGC uses 'require vm.gc.G1' for large
pages subtest
+ JDK-8271094: runtime/duplAttributes/DuplAttributesTest.java
doesn't check exit code
+ JDK-8271224: runtime/EnclosingMethodAttr/EnclMethodAttr.java
doesn't check exit code
+ JDK-8271828: mark hotspot runtime/classFileParserBug tests
which ignore external VM flags
+ JDK-8271829: mark hotspot runtime/Throwable tests which
ignore external VM flags
+ JDK-8271890: mark hotspot runtime/Dictionary tests which
ignore external VM flags
+ JDK-8272291: mark hotspot runtime/logging tests which ignore
external VM flags
+ JDK-8272335: runtime/cds/appcds/MoveJDKTest.java doesn't
check exit codes
+ JDK-8272551: mark hotspot runtime/modules tests which ignore
external VM flags
+ JDK-8272552: mark hotspot runtime/cds tests which ignore
external VM flags
+ JDK-8273803: Zero: Handle 'zero' variant in
CommandLineOptionTest.java
+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java
fails in Windows 11
+ JDK-8274621: NullPointerException because listenAddress[0] is
null
+ JDK-8276796: gc/TestSystemGC.java large pages subtest fails
with ZGC
+ JDK-8280007: Enable Neoverse N1 optimizations for Arm
Neoverse V1 & N2
+ JDK-8281149: (fs) java/nio/file/FileStore/Basic.java fails
with java.lang.RuntimeException: values differ by more than
1GB
+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java
from problemlist.
+ JDK-8281717: Cover logout method for several LoginModule
+ JDK-8282665: [REDO] ByteBufferTest.java: replace endless
recursion with RuntimeException in void ck(double x, double y)
+ JDK-8284090: com/sun/security/auth/module/AllPlatforms.java
fails to compile
+ JDK-8285756: clean up use of bad arguments for `@clean` in
langtools tests
+ JDK-8285785: CheckCleanerBound test fails with
PasswordCallback object is not released
+ JDK-8285867: Convert applet manual tests
SelectionVisible.java to Frame and automate
+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64
+ JDK-8286969: Add a new test library API to execute kinit in
SecurityTools.java
+ JDK-8287113: JFR: Periodic task thread uses period for method
sampling events
+ JDK-8289511: Improve test coverage for XPath Axes: child
+ JDK-8289764: gc/lock tests failed with 'OutOfMemoryError:
Java heap space: failed reallocation of scalar replaced
objects'
+ JDK-8289948: Improve test coverage for XPath functions: Node
Set Functions
+ JDK-8290399: [macos] Aqua LAF does not fire an action event
if combo box menu is displayed
+ JDK-8290909: MemoryPoolMBean/isUsageThresholdExceeded tests
failed with 'isUsageThresholdExceeded() returned false, and is
still false, while threshold = MMMMMMM and used peak = NNNNNNN'
+ JDK-8292182: [TESTLIB] Enhance JAXPPolicyManager to setup
required permissions for jtreg version 7 jar
+ JDK-8292946: GC lock/jni/jnilock001 test failed
'assert(gch->gc_cause() == GCCause::_scavenge_alot ||
!gch->incremental_collection_failed()) failed: Twice in a row'
+ JDK-8293819: sun/util/logging/PlatformLoggerTest.java failed
with 'RuntimeException: Retrieved backing PlatformLogger level
null is not the expected CONFIG'
+ JDK-8294158: HTML formatting for PassFailJFrame instructions
+ JDK-8294254: [macOS] javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java failure
+ JDK-8294402: Add diagnostic logging to
VMProps.checkDockerSupport
+ JDK-8294535: Add screen capture functionality to
PassFailJFrame
+ JDK-8296083: javax/swing/JTree/6263446/bug6263446.java fails
intermittently on a VM
+ JDK-8296384: [TESTBUG] sun/security/provider/SecureRandom/
/AbstractDrbg/SpecTest.java intermittently timeout
+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java
failed: ExceptionInInitializerError: target class not found
+ JDK-8300269: The selected item in an editable JComboBox with
titled border is not visible in Aqua LAF
+ JDK-8300727: java/awt/List/ListGarbageCollectionTest/
/AwtListGarbageCollectionTest.java failed with 'List wasn't
garbage collected'
+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash
+ JDK-8301377: adjust timeout for JLI
GetObjectSizeIntrinsicsTest.java subtest again
+ JDK-8301846: Invalid TargetDataLine after screen lock when
using JFileChooser or COM library
+ JDK-8302017: Allocate BadPaddingException only if it will be
thrown
+ JDK-8302109: Trivial fixes to btree tests
+ JDK-8302149: Speed up
compiler/jsr292/methodHandleExceptions/TestAMEnotNPE.java
+ JDK-8302607: increase timeout for
ContinuousCallSiteTargetChange.java
+ JDK-8304074: [JMX] Add an approximation of total bytes
allocated on the Java heap by the JVM
+ JDK-8304314: StackWalkTest.java fails after CODETOOLS-7903373
+ JDK-8304725: AsyncGetCallTrace can cause SIGBUS on M1
+ JDK-8305502: adjust timeouts in three more M&M tests
+ JDK-8305505: NPE in javazic compiler
+ JDK-8305972: Update XML Security for Java to 3.0.2
+ JDK-8306072: Open source several AWT MouseInfo related tests
+ JDK-8306076: Open source AWT misc tests
+ JDK-8306409: Open source AWT KeyBoardFocusManger,
LightWeightComponent related tests
+ JDK-8306640: Open source several AWT TextArea related tests
+ JDK-8306652: Open source AWT MenuItem related tests
+ JDK-8306681: Open source more AWT DnD related tests
+ JDK-8306683: Open source several clipboard and color AWT tests
+ JDK-8306752: Open source several container and component AWT
tests
+ JDK-8306753: Open source several container AWT tests
+ JDK-8306755: Open source few Swing JComponent and
AbstractButton tests
+ JDK-8306812: Open source several AWT Miscellaneous tests
+ JDK-8306871: Open source more AWT Drag & Drop tests
+ JDK-8306996: Open source Swing MenuItem related tests
+ JDK-8307123: Fix deprecation warnings in DPrinter
+ JDK-8307130: Open source few Swing JMenu tests
+ JDK-8307299: Move more DnD tests to open
+ JDK-8307311: Timeouts on one macOS 12.6.1 host of two Swing
JTableHeader tests
+ JDK-8307381: Open Source JFrame, JIF related Swing Tests
+ JDK-8307683: Loop Predication should not hoist range checks
with trap on success projection by negating their condition
+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC
while allocating
+ JDK-8308116: jdk.test.lib.compiler.InMemoryJavaCompiler
.compile does not close files
+ JDK-8308223: failure handler missed jcmd.vm.info command
+ JDK-8308232: nsk/jdb tests don't pass -verbose flag to the
debuggee
+ JDK-8308245: Add -proc:full to describe current default
annotation processing policy
+ JDK-8308336: Test java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java failed:
java.net.BindException: Address already in use
+ JDK-8309104: [JVMCI] compiler/unsafe/
/UnsafeGetStableArrayElement test asserts wrong values with
Graal
+ JDK-8309119: [17u/11u] Redo JDK-8297951: C2: Create skeleton
predicates for all If nodes in loop predication
+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/
/agentthr001/TestDescription.java crashing due to empty while
loop
+ JDK-8309778: java/nio/file/Files/CopyAndMove.java fails when
using second test directory
+ JDK-8309870: Using -proc:full should be considered requesting
explicit annotation processing
+ JDK-8310106: sun.security.ssl.SSLHandshake
.getHandshakeProducer() incorrectly checks handshakeConsumers
+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
/bug6889007.java fails
+ JDK-8310551: vmTestbase/nsk/jdb/interrupt/interrupt001/
/interrupt001.java timed out due to missing prompt
+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
timed out
+ JDK-8311081: KeytoolReaderP12Test.java fail on localized
Windows platform
+ JDK-8311511: Improve description of NativeLibrary JFR event
+ JDK-8311585: Add JRadioButtonMenuItem to bug8031573.java
+ JDK-8313081: MonitoringSupport_lock should be unconditionally
initialized after 8304074
+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in
makefiles
+ JDK-8313164: src/java.desktop/windows/native/libawt/windows/
/awt_Robot.cpp GetRGBPixels adjust releasing of resources
+ JDK-8313252: Java_sun_awt_windows_ThemeReader_paintBackground
release resources in early returns
+ JDK-8313643: Update HarfBuzz to 8.2.2
+ JDK-8313816: Accessing jmethodID might lead to spurious
crashes
+ JDK-8314144: gc/g1/ihop/TestIHOPStatic.java fails due to
extra concurrent mark with -Xcomp
+ JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently
in timeout
+ JDK-8314883:
Java_java_util_prefs_FileSystemPreferences_lockFile0 write
result errno in missing case
+ JDK-8315034: File.mkdirs() occasionally fails to create
folders on Windows shared folder
+ JDK-8315042: NPE in PKCS7.parseOldSignedData
+ JDK-8315415: OutputAnalyzer.shouldMatchByLine() fails in some
cases
+ JDK-8315499: build using devkit on Linux ppc64le RHEL puts
path to devkit into libsplashscreen
+ JDK-8315594: Open source few headless Swing misc tests
+ JDK-8315600: Open source few more headless Swing misc tests
+ JDK-8315602: Open source swing security manager test
+ JDK-8315606: Open source few swing text/html tests
+ JDK-8315611: Open source swing text/html and tree test
+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should
run with -Xbatch
+ JDK-8315731: Open source several Swing Text related tests
+ JDK-8315761: Open source few swing JList and JMenuBar tests
+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/
/bug4654927.java: component must be showing on the screen to
determine its location
+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use
createTestJvm
+ JDK-8316028: Update FreeType to 2.13.2
+ JDK-8316030: Update Libpng to 1.6.40
+ JDK-8316106: Open source few swing JInternalFrame and
JMenuBar tests
+ JDK-8316461: Fix: make test outputs TEST SUCCESS after
unsuccessful exit
+ JDK-8316947: Write a test to check textArea triggers
MouseEntered/MouseExited events properly
+ JDK-8317307: test/jdk/com/sun/jndi/ldap/
/LdapPoolTimeoutTest.java fails with ConnectException:
Connection timed out: no further information
+ JDK-8317327: Remove JT_JAVA dead code in jib-profiles.js
+ JDK-8318154: Improve stability of WheelModifier.java test
+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows
+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails
with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1
+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni
tests
+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests
+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with
'transport error 202: bind failed: Address already in use'
+ JDK-8318889: C2: add bailout after assert Bad graph detected
in build_loop_late
+ JDK-8318951: Additional negative value check in JPEG decoding
+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to
early return
+ JDK-8318971: Better Error Handling for Jar Tool When
Processing Non-existent Files
+ JDK-8318983: Fix comment typo in PKCS12Passwd.java
+ JDK-8319124: Update XML Security for Java to 3.0.3
+ JDK-8319456: jdk/jfr/event/gc/collection/
/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker
Initiated GC' not in the valid causes
+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
+ JDK-8320001: javac crashes while adding type annotations to
the return type of a constructor
+ JDK-8320208: Update Public Suffix List to b5bf572
+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks
wrong, missed optimization opportunity
+ JDK-8320597: RSA signature verification fails on signed data
that does not encode params correctly
+ JDK-8320798: Console read line with zero out should zero out
underlying buffer
+ JDK-8320884: Bump update version for OpenJDK: jdk-11.0.23
+ JDK-8320937: support latest VS2022 MSC_VER in
abstract_vm_version.cpp
+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older
Windows versions
+ JDK-8321215: Incorrect x86 instruction encoding for VSIB
addressing mode
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8321480: ISO 4217 Amendment 176 Update
+ JDK-8322178: Error. can't find jdk.testlibrary
.SimpleSSLContext in test directory or libraries
+ JDK-8322417: Console read line with zero out should zero out
when throwing exception
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322750: Test 'api/java_awt/interactive/
/SystemTrayTests.html' failed because A blue ball icon is
added outside of the system tray
+ JDK-8322752: [11u] GetStackTraceAndRetransformTest.java is
failing assert
+ JDK-8322772: Clean up code after JDK-8322417
+ JDK-8323008: filter out harmful -std* flags added by autoconf
from CXX
+ JDK-8323243: JNI invocation of an abstract instance method
corrupts the stack
+ JDK-8323515: Create test alias 'all' for all test roots
+ JDK-8323640: [TESTBUG]testMemoryFailCount in jdk/internal/
/platform/docker/TestDockerMemoryMetrics.java always fail
because OOM killed
+ JDK-8324184: Windows VS2010 build failed with 'error C2275:
'int64_t''
+ JDK-8324307: [11u] hotspot fails to build with GCC 12 and
newer (non-static data member initializers)
+ JDK-8324347: Enable 'maybe-uninitialized' warning for
FreeType 2.13.1
+ JDK-8324659: GHA: Generic jtreg errors are not reported
+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
/AKISerialNumber.java is failing
+ JDK-8325150: (tz) Update Timezone Data to 2024a
+ JDK-8326109: GCC 13 reports maybe-uninitialized warnings for
jni.cpp with dtrace enabled
+ JDK-8326503: [11u] java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fail because of
package org.junit.jupiter.api does not exist
+ JDK-8327391: Add SipHash attribution file
+ JDK-8329837: [11u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 11.0.23
- Removed the possibility to use the system timezone-java (bsc#1213470)
LowSUSE bug 1213470SUSE bug 1222979SUSE bug 1222983SUSE bug 1222984SUSE bug 1222986SUSE bug 1222987CVE-2024-21011 at SUSECVE-2024-21011 at NVDCVE-2024-21012 at SUSECVE-2024-21012 at NVDCVE-2024-21068 at SUSECVE-2024-21068 at NVDCVE-2024-21085 at SUSECVE-2024-21085 at NVDCVE-2024-21094 at SUSECVE-2024-21094 at NVDcpe:/o:opensuse:leap:15.5Security update for java-17-openjdk (Low)openSUSE Leap 15.5
This update for java-17-openjdk fixes the following issues:
- CVE-2024-21011: Fixed denial of service due to long Exception message logging (JDK-8319851,bsc#1222979)
- CVE-2024-21012: Fixed unauthorized data modification due HTTP/2 client improper reverse DNS lookup (JDK-8315708,bsc#1222987)
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (JDK-8322122,bsc#1222983)
- CVE-2024-21094: Fixed unauthorized data modification due to C2 compilation failure with 'Exceeded _node_regs array' (JDK-8317507,JDK-8325348,bsc#1222986)
Other fixes:
- Update to upstream tag jdk-17.0.11+9 (April 2024 CPU)
* Security fixes
+ JDK-8318340: Improve RSA key implementations
* Other changes
+ JDK-6928542: Chinese characters in RTF are not decoded
+ JDK-7132796: [macosx] closed/javax/swing/JComboBox/4517214/
/bug4517214.java fails on MacOS
+ JDK-7148092: [macosx] When Alt+down arrow key is pressed, the
combobox popup does not appear.
+ JDK-7167356: (javac) investigate failing tests in
JavacParserTest
+ JDK-8054022: HttpURLConnection timeouts with Expect:
100-Continue and no chunking
+ JDK-8054572: [macosx] JComboBox paints the border incorrectly
+ JDK-8169475: WheelModifier.java fails by timeout
+ JDK-8205076: [17u] Inet6AddressImpl.c: `lookupIfLocalHost`
accesses `int InetAddress.preferIPv6Address` as a boolean
+ JDK-8209595: MonitorVmStartTerminate.java timed out
+ JDK-8210410: Refactor java.util.Currency:i18n shell tests to
plain java tests
+ JDK-8261404: Class.getReflectionFactory() is not thread-safe
+ JDK-8261837: SIGSEGV in ciVirtualCallTypeData::translate_from
+ JDK-8263256: Test java/net/Inet6Address/serialize/
/Inet6AddressSerializationTest.java fails due to dynamic
reconfigurations of network interface during test
+ JDK-8269258: java/net/httpclient/ManyRequestsLegacy.java
failed with connection timeout
+ JDK-8271118: C2: StressGCM should have higher priority than
frequency-based policy
+ JDK-8271616: oddPart in MutableBigInteger::mutableModInverse
contains info on final result
+ JDK-8272811: Document the effects of building with
_GNU_SOURCE in os_posix.hpp
+ JDK-8272853: improve `JavadocTester.runTests`
+ JDK-8273454: C2: Transform (-a)*(-b) into a*b
+ JDK-8274060: C2: Incorrect computation after JDK-8273454
+ JDK-8274122: java/io/File/createTempFile/SpecialTempFile.java
fails in Windows 11
+ JDK-8274621: NullPointerException because listenAddress[0] is
null
+ JDK-8274632: Possible pointer overflow in PretouchTask chunk
claiming
+ JDK-8274634: Use String.equals instead of String.compareTo in
java.desktop
+ JDK-8276125: RunThese24H.java SIGSEGV in
JfrThreadGroup::thread_group_id
+ JDK-8278028: [test-library] Warnings cleanup of the test
library
+ JDK-8278312: Update SimpleSSLContext keystore to use SANs for
localhost IP addresses
+ JDK-8278363: Create extented container test groups
+ JDK-8280241: (aio) AsynchronousSocketChannel init fails in
IPv6 only Windows env
+ JDK-8281377: Remove vmTestbase/nsk/monitoring/ThreadMXBean/
/ThreadInfo/Deadlock/JavaDeadlock001/TestDescription.java from
problemlist.
+ JDK-8281543: Remove unused code/headerfile dtraceAttacher.hpp
+ JDK-8281585: Remove unused imports under test/lib and jtreg/gc
+ JDK-8283400: [macos] a11y : Screen magnifier does not reflect
JRadioButton value change
+ JDK-8283626: AArch64: Set relocInfo::offset_unit to 4
+ JDK-8283994: Make Xerces DatatypeException stackless
+ JDK-8286312: Stop mixing signed and unsigned types in bit
operations
+ JDK-8286846: test/jdk/javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java fails on mac aarch64
+ JDK-8287832: jdk/jfr/event/runtime/TestActiveSettingEvent.java
failed with 'Expected two batches of Active Setting events'
+ JDK-8288663: JFR: Disabling the JfrThreadSampler commits only
a partially disabled state
+ JDK-8288846: misc tests fail 'assert(ms < 1000) failed:
Un-interruptable sleep, short time use only'
+ JDK-8289764: gc/lock tests failed with 'OutOfMemoryError:
Java heap space: failed reallocation of scalar replaced
objects'
+ JDK-8290041: ModuleDescriptor.hashCode is inconsistent
+ JDK-8290203: ProblemList vmTestbase/nsk/jvmti/scenarios/
/capability/CM03/cm03t001/TestDescription.java on linux-all
+ JDK-8290399: [macos] Aqua LAF does not fire an action event
if combo box menu is displayed
+ JDK-8292458: Atomic operations on scoped enums don't build
with clang
+ JDK-8292946: GC lock/jni/jnilock001 test failed
'assert(gch->gc_cause() == GCCause::_scavenge_alot ||
!gch->incremental_collection_failed()) failed: Twice in a row'
+ JDK-8293117: Add atomic bitset functions
+ JDK-8293547: Add relaxed add_and_fetch for macos aarch64
atomics
+ JDK-8294158: HTML formatting for PassFailJFrame instructions
+ JDK-8294254: [macOS] javax/swing/plaf/aqua/
/CustomComboBoxFocusTest.java failure
+ JDK-8294535: Add screen capture functionality to
PassFailJFrame
+ JDK-8295068: SSLEngine throws NPE parsing CertificateRequests
+ JDK-8295124: Atomic::add to pointer type may return wrong
value
+ JDK-8295274: HelidonAppTest.java fails
'assert(event->should_commit()) failed: invariant' from
compiled frame'
+ JDK-8296631: NSS tests failing on OL9 linux-aarch64 hosts
+ JDK-8297968: Crash in PrintOptoAssembly
+ JDK-8298087: XML Schema Validation reports an required
attribute twice via ErrorHandler
+ JDK-8299494: Test vmTestbase/nsk/stress/except/except011.java
failed: ExceptionInInitializerError: target class not found
+ JDK-8300269: The selected item in an editable JComboBox with
titled border is not visible in Aqua LAF
+ JDK-8301306: java/net/httpclient/* fail with -Xcomp
+ JDK-8301310: The SendRawSysexMessage test may cause a JVM
crash
+ JDK-8301787: java/net/httpclient/SpecialHeadersTest failing
after JDK-8301306
+ JDK-8301846: Invalid TargetDataLine after screen lock when
using JFileChooser or COM library
+ JDK-8302017: Allocate BadPaddingException only if it will be
thrown
+ JDK-8302149: Speed up compiler/jsr292/methodHandleExceptions/
/TestAMEnotNPE.java
+ JDK-8303605: Memory leaks in Metaspace gtests
+ JDK-8304074: [JMX] Add an approximation of total bytes
allocated on the Java heap by the JVM
+ JDK-8304696: Duplicate class names in dynamicArchive tests
can lead to test failure
+ JDK-8305356: Fix ignored bad CompileCommands in tests
+ JDK-8305900: Use loopback IP addresses in security policy
files of httpclient tests
+ JDK-8305906: HttpClient may use incorrect key when finding
pooled HTTP/2 connection for IPv6 address
+ JDK-8305962: update jcstress to 0.16
+ JDK-8305972: Update XML Security for Java to 3.0.2
+ JDK-8306014: Update javax.net.ssl TLS tests to use
SSLContextTemplate or SSLEngineTemplate
+ JDK-8306408: Fix the format of several tables in building.md
+ JDK-8307185: pkcs11 native libraries make JNI calls into java
code while holding GC lock
+ JDK-8307926: Support byte-sized atomic bitset operations
+ JDK-8307955: Prefer to PTRACE_GETREGSET instead of
PTRACE_GETREGS in method 'ps_proc.c::process_get_lwp_regs'
+ JDK-8307990: jspawnhelper must close its writing side of a
pipe before reading from it
+ JDK-8308043: Deadlock in TestCSLocker.java due to blocking GC
while allocating
+ JDK-8308245: Add -proc:full to describe current default
annotation processing policy
+ JDK-8308336: Test java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java failed:
java.net.BindException: Address already in use
+ JDK-8309302: java/net/Socket/Timeouts.java fails with
AssertionError on test temporal post condition
+ JDK-8309305: sun/security/ssl/SSLSocketImpl/
/BlockedAsyncClose.java fails with jtreg test timeout
+ JDK-8309462: [AIX] vmTestbase/nsk/jvmti/RunAgentThread/
/agentthr001/TestDescription.java crashing due to empty while
loop
+ JDK-8309733: [macOS, Accessibility] VoiceOver: Incorrect
announcements of JRadioButton
+ JDK-8309870: Using -proc:full should be considered requesting
explicit annotation processing
+ JDK-8310106: sun.security.ssl.SSLHandshake
.getHandshakeProducer() incorrectly checks handshakeConsumers
+ JDK-8310238: [test bug] javax/swing/JTableHeader/6889007/
/bug6889007.java fails
+ JDK-8310380: Handle problems in core-related tests on macOS
when codesign tool does not work
+ JDK-8310631: test/jdk/sun/nio/cs/TestCharsetMapping.java is
spuriously passing
+ JDK-8310807: java/nio/channels/DatagramChannel/Connect.java
timed out
+ JDK-8310838: Correct range notations in MethodTypeDesc
specification
+ JDK-8310844: [AArch64] C1 compilation fails because monitor
offset in OSR buffer is too large for immediate
+ JDK-8310923: Refactor Currency tests to use JUnit
+ JDK-8311081: KeytoolReaderP12Test.java fail on localized
Windows platform
+ JDK-8311160: [macOS, Accessibility] VoiceOver: No
announcements on JRadioButtonMenuItem and JCheckBoxMenuItem
+ JDK-8311581: Remove obsolete code and comments in TestLVT.java
+ JDK-8311645: Memory leak in jspawnhelper spawnChild after
JDK-8307990
+ JDK-8311986: Disable runtime/os/TestTracePageSizes.java for
ShenandoahGC
+ JDK-8312428: PKCS11 tests fail with NSS 3.91
+ JDK-8312434: SPECjvm2008/xml.transform with CDS fails with
'can't seal package nu.xom'
+ JDK-8313081: MonitoringSupport_lock should be unconditionally
initialized after 8304074
+ JDK-8313082: Enable CreateCoredumpOnCrash for testing in
makefiles
+ JDK-8313206: PKCS11 tests silently skip execution
+ JDK-8313575: Refactor PKCS11Test tests
+ JDK-8313621: test/jdk/jdk/internal/math/FloatingDecimal/
/TestFloatingDecimal should use RandomFactory
+ JDK-8313643: Update HarfBuzz to 8.2.2
+ JDK-8313816: Accessing jmethodID might lead to spurious
crashes
+ JDK-8314164: java/net/HttpURLConnection/
/HttpURLConnectionExpectContinueTest.java fails intermittently
in timeout
+ JDK-8314220: Configurable InlineCacheBuffer size
+ JDK-8314830: runtime/ErrorHandling/ tests ignore external VM
flags
+ JDK-8315034: File.mkdirs() occasionally fails to create
folders on Windows shared folder
+ JDK-8315042: NPE in PKCS7.parseOldSignedData
+ JDK-8315594: Open source few headless Swing misc tests
+ JDK-8315600: Open source few more headless Swing misc tests
+ JDK-8315602: Open source swing security manager test
+ JDK-8315611: Open source swing text/html and tree test
+ JDK-8315680: java/lang/ref/ReachabilityFenceTest.java should
run with -Xbatch
+ JDK-8315731: Open source several Swing Text related tests
+ JDK-8315761: Open source few swing JList and JMenuBar tests
+ JDK-8315920: C2: 'control input must dominate current
control' assert failure
+ JDK-8315986: [macos14] javax/swing/JMenuItem/4654927/
/bug4654927.java: component must be showing on the screen to
determine its location
+ JDK-8316001: GC: Make TestArrayAllocatorMallocLimit use
createTestJvm
+ JDK-8316028: Update FreeType to 2.13.2
+ JDK-8316030: Update Libpng to 1.6.40
+ JDK-8316106: Open source few swing JInternalFrame and
JMenuBar tests
+ JDK-8316304: (fs) Add support for BasicFileAttributes
.creationTime() for Linux
+ JDK-8316392: compiler/interpreter/
/TestVerifyStackAfterDeopt.java failed with SIGBUS in
PcDescContainer::find_pc_desc_internal
+ JDK-8316414: C2: large byte array clone triggers 'failed:
malformed control flow' assertion failure on linux-x86
+ JDK-8316415: Parallelize
sun/security/rsa/SignedObjectChain.java subtests
+ JDK-8316418: containers/docker/TestMemoryWithCgroupV1.java
get OOM killed with Parallel GC
+ JDK-8316445: Mark com/sun/management/HotSpotDiagnosticMXBean/
/CheckOrigin.java as vm.flagless
+ JDK-8316679: C2 SuperWord: wrong result, load should not be
moved before store if not comparable
+ JDK-8316693: Simplify at-requires checkDockerSupport()
+ JDK-8316929: Shenandoah: Shenandoah degenerated GC and full
GC need to cleanup old OopMapCache entries
+ JDK-8316947: Write a test to check textArea triggers
MouseEntered/MouseExited events properly
+ JDK-8317039: Enable specifying the JDK used to run jtreg
+ JDK-8317144: Exclude sun/security/pkcs11/sslecc/
/ClientJSSEServerJSSE.java on Linux ppc64le
+ JDK-8317307: test/jdk/com/sun/jndi/ldap/
/LdapPoolTimeoutTest.java fails with ConnectException:
Connection timed out: no further information
+ JDK-8317603: Improve exception messages thrown by
sun.nio.ch.Net native methods (win)
+ JDK-8317771: [macos14] Expand/collapse a JTree using keyboard
freezes the application in macOS 14 Sonoma
+ JDK-8317807: JAVA_FLAGS removed from jtreg running in
JDK-8317039
+ JDK-8317960: [17u] Excessive CPU usage on
AbstractQueuedSynchronized.isEnqueued
+ JDK-8318154: Improve stability of WheelModifier.java test
+ JDK-8318183: C2: VM may crash after hitting node limit
+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows
+ JDK-8318468: compiler/tiered/LevelTransitionTest.java fails
with -XX:CompileThreshold=100 -XX:TieredStopAtLevel=1
+ JDK-8318490: Increase timeout for JDK tests that are close to
the limit when run with libgraal
+ JDK-8318603: Parallelize sun/java2d/marlin/ClipShapeTest.java
+ JDK-8318607: Enable parallelism in vmTestbase/nsk/stress/jni
tests
+ JDK-8318608: Enable parallelism in
vmTestbase/nsk/stress/threads tests
+ JDK-8318689: jtreg is confused when folder name is the same
as the test name
+ JDK-8318736: com/sun/jdi/JdwpOnThrowTest.java failed with
'transport error 202: bind failed: Address already in use'
+ JDK-8318951: Additional negative value check in JPEG decoding
+ JDK-8318955: Add ReleaseIntArrayElements in
Java_sun_awt_X11_XlibWrapper_SetBitmapShape XlbWrapper.c to
early return
+ JDK-8318957: Enhance agentlib:jdwp help output by info about
allow option
+ JDK-8318961: increase javacserver connection timeout values
and max retry attempts
+ JDK-8318971: Better Error Handling for Jar Tool When
Processing Non-existent Files
+ JDK-8318983: Fix comment typo in PKCS12Passwd.java
+ JDK-8319124: Update XML Security for Java to 3.0.3
+ JDK-8319213: Compatibility.java reads both stdout and stderr
of JdkUtils
+ JDK-8319436: Proxy.newProxyInstance throws NPE if loader is
null and interface not visible from class loader
+ JDK-8319456: jdk/jfr/event/gc/collection/
/TestGCCauseWith[Serial|Parallel].java : GC cause 'GCLocker
Initiated GC' not in the valid causes
+ JDK-8319668: Fixup of jar filename typo in BadFactoryTest.sh
+ JDK-8319922: libCreationTimeHelper.so fails to link in JDK 21
+ JDK-8319961: JvmtiEnvBase doesn't zero _ext_event_callbacks
+ JDK-8320001: javac crashes while adding type annotations to
the return type of a constructor
+ JDK-8320168: handle setsocktopt return values
+ JDK-8320208: Update Public Suffix List to b5bf572
+ JDK-8320300: Adjust hs_err output in malloc/mmap error cases
+ JDK-8320363: ppc64 TypeEntries::type_unknown logic looks
wrong, missed optimization opportunity
+ JDK-8320597: RSA signature verification fails on signed data
that does not encode params correctly
+ JDK-8320798: Console read line with zero out should zero out
underlying buffer
+ JDK-8320885: Bump update version for OpenJDK: jdk-17.0.11
+ JDK-8320921: GHA: Parallelize hotspot_compiler test jobs
+ JDK-8320937: support latest VS2022 MSC_VER in
abstract_vm_version.cpp
+ JDK-8321151: JDK-8294427 breaks Windows L&F on all older
Windows versions
+ JDK-8321215: Incorrect x86 instruction encoding for VSIB
addressing mode
+ JDK-8321408: Add Certainly roots R1 and E1
+ JDK-8321480: ISO 4217 Amendment 176 Update
+ JDK-8321599: Data loss in AVX3 Base64 decoding
+ JDK-8321815: Shenandoah: gc state should be synchronized to
java threads only once per safepoint
+ JDK-8321972: test runtime/Unsafe/InternalErrorTest.java
timeout on linux-riscv64 platform
+ JDK-8322098: os::Linux::print_system_memory_info enhance the
THP output with
/sys/kernel/mm/transparent_hugepage/hpage_pmd_size
+ JDK-8322321: Add man page doc for -XX:+VerifySharedSpaces
+ JDK-8322417: Console read line with zero out should zero out
when throwing exception
+ JDK-8322583: RISC-V: Enable fast class initialization checks
+ JDK-8322725: (tz) Update Timezone Data to 2023d
+ JDK-8322750: Test 'api/java_awt/interactive/
/SystemTrayTests.html' failed because A blue ball icon is
added outside of the system tray
+ JDK-8322772: Clean up code after JDK-8322417
+ JDK-8322783: prioritize /etc/os-release over
/etc/SuSE-release in hs_err/info output
+ JDK-8322968: [17u] Amend Atomics gtest with 1-byte tests
+ JDK-8323008: filter out harmful -std* flags added by autoconf
from CXX
+ JDK-8323021: Shenandoah: Encountered reference count always
attributed to first worker thread
+ JDK-8323086: Shenandoah: Heap could be corrupted by oom
during evacuation
+ JDK-8323243: JNI invocation of an abstract instance method
corrupts the stack
+ JDK-8323331: fix typo hpage_pdm_size
+ JDK-8323428: Shenandoah: Unused memory in regions compacted
during a full GC should be mangled
+ JDK-8323515: Create test alias 'all' for all test roots
+ JDK-8323637: Capture hotspot replay files in GHA
+ JDK-8323640: [TESTBUG]testMemoryFailCount in
jdk/internal/platform/docker/TestDockerMemoryMetrics.java
always fail because OOM killed
+ JDK-8323806: [17u] VS2017 build fails with warning after
8293117.
+ JDK-8324184: Windows VS2010 build failed with 'error C2275:
'int64_t''
+ JDK-8324280: RISC-V: Incorrect implementation in
VM_Version::parse_satp_mode
+ JDK-8324347: Enable 'maybe-uninitialized' warning for
FreeType 2.13.1
+ JDK-8324514: ClassLoaderData::print_on should print address
of class loader
+ JDK-8324647: Invalid test group of lib-test after JDK-8323515
+ JDK-8324659: GHA: Generic jtreg errors are not reported
+ JDK-8324937: GHA: Avoid multiple test suites per job
+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
/AKISerialNumber.java is failing
+ JDK-8325150: (tz) Update Timezone Data to 2024a
+ JDK-8325585: Remove no longer necessary calls to
set/unset-in-asgct flag in JDK 17
+ JDK-8326000: Remove obsolete comments for class
sun.security.ssl.SunJSSE
+ JDK-8327036: [macosx-aarch64] SIGBUS in
MarkActivationClosure::do_code_blob reached from
Unsafe_CopySwapMemory0
+ JDK-8327391: Add SipHash attribution file
+ JDK-8329836: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.11
- Removed the possibility to use the system timezone-java (bsc#1213470).
LowSUSE bug 1213470SUSE bug 1222979SUSE bug 1222983SUSE bug 1222986SUSE bug 1222987CVE-2024-21011 at SUSECVE-2024-21011 at NVDCVE-2024-21012 at SUSECVE-2024-21012 at NVDCVE-2024-21068 at SUSECVE-2024-21068 at NVDCVE-2024-21094 at SUSECVE-2024-21094 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Important)openSUSE Leap 15.5
This update fixes the following issues:
POS_Image-Graphical7 was updated to version 0.1.1710765237.46af599:
- Version 0.1.1710765237.46af599
* Moved image services to dracut-saltboot package
* Use salt bundle
- Version 0.1.1645440615.7f1328c
* Removed deprecated kiwi functions
POS_Image-JeOS7 was updated to version 0.1.1710765237.46af599:
- Version 0.1.1710765237.46af599
* Moved image services to dracut-saltboot package
* Use salt bundle
- Version 0.1.1645440615.7f1328c
* Removed deprecated kiwi functions
ansible received the following fixes:
- Security issues fixed:
* CVE-2023-5764: Address issues where internal templating can cause unsafe
variables to lose their unsafe designation (bsc#1216854)
+ Breaking changes:
assert - Nested templating may result in an inability for the conditional
to be evaluated. See the porting guide for more information.
* CVE-2024-0690: Address issue where ANSIBLE_NO_LOG was ignored (bsc#1219002)
* CVE-2020-14365: Ensure that packages are GPG validated (bsc#1175993)
* CVE-2020-10744: Fixed insecure temporary directory creation (bsc#1171823)
* CVE-2018-10874: Fixed inventory variables loading from current working directory when running ad-hoc command that
can lead to code execution (bsc#1099805)
- Bugs fixed:
* Don't Require python-coverage, it is needed only for testing (bsc#1177948)
dracut-saltboot was updated to version 0.1.1710765237.46af599:
- Version 0.1.1710765237.46af599
* Load only first available leaseinfo (bsc#1221092)
- Version 0.1.1681904360.84ef141
grafana was updated to version 9.5.18:
- Grafana now requires Go 1.20
- Security issues fixed:
* CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
- Other non-security related changes:
* Version 9.5.17:
+ [FEATURE] Alerting: Backport use Alertmanager API v2
* Version 9.5.16:
+ [BUGFIX] Annotations: Split cleanup into separate queries and
deletes to avoid deadlocks on MySQL
* Version 9.5.15:
+ [FEATURE] Alerting: Attempt to retry retryable errors
* Version 9.5.14:
+ [BUGFIX] Alerting: Fix state manager to not keep
datasource_uid and ref_id labels in state after Error
+ [BUGFIX] Transformations: Config overrides being lost when
config from query transform is applied
+ [BUGFIX] LDAP: Fix enable users on successfull login
* Version 9.5.13:
+ [BUGFIX] BrowseDashboards: Only remember the most recent
expanded folder
+ [BUGFIX] Licensing: Pass func to update env variables when
starting plugin
* Version 9.5.12:
+ [FEATURE] Azure: Add support for Workload Identity
authentication
* Version 9.5.9:
+ [FEATURE] SSE: Fix DSNode to not panic when response has empty
response
+ [FEATURE] Prometheus: Handle the response with different field
key order
+ [BUGFIX] LDAP: Fix user disabling
mgr-daemon was updated to version 4.3.9-0:
- Version 4.3.9-0
* Update translation strings
spacecmd was updated to version 4.3.27-0:
- Version 4.3.27-0
* Update translation strings
spacewalk-client-tools was updated to version 4.3.19-0:
- Version 4.3.19-0
* Update translation strings
spacewalk-koan was updated to version version 4.3.6-0:
- Version 4.3.6-0
* Change Docker image location for test
uyuni-common-libs was updated to version 4.3.10-0:
- Version 4.3.10-0
* Add support for package signature type V4 RSA/SHA384
* Add support for package signature type V4 RSA/SHA512 (bsc#1221465)
uyuni-proxy-systemd-services was updated to version 4.3.12-0:
- Version 4.3.12-0
* Update to SUSE Manager 4.3.12
ImportantSUSE bug 1008037SUSE bug 1008038SUSE bug 1010940SUSE bug 1019021SUSE bug 1038785SUSE bug 1059235SUSE bug 1099805SUSE bug 1166389SUSE bug 1171823SUSE bug 1174145SUSE bug 1174302SUSE bug 1175993SUSE bug 1177948SUSE bug 1216854SUSE bug 1219002SUSE bug 1219912SUSE bug 1221092SUSE bug 1221465SUSE bug 1222155CVE-2016-8614 at SUSECVE-2016-8614 at NVDCVE-2016-8628 at SUSECVE-2016-8628 at NVDCVE-2016-8647 at SUSECVE-2016-8647 at NVDCVE-2016-9587 at SUSECVE-2016-9587 at NVDCVE-2017-7550 at SUSECVE-2017-7550 at NVDCVE-2018-10874 at SUSECVE-2018-10874 at NVDCVE-2020-10744 at SUSECVE-2020-10744 at NVDCVE-2020-14330 at SUSECVE-2020-14330 at NVDCVE-2020-14332 at SUSECVE-2020-14332 at NVDCVE-2020-14365 at SUSECVE-2020-14365 at NVDCVE-2020-1753 at SUSECVE-2020-1753 at NVDCVE-2023-5764 at SUSECVE-2023-5764 at NVDCVE-2023-6152 at SUSECVE-2023-6152 at NVDCVE-2024-0690 at SUSECVE-2024-0690 at NVDCVE-2024-1313 at SUSECVE-2024-1313 at NVDcpe:/o:opensuse:leap:15.5Security update for grafana and mybatis (Moderate)openSUSE Leap 15.5
This update for grafana and mybatis fixes the following issues:
grafana was updated to version 9.5.18:
- Grafana now requires Go 1.20
- Security issues fixed:
* CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
- Other non-security related changes:
* Version 9.5.17:
+ [FEATURE] Alerting: Backport use Alertmanager API v2
* Version 9.5.16:
+ [BUGFIX] Annotations: Split cleanup into separate queries and
deletes to avoid deadlocks on MySQL
* Version 9.5.15:
+ [FEATURE] Alerting: Attempt to retry retryable errors
* Version 9.5.14:
+ [BUGFIX] Alerting: Fix state manager to not keep
datasource_uid and ref_id labels in state after Error
+ [BUGFIX] Transformations: Config overrides being lost when
config from query transform is applied
+ [BUGFIX] LDAP: Fix enable users on successfull login
* Version 9.5.13:
+ [BUGFIX] BrowseDashboards: Only remember the most recent
expanded folder
+ [BUGFIX] Licensing: Pass func to update env variables when
starting plugin
* Version 9.5.12:
+ [FEATURE] Azure: Add support for Workload Identity
authentication
* Version 9.5.9:
+ [FEATURE] SSE: Fix DSNode to not panic when response has empty
response
+ [FEATURE] Prometheus: Handle the response with different field
key order
+ [BUGFIX] LDAP: Fix user disabling
mybatis:
- `apache-commons-ognl` is now a non-optional dependency
- Fixed building with log4j v1 and v2 dependencies
ModerateSUSE bug 1219912SUSE bug 1222155CVE-2023-6152 at SUSECVE-2023-6152 at NVDCVE-2024-1313 at SUSECVE-2024-1313 at NVDcpe:/o:opensuse:leap:15.5Security update for flatpak (Important)openSUSE Leap 15.5
This update for flatpak fixes the following issues:
- CVE-2024-32462: Fixed arbitrary code execution outside sandbox via malicious app due to insufficient 'command' argument sanitization (bsc#1223110)
ImportantSUSE bug 1223110CVE-2024-32462 at SUSECVE-2024-32462 at NVDcpe:/o:opensuse:leap:15.5Security update for bouncycastle (Moderate)openSUSE Leap 15.5
This update for bouncycastle fixes the following issues:
Update to version 1.78.1, including fixes for:
- CVE-2024-30171: Fixed timing side-channel attacks against RSA decryption (both PKCS#1v1.5 and OAEP). (bsc#1223252)
ModerateSUSE bug 1223252CVE-2024-30171 at SUSECVE-2024-30171 at NVDcpe:/o:opensuse:leap:15.5Security update for python311 (Important)openSUSE Leap 15.5
This update for python311 fixes the following issues:
- CVE-2024-0450: Fixed 'quoted-overlap' issue inside the zipfile module (bsc#1221854).
- CVE-2023-6597: Fixed removing tempfile.TemporaryDirectory in some edge cases related to symlinks (bsc#1219666).
- CVE-2023-52425: Fixed denial of service (resource consumption) caused by processing large tokens (bsc#1219559).
Bug fixes:
- Eliminate ResourceWarning which broke the test suite in test_asyncio (bsc#1221260).
- Revert use of %autopatch (bsc#1189495).
- Use the system-wide crypto-policies (bsc#1211301).
ImportantSUSE bug 1189495SUSE bug 1211301SUSE bug 1219559SUSE bug 1219666SUSE bug 1221260SUSE bug 1221854CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDcpe:/o:opensuse:leap:15.5Security update for rpm (Moderate)openSUSE Leap 15.5
This update for rpm fixes the following issues:
Security fixes:
- CVE-2021-3521: Fixed missing subkey binding signature checking (bsc#1191175)
Other fixes:
- accept more signature subpackets marked as critical (bsc#1218686)
- backport limit support for the autopatch macro (bsc#1189495)
ModerateSUSE bug 1189495SUSE bug 1191175SUSE bug 1218686CVE-2021-3521 at SUSECVE-2021-3521 at NVDcpe:/o:opensuse:leap:15.5Security update for libcryptopp (Moderate)openSUSE Leap 15.5
This update for libcryptopp fixes the following issues:
- CVE-2023-50981: Fixed a potential denial of service issue via
crafted DER public key data (bsc#1218222).
ModerateSUSE bug 1218222CVE-2023-50981 at SUSECVE-2023-50981 at NVDcpe:/o:opensuse:leap:15.5Security update for python-pymongo (Important)openSUSE Leap 15.5
This update for python-pymongo fixes the following issues:
- CVE-2024-21506: Fixed out-of-bounds read in the BSON module (bsc#1222492)
ImportantSUSE bug 1222492CVE-2024-21506 at SUSECVE-2024-21506 at NVDcpe:/o:opensuse:leap:15.5Security update for sssd (Important)openSUSE Leap 15.5
This update for sssd fixes the following issues:
- CVE-2023-3758: Fixed race condition during authorization that lead to GPO policies functioning inconsistently (bsc#1223100)
ImportantSUSE bug 1223100CVE-2023-3758 at SUSECVE-2023-3758 at NVDcpe:/o:opensuse:leap:15.5Security update for perl-Spreadsheet-ParseExcel (Important)openSUSE Leap 15.5
This update for perl-Spreadsheet-ParseExcel fixes the following issues:
- CVE-2023-7101: Fixed a command injection issue when parsing an
untrusted spreadsheet (bsc#1218414).
ImportantSUSE bug 1218414CVE-2023-7101 at SUSECVE-2023-7101 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22 (Moderate)openSUSE Leap 15.5
This update for go1.22 fixes the following issues:
Update to go1.22.3:
- CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017)
- CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018)
- cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
- cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE
- runtime: deterministic fallback hashes across process boundary
- net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0
ModerateSUSE bug 1218424SUSE bug 1224017SUSE bug 1224018CVE-2024-24787 at SUSECVE-2024-24787 at NVDCVE-2024-24788 at SUSECVE-2024-24788 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Moderate)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
Update to go1.21.10:
- CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017)
- net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0
ModerateSUSE bug 1212475SUSE bug 1224017CVE-2024-24787 at SUSECVE-2024-24787 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Moderate)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2023-52722: Do not allow eexec seeds other than the Type 1 standard while using SAFER mode (bsc#1223852).
ModerateSUSE bug 1223852CVE-2023-52722 at SUSECVE-2023-52722 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Werkzeug (Important)openSUSE Leap 15.5
This update for python-Werkzeug fixes the following issues:
- CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979).
ImportantSUSE bug 1223979CVE-2024-34069 at SUSECVE-2024-34069 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg-4 (Important)openSUSE Leap 15.5
This update for ffmpeg-4 fixes the following issues:
- CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256).
ImportantSUSE bug 1223256CVE-2023-50010 at SUSECVE-2023-50010 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg (Important)openSUSE Leap 15.5
This update for ffmpeg fixes the following issues:
- CVE-2023-50010: Fixed an arbitrary code execution via the set_encoder_id() (bsc#1223256).
ImportantSUSE bug 1223256CVE-2023-50010 at SUSECVE-2023-50010 at NVDcpe:/o:opensuse:leap:15.5Security update for less (Important)openSUSE Leap 15.5
This update for less fixes the following issues:
- CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)
ImportantSUSE bug 1222849CVE-2024-32487 at SUSECVE-2024-32487 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237).
- CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559).
- CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2023-6546: Fixed a race condition in the GSM 0710 tty multiplexor via the GSMIOC_SETCONF ioctl that could lead to local privilege escalation (bsc#1218335).
- CVE-2023-6606: Fixed an out-of-bounds read vulnerability in smbCalcSize in fs/smb/client/netmisc.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217947).
- CVE-2023-6610: Fixed an out-of-bounds read vulnerability in smb2_dump_detail in fs/smb/client/smb2ops.c that could allow a local attacker to crash the system or leak internal kernel information (bsc#1217946).
- CVE-2023-6622: Fixed a null pointer dereference vulnerability in nft_dynset_init() that could allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service (bsc#1217938).
- CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258).
- CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253).
The following non-security bugs were fixed:
- Documentation: KVM: add separate directories for architecture-specific documentation (jsc#PED-7167).
- Documentation: KVM: update amd-memory-encryption.rst references (jsc#PED-7167).
- Documentation: KVM: update msr.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-diag.rst reference (jsc#PED-7167).
- Documentation: KVM: update s390-pv.rst reference (jsc#PED-7167).
- Documentation: drop more IDE boot options and ide-cd.rst (git-fixes).
- Documentation: qat: Use code block for qat sysfs example (git-fixes).
- Drop Documentation/ide/ (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- Fix crash on screen resize (bsc#1218229)
- Fix drm gem object underflow (bsc#1218092)
- Revert 'PCI/ASPM: Remove pcie_aspm_pm_state_change()' (git-fixes).
- Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (git-fixes).
- Revert 'md: unlock mddev before reap sync_thread in action_store' (git-fixes).
- Revert 'swiotlb: panic if nslabs is too small' (git-fixes).
- Revert 'xhci: Loosen RPM as default policy to cover for AMD xHC 1.1' (git-fixes).
- Update: drm/vmwgfx: Keep a gem reference to user bos in surfaces
- acpi: video: Add backlight=native DMI quirk for Lenovo Ideapad Z470 (git-fixes).
- acpi: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects (git-fixes).
- acpica: Add AML_NO_OPERAND_RESOLVE flag to Timer (git-fixes).
- afs: Fix afs_server_list to be cleaned up with RCU (git-fixes).
- afs: Fix dynamic root lookup DNS check (git-fixes).
- afs: Fix file locking on R/O volumes to operate in local mode (git-fixes).
- afs: Fix overwriting of result of DNS query (git-fixes).
- afs: Fix refcount underflow from error handling race (git-fixes).
- afs: Fix the dynamic root's d_delete to always delete unused dentries (git-fixes).
- afs: Fix use-after-free due to get/remove race in volume tree (git-fixes).
- afs: Make error on cell lookup failure consistent with OpenAFS (git-fixes).
- afs: Return ENOENT if no cell DNS record can be found (git-fixes).
- alsa: hda - Fix speaker and headset mic pin config for CHUWI CoreBook XPro (git-fixes).
- alsa: hda/hdmi: add force-connect quirk for NUC5CPYB (git-fixes).
- alsa: hda/hdmi: add force-connect quirks for ASUSTeK Z170 variants (git-fixes).
- alsa: hda/realtek: Add Framework laptop 16 to quirks (git-fixes).
- alsa: hda/realtek: Add quirk for ASUS ROG GV302XA (git-fixes).
- alsa: hda/realtek: Add supported ALC257 for ChromeOS (git-fixes).
- alsa: hda/realtek: Apply mute LED quirk for HP15-db (git-fixes).
- alsa: hda/realtek: Enable headset on Lenovo M90 Gen5 (git-fixes).
- alsa: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (git-fixes).
- alsa: hda/realtek: Headset Mic VREF to 100% (git-fixes).
- alsa: hda/realtek: add new Framework laptop to quirks (git-fixes).
- alsa: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP ZBook (git-fixes).
- alsa: hda/realtek: fix speakers on XPS 9530 (2023) (git-fixes).
- alsa: hda: intel-dsp-cfg: add LunarLake support (git-fixes).
- alsa: pcm: fix out-of-bounds in snd_pcm_state_names (git-fixes).
- alsa: seq: oss: Fix racy open/close of MIDI devices (git-fixes).
- alsa: usb-audio: Add Pioneer DJM-450 mixer controls (git-fixes).
- alsa: usb-audio: Increase delay in MOTU M quirk (git-fixes).
- apparmor: Free up __cleanup() name (jsc#PED-7167).
- arm64: dts: arm: add missing cache properties (git-fixes)
- arm64: dts: imx8mm: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mn: Add sound-dai-cells to micfil node (git-fixes)
- arm64: dts: imx8mq-librem5: Remove dis_u3_susphy_quirk from (git-fixes)
- arm64: kdump: Skip kmemleak scan reserved memory for kdump (jsc#PED-7167).
- arm64: mm: Fix 'rodata=on' when CONFIG_RODATA_FULL_DEFAULT_ENABLED=y (git-fixes)
- arm: OMAP2+: Fix null pointer dereference and memory leak in omap_soc_device_init (git-fixes).
- arm: PL011: Fix DMA support (git-fixes).
- asoc: fsl_rpmsg: Fix error handler with pm_runtime_enable (git-fixes).
- asoc: hdmi-codec: fix missing report for jack initial status (git-fixes).
- asoc: meson: g12a-toacodec: Fix event generation (git-fixes).
- asoc: meson: g12a-toacodec: Validate written enum values (git-fixes).
- asoc: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (git-fixes).
- asoc: meson: g12a-tohdmitx: Validate written enum values (git-fixes).
- asoc: wm_adsp: fix memleak in wm_adsp_buffer_populate (git-fixes).
- bitmap: unify find_bit operations (jsc#PED-7167).
- block: fix revalidate performance regression (bsc#1216057).
- bluetooth: Fix deadlock in vhci_send_frame (git-fixes).
- bluetooth: L2CAP: Send reject on command corrupted request (git-fixes).
- bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE (git-fixes).
- bluetooth: btusb: Add new PID/VID 0489:e0f2 for MT7921 (bsc#1218461).
- bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent (git-fixes).
- bluetooth: hci_event: shut up a false-positive warning (git-fixes).
- bluetooth: hci_qca: Fix the teardown problem for real (git-fixes).
- bnxt: do not handle XDP in netpoll (jsc#PED-1495).
- bnxt_en: Clear resource reservation during resume (jsc#PED-1495).
- bnxt_en: Fix HWTSTAMP_FILTER_ALL packet timestamp logic (jsc#PED-1495).
- bnxt_en: Fix max_mtu setting for multi-buf XDP (jsc#PED-1495).
- bnxt_en: Fix page pool logic for page size >= 64K (jsc#PED-1495).
- bnxt_en: Fix wrong return value check in bnxt_close_nic() (jsc#PED-1495).
- bnxt_en: Flush XDP for bnxt_poll_nitroa0()'s NAPI (jsc#PED-1495).
- bpf: Adjust insufficient default bpf_jit_limit (bsc#1218234 git-fixes).
- bus: ti-sysc: Flush posted write only after srst_udelay (git-fixes).
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (bsc#1217980).
- ceph: fix type promotion bug on 32bit systems (bsc#1217982).
- cleanup: Make no_free_ptr() __must_check (jsc#PED-7167).
- clocksource: Add a Kconfig option for WATCHDOG_MAX_SKEW (bsc#1215885 bsc#1217217).
- clocksource: Enable TSC watchdog checking of HPET and PMTMR only when requested (bsc#1215885 bsc#1217217).
- clocksource: Handle negative skews in 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve 'skew is too large' messages (bsc#1215885 bsc#1217217).
- clocksource: Improve read-back-delay message (bsc#1215885 bsc#1217217).
- clocksource: Loosen clocksource watchdog constraints (bsc#1215885 bsc#1217217).
- clocksource: Print clocksource name when clocksource is tested unstable (bsc#1215885 bsc#1217217).
- clocksource: Verify HPET and PMTMR when TSC unverified (bsc#1215885 bsc#1217217).
- configfs-tsm: Introduce a shared ABI for attestation reports (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT rc error logging on init (jsc#PED-7167).
- crypto: ccp - Add SEV_INIT_EX support (jsc#PED-7167).
- crypto: ccp - Add a header for multiple drivers to use `__psp_pa` (jsc#PED-7167).
- crypto: ccp - Add a quirk to firmware update (jsc#PED-7167).
- crypto: ccp - Add psp_init_on_probe module parameter (jsc#PED-7167).
- crypto: ccp - Drop TEE support for IRQ handler (jsc#PED-7167).
- crypto: ccp - Ensure psp_ret is always init'd in __sev_platform_init_locked() (jsc#PED-7167).
- crypto: ccp - Fail the PSP initialization when writing psp data file failed (jsc#PED-7167).
- crypto: ccp - Fix the INIT_EX data file open failure (jsc#PED-7167).
- crypto: ccp - Fix whitespace in sev_cmd_buffer_len() (jsc#PED-7167).
- crypto: ccp - Flush the SEV-ES TMR memory before giving it to firmware (jsc#PED-7167).
- crypto: ccp - Initialize PSP when reading psp data file failed (jsc#PED-7167).
- crypto: ccp - Log when resetting PSP SEV state (jsc#PED-7167).
- crypto: ccp - Move SEV_INIT retry for corrupted data (jsc#PED-7167).
- crypto: ccp - Move some PSP mailbox bit definitions into common header (jsc#PED-7167).
- crypto: ccp - Name -1 return value as SEV_RET_NO_FW_CALL (jsc#PED-7167).
- crypto: ccp - Refactor out sev_fw_alloc() (jsc#PED-7167).
- crypto: ccp - remove unneeded semicolon (jsc#PED-7167).
- crypto: ccp: Get rid of __sev_platform_init_locked()'s local function pointer (jsc#PED-7167).
- dm verity: initialize fec io before freeing it (git-fixes).
- dm-verity: do not use blocking calls from tasklets (git-fixes).
- dm: add cond_resched() to dm_wq_requeue_work() (git-fixes).
- dm: do not attempt to queue IO under RCU protection (git-fixes).
- dm: fix __send_duplicate_bios() to always allow for splitting IO (bsc#1215952).
- dm: fix improper splitting for abnormal bios (bsc#1215952).
- dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter (git-fixes).
- dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776).
- dmaengine: ioat: Free up __cleanup() name (jsc#PED-7167).
- doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021)
- doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021)
- doc/README.SUSE: Simplify the list of references (jsc#PED-5021)
- drm/amd/amdgpu: Fix warnings in amdgpu/amdgpu_display.c (git-fixes).
- drm/amdgpu/sdma5.2: add begin/end_use ring callbacks (bsc#1212139).
- drm/amdgpu: Add EEPROM I2C address support for ip discovery (git-fixes).
- drm/amdgpu: Add I2C EEPROM support on smu v13_0_6 (git-fixes).
- drm/amdgpu: Add support for RAS table at 0x40000 (git-fixes).
- drm/amdgpu: Decouple RAS EEPROM addresses from chips (git-fixes).
- drm/amdgpu: Remove redundant I2C EEPROM address (git-fixes).
- drm/amdgpu: Remove second moot switch to set EEPROM I2C address (git-fixes).
- drm/amdgpu: Return from switch early for EEPROM I2C address (git-fixes).
- drm/amdgpu: Update EEPROM I2C address for smu v13_0_0 (git-fixes).
- drm/amdgpu: Update ras eeprom support for smu v13_0_0 and v13_0_10 (git-fixes).
- drm/amdgpu: correct chunk_ptr to a pointer to chunk (git-fixes).
- drm/amdgpu: correct the amdgpu runtime dereference usage count (git-fixes).
- drm/amdgpu: fix tear down order in amdgpu_vm_pt_free (git-fixes).
- drm/amdgpu: simplify amdgpu_ras_eeprom.c (git-fixes).
- drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/bridge: ps8640: Fix size mismatch warning w/ len (git-fixes).
- drm/bridge: tc358768: select CONFIG_VIDEOMODE_HELPERS (git-fixes).
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (git-fixes).
- drm/i915/display: Drop check for doublescan mode in modevalid (git-fixes).
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (git-fixes).
- drm/i915/dpt: Only do the POT stride remap when using DPT (git-fixes).
- drm/i915/lvds: Use REG_BIT() & co (git-fixes).
- drm/i915/mtl: limit second scaler vertical scaling in ver >= 14 (git-fixes).
- drm/i915/sdvo: stop caching has_hdmi_monitor in struct intel_sdvo (git-fixes).
- drm/i915: Fix intel_atomic_setup_scalers() plane_state handling (git-fixes).
- drm/i915: Fix remapped stride with CCS on ADL+ (git-fixes).
- drm/i915: Reject async flips with bigjoiner (git-fixes).
- drm/i915: Relocate intel_atomic_setup_scalers() (git-fixes).
- drm/i915: fix MAX_ORDER usage in i915_gem_object_get_pages_internal() (jsc#PED-7167).
- drm/mediatek: Add spinlock for setting vblank event in atomic_begin (git-fixes).
- drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE (git-fixes).
- efi/libstub: Implement support for unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (jsc#PED-7167).
- efi/unaccepted: Fix off-by-one when checking for overlapping ranges (jsc#PED-7167).
- efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (jsc#PED-7167).
- efi/unaccepted: Make sure unaccepted table is mapped (jsc#PED-7167).
- efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (jsc#PED-7167).
- efi/x86: Get full memory map in allocate_e820() (jsc#PED-7167).
- efi: Add unaccepted memory support (jsc#PED-7167).
- efi: libstub: avoid efi_get_memory_map() for allocating the virt map (jsc#PED-7167).
- efi: libstub: install boot-time memory map as config table (jsc#PED-7167).
- efi: libstub: remove DT dependency from generic stub (jsc#PED-7167).
- efi: libstub: remove pointless goto kludge (jsc#PED-7167).
- efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (jsc#PED-7167).
- efi: libstub: unify initrd loading between architectures (jsc#PED-7167).
- floppy: fix MAX_ORDER usage (jsc#PED-7167).
- fprobe: Fix to ensure the number of active retprobes is not zero (git-fixes).
- fs/jfs: Add check for negative db_l2nbperpage (git-fixes).
- fs/jfs: Add validity check for db_maxag and db_agpref (git-fixes).
- fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() (git-fixes).
- fs/remap: constrain dedupe of EOF blocks (git-fixes).
- fs: avoid empty option when generating legacy mount string (git-fixes).
- fs: fix an infinite loop in iomap_fiemap (git-fixes).
- fs: ocfs2: namei: check return value of ocfs2_add_entry() (git-fixes).
- genwqe: fix MAX_ORDER usage (jsc#PED-7167).
- gfs2: Add wrapper for iomap_file_buffered_write (git-fixes).
- gfs2: Check sb_bsize_shift after reading superblock (git-fixes).
- gfs2: Clean up function may_grant (git-fixes).
- gfs2: Fix filesystem block deallocation for short writes (git-fixes).
- gfs2: Fix gfs2_release for non-writers regression (git-fixes).
- gfs2: Fix inode height consistency check (git-fixes).
- gfs2: Fix length of holes reported at end-of-file (git-fixes).
- gfs2: Fix possible data races in gfs2_show_options() (git-fixes).
- gfs2: Improve gfs2_make_fs_rw error handling (git-fixes).
- gfs2: Make sure FITRIM minlen is rounded up to fs block size (git-fixes).
- gfs2: Silence 'suspicious RCU usage in gfs2_permission' warning (git-fixes).
- gfs2: Switch from strlcpy to strscpy (git-fixes).
- gfs2: fix an oops in gfs2_permission (git-fixes).
- gfs2: gfs2_setattr_size error path fix (git-fixes).
- gfs2: ignore negated quota changes (git-fixes).
- gfs2: jdata writepage fix (git-fixes).
- gfs2: use i_lock spin_lock for inode qadata (git-fixes).
- gpiolib: sysfs: Fix error handling on failed export (git-fixes).
- gve: Fixes for napi_poll when budget is 0 (git-fixes).
- gve: Use size_add() in call to struct_size() (git-fixes).
- hid: add ALWAYS_POLL quirk for Apple kb (git-fixes).
- hid: glorious: fix Glorious Model I HID report (git-fixes).
- hid: hid-asus: add const to read-only outgoing usb buffer (git-fixes).
- hid: hid-asus: reset the backlight brightness level on resume (git-fixes).
- hid: lenovo: Restrict detection of patched firmware only to USB cptkbd (git-fixes).
- hid: multitouch: Add quirk for HONOR GLO-GXXX touchpad (git-fixes).
- hwmon: (acpi_power_meter) Fix 4.29 MW bug (git-fixes).
- hwmon: (nzxt-kraken2) Fix error handling path in kraken2_probe() (git-fixes).
- i2c: aspeed: Handle the coalesced stop conditions with the start conditions (git-fixes).
- i2c: core: Fix atomic xfer check for non-preempt config (git-fixes).
- i2c: designware: Fix corrupted memory seen in the ISR (git-fixes).
- i40e: Fix I40E_FLAG_VF_VLAN_PRUNING value (jsc#PED-372).
- i40e: Fix VF VLAN offloading when port VLAN is configured (jsc#PED-372).
- i40e: Fix unexpected MFS warning message (jsc#PED-372).
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (jsc#PED-372).
- i40e: fix misleading debug logs (jsc#PED-372).
- i40e: fix potential NULL pointer dereferencing of pf->vf i40e_sync_vsi_filters() (jsc#PED-372).
- i40e: fix potential memory leaks in i40e_remove() (jsc#PED-372).
- i40e: prevent crash on probe if hw registers have invalid values (jsc#PED-372).
- ib/mlx5: Fix init stage error handling to avoid double free of same QP and UAF (git-fixes)
- ib/mlx5: Fix rdma counter binding for RAW QP (git-fixes)
- igb: Avoid starting unnecessary workqueues (jsc#PED-370).
- igb: Change IGB_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igb: Fix potential memory leak in igb_add_ethtool_nfc_entry (jsc#PED-370).
- igb: clean up in all error paths when enabling SR-IOV (jsc#PED-370).
- igb: disable virtualization features on 82580 (jsc#PED-370).
- igbvf: Change IGBVF_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-370).
- igc: Change IGC_MIN to allow set rx/tx value between 64 and 80 (jsc#PED-375).
- igc: Expose tx-usecs coalesce setting to user (jsc#PED-375).
- igc: Fix ambiguity in the ethtool advertising (jsc#PED-375).
- igc: Fix infinite initialization loop with early XDP redirect (jsc#PED-375).
- igc: Fix the typo in the PTM Control macro (jsc#PED-375).
- iio: adc: ti_am335x_adc: Fix return value check of tiadc_request_dma() (git-fixes).
- iio: common: ms_sensors: ms_sensors_i2c: fix humidity conversion time table (git-fixes).
- iio: imu: inv_mpu6050: fix an error code problem in inv_mpu6050_read_raw (git-fixes).
- iio: triggered-buffer: prevent possible freeing of wrong buffer (git-fixes).
- input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (git-fixes).
- input: ipaq-micro-keys - add error handling for devm_kmemdup (git-fixes).
- input: soc_button_array - add mapping for airplane mode button (git-fixes).
- input: xpad - add HyperX Clutch Gladiate Support (git-fixes).
- interconnect: Treat xlate() returning NULL node as an error (git-fixes).
- iomap: Fix iomap_dio_rw return value for user copies (git-fixes).
- iommu: fix MAX_ORDER usage in __iommu_dma_alloc_pages() (jsc#PED-7167).
- iov_iter, x86: Be consistent about the __user tag on copy_mc_to_user() (git-fixes).
- jfs: fix array-index-out-of-bounds in dbFindLeaf (git-fixes).
- jfs: fix array-index-out-of-bounds in diAlloc (git-fixes).
- jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount (git-fixes).
- jfs: validate max amount of blocks before allocation (git-fixes).
- kABI: Preserve the type of rethook::handler (git-fixes).
- kABI: restore void return to typec_altmode_attention (git-fixes).
- kabi/severities: ignore kABI for asus-wmi drivers Tolerate the kABI changes, as used only locally for asus-wmi stuff
- kabi/severities: make snp_issue_guest_request PASS (jsc#PED-7167)
- kabi: fix of_reserved_mem_* due to struct vm_struct became defined (jsc#PED-7167).
- kabi: fix sev-dev due to fs_struct became defined (jsc#PED-7167).
- kabi: fix struct efi after adding unaccepted memory table (jsc#PED-7167).
- kabi: fix struct zone kabi after adding unaccepted_pages and NR_UNACCEPTED (jsc#PED-7167).
- kbuild: Drop -Wdeclaration-after-statement (jsc#PED-7167).
- kconfig: fix memory leak from range properties (git-fixes).
- kprobes: consistent rcu api usage for kretprobe holder (git-fixes).
- kvm: arm64: Prevent kmemleak from accessing pKVM memory (jsc#PED-7167).
- kvm: s390/mm: Properly reset no-dat (git-fixes bsc#1218056).
- kvm: s390: vsie: fix wrong VIR 37 when MSO is used (git-fixes bsc#1217933).
- lib/vsprintf: Fix %pfwf when current node refcount == 0 (git-fixes).
- libceph: use kernel_connect() (bsc#1217981).
- locking: Introduce __cleanup() based infrastructure (jsc#PED-7167).
- locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes).
- md/bitmap: do not set max_write_behind if there is no write mostly device (git-fixes).
- md/md-bitmap: hold 'reconfig_mutex' in backlog_store() (git-fixes).
- md/md-bitmap: remove unnecessary local variable in backlog_store() (git-fixes).
- md/raid0: add discard support for the 'original' layout (git-fixes).
- md/raid10: do not call bio_start_io_acct twice for bio which experienced read error (git-fixes).
- md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() (git-fixes).
- md/raid10: factor out dereference_rdev_and_rrdev() (git-fixes).
- md/raid10: fix io loss while replacement replace rdev (git-fixes).
- md/raid10: fix leak of 'r10bio->remaining' for recovery (git-fixes).
- md/raid10: fix memleak for 'conf->bio_split' (git-fixes).
- md/raid10: fix memleak of md thread (git-fixes).
- md/raid10: fix null-ptr-deref in raid10_sync_request (git-fixes).
- md/raid10: fix null-ptr-deref of mreplace in raid10_sync_request (git-fixes).
- md/raid10: fix overflow of md/safe_mode_delay (git-fixes).
- md/raid10: fix task hung in raid10d (git-fixes).
- md/raid10: fix the condition to call bio_end_io_acct() (git-fixes).
- md/raid10: fix wrong setting of max_corr_read_errors (git-fixes).
- md/raid10: prevent soft lockup while flush writes (git-fixes).
- md/raid10: use dereference_rdev_and_rrdev() to get devices (git-fixes).
- md/raid1: fix error: ISO C90 forbids mixed declarations (git-fixes).
- md/raid1: free the r1bio before waiting for blocked rdev (git-fixes).
- md/raid1: hold the barrier until handle_read_error() finishes (git-fixes).
- md/raid5-cache: fix a deadlock in r5l_exit_log() (git-fixes).
- md/raid5-cache: fix null-ptr-deref for r5l_flush_stripe_to_raid() (git-fixes).
- md/raid5: fix miscalculation of 'end_sector' in raid5_read_one_chunk() (git-fixes).
- md: Put the right device in md_seq_next (bsc#1217822).
- md: Set MD_BROKEN for RAID1 and RAID10 (git-fixes).
- md: avoid signed overflow in slot_store() (git-fixes).
- md: do not update recovery_cp when curr_resync is ACTIVE (git-fixes).
- md: drop queue limitation for RAID1 and RAID10 (git-fixes).
- md: raid0: account for split bio in iostat accounting (git-fixes).
- md: raid10 add nowait support (git-fixes).
- md: raid1: fix potential OOB in raid1_remove_disk() (git-fixes).
- md: restore 'noio_flag' for the last mddev_resume() (git-fixes).
- md: select BLOCK_LEGACY_AUTOLOAD (git-fixes).
- memblock: exclude MEMBLOCK_NOMAP regions from kmemleak (jsc#PED-7167).
- memblock: make memblock_find_in_range method private (jsc#PED-7167).
- misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write (git-fixes).
- misc: mei: client.c: return negative error code in mei_cl_write (git-fixes).
- mkspec: Add multibuild support (JSC-SLE#5501, boo#1211226, bsc#1218184) When MULTIBUILD option in config.sh is enabled generate a _multibuild file listing all spec files.
- mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (jsc#PED-7167).
- mm/pgtable: Fix multiple -Wstringop-overflow warnings (jsc#PED-7167).
- mm/slab: Add __free() support for kvfree (jsc#PED-7167).
- mm/slub: fix MAX_ORDER usage in calculate_order() (jsc#PED-7167).
- mm: Add PAGE_ALIGN_DOWN macro (jsc#PED-7167).
- mm: Add support for unaccepted memory (jsc#PED-7167).
- mm: add pageblock_align() macro (jsc#PED-7167).
- mm: add pageblock_aligned() macro (jsc#PED-7167).
- mm: avoid passing 0 to __ffs() (jsc#PED-7167).
- mm: kmem: drop __GFP_NOFAIL when allocating objcg vectors (bsc#1218515).
- mm: move kvmalloc-related functions to slab.h (jsc#PED-7167).
- mm: new primitive kvmemdup() (jsc#PED-7167).
- mm: reuse pageblock_start/end_pfn() macro (jsc#PED-7167).
- mmc: meson-mx-sdhc: Fix initialization frozen issue (git-fixes).
- mmc: rpmb: fixes pause retune on all RPMB partitions (git-fixes).
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (git-fixes).
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (git-fixes).
- net/rose: Fix Use-After-Free in rose_ioctl (git-fixes).
- net/smc: Fix pos miscalculation in statistics (bsc#1218139).
- net/tg3: fix race condition in tg3_reset_task() (bsc#1217801).
- net: 9p: avoid freeing uninit memory in p9pdu_vreadf (git-fixes).
- net: bnxt: fix a potential use-after-free in bnxt_init_tc (jsc#PED-1495).
- net: ena: Destroy correct number of xdp queues upon failure (git-fixes).
- net: ena: Fix XDP redirection error (git-fixes).
- net: ena: Fix xdp drops handling due to multibuf packets (git-fixes).
- net: ena: Flush XDP packets on error (git-fixes).
- net: mana: select PAGE_POOL (git-fixes).
- net: rfkill: gpio: set GPIO direction (git-fixes).
- net: usb: ax88179_178a: avoid failed operations when device is disconnected (git-fixes).
- net: usb: ax88179_178a: clean up pm calls (git-fixes).
- net: usb: ax88179_178a: wol optimizations (git-fixes).
- net: usb: qmi_wwan: claim interface 4 for ZTE MF290 (git-fixes).
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (git-fixes).
- nfs: Fix O_DIRECT locking issues (bsc#1211162).
- nfs: Fix a few more clear_bit() instances that need release semantics (bsc#1211162).
- nfs: Fix a potential data corruption (bsc#1211162).
- nfs: Fix a use after free in nfs_direct_join_group() (bsc#1211162).
- nfs: Fix error handling for O_DIRECT write scheduling (bsc#1211162).
- nfs: More O_DIRECT accounting fixes for error paths (bsc#1211162).
- nfs: More fixes for nfs_direct_write_reschedule_io() (bsc#1211162).
- nfs: Use the correct commit info in nfs_join_page_group() (bsc#1211162).
- nfs: only issue commit in DIO codepath if we have uncommitted data (bsc#1211162).
- nilfs2: fix missing error check for sb_set_blocksize call (git-fixes).
- nilfs2: prevent WARNING in nilfs_sufile_set_segment_usage() (git-fixes).
- nlm: Defend against file_lock changes after vfs_test_lock() (bsc#1217692).
- null_blk: fix poll request timeout handling (git-fixes).
- nvme-core: check for too small lba shift (bsc#1214117).
- nvme-pci: Add sleep quirk for Kingston drives (git-fixes).
- nvme-pci: always return an ERR_PTR from nvme_pci_alloc_dev (git-fixes).
- nvme-pci: do not set the NUMA node of device if it has none (git-fixes).
- nvme-pci: factor out a nvme_pci_alloc_dev helper (git-fixes).
- nvme-rdma: do not try to stop unallocated queues (git-fixes).
- nvme: sanitize metadata bounce buffer for reads (git-fixes).
- nvmet-auth: complete a request only after freeing the dhchap pointers (git-fixes).
- of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem (jsc#PED-7167).
- orangefs: Fix kmemleak in orangefs_prepare_debugfs_help_string() (git-fixes).
- orangefs: Fix kmemleak in orangefs_{kernel,client}_debug_init() (git-fixes).
- orangefs: Fix sysfs not cleanup when dev init failed (git-fixes).
- orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc() (git-fixes).
- padata: Fix refcnt handling in padata_free_shell() (git-fixes).
- parport: Add support for Brainboxes IX/UC/PX parallel cards (git-fixes).
- pci: loongson: Limit MRRS to 256 (git-fixes).
- perf/core: fix MAX_ORDER usage in rb_alloc_aux_page() (jsc#PED-7167).
- pinctrl: at91-pio4: use dedicated lock class for IRQ (git-fixes).
- platform/surface: aggregator: fix recv_buf() return value (git-fixes).
- platform/x86: asus-wmi: Add support for ROG X13 tablet mode (git-fixes).
- platform/x86: asus-wmi: Adjust tablet/lidflip handling to use enum (git-fixes).
- platform/x86: asus-wmi: Fix kbd_dock_devid tablet-switch reporting (git-fixes).
- platform/x86: asus-wmi: Move i8042 filter install to shared asus-wmi code (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch handling (git-fixes).
- platform/x86: asus-wmi: Simplify tablet-mode-switch probing (git-fixes).
- platform/x86: wmi: Allow duplicate GUIDs for drivers that use struct wmi_driver (git-fixes).
- platform/x86: wmi: Skip blocks with zero instances (git-fixes).
- powerpc/pseries/vas: Migration suspend waits for no in-progress open windows (bsc#1218397 ltc#204523).
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (jsc#PED-1526).
- qed: Fix a potential use-after-free in qed_cxt_tables_alloc (jsc#PED-1526).
- qed: fix LL2 RX buffer allocation (jsc#PED-1526).
- qede: fix firmware halt over suspend and resume (jsc#PED-1526).
- qla2xxx: add debug log for deprecated hw detected (bsc#1216032).
- r8152: Add RTL8152_INACCESSIBLE checks to more loops (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_aldps_en() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8153_pre_firmware_1() (git-fixes).
- r8152: Add RTL8152_INACCESSIBLE to r8156b_wait_loading_flash() (git-fixes).
- r8152: Rename RTL8152_UNPLUG to RTL8152_INACCESSIBLE (git-fixes).
- r8169: Fix PCI error on system resume (git-fixes).
- rdma/bnxt_re: Correct module description string (jsc#PED-1495).
- rdma/core: Use size_{add,sub,mul}() in calls to struct_size() (git-fixes)
- rdma/hfi1: Use FIELD_GET() to extract Link Width (git-fixes)
- rdma/hfi1: Workaround truncation compilation error (git-fixes)
- rdma/hns: Add check for SL (git-fixes)
- rdma/hns: Fix printing level of asynchronous events (git-fixes)
- rdma/hns: Fix signed-unsigned mixed comparisons (git-fixes)
- rdma/hns: Fix uninitialized ucmd in hns_roce_create_qp_common() (git-fixes)
- rdma/hns: The UD mode can only be configured with DCQCN (git-fixes)
- regmap: fix bogus error on regcache_sync success (git-fixes).
- reiserfs: Check the return value from __getblk() (git-fixes).
- reiserfs: Replace 1-element array with C99 style flex-array (git-fixes).
- remove unnecessary WARN_ON_ONCE() (bsc#1214823 bsc#1218569).
- reset: Fix crash when freeing non-existent optional resets (git-fixes).
- restore renamed device IDs for USB HID devices (git-fixes).
- rethook: Fix to use WRITE_ONCE() for rethook:: Handler (git-fixes).
- rethook: Use __rcu pointer for rethook::handler (git-fixes).
- ring-buffer: Do not try to put back write_stamp (git-fixes).
- ring-buffer: Do not update before stamp when switching sub-buffers (git-fixes).
- ring-buffer: Fix a race in rb_time_cmpxchg() for 32 bit archs (git-fixes).
- ring-buffer: Fix memory leak of free page (git-fixes).
- ring-buffer: Fix slowpath of interrupted event (git-fixes).
- ring-buffer: Fix wake ups when buffer_percent is set to 100 (git-fixes).
- ring-buffer: Fix writing to the buffer with max_data_size (git-fixes).
- ring-buffer: Force absolute timestamp on discard of event (git-fixes).
- ring-buffer: Have saved event hold the entire event (git-fixes).
- ring-buffer: Remove useless update to write_stamp in rb_try_to_discard() (git-fixes).
- s390/vx: fix save/restore of fpu kernel context (git-fixes bsc#1218357).
- scsi: lpfc: use unsigned type for num_sge (bsc#1214747).
- serial: 8250: 8250_omap: Clear UART_HAS_RHR_IT_DIS bit (git-fixes).
- serial: 8250: 8250_omap: Do not start RX DMA on THRI interrupt (git-fixes).
- serial: sc16is7xx: address RX timeout interrupt errata (git-fixes).
- soundwire: stream: fix NULL pointer dereference for multi_link (git-fixes).
- spi: atmel: Fix clock issue when using devices with different polarities (git-fixes).
- statfs: enforce statfs[64] structure initialization (git-fixes).
- supported.conf: add drivers/virt/coco/tsm (jsc#PED-7167)
- swiotlb: always set the number of areas before allocating the pool (git-fixes).
- swiotlb: do not panic! (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix debugfs reporting of reserved memory pools (git-fixes).
- swiotlb: fix slot alignment checks (bsc#1216559).
- swiotlb: fix the deadlock in swiotlb_do_find_slots (git-fixes).
- swiotlb: mark swiotlb_memblock_alloc() as __init (git-fixes).
- swiotlb: reduce the number of areas to match actual memory pool size (git-fixes).
- swiotlb: reduce the swiotlb buffer size on allocation failure (git-fixes).
- swiotlb: use the calculated number of areas (git-fixes).
- tracing / synthetic: Disable events after testing in synth_event_gen_test_init() (git-fixes).
- tracing/kprobes: Fix the description of variable length arguments (git-fixes).
- tracing/kprobes: Fix the order of argument descriptions (git-fixes).
- tracing/perf: Add interrupt_context_level() helper (git-fixes).
- tracing/synthetic: fix kernel-doc warnings (git-fixes).
- tracing: Always update snapshot buffer size (git-fixes).
- tracing: Disable preemption when using the filter buffer (bsc#1217036).
- tracing: Disable snapshot buffer when stopping instance tracers (git-fixes).
- tracing: Fix a possible race when disabling buffered events (bsc#1217036).
- tracing: Fix a warning when allocating buffered events fails (bsc#1217036).
- tracing: Fix blocked reader of snapshot buffer (git-fixes).
- tracing: Fix incomplete locking when disabling buffered events (bsc#1217036).
- tracing: Fix warning in trace_buffered_event_disable() (git-fixes, bsc#1217036).
- tracing: Have the user copy of synthetic event address use correct context (git-fixes).
- tracing: Reuse logic from perf's get_recursion_context() (git-fixes).
- tracing: Set actual size after ring buffer resize (git-fixes).
- tracing: Stop current tracer when resizing buffer (git-fixes).
- tracing: Update snapshot buffer on resize if it is allocated (git-fixes).
- tracing: Use __this_cpu_read() in trace_event_buffer_lock_reserver() (bsc#1217036).
- tracing: relax trace_event_eval_update() execution with cond_resched() (git-fixes).
- uapi: propagate __struct_group() attributes to the container union (jsc#SLE-18978).
- ubifs: Fix memory leak of bud->log_hash (git-fixes).
- ubifs: fix possible dereference after free (git-fixes).
- usb-storage: Add quirk for incorrect WP on Kingston DT Ultimate 3.0 G3 (git-fixes).
- usb: aqc111: check packet for fixup for true limit (git-fixes).
- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (git-fixes).
- usb: host: xhci-plat: fix possible kernel oops while resuming (git-fixes).
- usb: hub: Guard against accesses to uninitialized BOS descriptors (git-fixes).
- usb: serial: ftdi_sio: update Actisense PIDs constant names (git-fixes).
- usb: serial: option: add Foxconn T99W265 with new baseline (git-fixes).
- usb: serial: option: add Quectel EG912Y module support (git-fixes).
- usb: serial: option: add Quectel RM500Q R13 firmware support (git-fixes).
- usb: typec: bus: verify partner exists in typec_altmode_attention (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: typec: ucsi: acpi: add quirk for ASUS Zenbook UM325 (git-fixes).
- virt/coco/sev-guest: Double-buffer messages (jsc#PED-7167).
- virt: coco: Add a coco/Makefile and coco/Kconfig (jsc#PED-7167).
- virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT (jsc#PED-7167).
- virt: sevguest: Fix passing a stack buffer as a scatterlist target (jsc#PED-7167).
- virt: sevguest: Prep for kernel internal get_ext_report() (jsc#PED-7167).
- virt: tdx-guest: Add Quote generation support using TSM_REPORTS (jsc#PED-7167).
- vsprintf/kallsyms: Prevent invalid data when printing symbol (bsc#1217602).
- wifi: cfg80211: Add my certificate (git-fixes).
- wifi: cfg80211: fix certs build to not depend on file order (git-fixes).
- wifi: iwlwifi: pcie: add another missing bh-disable for rxq->lock (git-fixes).
- wifi: iwlwifi: pcie: do not synchronize IRQs from IRQ (git-fixes).
- wifi: mac80211: mesh: check element parsing succeeded (git-fixes).
- wifi: mac80211: mesh_plink: fix matches_local logic (git-fixes).
- x86/CPU/AMD: Check vendor in the AMD microcode callback (git-fixes).
- x86/alternatives: Disable KASAN in apply_alternatives() (git-fixes).
- x86/alternatives: Disable interrupts and sync when optimizing NOPs in place (git-fixes).
- x86/alternatives: Sync core before enabling interrupts (git-fixes).
- x86/boot/compressed: Handle unaccepted memory (jsc#PED-7167).
- x86/boot/compressed: Reserve more memory for page tables (git-fixes).
- x86/boot: Add an efi.h header for the decompressor (jsc#PED-7167).
- x86/boot: Centralize __pa()/__va() definitions (jsc#PED-7167).
- x86/boot: Fix incorrect startup_gdt_descr.size (git-fixes).
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (git-fixes).
- x86/cpu: Do not write CSTAR MSR on Intel CPUs (jsc#PED-7167).
- x86/cpu: Fix amd_check_microcode() declaration (git-fixes).
- x86/efi: Safely enable unaccepted memory in UEFI (jsc#PED-7167).
- x86/entry: Convert INT 0x80 emulation to IDTENTRY (bsc#1217927).
- x86/entry: Do not allow external 0x80 interrupts (bsc#1217927).
- x86/fpu/xstate: Prevent false-positive warning in __copy_xstate_uabi_buf() (git-fixes).
- x86/fpu: Invalidate FPU state correctly on exec() (git-fixes).
- x86/platform/uv: Use alternate source for socket to node data (bsc#1215696 bsc#1217790).
- x86/purgatory: Remove LTO flags (git-fixes).
- x86/resctrl: Fix kernel-doc warnings (git-fixes).
- x86/sev-es: Replace open-coded hlt-loop with sev_es_terminate() (jsc#PED-7167).
- x86/sev-es: Use insn_decode_mmio() for MMIO implementation (jsc#PED-7167).
- x86/sev: Add SNP-specific unaccepted memory support (jsc#PED-7167).
- x86/sev: Allow for use of the early boot GHCB for PSC requests (jsc#PED-7167).
- x86/sev: Change npages to unsigned long in snp_accept_memory() (jsc#PED-7167).
- x86/sev: Change snp_guest_issue_request()'s fw_err argument (jsc#PED-7167).
- x86/sev: Fix address space sparse warning (jsc#PED-7167).
- x86/sev: Get rid of special sev_es_enable_key (jsc#PED-7167).
- x86/sev: Mark snp_abort() noreturn (jsc#PED-7167).
- x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (jsc#PED-7167).
- x86/sev: Use large PSC requests if applicable (jsc#PED-7167).
- x86/smp: Use dedicated cache-line for mwait_play_dead() (git-fixes).
- x86/srso: Add SRSO mitigation for Hygon processors (git-fixes).
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (git-fixes).
- x86/srso: Fix vulnerability reporting for missing microcode (git-fixes).
- x86/tdx: Add unaccepted memory support (jsc#PED-7167).
- x86/tdx: Disable NOTIFY_ENABLES (jsc#PED-7167).
- x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (jsc#PED-7167).
- x86/tdx: Refactor try_accept_one() (jsc#PED-7167).
- x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (jsc#PED-7167).
- x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (jsc#PED-7167).
- x86/tsc: Add option to force frequency recalibration with HW timer (bsc#1215885 bsc#1217217).
- x86/tsc: Be consistent about use_tsc_delay() (bsc#1215885 bsc#1217217).
- x86/tsc: Extend watchdog check exemption to 4-Sockets platform (bsc#1215885 bsc#1217217).
- x86/unwind/orc: Unwind ftrace trampolines with correct ORC entry (git-fixes).
- xfs: Rename __xfs_attr_rmtval_remove (git-fixes).
- xfs: Use kvcalloc() instead of kvzalloc() (git-fixes).
- xfs: aborting inodes on shutdown may need buffer lock (git-fixes).
- xfs: add selinux labels to whiteout inodes (git-fixes).
- xfs: clean up '%Ld/%Lu' which does not meet C standard (git-fixes).
- xfs: convert flex-array declarations in struct xfs_attrlist* (git-fixes).
- xfs: convert flex-array declarations in xfs attr leaf blocks (git-fixes).
- xfs: convert flex-array declarations in xfs attr shortform objects (git-fixes).
- xfs: decode scrub flags in ftrace output (git-fixes).
- xfs: dump log intent items that cannot be recovered due to corruption (git-fixes).
- xfs: fix a bug in the online fsck directory leaf1 bestcount check (git-fixes).
- xfs: fix agf_fllast when repairing an empty AGFL (git-fixes).
- xfs: fix incorrect unit conversion in scrub tracepoint (git-fixes).
- xfs: fix silly whitespace problems with kernel libxfs (git-fixes).
- xfs: fix uninit warning in xfs_growfs_data (git-fixes).
- xfs: fix units conversion error in xfs_bmap_del_extent_delay (git-fixes).
- xfs: make sure maxlen is still congruent with prod when rounding down (git-fixes).
- xfs: remove kmem_alloc_io() (git-fixes).
- xfs: remove the xfs_dinode_t typedef (git-fixes).
- xfs: remove the xfs_dqblk_t typedef (git-fixes).
- xfs: remove the xfs_dsb_t typedef (git-fixes).
- xfs: rename xfs_has_attr() (git-fixes).
- xfs: replace snprintf in show functions with sysfs_emit (git-fixes).
- xfs: return EINTR when a fatal signal terminates scrub (git-fixes).
- xfs: sb verifier does not handle uncached sb buffer (git-fixes).
- xfs: simplify two-level sysctl registration for xfs_table (git-fixes).
- xfs: sysfs: use default_groups in kobj_type (git-fixes).
- xfs: use swap() to make dabtree code cleaner (git-fixes).
- xhci: Clear EHB bit only at end of interrupt handler (git-fixes).
ImportantSUSE bug 1179610SUSE bug 1183045SUSE bug 1211162SUSE bug 1211226SUSE bug 1212139SUSE bug 1212584SUSE bug 1214117SUSE bug 1214158SUSE bug 1214747SUSE bug 1214823SUSE bug 1215237SUSE bug 1215696SUSE bug 1215885SUSE bug 1215952SUSE bug 1216032SUSE bug 1216057SUSE bug 1216559SUSE bug 1216776SUSE bug 1217036SUSE bug 1217217SUSE bug 1217250SUSE bug 1217602SUSE bug 1217692SUSE bug 1217790SUSE bug 1217801SUSE bug 1217822SUSE bug 1217927SUSE bug 1217933SUSE bug 1217938SUSE bug 1217946SUSE bug 1217947SUSE bug 1217980SUSE bug 1217981SUSE bug 1217982SUSE bug 1218056SUSE bug 1218092SUSE bug 1218139SUSE bug 1218184SUSE bug 1218229SUSE bug 1218234SUSE bug 1218253SUSE bug 1218258SUSE bug 1218335SUSE bug 1218357SUSE bug 1218397SUSE bug 1218447SUSE bug 1218461SUSE bug 1218515SUSE bug 1218559SUSE bug 1218569SUSE bug 1218643SUSE bug 1218738CVE-2020-26555 at SUSECVE-2020-26555 at NVDCVE-2023-51779 at SUSECVE-2023-51779 at NVDCVE-2023-6121 at SUSECVE-2023-6121 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6546 at SUSECVE-2023-6546 at NVDCVE-2023-6606 at SUSECVE-2023-6606 at NVDCVE-2023-6610 at SUSECVE-2023-6610 at NVDCVE-2023-6622 at SUSECVE-2023-6622 at NVDCVE-2023-6931 at SUSECVE-2023-6931 at NVDCVE-2023-6932 at SUSECVE-2023-6932 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2021-25287: out-of-bounds read in J2kDecode in j2ku_graya_la (bsc#1185805)
- CVE-2021-25288: out-of-bounds read in J2kDecode in j2ku_gray_i (bsc#1185803)
- CVE-2021-28675: DoS in PsdImagePlugin (bsc#1185804)
- CVE-2021-28676: infinite loop in FliDecode.c can lead to DoS (bsc#1185786)
- CVE-2021-28677: DoS in the open phase via a malicious EPS file (bsc#1185785)
- CVE-2021-28678: improper check in BlpImagePlugin can lead to DoS (bsc#1185784)
ImportantSUSE bug 1185784SUSE bug 1185785SUSE bug 1185786SUSE bug 1185803SUSE bug 1185804SUSE bug 1185805CVE-2021-25287 at SUSECVE-2021-25287 at NVDCVE-2021-25288 at SUSECVE-2021-25288 at NVDCVE-2021-28675 at SUSECVE-2021-28675 at NVDCVE-2021-28676 at SUSECVE-2021-28676 at NVDCVE-2021-28677 at SUSECVE-2021-28677 at NVDCVE-2021-28678 at SUSECVE-2021-28678 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Werkzeug (Important)openSUSE Leap 15.5
This update for python-Werkzeug fixes the following issues:
- CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979).
ImportantSUSE bug 1223979CVE-2024-34069 at SUSECVE-2024-34069 at NVDcpe:/o:opensuse:leap:15.5Security update for freerdp (Important)openSUSE Leap 15.5
This update for freerdp fixes the following issues:
- CVE-2024-32039: Fixed an out-of-bounds write with variables of type uint32 (bsc#1223293)
- CVE-2024-32040: Fixed a integer underflow when using the 'NSC' codec (bsc#1223294)
- CVE-2024-32041: Fixed an out-of-bounds read in Stream_GetRemainingLength() (bsc#1223295)
- CVE-2024-32458: Fixed an out-of-bounds read on pSrcData[] (bsc#1223296)
- CVE-2024-32459: Fixed an out-of-bounds read in case SrcSize less than 4 (bsc#1223297)
- CVE-2024-32460: Fixed an out-of-bounds read when using '/bpp:32' legacy 'GDI' drawing path (bsc#1223298)
ImportantSUSE bug 1223293SUSE bug 1223294SUSE bug 1223295SUSE bug 1223296SUSE bug 1223297SUSE bug 1223298CVE-2024-32039 at SUSECVE-2024-32039 at NVDCVE-2024-32040 at SUSECVE-2024-32040 at NVDCVE-2024-32041 at SUSECVE-2024-32041 at NVDCVE-2024-32458 at SUSECVE-2024-32458 at NVDCVE-2024-32459 at SUSECVE-2024-32459 at NVDCVE-2024-32460 at SUSECVE-2024-32460 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Werkzeug (Important)openSUSE Leap 15.5
This update for python-Werkzeug fixes the following issues:
- CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979).
ImportantSUSE bug 1223979CVE-2024-34069 at SUSECVE-2024-34069 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:opensuse:leap:15.5Security update for tpm2-0-tss (Moderate)openSUSE Leap 15.5
This update for tpm2-0-tss fixes the following issues:
- CVE-2024-29040: Fixed quote data validation by Fapi_VerifyQuote (bsc#1223690).
ModerateSUSE bug 1223690CVE-2024-29040 at SUSECVE-2024-29040 at NVDcpe:/o:opensuse:leap:15.5Security update for tpm2.0-tools (Moderate)openSUSE Leap 15.5
This update for tpm2.0-tools fixes the following issues:
- CVE-2024-29038: Fixed arbitrary quote data validation by tpm2_checkquote (bsc#1223687).
- CVE-2024-29039: Fixed pcr selection value to be compared with the attest (bsc#1223689).
ModerateSUSE bug 1223687SUSE bug 1223689CVE-2024-29038 at SUSECVE-2024-29038 at NVDCVE-2024-29039 at SUSECVE-2024-29039 at NVDcpe:/o:opensuse:leap:15.5Recommended update for google-cloud SDK (Moderate)openSUSE Leap 15.5
This update for google-cloud SDK fixes the following issues:
- Add python311 cloud services packages and dependencies (jsc#PED-7987, jsc#PED-6697)
- Bellow 5 binaries Obsolete the python3.6 counterpart:
python311-google-resumable-media
python311-google-api-core
python311-google-cloud-storage
python311-google-cloud-core
python311-googleapis-common-protos
- Regular python311 updates (without Obsoletes):
python-google-auth
python-grpcio
python-sqlparse
- New python311 packages:
libcrc32c
python-google-cloud-appengine-logging
python-google-cloud-artifact-registry
python-google-cloud-audit-log
python-google-cloud-build
python-google-cloud-compute
python-google-cloud-dns
python-google-cloud-domains
python-google-cloud-iam
python-google-cloud-kms-inventory
python-google-cloud-kms
python-google-cloud-logging
python-google-cloud-run
python-google-cloud-secret-manager
python-google-cloud-service-directory
python-google-cloud-spanner
python-google-cloud-vpc-access
python-google-crc32c
python-grpc-google-iam-v1
python-grpcio-status
python-proto-plus
In python-sqlparse this security issue was fixed:
CVE-2023-30608: Fixed parser that contained a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (bsc#1210617)
ModerateSUSE bug 1210617CVE-2023-30608 at SUSECVE-2023-30608 at NVDcpe:/o:opensuse:leap:15.5Security update for python-arcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict (Important)openSUSE Leap 15.5
This update for python-argcomplete, python-Fabric, python-PyGithub, python-antlr4-python3-runtime, python-avro, python-chardet, python-distro, python-docker, python-fakeredis, python-fixedint, python-httplib2, python-httpretty, python-javaproperties, python-jsondiff, python-knack, python-marshmallow, python-opencensus, python-opencensus-context, python-opencensus-ext-threading, python-opentelemetry-api, python-opentelemetry-sdk, python-opentelemetry-semantic-conventions, python-opentelemetry-test-utils, python-pycomposefile, python-pydash, python-redis, python-retrying, python-semver, python-sshtunnel, python-strictyaml, python-sure, python-vcrpy, python-xmltodict contains the following fixes:
Changes in python-argcomplete
- Update to 3.3.0 (bsc#1222880):
* Preserve compatibility with argparse option tuples of length 4.
This update is required to use argcomplete on Python 3.11.9+ or
3.12.3+.
- update to 3.2.3:
* Allow register-python-argcomplete output to be used as lazy-loaded
zsh completion module (#475)
- Move debug_stream initialization to helper method to allow fd 9
behavior to be overridden in subclasses (#471)
- update to 3.2.2:
* Expand tilde in zsh
- Remove coverage check
- Fix zsh test failures: avoid coloring terminal
- update to 3.2.1:
* Allow explicit zsh global completion activation (#467)
* Fix and test global completion in zsh (#463, #466)
* Add –yes option to activate-global-python-argcomplete (#461)
* Test suite improvements
- drop without_zsh.patch: obsolete
- update to 3.1.6:
* Respect user choice in activate-global-python-argcomplete
* Escape colon in zsh completions. Fixes #456
* Call \_default as a fallback in zsh global completion
- update to 3.1.4:
* Call \_default as a fallback in zsh global completion
* zsh: Allow to use external script (#453)
* Add support for Python 3.12 and drop EOL 3.6 and 3.7 (#449)
* Use homebrew prefix by default
* zsh: Allow to use external script (#453)
Changes in python-Fabric:
- Update to 3.2.2
- add fix-test-deps.patch to remove vendored dependencies
*[Bug]: fabric.runners.Remote failed to properly deregister its SIGWINCH signal
handler on shutdown; in rare situations this could cause tracebacks when
the Python process receives SIGWINCH while no remote session is active.
This has been fixed.
* [Bug] #2204: The signal handling functionality added in Fabric 2.6 caused
unrecoverable tracebacks when invoked from inside a thread (such as
the use of fabric.group.ThreadingGroup) under certain interpreter versions.
This has been fixed by simply refusing to register signal handlers when not
in the main thread. Thanks to Francesco Giordano and others for the reports.
* [Bug]: Neglected to actually add deprecated to our runtime dependency
specification (it was still in our development dependencies). This has been fixed.
* [Feature]: Enhanced fabric.testing in ways large and small:
Backwards-compatibly merged the functionality of MockSFTP into MockRemote (may be
opted-into by instantiating the latter with enable_sftp=True) so you can mock
out both SSH and SFTP functionality in the same test, which was previously impossible.
It also means you can use this in a Pytest autouse fixture to prevent any tests
from accidentally hitting the network!
A new pytest fixture, remote_with_sftp, has been added which leverages the previous
bullet point (an all-in-one fixture suitable for, eg, preventing any incidental
ssh/sftp attempts during test execution).
A pile of documentation and test enhancements (yes, testing our testing helpers is a thing).
* [Support]: Added a new runtime dependency on the Deprecated library.
* [Support]: Language update: applied s/sanity/safety/g to the codebase
(with the few actual API members using the term now marked deprecated & new ones added
in the meantime, mostly in fabric.testing).
* [Feature]: Add a new CLI flag to fab, fab --list-agent-keys, which will attempt
to connect to your local SSH agent and print a key list, similarly to ssh-add -l.
This is mostly useful for expectations-checking Fabric and Paramiko’s agent
functionality, or for situations where you might not have ssh-add handy.
* [Feature]: Implement opt-in support for Paramiko 3.2’s AuthStrategy machinery, as follows:
Added a new module and class, fabric.auth.OpenSSHAuthStrategy, which leverages
aforementioned new Paramiko functionality to marry loaded SSH config files with
Fabric-level and runtime-level parameters, arriving at what should
be OpenSSH-client-compatible authentication behavior. See its API docs for details.
Added new configuration settings:
authentication.strategy_class, which defaults to None,
but can be set to OpenSSHAuthStrategy to opt-in to the new behavior.
authentication.identities, which defaults to the empty list, and can
be a list of private key paths for use by the new strategy class.
* [Bug] #2263: Explicitly add our dependency on decorator to setup.py instead of using
Invoke’s old, now removed, vendored copy of same. This allows Fabric to happily use
Invoke 2.1 and above
- Update to 3.0.1
* [Bug] #2241: A typo prevented Fabric’s command runner from properly
calling its superclass stop() method, which in tandem with a related
Invoke bug meant messy or long shutdowns in many scenarios.
- Changes from 3.0.0
* [Feature]: Change the default configuration value for inline_ssh_env
from False to True, to better align with the practicalities of common
SSH server configurations.
- Warning
This change is backwards incompatible if you were using
environment-variable-setting kwargs or config settings,
such as Connection.run(command, env={'SOME': 'ENV VARS'}),
and were not already explicitly specifying the value of inline_ssh_env.
* [Bug] #1981: (fixed in #2195) Automatically close any open SFTP session
during fabric.connection.Connection.close; this avoids issues encountered
upon re-opening a previously-closed connection object.
* [Support]: Drop support for Python <3.6, including Python 2.
- Warning
This is a backwards incompatible change if you are not yet on
Python 3.6 or above; however, pip shouldn’t offer you this
version of Fabric as long as your pip version understands
python_requires metadata.
- Drop remove-mock.patch because now in upstream.
- Drop remove-pathlib2.patch because now in upstream.
- Add %{?sle15_python_module_pythons}
- Remove conditional definition of python_module.
- Add patch remove-pathlib2.patch:
* Drop install_requires on pathlib2.
- Update to 2.7.1:
* [Bug] #1924: (also #2007) Overhaul behavior and testing re: merging together
different sources for the key_filename parameter in
Connection.connect_kwargs. This fixes a number of type-related errors
(string objects have no extend attribute, cannot add lists to strings, etc).
- Update to 2.7.0:
* Add ~fabric.connection.Connection.shell, a belated port of the v1
open_shell() feature.
* Forward local terminal resizes to the remote end, when applicable.
(For the technical: this means we now turn SIGWINCH into SSH
window-change messages.)
* Update ~fabric.connection.Connection temporarily so that it doesn't
incidentally apply replace_env=True to local shell commands, only
remote ones.
- Add patch remove-mock.patch:
* Use unittest.mock, instead of mock
- pytest-relaxed now supports pytest 6, so test on all python versions.
- Don't test on python310 -- gh#bitprophet/pytest-relaxed#12
(This is mainly required by azure-cli in the primary python3
flavor)
- Update to 2.6.0:
* [Feature] #1999: Add sudo support to Group. Thanks to Bonnie Hardin for
the report and to Winston Nolan for an early patchset.
* [Feature] #1810: Add put/get support to Group.
* [Feature] #1868: Ported a feature from v1: interpolating the local path
argument in Transfer.get with connection and remote filepath attributes.
For example, cxn.get(remote='/var/log/foo.log', local='{host}/') is now
feasible for storing a file in per-host-named directories or files, and
in fact Group.get does this by default.
* [Feature]: When the local path argument to Transfer.get contains nonexistent
directories, they are now created instead of raising an error.
Warning: This change introduces a new runtime dependency: pathlib2.
* [Bug]: Fix a handful of issues in the handling and mocking of SFTP local paths
and os.path members within fabric.testing; this should remove some occasional
“useless Mocks” as well as hewing closer to the real behavior of things like
os.path.abspath re: path normalization.
- Update Requires from setup.py
Changes in python-PyGithub:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop %define skip_python2 1
- Update to 1.57
Breaking Changes
* Add support for Python 3.11, drop support for Python 3.6 (#2332) (1e2f10d)
Bug Fixes & Improvements
* Speed up get requested reviewers and teams for pr (#2349) (6725ece)
* [WorkflowRun] - Add missing attributes (run_started_at & run_attempt), remove deprecated unicode type (#2273) (3a6235b)
* Add support for repository autolink references (#2016) (0fadd6b)
* Add retry and pool_size to typing (#2151) (784a3ef)
* Fix/types for repo topic team (#2341) (db9337a)
* Add class Artifact (#2313) (#2319) (437ff84)
- Update to 1.56
This is the last release that will support Python 3.6.
*Bug Fixes & Improvements
Create repo from template (#2090) (b50283a)
Improve signature of Repository.create_repo (#2118) (001970d)
Add support for 'visibility' attribute preview for Repositories (#1872) (8d1397a)
Add Repository.rename_branch method (#2089) (6452ddf)
Add function to delete pending reviews on a pull request (#1897) (c8a945b)
Cover all code paths in search_commits (#2087) (f1faf94)
Correctly deal when PaginatedList's data is a dict (#2084) (93b92cd)
Add two_factor_authentication in AuthenticatedUser. (#1972) (4f00cbf)
Add ProjectCard.edit() to the type stub (#2080) (d417e4c)
Add method to delete Workflow runs (#2078) (b1c8eec)
Implement organization.cancel_invitation() (#2072) (53fb498)
Feat: Add html_url property in Team Class. (#1983) (6570892)
Add support for Python 3.10 (#2073) (aa694f8)
Add github actions secrets to org (#2006) (bc5e595)
Correct replay for Organization.create_project() test (#2075) (fcc1236)
Fix install command example (#2043) (99e00a2)
Fix: #1671 Convert Python Bool to API Parameter for Authenticated User Notifications (#2001) (1da600a)
Do not transform requestHeaders when logging (#1965) (1265747)
Add type to OrderedDict (#1954) (ed7d0fe)
Add Commit.get_pulls() to pyi (#1958) (b466470)
Adding headers in GithubException is a breaking change (#1931) (d1644e3)
- Update to 1.55:
* Remove client_id/client_secret authentication (#1888) (901af8c8)
* Adjust to Github API changes regarding emails (#1890) (2c77cfad)
+ This impacts what AuthenticatedUser.get_emails() returns
* Export headers in GithubException (#1887) (ddd437a7)
* Do not import from unpackaged paths in typing (#1926) (27ba7838)
* Implement hash for CompletableGithubObject (#1922) (4faff23c)
* Use right variable in both get_check_runs() (#1889) (3003e065)
* fix bad assertions in github.Project.edit (#1817) (6bae9e5c)
* Add support for deleting repository secrets (#1868) (696793de)
* Adding github actions secrets (#1681) (c90c050e)
* Drop support for Python 3.5 (#1770) (63e4fae9)
* Fix stubs file for Repository (fab682a5)
* The Github.get_installation(integer) method has been removed.
* Repository.create_deployment()'s payload parameter is now a dictionary.
* Add support for Check Suites (#1764) (6d501b28)
* Add missing preview features of Deployment and Deployment Statuses API
* Add Support for Check Runs (#1727) (c77c0676)
* Add WorkflowRun.workflow_id (#1737) (78a29a7c)
* Added support for the Self-Hosted actions runners API (#1684) (24251f4b)
* Fix Branch protection status in the examples (#1729) (88800844)
* Filter the DeprecationWarning in Team tests (#1728) (23f47539)
* Added get_installations() to Organizations (#1695) (b42fb244)
* Fix #1507: Add new Teams: Add or update team repository endpoint
* Added support for `Repository.get_workflow_runs` parameters
* feat(pullrequest): add the rebaseable attribute (#1690) (ee4c7a7e)
* Add support for deleting reactions (#1708) (f7d203c0)
* Add get_timeline() to Issue's type stubs (#1663) (6bc9ecc8)
- Update to 1.53:
* Add method get_team_membership for user to Team (#1658) (749e8d35)
* PaginatedList's totalCount is 0 if no last page (#1641) (69b37b4a)
* Add initial support for Github Apps. (#1631) (260558c1)
* Add delete_branch_on_merge arg to Repository.edit type stub
(#1639) (15b5ae0c)
* upload_asset with data in memory (#1601) (a7786393)
* Make Issue.closed_by nullable (#1629) (06dae387)
* Add support for workflow dispatch event (#1625) (16850ef1)
* Do not check reaction_type before sending (#1592) (136a3e80)
* more flexible header splitting (#1616) (85e71361)
* Add support for deployment statuses (#1588) (048c8a1d)
* Adds the 'twitter_username' attribute to NamedUser. (#1585) (079f75a7)
* Add support for Workflow Runs (#1583) (4fb1d23f)
* Small documentation correction in Repository.py (#1565) (f0f6ec83)
* Remove 'api_preview' parameter from type stubs and docstrings
(#1559) (cc1b884c)
* Repository.update_file() content also accepts bytes (#1543) (9fb8588b)
* Fix Repository.get_issues stub (#1540) (b40b75f8)
* Check all arguments of NamedUser.get_repos() (#1532) (69bfc325)
* Remove RateLimit.rate (#1529) (7abf6004)
* PullRequestReview is not a completable object (#1528) (19fc43ab)
* Remove pointless setters in GitReleaseAsset (#1527) (1dd1cf9c)
* Drop some unimplemented methods in GitRef (#1525) (d4b61311)
* Fixed formatting of docstrings for
`Repository.create_git_tag_and_release()`
and `StatsPunchCard`. (#1520) (ce400bc7)
* Remove Repository.topics (#1505) (53d58d2b)
* Correct Repository.get_workflows() (#1518) (8727003f)
* correct Repository.stargazers_count return type to int (#1513) (b5737d41)
* Raise a FutureWarning on use of client_{id,secret} (#1506) (2475fa66)
* Improve type signature for create_from_raw_data (#1503) (c7b5eff0)
* feat(column): move, edit and delete project columns (#1497) (a32a8965)
* Add support for Workflows (#1496) (a1ed7c0e)
* Add OAuth support for GitHub applications (4b437110)
* Create AccessToken entity (4a6468aa)
* Extend installation attributes (61808da1)
- Update to 1.51
+ New features
* PyGithub now supports type checking
* Ability to retrieve public events
* Add and handle the maintainer_can_modify attribute in PullRequest
* List matching references
* Add create_repository_dispatch
* Add some Organization and Repository attributes.
* Add create project method
+ Bug Fixes & Improvements
* Drop use of shadow-cat for draft PRs
* AuthenticatedUser.get_organization_membership() should be str
* Drop documentation for len() of PaginatedList
* Fix param name of projectcard's move function
* Correct typos found with codespell
* Export IncompletableObject in the github namespace
* Add GitHub Action workflow for checks
* Drop unneeded ignore rule for flake8
* Use pytest to parametrize tests
* Type stubs are now packaged with the build
* Get the project column by id
- Drop parametrized and pytest-cov from BuildRequires.
- Update to 1.47
+ Bug Fixes & Improvements
* Add support to edit and delete a project (#1434) (f11f739)
* Add method for fetching pull requests associated with a commit (#1433) (0c55381)
* Add 'get_repo_permission' to Team class (#1416) (219bde5)
* Add list projects support, update tests (#1431) (e44d11d)
* Don't transform completely in PullRequest.*assignees (#1428) (b1c3549)
* Add create_project support, add tests (#1429) (bf62f75)
* Add draft attribute, update test (bd28524)
* Docstring for Repository.create_git_tag_and_release (#1425) (bfeacde)
* Create a tox docs environment (#1426) (b30c09a)
* Add Deployments API (#1424) (3d93ee1)
* Add support for editing project cards (#1418) (425280c)
* Add draft flag parameter, update tests (bd0211e)
* Switch to using pytest (#1423) (c822dd1)
* Fix GitMembership with a hammer (#1420) (f2939eb)
* Add support to reply to a Pull request comment (#1374) (1c82573)
* PullRequest.update_branch(): allow expected_head_sha to be empty (#1412) (806130e)
* Implement ProjectCard.delete() (#1417) (aeb27b7)
* Add pre-commit plugin for black/isort/flake8 (#1398) (08b1c47)
* Add tox (#1388) (125536f)
* Open file in text mode in scripts/add_attribute.py (#1396) (0396a49)
* Silence most ResourceWarnings (#1393) (dd31a70)
* Assert more attributes in Membership (#1391) (d6dee01)
* Assert on changed Repository attributes (#1390) (6e3ceb1)
* Add reset to the repr for Rate (#1389) (0829af8)
- Update to 1.46
+ Bug Fixes & Improvements
* Add repo edit support for delete_branch_on_merge
* Fix mistake in Repository.create_fork()
* Correct two attributes in Invitation
* Search repo issues by string label
* Correct Repository.create_git_tag_and_release()
* exposed seats and filled_seats for Github Organization Plan
* Repository.create_project() body is optional
* Implement move action for ProjectCard
* Tidy up ProjectCard.get_content()
* Added nested teams and parent
* Correct parameter for Label.edit
* doc: example of Pull Request creation
* Fix PyPI wheel deployment
- No longer build Python 2 package
- Drop BuildRequires on mock, no longer required
- Drop no-hardcoded-dep.patch, no longer required
- Update to 1.45:
+ Breaking Changes
* Branch.edit_{user,team}_push_restrictions() have been removed
The new API is:
Branch.add_{user,team}_push_restrictions() to add new members
Branch.replace_{user,team}_push_restrictions() to replace all members
Branch.remove_{user,team}_push_restrictions() to remove members
* The api_preview parameter to Github() has been removed.
+ Bug Fixes & Improvements
* Allow sha=None for InputGitTreeElement
* Support github timeline events.
* Add support for update branch
* Refactor Logging tests
* Fix rtd build
* Apply black to whole codebase
* Fix class used returning pull request comments
* Support for create_fork
* Use Repository.get_contents() in tests
* Allow GithubObject.update() to be passed headers
* Correct URL for assignees on PRs
* Use inclusive ordered comparison for 'parameterized' requirement
* Deprecate Repository.get_dir_contents()
* Apply some polish to manage.sh
- Refresh no-hardcoded-dep.patch
- Add patch to not pull in hardcoded dependencies:
* no-hardcoded-dep.patch
- Update to 1.44.1:
* Too many changes to enumerate.
- Drop PyGithub-drop-network-tests.patch, the test in question no longer
requires network access.
- Drop fix-httpretty-dep.patch, the httpretty requirement has been relaxed
upstream.
- Use %python_expand to run the test suite, it works fine on Python 3 now.
- Add mock and parameterized to BuildRequires, the test suite requires them.
- Update to 1.43.8:
* Add two factor attributes on organizations (#1132) (a073168)
* Add Repository methods for pending invitations (#1159) (57af1e0)
* Adds get_issue_events to PullRequest object (#1154) (acd515a)
* Add invitee and inviter to Invitation (#1156) (0f2beac)
* Adding support for pending team invitations (#993) (edab176)
* Add support for custom base_url in GithubIntegration class (#1093) (6cd0d64)
* GithubIntegration: enable getting installation (#1135) (1818704)
* Add sorting capability to Organization.get_repos() (#1139) (ef6f009)
* Add new Organization.get_team_by_slug method (#1144) (4349bca)
* Add description field when creating a new team (#1125) (4a37860)
* Handle a path of / in Repository.get_contents() (#1070) (102c820)
* Add issue lock/unlock (#1107) (ec7bbcf)
* Fix bug in recursive repository contents example (#1166) (8b6b450)
* Allow name to be specified for upload_asset (#1151) (8d2a6b5)
* Fixes #1106 for GitHub Enterprise API (#1110) (5406579)
- Update to 1.43.7:
* Exclude tests from PyPI distribution (#1031) (78d283b9)
* Add codecov badge (#1090) (4c0b54c0)
- Update to 1.43.6:
* New features
o Add support for Python 3.7 (#1028) (6faa00ac)
o Adding HTTP retry functionality via urllib3 (#1002) (5ae7af55)
o Add new dismiss() method on PullRequestReview (#1053) (8ef71b1b)
o Add since and before to get_notifications (#1074) (7ee6c417)
o Add url parameter to include anonymous contributors in get_contributors (#1075) (293846be)
o Provide option to extend expiration of jwt token (#1068) (86a9d8e9)
* Bug Fixes & Improvements
o Fix the default parameter for PullRequest.create_review (#1058) (118def30)
o Fix get_access_token (#1042) (6a89eb64)
o Fix Organization.add_to_members role passing (#1039) (480f91cf)
* Deprecation
o Remove Status API (6efd6318)
- Add patch fix-httpretty-dep.patch
Changes in python-antlr4-python3-runtime:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop %define skip_python2 1
+ Drop support for older Python 3.x versions
- fix build for python 3.12
- require setuptools
- Update to version 4.13.1
csharp target
* [CSharp] Fix for #4386 -- change signatures for ReportAttemptingFullContext()
and ReportContextSensitivity() to be identical to all other targets (target:csharp,
type:cleanup)
go target
* Move GetText(), SetText(), and String() from CommonToken to BaseToken
(target:go, type:cleanup)
* Restore 'Obtained from string' source name. (target:go, type:cleanup)
* fix: Fix very minor code issues spotted by goreportcard.com (target:go, type:cleanup)
java target
* Java: suppress this-escape warning introduced in JDK 21. (actions, target:java)
javascript target
* Adds default targets for babel configuration (target:javascript)
* fix dependabot warnings (target:javascript, type:cleanup)
swift target
* [SWIFT] Add Antlr4Dynamic product (target:swift)
* Cleanup duplicate SwiftTarget code (target:swift, type:cleanup)
dart target
* [Dart] Fix for #4320--export additional types (type:bug, target:dart)
- from version 4.13.0
Issues fixed
* antlr4 jar doubled in size in 4.9.3 (unicode, comp:performance)
* Go: exponentially bad/absymal performance as of ... (type:bug, target:go)
* Go runtime panic (type:bug, target:go)
Improvements, features
* Update LexerATNSimulator.cs with virtual Consume (type:improvement, target:csharp)
* Feature/fixembedding (type:improvement, target:go, comp:performance)
* Provide Javascript port of TokenStreamRewriter (type:feature,
target:javascript, target:typescript)
- from version 4.12.0
Issues fixed
* github actions now fail for python2 and ubuntu clang and ubuntu swift
(comp:runtime, comp:build, comp:testing)
* js mergeArrays output differs from java (atn-analysis, target:javascript)
* C++ target fails Performance/DropLoopEntryBranchInLRRule_4.txt
(atn-analysis, type:bug, target:cpp)
* Wrong grammarFileName in generated code (code-gen, type:bug)
* C++ crashes on new test ParserExec/ListLabelsOnRuleRefStartOfAlt.txt
(atn-analysis, type:bug, target:cpp)
* [JavaScript runtime] Bad field name, bad comments (type:bug)
Improvements, features
* Fully qualify std::move invocations to fix -Wunqualified-std-cast-call
(type:improvement, target:cpp)
* Extract FileUtils updates by @ericvergnaud (type:improvement,
cross-platform-issue, comp:testing)
* Extract unit test updates by @ericvergnaud needed for TypeScript
(type:improvement, comp:testing)
* [Go target] Fix for #3926: Add accessors for tree navigation to interfaces
in generated parser (trees-contexts, code-gen, type:improvement, target:go)
* GitHub Workflows security hardening (actions, type:improvement, comp:testing)
- from version 4.11.1
* Just fixes 4.11.0 release issue. I forgot to change runtime
tool version so it didn't say SNAPSHOT.
- from version 4.11.0
Issues fixed
* Disable failing CI tests in master (comp:build, comp:testing)
* Create accessor for Go-based IntervalSet.intervals (target:go)
* Grammar Name Conflict Golang with SPARQL issue (target:go, type:cleanup)
* Dependency declaration error in ANTLR 4.10.1 (comp:build)
* Drop old version of Visual Studio C++ (2013, 2015, 2017)
(comp:build, target:cpp)
* Circular grammar inclusion causes stack overflow in the tool.
(comp:tool, type:bug)
* Cpp, Go, JavaScript, Python2/3: Template rendering error. (code-gen, comp:runtime,
target:java, target:javascript, target:python2, target:python3, target:go)
Improvements, features
* Augment error message during testing to include full cause of problem.
(type:improvement, comp:testing)
* Include swift & tool verification in CI workflow (type:improvement,
comp:build, cross-platform-issue, target:swift)
* Issue #3783: CI Check Builds (type:improvement, comp:build,
cross-platform-issue, comp:testing)
* Parallel lock free testing, remove potential deadlocks, cache static data,
go to descriptor via test (comp:runtime, type:improvement, comp:testing)
* update getting-started doc (type:improvement, comp:doc)
* Getting Started has error (type:improvement, comp:doc)
* new nuget directory for building ANTLR4 C++ runtime as 3 Nuget packages
(type:improvement, comp:build, target:cpp)
* Add interp tool like TestRig (comp:tool, type:feature)
* Issue 3720: Java 2 Security issue (type:improvement, target:java)
* Cpp: Disable warnings for external project (type:bug, type:improvement, target:cpp)
* Fix Docker README for arm OS user (type:improvement, comp:doc)
- from version 4.10.1
* [C++] Remove reference to antlrcpp:s2ws
* Update publishing instruction for Dart
- from version 4.10.0
Issues fixed
* C++ runtime: Version identifier macro ? (target:cpp, type:cleanup)
* Generating XPath lexer/parser (actions, type:bug)
* do we need this C++ ATN serialization? (target:cpp, type:cleanup)
* Incorrect type of token with number 0xFFFF because of incorrect
ATN serialization (atn-analysis, type:bug)
* Clean up ATN serialization: rm UUID and shifting by value of 2
(atn-analysis, type:cleanup)
* The parseFile method of the InterpreterDataReader class is missing
code: 'line = br.readLine();' (type:bug, target:java)
* antlr.runtime.standard 4.9.3 invalid strong name.
(type:bug, comp:build, target:csharp)
* Serialized ATN data element 810567 element 11 out of
range 0..65535 (atn-analysis, type:cleanup)
* Go target, unable to check when custom error strategy
is in recovery mode (target:go)
* Escape issue for characeters (grammars, type:bug)
* antlr4 java.lang.NullPointerException Antlr 4 4.8
(grammars, comp:tool, type:bug)
* UnsupportedOperationException while generating code for large grammars.
(atn-analysis, type:cleanup)
* Add a more understandable message than 'Serialized ATN data element ....
element ... out of range 0..65535' (atn-analysis, type:cleanup)
* avoid java.lang.StackOverflowError (lexers, error-handling)
* Getting this error: Exception in thread 'main' java.lang.UnsupportedOperationException:
Serialized ATN data element out of range (atn-analysis, type:cleanup)
Improvements, features
* Updated getting started with Cpp documentation. (type:improvement, comp:doc)
* Escape bad words during grammar generation (code-gen, type:improvement)
* Implement caseInsensitive option (lexers, options, type:improvement)
* Some tool bugfixes (error-handling, comp:tool, type:improvement, type:cleanup)
- Run testsuite using the tests/run.py script instead of %pyunittest
- Switch build systemd from setuptools to pyproject.toml
- Update BuildRequires from pyproject.toml
- Update filename pattern in %files section
- Update to version 4.9.3
Issues fixed
* Swift Target Crashes with Multi-Threading
* JavaScript Runtime bug
* Go target, cannot use superClass for the lexer grammar!
* Python runtime is inconsistent with Java
* FunctionDef source extract using getText()
* Provide .NET Framework target in the csharp nuget package
* Go target for Antlr tool, type ',int8' => 'int8'
* Flutter/Dart web support
* Allow Antlr Javascript runtime to be loaded into Kindle Touch
* Fix Go test suite
* Weird error
Improvements, features
* [C++] Use faster alternative to dynamic_cast when not testing inherit
* Stackoverflow after upgrading from 4.6 to 4.7
- from version 4.9.2
Issues fixed
* CSharp and Java produce different results for identical input, identical tokens
Improvements, features
* Moved away from travis-ci.com
- Source upstream tarball from Github since PyPi tarball no longer ships testsuite
- Update to version 4.9.1.
* Improve python3 performance by adding slots
* Fix incorrect python token string templates
- Add testing.
- Skip python2 because this is for python3.
- Use python_alternative
Changes in python-avro:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %define skip_python2 1
- Update to version 1.11.3:
+ See jira board for all the fixes addressed in this release:
https://issues.apache.org/jira/browse/AVRO-3855?jql=project%3DAVRO%20AND%20fixVersion%3D1.11.3
- Drop py311.patch: fixed upstream.
- Add py311.patch to make tests compatible with python 3.11 gh#apache/avro#1961
- Update to 1.11.1 (from GitHub release notes):
- Avro specification
- Clarify which names are allowed to be qualified with
namespaces
- Inconsistent behaviour on types as invalid names
- Clarify how fullnames are created, with example
- IDL: add syntax to create optional fields
- Improve docs for logical type annotation
- Python
- Scale assignment optimization
- 'Scale' property from decimal object
- Byte reading in avro.io does not assert bytes read
- validate the default value of an enum field
- Pass LogicalType to BytesDecimalSchema
- Website
- Website refactor
- Document IDL support in IDEs
Changes in python-chardet:
- update to 5.2.0:
* Adds support for running chardet CLI via `python -m chardet`
Changes in python-distro:
- Switch to autosetup macro.
- update to 1.9.0:
* Refactor distro.info() method to return an InfoDict [#360]
* Ignore the file '/etc/board-release' [#353]
* Ignore the file '/etc/ec2_version' [#359]
* Test on modern versions of CPython and PyPy and macOS [#362]
* Add support for ALT Linux Server 10.1 distribution [#354]
* Add Debian Testing to the tests [#356]
* Update archlinux resource for tests [#352]
- Remove duplicate files calling %fdupes
- add sle15_python_module_pythons
- update to 1.8.0:
* Lowered `LinuxDistribution._distro_release_info` method complexity
[#327]
* Added official support for Buildroot distribution [#329]
* Added official support for Guix distribution [#330]
* Added support for `/etc/debian_version` [#333] & [#349]
* Fixed a typography in CONTRIBUTING.md [#340]
* Improved README.md 'Usage' code block [#343]
* Bumped black to v22.3.0 in pre-commit.ci configuration [#331]
* Enabled GitHub Dependabot to keep GitHub Actions up to date [#335]
- remove shebang from distro.py
- update to version 1.7.0:
- BACKWARD COMPATIBILITY:
- Dropped support for EOL Pythons 2.7, 3.4 and 3.5 [[#281](https://github.com/python-distro/distro/pull/281)]
- Dropped support for LSB and `uname` back-ends when `--root-dir` is specified [[#311](https://github.com/python-distro/distro/pull/311)]
- Moved `distro.py` to `src/distro/distro.py` [[#315](https://github.com/python-distro/distro/pull/315)]
- ENHANCEMENTS:
- Documented that `distro.version()` can return an empty string on rolling releases [[#312](https://github.com/python-distro/distro/pull/312)]
- Documented support for Python 3.10 [[#316](https://github.com/python-distro/distro/pull/316)]
- Added official support for Rocky Linux distribution [[#318](https://github.com/python-distro/distro/pull/318)]
- Added a shebang to `distro.py` to allow standalone execution [[#313](https://github.com/python-distro/distro/pull/313)]
- Added support for AIX platforms [[#311](https://github.com/python-distro/distro/pull/311)]
- Added compliance for PEP-561 [[#315](https://github.com/python-distro/distro/pull/315)]
- BUG FIXES:
- Fixed `include_uname` parameter oversight [[#305](https://github.com/python-distro/distro/pull/305)]
- Fixed crash when `uname -rs` output is empty [[#304](https://github.com/python-distro/distro/pull/304)]
- Fixed Amazon Linux identifier in `distro.id()` documentation [[#318](https://github.com/python-distro/distro/pull/318)]
- Fixed OpenSuse >= 15 support [[#319](https://github.com/python-distro/distro/pull/319)]
- Fixed encoding issues when opening distro release files [[#324](https://github.com/python-distro/distro/pull/324)]
- Fixed `linux_distribution` regression introduced in [[#230](https://github.com/python-distro/distro/pull/230)] [[#325](https://github.com/python-distro/distro/pull/325)]
- Tests: Set locale to UTF-8 to fix tests on Leap 15.3.
- Expliciting setting of locale is not necessary anymore
(gh#python-distro/distro#223).
- Update to version 1.6.0
* Deprecated the distro.linux_distribution() function. Use distro.id(), distro.version() and distro.name() instead [#296]
* Deprecated Python 2.7, 3.4 and 3.5 support. Further releases will only support Python 3.6+
* Added type hints to distro module [#269]
* Added __version__ for checking distro version [#292]
* Added support for arbitrary rootfs via the root_dir parameter [#247]
* Added the --root-dir option to CLI [#161]
* Added fallback to /usr/lib/os-release when /etc/os-release isn't available [#262]
* Fixed subprocess.CalledProcessError when running lsb_release [#261]
* Ignore /etc/iredmail-release file while parsing distribution [#268]
* Use a binary file for /dev/null to avoid TextIOWrapper overhead [#271]
- use %pytest macro
- Enable tests properly (this is pytest, not unittest),
Changes in python-docker:
- update to 7.0.0:
* Removed SSL version (`ssl_version`) and explicit hostname
check (`assert_hostname`) options (#3185)
* Python 3.7+ supports TLSv1.3 by default
* Websocket support is no longer included by default (#3123)
* Use `pip install docker[websockets]` to include `websocket-
client` dependency
* By default, `docker-py` hijacks the TCP connection and does
not use Websockets
* Websocket client is only required to use
`attach_socket(container, ws=True)`
* Python 3.7 no longer supported (reached end-of-life June
2023) (#3187)
* Python 3.12 support (#3185)
* Full `networking_config` support for `containers.create()`
* Replaces `network_driver_opt` (added in 6.1.0)
* Add `health()` property to container that returns status
(e.g. `unhealthy`)
* Add `pause` option to `container.commit()` (#3159)
* Add support for bind mount propagation (e.g. `rshared`,
`private`)
* Add support for `filters`, `keep_storage`, and `all` in
`prune_builds()` on API v1.39+ (#3192)
* Consistently return `docker.errors.NotFound` on 404 responses
* Validate tag format before push (#3191)
- update to 6.1.3:
* Bugfixes
- Fix eventlet compatibility (#3132)
- update to 6.1.2:
* Bugfixes
- Fix for socket timeouts on long docker exec calls (#3125)
- Respect timeout param on Windows (#3112)
- update to 6.1.1:
* Upgrade Notes (6.1.x)
- Errors are no longer returned during client initialization if
the credential helper cannot be found. A warning will be
emitted instead, and an error is returned if the credential
helper is used.
* Bugfixes
- Fix containers.stats() hanging with stream=True
- Correct return type in docs for containers.diff() method
- update to 6.1.0:
* Upgrade Notes
- Errors are no longer returned during client initialization if
the credential helper cannot be found. A warning will be
emitted instead, and an error is returned if the credential
helper is used.
* Features
- Python 3.11 support
- Use poll() instead of select() on non-Windows platforms
- New API fields
- network_driver_opt on container run / create
- one-shot on container stats
- status on services list
* Bugfixes
- Support for requests 2.29.0+ and urllib3 2.x
- Do not strip characters from volume names
- Fix connection leak on container.exec_* operations
- Fix errors closing named pipes on Windows
- update to 6.0.1:
* Notice
This version is not compatible with requests 2.29+ or urllib3
2.x.
Either add requests < 2.29 and urllib3 < 2 to your requirements
or upgrade to to the latest docker-py release.
* Bugfixes
- Fix for The pipe has been ended errors on Windows (#3056)
- Support floats for timestamps in Docker logs (since / until)
(#3031)
- update to 6.0.0:
* Upgrade Notes
- Minimum supported Python version is 3.7+
- When installing with pip, the docker[tls] extra is deprecated
and a no-op, use docker for same functionality (TLS support
is always available now)
- Native Python SSH client (used by default /
use_ssh_client=False) will now
- reject unknown host keys with
paramiko.ssh_exception.SSHException
- Short IDs are now 12 characters instead of 10 characters
(same as Docker CLI)
- Version metadata is now exposed as __version__
* Features
- Python 3.10 support
- Automatically negotiate most secure TLS version
- Add platform (e.g. linux/amd64, darwin/arm64) to container
create & run
- Add support for GlobalJob and ReplicatedJobs for Swarm
- Add remove() method on Image
- Add force param to disable() on Plugin
* Bugfixes
- Fix install issues on Windows related to pywin32
- Do not accept unknown SSH host keys in native Python SSH mode
- Use 12 character short IDs for consistency with Docker CLI
- Ignore trailing whitespace in .dockerignore files
- Fix IPv6 host parsing when explicit port specified
- Fix ProxyCommand option for SSH connections
- Do not spawn extra subshell when launching external SSH
client
- Improve exception semantics to preserve context
- Documentation improvements (formatting, examples, typos,
missing params)
* Miscellaneous
- Upgrade dependencies in requirements.txt to latest versions
- Remove extraneous transitive dependencies
- Eliminate usages of deprecated functions/methods
- Test suite reliability improvements
- GitHub Actions workflows for linting, unit tests, integration
tests, and publishing releases
- add sle15_python_module_pythons
- python-six is not required as well
- python-mock actually not required for build
- update to 5.0.3:
* Add cap_add and cap_drop parameters to service create and ContainerSpec
* Add templating parameter to config create
* Bump urllib3 to 1.26.5
* Bump requests to 2.26.0
* Remove support for Python 2.7
* Make Python 3.6 the minimum version supported
- Update to 4.4.4
From project changelog:
4.4.4
Bugfixes
Remove LD_LIBRARY_PATH and SSL_CERT_FILE environment variables when shelling out to the ssh client
4.4.3
Features
Add support for docker.types.Placement.MaxReplicas
Bugfixes
Fix SSH port parsing when shelling out to the ssh client
4.4.2
Bugfixes
Fix SSH connection bug where the hostname was incorrectly trimmed and the error was hidden
Fix docs example
Miscellaneous
Add Python3.8 and 3.9 in setup.py classifier list
4.4.1
Bugfixes
Avoid setting unsuported parameter for subprocess.Popen on Windows
Replace use of deprecated 'filter' argument on ''docker/api/image'
- update to 4.4.0:
- Add an alternative SSH connection to the paramiko one, based on shelling out to the SSh client. Similar to the behaviour of Docker cli
- Default image tag to `latest` on `pull`
- Fix plugin model upgrade
- Fix examples URL in ulimits
- Improve exception messages for server and client errors
- Bump cryptography from 2.3 to 3.2
- Set default API version to `auto`
- Fix conversion to bytes for `float`
- Support OpenSSH `identityfile` option
- Add `DeviceRequest` type to expose host resources such as GPUs
- Add support for `DriverOpts` in EndpointConfig
- Disable compression by default when using container.get_archive method
- Update default API version to v1.39
- Update test engine version to 19.03.12
- update to 4.2.2:
- Fix context load for non-docker endpoints
- update to 4.2.1:
- Add option on when to use `tls` on Context constructor
- Make context orchestrator field optional
- Bump required version of pycreds to 0.4.0 (sync with requirements.txt)
- update to 3.7.0 (mandatory for latest docker-compose)
- add python-dockerpycreds dependency in the spec file
rebase hide_py_pckgmgmt.patch
Changes in python-fakeredis:
- update to 2.21.0:
* Implement all TOP-K commands (`TOPK.INFO`, `TOPK.LIST`,
`TOPK.RESERVE`,
* `TOPK.ADD`, `TOPK.COUNT`, `TOPK.QUERY`, `TOPK.INCRBY`) #278
* Implement all cuckoo filter commands #276
* Implement all Count-Min Sketch commands #277
* Fix XREAD blocking bug #274 #275
* EXAT option does not work #279
- update to 2.20.1:
* Fix `XREAD` bug #256
* Testing for python 3.12
- update to 2.20.0:
* Implement `BITFIELD` command #247
* Implement `COMMAND`, `COMMAND INFO`, `COMMAND COUNT` #248
- Remove unnecessary BR on python-lupa
- update to 2.19.0:
* Implement Bloom filters commands #239
* Fix error on blocking XREADGROUP #237
- update to 2.18.1:
* Fix stream type issue #233
- update to 2.18.0:
* Implement `PUBSUB NUMPAT` #195, `SSUBSCRIBE` #199, `SPUBLISH`
#198, `SUNSUBSCRIBE` #200, `PUBSUB SHARDCHANNELS` #196, `PUBSUB
SHARDNUMSUB` #197
* Fix All aio.FakeRedis instances share the same server #218
- update to 2.17.0:
* Implement `LPOS` #207, `LMPOP` #184, and `BLMPOP` #183
* Implement `ZMPOP` #191, `BZMPOP` #186
* Fix incorrect error msg for group not found #210
* fix: use same server_key within pipeline when issued watch
issue with ZRANGE and ZRANGESTORE with BYLEX #214
* Implemented support for `JSON.MSET` #174, `JSON.MERGE` #181
* Add support for version for async FakeRedis #205
* Updated how to test django_rq #204
- update to 2.15.0:
* Implemented support for various stream groups commands:
* `XGROUP CREATE` #161, `XGROUP DESTROY` #164, `XGROUP SETID`
#165, `XGROUP DELCONSUMER` #162,
* `XGROUP CREATECONSUMER` #163, `XINFO GROUPS` #168, `XINFO
CONSUMERS` #168, `XINFO STREAM` #169, `XREADGROUP` #171,
* `XACK` #157, `XPENDING` #170, `XCLAIM` #159, `XAUTOCLAIM`
* Implemented sorted set commands:
* `ZRANDMEMBER` #192, `ZDIFF` #187, `ZINTER` #189, `ZUNION`
#194, `ZDIFFSTORE` #188,
* `ZINTERCARD` #190, `ZRANGESTORE` #193
* Implemented list commands:
* `BLMOVE` #182,
* Improved documentation.
* Fix documentation link
* Fix requirement for packaging.Version #177
* Implement `HRANDFIELD` #156
* Implement `JSON.MSET`
* Improve streams code
- update to 2.13.0:
* Fixed xadd timestamp (fixes #151) (#152)
* Implement XDEL #153
* Improve test code
* Fix reported security issue
* Add support for `Connection.read_response` arguments used in
redis-py 4.5.5 and 5.0.0
* Adding state for scan commands (#99)
* Improved documentation (added async sample, etc.)
- update to 2.12.0:
* Implement `XREAD` #147
* Unique FakeServer when no connection params are provided
* Minor fixes supporting multiple connections
* Update documentation
* connection parameters awareness:
* Creating multiple clients with the same connection parameters
will result in the same server data structure.
* Fix creating fakeredis.aioredis using url with user/password
- add sle15_python_module_pythons
- Update to 2.10.3:
* Support for redis-py 5.0.0b1
* Include tests in sdist (#133)
* Fix import used in GenericCommandsMixin.randomkey (#135)
* Fix async_timeout usage on py3.11 (#132)
* Enable testing django-cache using FakeConnection.
* All geo commands implemented
* Fix bug for xrange
* Fix bug for xrevrange
* Implement XTRIM
* Add support for MAXLEN, MAXID, LIMIT arguments for XADD command
* Add support for ZRANGE arguments for ZRANGE command #127
* Relax python version requirement #128
* Support for redis-py 4.5.0 #125
- update to 2.7.1:
* Fix import error for NoneType (#120)
* Implement
- JSON.ARRINDEX
- JSON.OBJLEN
- JSON.OBJKEYS
- JSON.ARRPOP
- JSON.ARRTRIM
- JSON.NUMINCRBY
- JSON.NUMMULTBY
- XADD
- XLEN
- XRANGE
- XREVRANGE
* Implement `JSON.TYPE`, `JSON.ARRLEN` and `JSON.ARRAPPEND`
* Fix encoding of None (#118)
- update to v2.5.0:
* Implement support for BITPOS (bitmap command) (#112)
* Fix json mget when dict is returned (#114)
* fix: properly export (#116)
* Extract param handling (#113)
- update to v2.4.0:
* Implement LCS (#111), BITOP (#110)
* Fix bug checking type in scan_iter (#109)
* Implement GETEX (#102)
* Implement support for JSON.STRAPPEND (json command) (#98)
* Implement JSON.STRLEN, JSON.TOGGLE and fix bugs with JSON.DEL (#96)
* Implement PUBSUB CHANNELS, PUBSUB NUMSUB
* Implement JSON.CLEAR (#87)
* Support for redis-py v4.4.0
* Implement json.mget (#85)
* Initial json module support - JSON.GET, JSON.SET and JSON.DEL (#80)
* fix: add nowait for asyncio disconnect (#76)
* Refactor how commands are registered (#79)
* Refactor tests from redispy4_plus (#77)
* Remove support for aioredis separate from redis-py (redis-py versions
4.1.2 and below). (#65)
* Add support for redis-py v4.4rc4 (#73)
* Add mypy support (#74)
* Implement support for zmscore by @the-wondersmith in #67
* What's Changed
* implement GETDEL and SINTERCARD support by @cunla in #57
* Test get float-type behavior by @cunla in #59
* Implement BZPOPMIN/BZPOPMAX support by @cunla in #60
- drop fakeredis-pr54-fix-ensure_str.patch (upstream)
- Update to 1.9.3
* Removed python-six dependency
* zadd support for GT/LT by @cunla in #49
* Remove six dependency by @cunla in #51
* Add host to conn_pool_args by @cunla in #51
- Drop python-fakeredis-no-six.patch which was incomplete
* all commits, including the missing ones in release now
- Add fakeredis-pr54-fix-ensure_str.patch
- use upstream
https://github.com/cunla/fakeredis-py/pull/51/
- modified patches
% python-fakeredis-no-six.patch (refreshed)
- version update to 1.9.1
* Zrange byscore by @cunla in #44
* Expire options by @cunla in #46
* Enable redis7 support by @cunla in #42
- added patches
fix https://github.com/cunla/fakeredis-py/issues/50
+ python-fakeredis-no-six.patch
- Update to 1.8.1
* fix: allow redis 4.3.* by @terencehonles in #30
- Release 1.8
* Fix handling url with username and password by @cunla in #27
* Refactor tests by @cunla in #28
- Release 1.7.6
* add IMOVE operation by @BGroever in #11
* Add SMISMEMBER command by @OlegZv in #20
* fix: work with redis.asyncio by @zhongkechen in #10
* Migrate to poetry by @cunla in #12
* Create annotation for redis4+ tests by @cunla in #14
* Make aioredis and lupa optional dependencies by @cunla in #16
* Remove aioredis requirement if redis-py 4.2+ by @ikornaselur in
#19
- update to 1.7.0
* Change a number of corner-case behaviours to match Redis 6.2.6.
* Fix DeprecationWarning for sampling from a set
* Improved support for constructor arguments
* Support redis-py 4
* Add support for GET option to SET
* PERSIST and EXPIRE should invalidate watches
- Update to 1.6.1
* #305 Some packaging modernisation
* #306 Fix FakeRedisMixin.from_url for unix sockets
* #308 Remove use of async_generator from tests
- Release 1.6.0
* #304 Support aioredis 2
* #302 Switch CI from Travis CI to Github Actions
- update to 1.5.2
* support python 3.9
* support aioredis
- Disable py2 as upstream actually disabled python2 support competely
* The syntax simply is not compatible
- Update to 1.3.0:
* No upstream changelog
- python2 tests are dysfunctional, test with python3 only
- Update to 1.0.5:
* No upstream changelog
- Update to 1.0.4:
* various bugfixes all around
- Update to v1.0.3
* Support for redis 3.2
(no effective changes in v1.0.2)
- Initial spec for v1.0.1
Changes in python-fixedint:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Fix capitalization in Summary
- Limit Python files matched in %files section
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- Initial build
+ Version 0.2.0
Changes in python-httplib2:
- require setuptools
- Clean up SPEC file.
- Add %{?sle15_python_module_pythons}
- update to 0.22.0:
* https: disable_ssl_certificate_validation caused
ValueError: Cannot set verify_mode to CERT_NONE when
check_hostname is enabled
- Update to 0.21.0:
* http: `Content-Encoding: deflate` must accept zlib encapsulation
* https://github.com/httplib2/httplib2/pull/230
* Begin support and CI against CPython 3.10 and 3.11.
- update to 0.20.4:
proxy: support proxy urls with ipv6 address
Tests compatible with Python3.10 and recent pytest.
- add pyparsing dependency
- update to 0.20.2:
auth: support pyparsing v3
proxy: correct extraction of errno from pysocks ProxyConnectionError
IMPORTANT cacerts: remove expired DST Root CA X3, add ISRG Root X1, X2
- update to 0.19.1:
* auth header parsing performance optimizations; Thanks to Paul McGuire
* Use mock from the standard library on Python>=3.3
set first, othewise a 'ValueError: Cannot set
verify_mode to CERT_NONE when check_hostname
instead (bnc#761162)
item not in cache
- initial version of python-httplib2 (0.2.0)
Changes in python-httpretty:
- Add patch 0001-Fix-test_417_openssl.py-if-pyOpenSSL-not-available.patch:
* Fix tests without pyOpenSSL support in urllib3
- Allow building with python-urllib3 >= 2.x
- Do not use python-boto3 when building in SLE where it's currently
not available for python311
- Add %{?sle15_python_module_pythons}
- skip failing testsuite tests after requests update
- Add patch relax-test-callback-response.patch:
* Relax timeout for test_callback_response (bsc#1209571)
- Add patch 460-miliseconds_tests.patch (gh#gabrielfalcao/HTTPretty#460):
* Correct tests for s390x and aarch64 because of timeout failures
after 2 miliseconds
- Fix test suite:
* Remove nose idioms
* Remove outdated test skips
- Add patch double-slash-paths.patch:
* http.request may replace // with /, handle that in the testcase.
- Add 453-fix-tests-pytest.patch (gh#gabrielfalcao/HTTPretty#449)
to make tests compatible with pytest.
- Add patch remove-mock.patch:
* Use unittest.mock in the functional tests.
- specfile:
* update copyright year
- update to version 1.1.4:
* Bugfix: #435 Fallback to WARNING when logging.getLogger().level is
None.
- changes from version 1.1.3:
* Bugfix: #430 Respect socket timeout.
- changes from version 1.1.2:
* Bugfix: #426 Segmentation fault when running against a large
amount of tests with pytest --mypy.
- changes from version 1.1.1:
* Bugfix: httpretty.disable() injects pyopenssl into
:py:mod:`urllib3` even if it originally wasn't #417
* Bugfix: 'Incompatibility with boto3 S3 put_object' #416
* Bugfix: 'Regular expression for URL -> TypeError: wrap_socket()
missing 1 required' #413
* Bugfix: 'Making requests to non-stadard port throws TimeoutError
'#387
- changes from version 1.1.0:
* Feature: Display mismatched URL within UnmockedError whenever
possible. #388
* Feature: Display mismatched URL via logging. #419
* Add new properties to :py:class:`httpretty.core.HTTPrettyRequest`
(protocol, host, url, path, method).
- Updater to 1.0.5
* Bugfix: Support socket.socketpair() . #402
* Bugfix: Prevent exceptions from re-applying monkey patches.
#406
- Release 1.0.4
* Python 3.8 and 3.9 support. #407
- Update to 1.0.3
* Fix compatibility with urllib3>=1.26. #410
- Replace nose with nose2
- avoid reading DNS resolver settings
gh#gabrielfalcao/HTTPretty#405
- remove unnecessary test packages
- Update to 1.0.2
* Drop Python 2 support.
* Fix usage with redis and improve overall real-socket passthrough.
* Fix TypeError: wrap_socket() missing 1 required positional argument: 'sock'.
* Fix simple typo: neighter -> neither.
* Updated documentation for register_uri concerning using ports.
* Clarify relation between ``enabled`` and ``httprettized`` in API docs.
* Align signature with builtin socket.
- Version update to 0.9.6:
* Many fixes all around
* Support for python 3.7
- Make sure we really run the tests
- Remove superfluous devel dependency for noarch package
Changes in python-javaproperties:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- version update to 0.8.1
v0.8.1 (2021-10-05)
-------------------
- Fix a typing issue in Python 3.9
- Support Python 3.10
v0.8.0 (2020-11-28)
-------------------
- Drop support for Python 2.7, 3.4, and 3.5
- Support Python 3.9
- `ensure_ascii` parameter added to `PropertiesFile.dump()` and
`PropertiesFile.dumps()`
- **Bugfix**: When parsing XML input, empty `<entry>` tags now produce an empty
string as a value, not `None`
- Added type annotations
- `Properties` and `PropertiesFile` no longer raise `TypeError` when given a
non-string key or value, as type correctness is now expected to be enforced
through static type checking
- The `PropertiesElement` classes returned by `parse()` are no longer
subclasses of `namedtuple`, but they can still be iterated over to retrieve
their fields like a tuple
- python-six is not required
Changes in python-jsondiff:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Limit Python files matched in %files section
- Add %{?sle15_python_module_pythons}
- Update to version 2.0.0
* Removed deprecated function
* Remove deprecated jsondiff entry point
- from version 1.3.1
* Optionally allow different escape_str than '$'
* Clarified the readme, closes #23
* Fixed readme
- Remove jsondiff command from %install, %post, %postun and %files sections
Changes in python-knack:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop %define skip_python2 1
- Update to version 0.11.0
* Declare support for Python 3.11 and drop support for Python 3.7 (#275)
* Stop converting argument's `bool` default value to `DefaultInt` (#273)
- Update to version 0.10.1
* Support bytearray serialization (#268)
- Update to version 0.10.0
* Enable Virtual Terminal mode on legacy Windows terminal
to support ANSI escape sequences (#265)
* Drop Python 3.6 support (#259)
- python-mock is not required for build
Changes in python-marshmallow:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Limit Python files matched in %files section
- update to 3.20.2:
* Bug fixes: - Fix Nested field type hint for lambda Schema
types (:pr:`2164`).
* Other changes: - Officially support Python 3.12 (:pr:`2188`).
- update to 3.20.1:
* Fix call to ``get_declared_fields``: pass ``dict_cls`` again
* Add ``absolute`` parameter to ``URL`` validator and ``Url``
* Use Abstract Base Classes to define ``FieldABC`` and
``SchemaABC``
* Use `OrderedSet` as default `set_class`. Schemas are now
ordered by default.
* Handle ``OSError`` and ``OverflowError`` in
``utils.from_timestamp`` (:pr:`2102`).
* Fix the default inheritance of nested partial schemas
* Officially support Python 3.11 (:pr:`2067`).
* Drop support for Python 3.7 (:pr:`2135`).
- Switch documentation to be within the main package on SLE15
- rename docs subpackage to the more common doc name
- Update to 3.19.0
* Add timestamp and timestamp_ms formats to fields.DateTime (#612). Thanks @vgavro for the suggestion and thanks @vanHoi for the PR.
Changes in python-opencensus:
- Add Obsoletes for old python3 package on SLE-15
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Update to 0.11.4
* Changed bit-mapping for `httpx` and `fastapi` integrations
- Refresh patches for new version
* opencensus-pr1002-remove-mock.patch
- Switch package to modern Python Stack on SLE-15
* Add %{?sle15_python_module_pythons}
* Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- update to 0.11.3
* Updated azure modules
- sorry, six is still needed :(
- update to 0.11.2:
* Updated `azure`, `fastapi`,`flask` modules
* Updated `azure`, `httpx` modules
- Update to 0.11.0
* Updated `azure`, `context`, `flask`, `requests` modules
- from version 0.10.0
* Add kwargs to derived gauge (#1135)
- from version 0.9.0
* Make sure handler.flush() doesn't deadlock (#1112)
- Refresh patches for new version
* opencensus-pr1002-remove-mock.patch
- Update Requires from setup.py
Changes in python-opencensus-context:
- Clean up the SPEC file
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- Update to 0.1.3
* Move `version.py` file into `runtime_context` folder (#1143)
Changes in python-opencensus-ext-threading:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
+ Drop build support for Python 2.x
Changes in python-opentelemetry-api:
- update to 1.23.0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- update to 1.22.0:
* Prometheus exporter sanitize info metric (#3572)
* Remove Jaeger exporters (#3554)
* Log stacktrace on `UNKNOWN` status OTLP export error (#3536)
* Fix OTLPExporterMixin shutdown timeout period (#3524)
* Handle `taskName` `logrecord` attribute (#3557)
- update to 1.21.0:
* Fix `SumAggregation`(#3390)
* Fix handling of empty metric collection cycles (#3335)
* Fix error when no LoggerProvider configured for
LoggingHandler (#3423)
* Make `opentelemetry_metrics_exporter` entrypoint support pull
exporters (#3428)
* Allow instrument names to have '/' and up to 255 characters
(#3442)
* Do not load Resource on sdk import (#3447)
* Update semantic conventions to version 1.21.0 (#3251)
* Add missing schema_url in global api for logging and metrics
(#3251)
* Prometheus exporter support for auto instrumentation (#3413)
* Modify Prometheus exporter to translate non-monotonic Sums
into Gauges (#3306)
* Update the body type in the log ($3343)
* Add max_scale option to Exponential Bucket Histogram
Aggregation (#3323)
* Use BoundedAttributes instead of raw dict to extract
attributes from LogRecord (#3310)
* Support dropped_attributes_count in LogRecord and exporters
(#3351)
* Add unit to view instrument selection criteria (#3341)
* Upgrade opentelemetry-proto to 0.20 and regen #3355)
* Include endpoint in Grpc transient error warning #3362)
* Fixed bug where logging export is tracked as trace #3375)
* Select histogram aggregation with an environment variable
* Move Protobuf encoding to its own package (#3169)
* Add experimental feature to detect resource detectors in auto
instrumentation (#3181)
* Fix exporting of ExponentialBucketHistogramAggregation from
opentelemetry.sdk.metrics.view (#3240)
* Fix headers types mismatch for OTLP Exporters (#3226)
* Fix suppress instrumentation for log batch processor (#3223)
* Add speced out environment variables and arguments for
BatchLogRecordProcessor (#3237)
- Fix `ParentBased` sampler for implicit parent spans. Fix also `trace_state`
erasure for dropped spans or spans sampled by the `TraceIdRatioBased` sampler.
Changes in python-opentelemetry-sdk:
- Add missing python-wheel build dependency to BuildRequires
- update to 1.23.0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- update to 1.23.0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- Initial package (1.22.0)
Changes in python-opentelemetry-semantic-conventions:
- update to 0.44b0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- update to 0.43b0:
* Prometheus exporter sanitize info metric
* Remove Jaeger exporters
* Log stacktrace on `UNKNOWN` status OTLP export error
* Fix OTLPExporterMixin shutdown timeout period
* Handle `taskName` `logrecord` attribute
* Fix `SumAggregation`
* Fix handling of empty metric collection cycles
* Fix error when no LoggerProvider configured for
LoggingHandler
* Make `opentelemetry_metrics_exporter` entrypoint support pull
exporters
* Allow instrument names to have '/' and up to 255 characters
* Do not load Resource on sdk import
* Update semantic conventions to version 1.21.0
* Add missing schema_url in global api for logging and metrics
* Prometheus exporter support for auto instrumentation
* Drop `setuptools` runtime requirement.
* Update the body type in the log ($3343)
* Add max_scale option to Exponential Bucket Histogram
Aggregation
* Use BoundedAttributes instead of raw dict to extract
attributes from LogRecord
* Support dropped_attributes_count in LogRecord and exporters
* Add unit to view instrument selection criteria
* Upgrade opentelemetry-proto to 0.20 and regen #3355)
* Include endpoint in Grpc transient error warning #3362)
* Fixed bug where logging export is tracked as trace #3375)
* Select histogram aggregation with an environment variable
* Move Protobuf encoding to its own package
* Add experimental feature to detect resource detectors in auto
instrumentation
* Fix exporting of ExponentialBucketHistogramAggregation from
opentelemetry.sdk.metrics.view
* Fix headers types mismatch for OTLP Exporters
* Fix suppress instrumentation for log batch processor
* Add speced out environment variables and arguments for
BatchLogRecordProcessor
- Initial build
+ Version 0.25b2
Changes in python-opentelemetry-test-utils:
- update to 0.44b0:
* Use Attribute rather than boundattribute in logrecord (#3567)
* Fix flush error when no LoggerProvider configured for LoggingHandler (#3608)
* Fix OTLPMetricExporter ignores preferred_aggregation property (#3603)
* Logs: set observed_timestamp field (#3565)
* Add missing Resource SchemaURL in OTLP exporters (#3652)
* Fix loglevel warning text (#3566)
* Prometheus Exporter string representation for target_info labels (#3659)
* Logs: ObservedTimestamp field is missing in console exporter output (#3564)
* Fix explicit bucket histogram aggregation (#3429)
* Add code.lineno, code.function and code.filepath to all logs (#3645)
* Add Synchronous Gauge instrument (#3462)
* Drop support for 3.7 (#3668)
* Include key in attribute sequence warning (#3639)
* Upgrade markupsafe, Flask and related dependencies to dev and test
environments (#3609)
* Handle HTTP 2XX responses as successful in OTLP exporters (#3623)
* Improve Resource Detector timeout messaging (#3645)
* Add Proxy classes for logging (#3575)
* Remove dependency on 'backoff' library (#3679)
- Initial package (0.43b0)
Changes in python-pycomposefile:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- Initial build
+ Version 0.0.30
Changes in python-pydash:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
+ Drop %{?!python_module:%define python_module() python-%{**} python3-%{**}}
- Update to version 6.0.2
* Only prevent access to object paths containing ``__globals__`` or
``__builtins__`` instead of all dunder-methods for non-dict/list
objects.
- from version 6.0.1
* Fix exception raised due to mishandling of non-string keys in functions
like ``get()`` for non-dict/list objects that used integer index references
like ``'[0]'``.
- from version 6.0.0
* Prevent access to object paths containing dunder-methods in functions like
``get()`` for non-dict/list objects. Attempting to access dunder-methods
using get-path keys will raise a ``KeyError`` (e.g. ``get(SomeClass(),
'__init__'`` will raise). Access to dict keys are unaffected (e.g.
``get({'__init__': True}, '__init__')`` will return ``True``).
(**breaking change**)
* Add support for Python 3.11.
* Drop support for Python 3.6 (**breaking change**)
- from version 5.1.2
* Remove unnecessary type check and conversion for ``exceptions``
argument in ``pydash.retry``.
- from version 5.1.1
* Add support for Python 3.10.
* Fix timing assertion issue in test for ``pydash.delay`` where it could
fail on certain environments.
- Switch build system from setuptools to pyproject.toml
- Update BuildRequires from pyproject.toml
- version update to 5.1.0
v5.1.0 (2021-10-02)
-------------------
- Support matches-style callbacks on non-dictionary objects that are compatible with ``pydash.get`` in functions like ``pydash.find``.
v5.0.2 (2021-07-15)
-------------------
- Fix compatibility issue between ``pydash.py_`` / ``pydash._`` and ``typing.Protocol`` + ``typing.runtime_checkable``
that caused an exception to be raised for ``isinstance(py_, SomeRuntimeCheckableProtocol)``.
v5.0.1 (2021-06-27)
-------------------
- Fix bug in ``merge_with`` that prevented custom iteratee from being used when recursively merging. Thanks weineel_!
v5.0.0 (2021-03-29)
-------------------
- Drop support for Python 2.7. (**breaking change**)
- Improve Unicode word splitting in string functions to be inline with Lodash. Thanks mervynlee94_! (**breaking change**)
- ``camel_case``
- ``human_case``
- ``kebab_case``
- ``lower_case``
- ``pascal_case``
- ``separator_case``
- ``slugify``
- ``snake_case``
- ``start_case``
- ``upper_case``
- Optimize regular expression constants used in ``pydash.strings`` by pre-compiling them to regular expression pattern objects.
v4.9.3 (2021-03-03)
-------------------
- Fix regression introduced in ``v4.8.0`` that caused ``merge`` and ``merge_with`` to raise an exception when passing ``None``
as the first argument.
v4.9.2 (2020-12-24)
-------------------
- Fix regression introduced in ``v4.9.1`` that broke ``pydash.get`` for dictionaries and dot-delimited keys that reference
integer dict-keys.
v4.9.1 (2020-12-14)
-------------------
- Fix bug in ``get/has`` that caused ``defaultdict`` objects to get populated on key access.
v4.9.0 (2020-10-27)
-------------------
- Add ``default_to_any``. Thanks gonzalonaveira_!
- Fix mishandling of key names containing ``\.`` in ``set_``, ``set_with``, and ``update_with`` where the ``.`` was not
treated as a literal value within the key name. Thanks zhaowb_!
- python-mock is not required for build
- Activate test suite
- Update to v4.8.0
- Initial spec for v4.7.6
Changes in python-redis:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- add https://github.com/redis/redis-py/pull/3005 as
Close-various-objects-created-during-asyncio-tests.patch
to fix tests for python 3.12
- Add patch to increase timeouts in s390x where tests take longer
to run:
* increase-test-timeout.patch
- Disable broken tests for ppc64le, bsc#1216606
- Add pytest.ini source needed to run tests
- Remove/disable broken tests because of suse environment
- drop tox.ini. seems it does no longer exist in 5.0.1
- add support to easily disable the testsuite at build time
- update to 5.0.1
- New Features
- Provide aclose() / close() for classes requiring lifetime
management (#2898)
- Add support for ModuleCommands in cluster (#2951)
- Add support for multiple values in RPUSHX (#2949)
- Add Redis.from_pool() class method, for explicitly owning and
closing a ConnectionPool (#2913)
- Bug Fixes
- Fixing monitor parsing for messages containing specific
substrings (#2950)
- Cluster determine slot command name need to be upper (#2919)
- Support timeout = 0 in search query (#2934)
- Fix async sentinel: add push_request keyword argument to
read_response (#2922)
- Fix protocol checking for search commands (#2923)
- Fix: SentinelManagedConnection.read_response() got an
unexpected keyword argument 'push_request' (#2894)
- Fix: automatically close connection pool for async Sentinel
(#2900)
- Save a reference to created async tasks, to avoid tasks
potentially disappearing (#2816)
- Avoid reference cycling by the garbage collector during
response reading (#2932)
- Maintenance
- Type hint improvements (#2952)
- Replace clear_connect_callbacks with
_deregister_connect_callback (#2955)
- Async fixes, remove del and other things (#2870)
- Add pagination, sorting and grouping examples to search json
example (#2890)
- Remove process-id checks from asyncio. Asyncio and fork()
does not mix. (#2911)
- Fix resource usage and cleanup Mocks in the unit tests
(#2936)
- Remove mentions of tox (#2929)
- Add 7.2 to supported Redis versions (#2896)
- Fix resource warnings in unit tests (#2899)
- Fix typo in redis-stream-example.ipynb (#2918)
- Deprecate RedisGraph (#2927)
- Fix redis 7.2.0 tests (#2902)
- Fix test_scorer (search) (#2920)
- changes from 5.0.0
- What's new?
- Triggers and Functions support Triggers and Functions allow
you to execute server-side functions triggered when key
values are modified or created in Redis, a stream entry
arrival, or explicitly calling them. Simply put, you can
replace Lua scripts with easy-to-develop JavaScript or
TypeScript code. Move your business logic closer to the data
to ensure a lower latency, and forget about updating
dependent key values manually in your code. Try it for
yourself with Quick start
- Full Redis 7.2 and RESP3 support
- Python 3.7 End-of-Life
- Python 3.7 has reached its end-of-life (EOL) as of June
2023. This means that starting from this date, Python 3.7
will no longer receive any updates, including security
patches, bug fixes, or improvements. If you continue to use
Python 3.7 post-EOL, you may expose your projects and
systems to potential security vulnerabilities. We ended its
support in this version and strongly recommend migrating to
Python 3.10.
- Bug Fixes
- Fix timeout retrying on pipeline execution (#2812)
- Fix socket garbage collection (#2859)
- Maintenance
- Updating client license to clear, MIT (#2884)
- Add py.typed in accordance with PEP-561 (#2738)
- Dependabot label change (#2880)
- Fix type hints in SearchCommands (#2817)
- Add sync modules (except search) tests to cluster CI (#2850)
- Fix a duplicate word in CONTRIBUTING.md (#2848)
- Fixing doc builds (#2869)
- Change cluster docker to edge and enable debug command
(#2853)
- changes from 4.6.0
- Experimental Features
- Support JSON.MERGE command (#2761)
- Support JSON.MSET command (#2766)
- New Features
- Extract abstract async connection class (#2734)
- Add support for WAITAOF (#2760)
- Introduce OutOfMemoryError exception for Redis write command rejections due to OOM errors (#2778)
- Add WITHSCORE argument to ZRANK (#2758)
- Bug Fixes
- Fix dead weakref in sentinel connection causing ReferenceError (#2767) (#2771)
- Fix Key Error in parse_xinfo_stream (#2788)
- Remove unnecessary __del__ handlers (#2755)
- Added support for missing argument to SentinelManagedConnection.read_response() (#2756)
- Maintenance
- Fix type hint for retry_on_error in async cluster (#2804)
- Clean up documents and fix some redirects (#2801)
- Add unit tests for the connect method of all Redis connection classes (#2631)
- Docstring formatting fix (#2796)
- update to 4.5.5:
* Add support for CLIENT NO-TOUCH
* Add support for CLUSTER MYSHARDID
* Add 'address_remap' feature to RedisCluster
* Add WITHSCORES argument to ZREVRANK command
* Improve error output for master discovery
* Fix XADD: allow non negative maxlen
* Fix create single connection client from url
* Optionally disable disconnects in read_response
* Fix SLOWLOG GET return value
* Fix potential race condition during disconnection
* Return response in case of KeyError
* Fix incorrect usage of once flag in async Sentinel
* Fix memory leak caused by hiredis in asyncio case
* Really do not use asyncio's timeout lib before 3.11.2
- add sle15_python_module_pythons
- Update to 4.5.4:
* Security
+ Cancelling an async future does not, properly trigger, leading to a
potential data leak in specific cases. (CVE-2023-28858, bsc#1209811)
+ Cancelling an async future does not, properly trigger, leading to a
potential data leak in specific cases. (CVE-2023-28859, bsc#1209812)
* New Features
+ Introduce AbstractConnection so that UnixDomainSocketConnection can
call super().init (#2588)
+ Added queue_class to REDIS_ALLOWED_KEYS (#2577)
+ Made search document subscriptable (#2615)
+ Sped up the protocol parsing (#2596)
+ Use hiredis::pack_command to serialized the commands. (#2570)
+ Add support for unlink in cluster pipeline (#2562)
* Bug Fixes
+ Fixing cancelled async futures (#2666)
+ Fix: do not use asyncio's timeout lib before 3.11.2 (#2659)
+ Fix UDS in v4.5.2: UnixDomainSocketConnection missing constructor
argument (#2630)
+ CWE-404 AsyncIO Race Condition Fix (#2624, #2579)
+ Fix behaviour of async PythonParser to match RedisParser as for
issue #2349 (#2582)
+ Replace async_timeout by asyncio.timeout (#2602)
+ Update json().arrindex() default values (#2611)
+ Fix #2581 UnixDomainSocketConnection object has no attribute
_command_packer (#2583)
+ Fix issue with pack_commands returning an empty byte sequence (#2416)
+ Async HiredisParser should finish parsing after a
Connection.disconnect() (#2557)
+ Check for none, prior to raising exception (#2569)
+ Tuple function cannot be passed more than one argument (#2573)
+ Synchronise concurrent command calls to single-client to single-client
mode (#2568)
+ Async: added 'blocking' argument to call lock method (#2454)
+ Added a replacement for the default cluster node in the event of
failure. (#2463)
+ Fixed geosearch: Wrong number of arguments for geosearch command (#2464)
- Clean up BuildRequires and Requires.
- Disable broken test test_xautoclaim gh#redis/redis-py#2554
- udpate to 4.3.5:
* Add support for TIMESERIES 1.8 (#2296)
* Graph - add counters for removed labels and properties (#2292)
* Add support for TDIGEST.QUANTILE extensions (#2317)
* Add TDIGEST.TRIMMED_MEAN (#2300)
* Add support for async GRAPH module (#2273)
* Support TDIGEST.MERGESTORE and make compression optional on TDIGEST.CREATE
(#2319)
* Adding reserve as an alias for create, so that we have BF.RESERVE and
CF.RESERVE accuratenly supported (#2331)
* Fix async connection.is_connected to return a boolean value (#2278)
* Fix: workaround asyncio bug on connection reset by peer (#2259)
* Fix crash: key expire while search (#2270)
* Async cluster: fix concurrent pipeline (#2280)
* Fix async SEARCH pipeline (#2316)
* Fix KeyError in async cluster - initialize before execute multi key
commands (#2439)
* Supply chain risk reduction: remove dependency on library named deprecated
(#2386)
* Search test - Ignore order of the items in the response (#2322)
* Fix GRAPH.LIST & TDIGEST.QUANTILE tests (#2335)
* Fix TimeSeries range aggregation (twa) tests (#2358)
* Mark TOPK.COUNT as deprecated (#2363)
- update to 4.3.4:
* Fix backward compatibility from 4.3.2 in Lock.acquire()
* Fix XAUTOCLAIM to return the full response, instead of only keys 2+
* Added dynamic_startup_nodes configuration to RedisCluster.
* Fix retries in async mode
* Async cluster: fix simultaneous initialize
* Uppercased commands in CommandsParser.get_keys
* Late eval of the skip condition in async tests
* Reuse the old nodes' connections when a cluster topology refresh is being done
* Docs: add pipeline examples
* Correct retention_msecs value
* Cluster: use pipeline to execute split commands
* Docs: Add a note about client_setname and client_name difference
- Delete unused redismod.conf, remove duplicate Source entry for
tox.ini
- Add redismod.conf and tox.ini as Sources to SPEC file.
- Update to version 4.3.3
* Fix Lock crash, and versioning 4.3.3 (#2210)
* Async cluster: improve docs (#2208)
- Release 4.3.2
* SHUTDOWN - add support for the new NOW, FORCE and ABORT modifiers (#2150)
* Adding pipeline support for async cluster (#2199)
* Support CF.MEXISTS + Clean bf/commands.py (#2184)
* Extending query_params for FT.PROFILE (#2198)
* Implementing ClusterPipeline Lock (#2190)
* Set default response_callbacks to redis.asyncio.cluster.ClusterNode (#2201)
* Add default None for maxlen at xtrim command (#2188)
* Async cluster: add/update typing (#2195)
* Changed list type to single element type (#2203)
* Made sync lock consistent and added types to it (#2137)
* Async cluster: optimisations (#2205)
* Fix typos in README (#2206)
* Fix modules links to https://redis.io/commands/ (#2185)
- Update to version 4.3.1
* Allow negative `retries` for `Retry` class to retry forever
* Add `items` parameter to `hset` signature
* Create codeql-analysis.yml (#1988). Thanks @chayim
* Add limited support for Lua scripting with RedisCluster
* Implement `.lock()` method on RedisCluster
* Fix cursor returned by SCAN for RedisCluster & change default
target to PRIMARIES
* Fix scan_iter for RedisCluster
* Remove verbose logging when initializing ClusterPubSub,
ClusterPipeline or RedisCluster
* Fix broken connection writer lock-up for asyncio (#2065)
* Fix auth bug when provided with no username (#2086)
- Release 4.1.3
* Fix flushdb and flushall (#1926)
* Add redis5 and redis4 dockers (#1871)
* Change json.clear test multi to be up to date with redisjson
(#1922)
* Fixing volume for unstable_cluster docker (#1914)
* Update changes file with changes since 4.0.0-beta2 (#1915)
- Release 4.1.2
* Invalid OCSP certificates should raise ConnectionError on
failed validation (#1907)
* Added retry mechanism on socket timeouts when connecting to
the server (#1895)
* LMOVE, BLMOVE return incorrect responses (#1906)
* Fixing AttributeError in UnixDomainSocketConnection (#1903)
* Fixing TypeError in GraphCommands.explain (#1901)
* For tests, increasing wait time for the cluster (#1908)
* Increased pubsub's wait_for_messages timeout to prevent flaky
tests (#1893)
* README code snippets formatted to highlight properly (#1888)
* Fix link in the main page (#1897)
* Documentation fixes: JSON Example, SSL Connection Examples,
RTD version (#1887)
* Direct link to readthedocs (#1885)
- Release 4.1.1
* Add retries to connections in Sentinel Pools (#1879)
* OCSP Stapling Support (#1873)
* Define incr/decr as aliases of incrby/decrby (#1874)
* FT.CREATE - support MAXTEXTFIELDS, TEMPORARY, NOHL, NOFREQS,
SKIPINITIALSCAN (#1847)
* Timeseries docs fix (#1877)
* get_connection: catch OSError too (#1832)
* Set keys var otherwise variable not created (#1853)
* Clusters should optionally require full slot coverage (#1845)
* Triple quote docstrings in client.py PEP 257 (#1876)
* syncing requirements (#1870)
* Typo and typing in GraphCommands documentation (#1855)
* Allowing poetry and redis-py to install together (#1854)
* setup.py: Add project_urls for PyPI (#1867)
* Support test with redis unstable docker (#1850)
* Connection examples (#1835)
* Documentation cleanup (#1841)
- Release 4.1.0
* OCSP stapling support (#1820)
* Support for SELECT (#1825)
* Support for specifying error types with retry (#1817)
* Support for RESET command since Redis 6.2.0 (#1824)
* Support CLIENT TRACKING (#1612)
* Support WRITE in CLIENT PAUSE (#1549)
* JSON set_file and set_path support (#1818)
* Allow ssl_ca_path with rediss:// urls (#1814)
* Support for password-encrypted SSL private keys (#1782)
* Support SYNC and PSYNC (#1741)
* Retry on error exception and timeout fixes (#1821)
* Fixing read race condition during pubsub (#1737)
* Fixing exception in listen (#1823)
* Fixed MovedError, and stopped iterating through startup nodes
when slots are fully covered (#1819)
* Socket not closing after server disconnect (#1797)
* Single sourcing the package version (#1791)
* Ensure redis_connect_func is set on uds connection (#1794)
* SRTALGO - Skip for redis versions greater than 7.0.0 (#1831)
* Documentation updates (#1822)
* Add CI action to install package from repository commit hash
(#1781) (#1790)
* Fix link in lmove docstring (#1793)
* Disabling JSON.DEBUG tests (#1787)
* Migrated targeted nodes to kwargs in Cluster Mode (#1762)
* Added support for MONITOR in clusters (#1756)
* Adding ROLE Command (#1610)
* Integrate RedisBloom support (#1683)
* Adding RedisGraph support (#1556)
* Allow overriding connection class via keyword arguments
(#1752)
* Aggregation LOAD * support for RediSearch (#1735)
* Adding cluster, bloom, and graph docs (#1779)
* Add packaging to setup_requires, and use >= to play nice to
setup.py (fixes #1625) (#1780)
* Fixing the license link in the readme (#1778)
* Removing distutils from tests (#1773)
* Fix cluster ACL tests (#1774)
* Improved RedisCluster's reinitialize_steps and documentation
(#1765)
* Added black and isort (#1734)
* Link Documents for all module commands (#1711)
* Pyupgrade + flynt + f-strings (#1759)
* Remove unused aggregation subclasses in RediSearch (#1754)
* Adding RedisCluster client to support Redis Cluster Mode
(#1660)
* Support RediSearch FT.PROFILE command (#1727)
* Adding support for non-decodable commands (#1731)
* COMMAND GETKEYS support (#1738)
* RedisJSON 2.0.4 behaviour support (#1747)
* Removing deprecating distutils (PEP 632) (#1730)
* Updating PR template (#1745)
* Removing duplication of Script class (#1751)
* Splitting documentation for read the docs (#1743)
* Improve code coverage for aggregation tests (#1713)
* Fixing COMMAND GETKEYS tests (#1750)
* GitHub release improvements (#1684)
- Release 4.0.2
* Restoring Sentinel commands to redis client (#1723)
* Better removal of hiredis warning (#1726)
* Adding links to redis documents in function calls (#1719)
- Release 4.0.1
* Removing command on initial connections (#1722)
* Removing hiredis warning when not installed (#1721)
- Release 4.0.0
* FT.EXPLAINCLI intentionally raising NotImplementedError
* Restoring ZRANGE desc for Redis < 6.2.0 (#1697)
* Response parsing occasionally fails to parse floats (#1692)
* Re-enabling read-the-docs (#1707)
* Call HSET after FT.CREATE to avoid keyspace scan (#1706)
* Unit tests fixes for compatibility (#1703)
* Improve documentation about Locks (#1701)
* Fixes to allow --redis-url to pass through all tests (#1700)
* Fix unit tests running against Redis 4.0.0 (#1699)
* Search alias test fix (#1695)
* Adding RediSearch/RedisJSON tests (#1691)
* Updating codecov rules (#1689)
* Tests to validate custom JSON decoders (#1681)
* Added breaking icon to release drafter (#1702)
* Removing dependency on six (#1676)
* Re-enable pipeline support for JSON and TimeSeries (#1674)
* Export Sentinel, and SSL like other classes (#1671)
* Restore zrange functionality for older versions of Redis
(#1670)
* Fixed garbage collection deadlock (#1578)
* Tests to validate built python packages (#1678)
* Sleep for flaky search test (#1680)
* Test function renames, to match standards (#1679)
* Docstring improvements for Redis class (#1675)
* Fix georadius tests (#1672)
* Improvements to JSON coverage (#1666)
* Add python_requires setuptools check for python > 3.6 (#1656)
* SMISMEMBER support (#1667)
* Exposing the module version in loaded_modules (#1648)
* RedisTimeSeries support (#1652)
* Support for json multipath ($) (#1663)
* Added boolean parsing to PEXPIRE and PEXPIREAT (#1665)
* Add python_requires setuptools check for python > 3.6 (#1656)
* Adding vulture for static analysis (#1655)
* Starting to clean the docs (#1657)
* Update README.md (#1654)
* Adding description format for package (#1651)
* Publish to pypi as releases are generated with the release
drafter (#1647)
* Restore actions to prs (#1653)
* Fixing the package to include commands (#1649)
* Re-enabling codecov as part of CI process (#1646)
* Adding support for redisearch (#1640) Thanks @chayim
* redisjson support (#1636) Thanks @chayim
* Sentinel: Add SentinelManagedSSLConnection (#1419) Thanks
@AbdealiJK
* Enable floating parameters in SET (ex and px) (#1635) Thanks
@AvitalFineRedis
* Add warning when hiredis not installed. Recommend
installation. (#1621) Thanks @adiamzn
* Raising NotImplementedError for SCRIPT DEBUG and DEBUG
SEGFAULT (#1624) Thanks @chayim
* CLIENT REDIR command support (#1623) Thanks @chayim
* REPLICAOF command implementation (#1622) Thanks @chayim
* Add support to NX XX and CH to GEOADD (#1605) Thanks
@AvitalFineRedis
* Add support to ZRANGE and ZRANGESTORE parameters (#1603)
Thanks @AvitalFineRedis
* Pre 6.2 redis should default to None for script flush (#1641)
Thanks @chayim
* Add FULL option to XINFO SUMMARY (#1638) Thanks @agusdmb
* Geosearch test should use any=True (#1594) Thanks
@Andrew-Chen-Wang
* Removing packaging dependency (#1626) Thanks @chayim
* Fix client_kill_filter docs for skimpy (#1596) Thanks
@Andrew-Chen-Wang
* Normalize minid and maxlen docs (#1593) Thanks
@Andrew-Chen-Wang
* Update docs for multiple usernames for ACL DELUSER (#1595)
Thanks @Andrew-Chen-Wang
* Fix grammar of get param in set command (#1588) Thanks
@Andrew-Chen-Wang
* Fix docs for client_kill_filter (#1584) Thanks
@Andrew-Chen-Wang
* Convert README & CONTRIBUTING from rst to md (#1633) Thanks
@davidylee
* Test BYLEX param in zrangestore (#1634) Thanks
@AvitalFineRedis
* Tox integrations with invoke and docker (#1632) Thanks
@chayim
* Adding the release drafter to help simplify release notes
(#1618). Thanks @chayim
* BACKWARDS INCOMPATIBLE: Removed support for end of life
Python 2.7. #1318
* BACKWARDS INCOMPATIBLE: All values within Redis URLs are
unquoted via urllib.parse.unquote. Prior versions of redis-py
supported this by specifying the ``decode_components`` flag
to the ``from_url`` functions. This is now done by default
and cannot be disabled. #589
* POTENTIALLY INCOMPATIBLE: Redis commands were moved into a
mixin (see commands.py). Anyone importing ``redis.client`` to
access commands directly should import ``redis.commands``.
#1534, #1550
* Removed technical debt on REDIS_6_VERSION placeholder. Thanks
@chayim #1582.
* Various docus fixes. Thanks @Andrew-Chen-Wang #1585, #1586.
* Support for LOLWUT command, available since Redis 5.0.0.
Thanks @brainix #1568.
* Added support for CLIENT REPLY, available in Redis 3.2.0.
Thanks @chayim #1581.
* Support for Auto-reconnect PubSub on get_message. Thanks
@luhn #1574.
* Fix RST syntax error in README/ Thanks @JanCBrammer #1451.
* IDLETIME and FREQ support for RESTORE. Thanks @chayim #1580.
* Supporting args with MODULE LOAD. Thanks @chayim #1579.
* Updating RedisLabs with Redis. Thanks @gkorland #1575.
* Added support for ASYNC to SCRIPT FLUSH available in Redis
6.2.0. Thanks @chayim. #1567
* Added CLIENT LIST fix to support multiple client ids
available in Redis 2.8.12. Thanks @chayim #1563.
* Added DISCARD support for pipelines available in Redis 2.0.0.
Thanks @chayim #1565.
* Added ACL DELUSER support for deleting lists of users
available in Redis 6.2.0. Thanks @chayim. #1562
* Added CLIENT TRACKINFO support available in Redis 6.2.0.
Thanks @chayim. #1560
* Added GEOSEARCH and GEOSEARCHSTORE support available in Redis
6.2.0. Thanks @AvitalFine Redis. #1526
* Added LPUSHX support for lists available in Redis 4.0.0.
Thanks @chayim. #1559
* Added support for QUIT available in Redis 1.0.0. Thanks
@chayim. #1558
* Added support for COMMAND COUNT available in Redis 2.8.13.
Thanks @chayim. #1554.
* Added CREATECONSUMER support for XGROUP available in Redis
6.2.0. Thanks @AvitalFineRedis. #1553
* Including slowly complexity in INFO if available. Thanks
@ian28223 #1489.
* Added support for STRALGO available in Redis 6.0.0. Thanks
@AvitalFineRedis. #1528
* Addes support for ZMSCORE available in Redis 6.2.0. Thanks
@2014BDuck and @jiekun.zhu. #1437
* Support MINID and LIMIT on XADD available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1548
* Added sentinel commands FLUSHCONFIG, CKQUORUM, FAILOVER, and
RESET available in Redis 2.8.12. Thanks @otherpirate. #834
* Migrated Version instead of StrictVersion for Python 3.10.
Thanks @tirkarthi. #1552
* Added retry mechanism with backoff. Thanks @nbraun-amazon.
#1494
* Migrated commands to a mixin. Thanks @chayim. #1534
* Added support for ZUNION, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1522
* Added support for CLIENT LIST with ID, available in Redis
6.2.0. Thanks @chayim. #1505
* Added support for MINID and LIMIT with xtrim, available in
Reds 6.2.0. Thanks @chayim. #1508
* Implemented LMOVE and BLMOVE commands, available in Redis
6.2.0. Thanks @chayim. #1504
* Added GET argument to SET command, available in Redis 6.2.0.
Thanks @2014BDuck. #1412
* Documentation fixes. Thanks @enjoy-binbin @jonher937. #1496
#1532
* Added support for XAUTOCLAIM, available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1529
* Added IDLE support for XPENDING, available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1523
* Add a count parameter to lpop/rpop, available in Redis 6.2.0.
Thanks @wavenator. #1487
* Added a (pypy) trove classifier for Python 3.9. Thanks @D3X.
#1535
* Added ZINTER support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1520
* Added ZINTER support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1520
* Added ZDIFF and ZDIFFSTORE support, available in Redis 6.2.0.
Thanks @AvitalFineRedis. #1518
* Added ZRANGESTORE support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1521
* Added LT and GT support for ZADD, available in Redis 6.2.0.
Thanks @chayim. #1509
* Added ZRANDMEMBER support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1519
* Added GETDEL support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1514
* Added CLIENT KILL laddr filter, available in Redis 6.2.0.
Thanks @chayim. #1506
* Added CLIENT UNPAUSE, available in Redis 6.2.0. Thanks
@chayim. #1512
* Added NOMKSTREAM support for XADD, available in Redis 6.2.0.
Thanks @chayim. #1507
* Added HRANDFIELD support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1513
* Added CLIENT INFO support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1517
* Added GETEX support, available in Redis 6.2.0. Thanks
@AvitalFineRedis. #1515
* Added support for COPY command, available in Redis 6.2.0.
Thanks @malinaa96. #1492
* Provide a development and testing environment via docker.
Thanks @abrookins. #1365
* Added support for the LPOS command available in Redis 6.0.6.
Thanks @aparcar #1353/#1354
* Added support for the ACL LOG command available in Redis 6.
Thanks @2014BDuck. #1307
* Added support for ABSTTL option of the RESTORE command
available in Redis 5.0. Thanks @charettes. #1423
- Drop account-defaults-redis.patch merged upstream
- Add account-defaults-redis.patch which fixes failing tests by
taking into consideration redis defaults, not overwriting them
(gh#andymccurdy/redis-py#1499).
- Skipp two tests because of gh#andymccurdy/redis-py#1459.
- update to 3.5.3
* Restore try/except clauses to __del__ methods. These will be removed
in 4.0 when more explicit resource management if enforced. #1339
* Update the master_address when Sentinels promote a new master. #847
* Update SentinelConnectionPool to not forcefully disconnect other in-use
connections which can negatively affect threaded applications. #1345
3.5.2
* Tune the locking in ConnectionPool.get_connection so that the lock is
not held while waiting for the socket to establish and validate the
TCP connection.
3.5.1
* Fix for HSET argument validation to allow any non-None key. Thanks
@AleksMat, #1337, #1341
3.5.0
* Removed exception trapping from __del__ methods. redis-py objects that
hold various resources implement __del__ cleanup methods to release
those resources when the object goes out of scope. This provides a
fallback for when these objects aren't explicitly closed by user code.
Prior to this change any errors encountered in closing these resources
would be hidden from the user. Thanks @jdufresne. #1281
* Expanded support for connection strings specifying a username connecting
to pre-v6 servers. #1274
* Optimized Lock's blocking_timeout and sleep. If the lock cannot be
acquired and the sleep value would cause the loop to sleep beyond
blocking_timeout, fail immediately. Thanks @clslgrnc. #1263
* Added support for passing Python memoryviews to Redis command args that
expect strings or bytes. The memoryview instance is sent directly to
the socket such that there are zero copies made of the underlying data
during command packing. Thanks @Cody-G. #1265, #1285
* HSET command now can accept multiple pairs. HMSET has been marked as
deprecated now. Thanks to @laixintao #1271
* Don't manually DISCARD when encountering an ExecAbortError.
Thanks @nickgaya, #1300/#1301
* Reset the watched state of pipelines after calling exec. This saves
a roundtrip to the server by not having to call UNWATCH within
Pipeline.reset(). Thanks @nickgaya, #1299/#1302
* Added the KEEPTTL option for the SET command. Thanks
@laixintao #1304/#1280
* Added the MEMORY STATS command. #1268
* Lock.extend() now has a new option, `replace_ttl`. When False (the
default), Lock.extend() adds the `additional_time` to the lock's existing
TTL. When replace_ttl=True, the lock's existing TTL is replaced with
the value of `additional_time`.
* Add testing and support for PyPy.
- downgrade requires for redis to recommends
* Better error handling
Changes in python-retrying:
- Switch package to modern Python Stack on SLE-15
+ Add %{?sle15_python_module_pythons}
- require setuptools
- Switch to pyproject macros.
- Stop using greedy globs in %files.
- Update to version 1.3.4
* Added Greg Roodt as maintainer
* Formatted code with black
* Updated repository references
- Improve summary.
- Remove superfluous devel dependency for noarch package
- Initial package
Changes in python-semver:
- update to 3.0.2:
* :pr:`418`: Replace :class:`~collection.OrderedDict` with
:class:`dict`.
* The dict datatype is ordered since Python 3.7. As we do not
support Python 3.6 anymore, it can be considered safe to avoid
:class:`~collection.OrderedDict`.
* :pr:`431`: Clarify version policy for the different semver
versions (v2, v3, >v3) and the supported Python versions.
* :gh:`432`: Improve external doc links to Python and Pydantic.
* :pr:`417`: Amend GitHub Actions to check against MacOS.
- remove obsolete setup-remove-asterisk.patch
- update to version 3.0.1:
- Remove incorrect dependencies from build-system section of pyproject.toml by @mgorny in #405
- correct typo in function description of next_version by @treee111 in #406
- Improve GitHub Action by @tomschr in #408
- Add CITATION.cff for citation by @tomschr in #409
- Add Version class to __all__ export. Fix #410 by @Soneji in #411
- Configure docformatter by @tomschr in #412
- Prepare version 3.0.1 by @tomschr in #413
- update to version 3.0.0:
- Bugfixes
- :gh:`291`: Disallow negative numbers in VersionInfo arguments
for ``major``, ``minor``, and ``patch``.
* :gh:`310`: Rework API documentation.
Follow a more 'semi-manual' attempt and add auto directives
into :file:`docs/api.rst`.
* :gh:`344`: Allow empty string, a string with a prefix, or ``None``
as token in
:meth:`~semver.version.Version.bump_build` and
:meth:`~semver.version.Version.bump_prerelease`.
* :pr:`384`: General cleanup, reformat files:
* Reformat source code with black again as some config options
did accidentely exclude the semver source code.
Mostly remove some includes/excludes in the black config.
* Integrate concurrency in GH Action
* Ignore Python files on project dirs in .gitignore
* Remove unused patterns in MANIFEST.in
* Use ``extend-exclude`` for flake in :file:`setup.cfg`` and adapt list.
* Use ``skip_install=True`` in :file:`tox.ini` for black
* :pr:`393`: Fix command :command:`python -m semver` to avoid the error 'invalid choice'
* :pr:`396`: Calling :meth:`~semver.version.Version.parse` on a derived class will show correct type of derived class.
- Deprecations
* :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``.
* :gh:`234`: In :file:`setup.py` simplified file and remove
``Tox`` and ``Clean`` classes
* :gh:`284`: Deprecate the use of :meth:`~Version.isvalid`.
Rename :meth:`~semver.version.Version.isvalid`
to :meth:`~semver.version.Version.is_valid`
for consistency reasons with :meth:`~semver.version.Version.is_compatible`.
* :pr:`402`: Keep :func:`semver.compare <semver._deprecated.compare>`.
Although it breaks consistency with module level functions, it seems it's
a much needed/used function. It's still unclear if we should deprecate
this function or not (that's why we use :py:exc:`PendingDeprecationWarning`).
As we don't have a uniform initializer yet, this function stays in the
:file:`_deprecated.py` file for the time being until we find a better solution. See :gh:`258` for details.
- Features
* Remove :file:`semver.py`
* Create :file:`src/semver/__init__.py`
* Create :file:`src/semver/cli.py` for all CLI methods
* Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions
* Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver`
* Create :file:`src/semver/_types.py` to hold type aliases
* Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions
* Create :file:`src/semver/__about__.py` for all the metadata variables
* :gh:`213`: Add typing information
* :gh:`284`: Implement :meth:`~semver.version.Version.is_compatible` to make 'is self compatible with X'.
* :gh:`305`: Rename :class:`~semver.version.VersionInfo` to :class:`~semver.version.Version` but keep an alias for compatibility
- add setup-remove-asterisk.patch to fix build error
- update to version 3.0.0-dev.4:
- Bug Fixes:
- :gh:`374`: Correct Towncrier's config entries in the :file:`pyproject.toml` file.
The old entries ``[[tool.towncrier.type]]`` are deprecated and need
to be replaced by ``[tool.towncrier.fragment.<TYPE>]``.
- Deprecations:
- :gh:`372`: Deprecate support for Python 3.6.
Python 3.6 reached its end of life and isn't supported anymore.
At the time of writing (Dec 2022), the lowest version is 3.7.
Although the `poll <https://github.com/python-semver/python-semver/discussions/371>`_
didn't cast many votes, the majority agree to remove support for
Python 3.6.
- Improved Documentation:
- :gh:`335`: Add new section 'Converting versions between PyPI and semver' the limitations
and possible use cases to convert from one into the other versioning scheme.
- :gh:`340`: Describe how to get version from a file
- :gh:`343`: Describe combining Pydantic with semver in the 'Advanced topic'
section.
- :gh:`350`: Restructure usage section. Create subdirectory 'usage/' and splitted
all section into different files.
- :gh:`351`: Introduce new topics for:
* 'Migration to semver3'
* 'Advanced topics'
- Features:
- :pr:`359`: Add optional parameter ``optional_minor_and_patch`` in :meth:`.Version.parse` to allow optional
minor and patch parts.
- :pr:`362`: Make :meth:`.Version.match` accept a bare version string as match expression, defaulting to
equality testing.
- :gh:`364`: Enhance :file:`pyproject.toml` to make it possible to use the
:command:`pyproject-build` command from the build module.
For more information, see :ref:`build-semver`.
- :gh:`365`: Improve :file:`pyproject.toml`.
* Use setuptools, add metadata. Taken approach from
`A Practical Guide to Setuptools and Pyproject.toml
<https://godatadriven.com/blog/a-practical-guide-to-setuptools-and-pyproject-toml/>`_.
* Doc: Describe building of semver
* Remove :file:`.travis.yml` in :file:`MANIFEST.in`
(not needed anymore)
* Distinguish between Python 3.6 and others in :file:`tox.ini`
* Add skip_missing_interpreters option for :file:`tox.ini`
* GH Action: Upgrade setuptools and setuptools-scm and test
against 3.11.0-rc.2
- Trivial/Internal Changes:
- :gh:`378`: Fix some typos in Towncrier configuration
- switch to the tagged version rather than a gh branch tarball
- fix support for Python 3.10 with update to development version:
- update to revision g4d2df08:
- Changes for the upcoming release can be found in:
- the `'changelog.d' directory <https://github.com/python-semver/python-semver/tree/master/changelog.d>`_:
- in our repository.:
- update to version 3.0.0-dev.2:
- Deprecations:
- :gh:`169`: Deprecate CLI functions not imported from ``semver.cli``.
- Features:
- :gh:`169`: Create semver package and split code among different modules in the packages.
* Remove :file:`semver.py`
* Create :file:`src/semver/__init__.py`
* Create :file:`src/semver/cli.py` for all CLI methods
* Create :file:`src/semver/_deprecated.py` for the ``deprecated`` decorator and other deprecated functions
* Create :file:`src/semver/__main__.py` to allow calling the CLI using :command:`python -m semver`
* Create :file:`src/semver/_types.py` to hold type aliases
* Create :file:`src/semver/version.py` to hold the :class:`Version` class (old name :class:`VersionInfo`) and its utility functions
* Create :file:`src/semver/__about__.py` for all the metadata variables
- :gh:`305`: Rename :class:`VersionInfo` to :class:`Version` but keep an alias for compatibility
- Improved Documentation:
- :gh:`304`: Several improvements in documentation:
* Reorganize API documentation.
* Add migration chapter from semver2 to semver3.
* Distinguish between changlog for version 2 and 3
- :gh:`305`: Add note about :class:`Version` rename.
- Trivial/Internal Changes:
- :gh:`169`: Adapted infrastructure code to the new project layout.
* Replace :file:`setup.py` with :file:`setup.cfg` because the :file:`setup.cfg` is easier to use
* Adapt documentation code snippets where needed
* Adapt tests
* Changed the ``deprecated`` to hardcode the ``semver`` package name in the warning.
Increase coverage to 100% for all non-deprecated APIs
- :gh:`304`: Support PEP-561 :file:`py.typed`.
According to the mentioned PEP:
'Package maintainers who wish to support type checking
of their code MUST add a marker file named :file:`py.typed`
to their package supporting typing.'
Add package_data to :file:`setup.cfg` to include this marker in dist
and whl file.
- update to version 3.0.0-dev.1:
- Deprecations:
- :pr:`290`: For semver 3.0.0-alpha0:
* Remove anything related to Python2
* In :file:`tox.ini` and :file:`.travis.yml`
Remove targets py27, py34, py35, and pypy.
Add py38, py39, and nightly (allow to fail)
* In :file:`setup.py` simplified file and remove
``Tox`` and ``Clean`` classes
* Remove old Python versions (2.7, 3.4, 3.5, and pypy)
from Travis
- :gh:`234`: In :file:`setup.py` simplified file and remove
``Tox`` and ``Clean`` classes
- Features:
- :pr:`290`: Create semver 3.0.0-alpha0
* Update :file:`README.rst`, mention maintenance
branch ``maint/v2``.
* Remove old code mainly used for Python2 compatibility,
adjusted code to support Python3 features.
* Split test suite into separate files under :file:`tests/`
directory
* Adjust and update :file:`setup.py`. Requires Python >=3.6.*
Extract metadata directly from source (affects all the ``__version__``,
``__author__`` etc. variables)
- :gh:`270`: Configure Towncrier (:pr:`273`:)
* Add :file:`changelog.d/.gitignore` to keep this directory
* Create :file:`changelog.d/README.rst` with some descriptions
* Add :file:`changelog.d/_template.rst` as Towncrier template
* Add ``[tool.towncrier]`` section in :file:`pyproject.toml`
* Add 'changelog' target into :file:`tox.ini`. Use it like
:command:`tox -e changelog -- CMD` whereas ``CMD`` is a
Towncrier command. The default :command:`tox -e changelog`
calls Towncrier to create a draft of the changelog file
and output it to stdout.
* Update documentation and add include a new section
'Changelog' included from :file:`changelog.d/README.rst`.
- :gh:`276`: Document how to create a sublass from :class:`VersionInfo` class
- :gh:`213`: Add typing information
- Bug Fixes:
- :gh:`291`: Disallow negative numbers in VersionInfo arguments
for ``major``, ``minor``, and ``patch``.
- Improved Documentation:
- :pr:`290`: Several improvements in the documentation:
* New layout to distinguish from the semver2 development line.
* Create new logo.
* Remove any occurances of Python2.
* Describe changelog process with Towncrier.
* Update the release process.
- Trivial/Internal Changes:
- :pr:`290`: Add supported Python versions to :command:`black`.
* PR #62. Support custom default names for pre and build
Changes in python-sshtunnel:
- Require update-alternatives for the scriptlets.
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- Limit Python files matched in %files section
- Use %sle15_python_module_pythons
- do not require python-mock for build
- update to 0.4.0:
+ Change the daemon mod flag for all tunnel threads (is not fully backward
compatible) to prevent unexpected hangs (`#219`_) + Add docker based end to end
functinal tests for Mongo/Postgres/MySQL
+ Add docker based end to end hangs tests
+ Fix host key directory detection
+ Unify default ssh config folder to `~/.ssh`
+ Increase open connection timeout to 10 secods
+ Change default with context behavior to use `.stop(force=True)` on exit
+ Remove useless `daemon_forward_servers = True` hack for hangs prevention
+ Set transport keepalive to 5 second by default
+ Set default transport timeout to 0.1
+ Deprecate and remove `block_on_close` option
+ Fix 'deadlocks' / 'tunneling hangs'
+ Add `.stop(force=True)` for force close active connections
+ Fixes bug with orphan thread for a tunnel that is DOWN
+ Support IPv6 without proxy command. Use built-in paramiko create socket
logic. The logic tries to use ipv6 socket family first, then ipv4 socket
family.
Changes in python-strictyaml:
- require setuptools
- update to 1.7.3:
* REFACTOR : Fix pipeline.
* TOOLING : Improvements to pyenv multi-environment tester.
* FEATURE : Upgraded package to use pyproject.toml files
* REFACTOR : Fixed linter errors.
* TOOLING : Build wheel and sdist that both work.
- Add %{?sle15_python_module_pythons}
- Update to 1.6.2
No relevant code changes.
see details changelog: https://hitchdev.com/strictyaml/changelog/#latest
- update to 1.6.1
too many changes to be listed here
see detailed changelog: https://hitchdev.com/strictyaml/changelog/
- update to 1.4.4
* Add support for NaN and infinity representations
* Optional keys in mappings and set value to None
* Support underscores in int and decimal
* NullNone - parse 'null' as None like YAML 1.2 does.
* Bundle last propertly working ruamel.yaml version in with strictyaml.
- version update to 1.0.6
* BUGFIX : Fix accidental python 2 breakage.
* BUGFIX : Accidental misrecognition of boolean values as numbers - cause of #85.
* BUGFIX : Fix for #86 - handle changing multiline strings.
* BUGFIX: handle deprecated collections import in the parser (#82)
- Update to 1.0.5:
* BUGFIX : Fixed python 2 bug introduced when fixing #72.
* FEATURE : Include tests / stories in package.
* BUG: issue #72. Now setitem uses schema.
- Expand %description.
- Initial spec for v1.0.3
Changes in python-sure:
- Switch build system from setuptools to pyproject.toml
+ Add python-pip and python-wheel to BuildRequires
+ Replace %python_build with %pyproject_wheel
+ Replace %python_install with %pyproject_install
- update to 2.0.1:
* Fixes CI build (Github Actions)
* Fixes broken tests
* Housekeeping: Licensing
* Disable nosetests for testing leaving only pytest as
supported test-runner for now
- Add %{?sle15_python_module_pythons}
- Remove mock from BuildRequires.
- Rebase python-sure-no-mock.patch to remove one missed import.
- do not require mock for build nor runtime
- added patches
fix https://github.com/gabrielfalcao/sure/pull/161
+ python-sure-no-mock.patch
- Update to 2.0.0
* No longer patch the builtin dir() function, which fixes pytest
in some cases such as projects using gevent.
- switch to pytest
- Version update to 1.4.11:
* Reading the version dynamically was causing import errors that caused error when installing package. Refs #144
Changes in python-vcrpy:
- Update to 6.0.1
* BREAKING: Fix issue with httpx support (thanks @parkerhancock) in #784.
* BREAKING: Drop support for `boto` (vcrpy still supports boto3, but is dropping the deprecated `boto` support in this release. (thanks @jairhenrique)
* Fix compatibility issue with Python 3.12 (thanks @hartwork)
* Drop simplejson (fixes some compatibility issues) (thanks @jairhenrique)
* Run CI on Python 3.12 and PyPy 3.9-3.10 (thanks @mgorny)
* Various linting and docs improvements (thanks @jairhenrique)
* Tornado fixes (thanks @graingert)
- version update to 5.1.0
* Use ruff for linting (instead of current flake8/isort/pyflakes) - thanks @jairhenrique
* Enable rule B (flake8-bugbear) on ruff - thanks @jairhenrique
* Configure read the docs V2 - thanks @jairhenrique
* Fix typo in docs - thanks @quasimik
* Make json.loads of Python >=3.6 decode bytes by itself - thanks @hartwork
* Fix body matcher for chunked requests (fixes #734) - thanks @hartwork
* Fix query param filter for aiohttp (fixes #517) - thanks @hartwork and @salomvary
* Remove unnecessary dependency on six. - thanks @charettes
* build(deps): update sphinx requirement from <7 to <8 - thanks @jairhenrique
* Add action to validate docs - thanks @jairhenrique
* Add editorconfig file - thanks @jairhenrique
* Drop iscoroutinefunction fallback function for unsupported python thanks @jairhenrique
- for changelog for older releases refer to https://github.com/kevin1024/vcrpy/releases
- six is not required
- Use sle15_python_module_pythons
- Restrict urllib3 < 2 -- gh#kevin1024/vcrpy#688
- Update to version 4.2.1
* Fix a bug where the first request in a redirect chain was not being recorded with aiohttp
* Various typos and small fixes, thanks @jairhenrique, @timgates42
- Update to 4.1.1:
* Fix HTTPX support for versions greater than 0.15 (thanks @jairhenrique)
* Include a trailing newline on json cassettes (thanks @AaronRobson)
- Update to 4.1.0:
* Add support for httpx!! (thanks @herdigiorgi)
* Add the new allow_playback_repeats option (thanks @tysonholub)
* Several aiohttp improvements (cookie support, multiple headers with same
key) (Thanks @pauloromeira)
* Use enums for record modes (thanks @aaronbannin)
* Bugfix: Do not redirect on 304 in aiohttp (Thanks @royjs)
* Bugfix: Fix test suite by switching to mockbin (thanks @jairhenrique)
- Remove patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch
as we dropped py2 integration support on Tumbleweed
- Added patch 0001-Revert-v4.0.x-Remove-legacy-python-and-add-python3.8.patch
* Enable python2 again since it breaks many packages
- Fix locale on Leap
- update to version 4.0.2
* Remove Python2 support
* Add Python 3.8 TravisCI support
* Correct mock imports
Changes in python-xmltodict:
- Clean up the SPEC file.
- add sle15_python_module_pythons
- update to 0.13.0:
* Add install info to readme for openSUSE. (#205)
* Support defaultdict for namespace mapping (#211)
* parse(generator) is now possible (#212)
* Processing comments on parsing from xml to dict (connected to #109) (#221)
* Add expand_iter kw to unparse to expand iterables (#213)
* Fixed some typos
* Add support for python3.8
* Drop Jython/Python 2 and add Python 3.9/3.10.
* Drop OrderedDict in Python >= 3.7
* Do not use len() to determine if a sequence is empty
* Add more namespace attribute tests
* Fix encoding issue in setup.py
- Add patch skip-tests-expat-245.patch:
* Do not run tests that make no sense with a current Expat.
Changes in python-asgiref:
First package shipment.
ImportantSUSE bug 1209571SUSE bug 1209811SUSE bug 1209812SUSE bug 1216606SUSE bug 1222880SUSE bug 761162CVE-2023-28858 at SUSECVE-2023-28858 at NVDCVE-2023-28859 at SUSECVE-2023-28859 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27042: Fixed drm/amdgpu for potential out-of-bounds access in amdgpu_discovery_reg_base_init() (bsc#1223823).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26939: Fixed drm/i915/vma UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26915: Fixed drm/amdgpu reset IH OVERFLOW_CLEAR bit (bsc#1223207).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26898: Fixed aoe potential use-after-free problem in aoecmd_cfg_pkts (bsc#1223016).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26876: Fixed drm/bridge/adv7511 crash on irq during probe (bsc#1223119).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26791: Fixed btrfs/dev-replace properly validate device names (bsc#1222793).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26700: Fixed drm/amd/display MST Null pointer dereference for RV (bsc#1222870).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26679: Fixed inet read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes).
- Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
- Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes).
- Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
- Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
- Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- nfsd: Fixed mount kerberized nfs4 share issue (git-fixes bsc#1223858).
- s390: Fixed kernel backtrack (bsc#1141539 git-fixes).
- nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640).
- s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Only update pages_touched when a new page is touched (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
ImportantSUSE bug 1141539SUSE bug 1190576SUSE bug 1192145SUSE bug 1192837SUSE bug 1193629SUSE bug 1196869SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1207361SUSE bug 1211592SUSE bug 1213573SUSE bug 1217339SUSE bug 1217408SUSE bug 1218562SUSE bug 1218917SUSE bug 1219104SUSE bug 1219126SUSE bug 1219141SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220569SUSE bug 1220761SUSE bug 1221042SUSE bug 1221044SUSE bug 1221080SUSE bug 1221084SUSE bug 1221088SUSE bug 1221299SUSE bug 1221612SUSE bug 1221617SUSE bug 1221645SUSE bug 1221825SUSE bug 1222294SUSE bug 1222307SUSE bug 1222357SUSE bug 1222368SUSE bug 1222379SUSE bug 1222385SUSE bug 1222424SUSE bug 1222430SUSE bug 1222435SUSE bug 1222482SUSE bug 1222559SUSE bug 1222585SUSE bug 1222613SUSE bug 1222615SUSE bug 1222618SUSE bug 1222624SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222703SUSE bug 1222704SUSE bug 1222709SUSE bug 1222710SUSE bug 1222721SUSE bug 1222726SUSE bug 1222773SUSE bug 1222776SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222793SUSE bug 1222796SUSE bug 1222812SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222870SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1222968SUSE bug 1222976SUSE bug 1223012SUSE bug 1223014SUSE bug 1223016SUSE bug 1223024SUSE bug 1223033SUSE bug 1223034SUSE bug 1223035SUSE bug 1223036SUSE bug 1223037SUSE bug 1223041SUSE bug 1223042SUSE bug 1223051SUSE bug 1223052SUSE bug 1223056SUSE bug 1223057SUSE bug 1223058SUSE bug 1223060SUSE bug 1223061SUSE bug 1223065SUSE bug 1223066SUSE bug 1223076SUSE bug 1223078SUSE bug 1223111SUSE bug 1223115SUSE bug 1223118SUSE bug 1223119SUSE bug 1223140SUSE bug 1223187SUSE bug 1223189SUSE bug 1223190SUSE bug 1223191SUSE bug 1223196SUSE bug 1223197SUSE bug 1223198SUSE bug 1223207SUSE bug 1223275SUSE bug 1223323SUSE bug 1223360SUSE bug 1223369SUSE bug 1223380SUSE bug 1223432SUSE bug 1223473SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223478SUSE bug 1223479SUSE bug 1223481SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223490SUSE bug 1223496SUSE bug 1223498SUSE bug 1223499SUSE bug 1223501SUSE bug 1223502SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223511SUSE bug 1223512SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223520SUSE bug 1223522SUSE bug 1223523SUSE bug 1223525SUSE bug 1223536SUSE bug 1223539SUSE bug 1223574SUSE bug 1223595SUSE bug 1223598SUSE bug 1223628SUSE bug 1223634SUSE bug 1223640SUSE bug 1223643SUSE bug 1223644SUSE bug 1223645SUSE bug 1223646SUSE bug 1223648SUSE bug 1223655SUSE bug 1223657SUSE bug 1223660SUSE bug 1223661SUSE bug 1223663SUSE bug 1223664SUSE bug 1223668SUSE bug 1223670SUSE bug 1223679SUSE bug 1223686SUSE bug 1223693SUSE bug 1223705SUSE bug 1223714SUSE bug 1223735SUSE bug 1223738SUSE bug 1223745SUSE bug 1223784SUSE bug 1223785SUSE bug 1223790SUSE bug 1223816SUSE bug 1223821SUSE bug 1223822SUSE bug 1223823SUSE bug 1223824SUSE bug 1223827SUSE bug 1223834SUSE bug 1223858SUSE bug 1223875SUSE bug 1223876SUSE bug 1223877SUSE bug 1223878SUSE bug 1223879SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223949SUSE bug 1223950SUSE bug 1223951SUSE bug 1223952SUSE bug 1223953SUSE bug 1223956SUSE bug 1223957SUSE bug 1223960SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964SUSE bug 1223996CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47214 at SUSECVE-2021-47214 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48639 at SUSECVE-2022-48639 at NVDCVE-2022-48640 at SUSECVE-2022-48640 at NVDCVE-2022-48642 at SUSECVE-2022-48642 at NVDCVE-2022-48644 at SUSECVE-2022-48644 at NVDCVE-2022-48646 at SUSECVE-2022-48646 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48658 at SUSECVE-2022-48658 at NVDCVE-2022-48659 at SUSECVE-2022-48659 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48690 at SUSECVE-2022-48690 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48698 at SUSECVE-2022-48698 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-52585 at SUSECVE-2023-52585 at NVDCVE-2023-52589 at SUSECVE-2023-52589 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52593 at SUSECVE-2023-52593 at NVDCVE-2023-52614 at SUSECVE-2023-52614 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52620 at SUSECVE-2023-52620 at NVDCVE-2023-52635 at SUSECVE-2023-52635 at NVDCVE-2023-52645 at SUSECVE-2023-52645 at NVDCVE-2023-52646 at SUSECVE-2023-52646 at NVDCVE-2023-52652 at SUSECVE-2023-52652 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26656 at SUSECVE-2024-26656 at NVDCVE-2024-26671 at SUSECVE-2024-26671 at NVDCVE-2024-26673 at SUSECVE-2024-26673 at NVDCVE-2024-26675 at SUSECVE-2024-26675 at NVDCVE-2024-26679 at SUSECVE-2024-26679 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26700 at SUSECVE-2024-26700 at NVDCVE-2024-26702 at SUSECVE-2024-26702 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26772 at SUSECVE-2024-26772 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26783 at SUSECVE-2024-26783 at NVDCVE-2024-26791 at SUSECVE-2024-26791 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26817 at SUSECVE-2024-26817 at NVDCVE-2024-26820 at SUSECVE-2024-26820 at NVDCVE-2024-26825 at SUSECVE-2024-26825 at NVDCVE-2024-26830 at SUSECVE-2024-26830 at NVDCVE-2024-26833 at SUSECVE-2024-26833 at NVDCVE-2024-26836 at SUSECVE-2024-26836 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26843 at SUSECVE-2024-26843 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26853 at SUSECVE-2024-26853 at NVDCVE-2024-26855 at SUSECVE-2024-26855 at NVDCVE-2024-26856 at SUSECVE-2024-26856 at NVDCVE-2024-26857 at SUSECVE-2024-26857 at NVDCVE-2024-26861 at SUSECVE-2024-26861 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26866 at SUSECVE-2024-26866 at NVDCVE-2024-26872 at SUSECVE-2024-26872 at NVDCVE-2024-26875 at SUSECVE-2024-26875 at NVDCVE-2024-26876 at SUSECVE-2024-26876 at NVDCVE-2024-26877 at SUSECVE-2024-26877 at NVDCVE-2024-26878 at SUSECVE-2024-26878 at NVDCVE-2024-26879 at SUSECVE-2024-26879 at NVDCVE-2024-26881 at SUSECVE-2024-26881 at NVDCVE-2024-26882 at SUSECVE-2024-26882 at NVDCVE-2024-26883 at SUSECVE-2024-26883 at NVDCVE-2024-26884 at SUSECVE-2024-26884 at NVDCVE-2024-26885 at SUSECVE-2024-26885 at NVDCVE-2024-26891 at SUSECVE-2024-26891 at NVDCVE-2024-26893 at SUSECVE-2024-26893 at NVDCVE-2024-26895 at SUSECVE-2024-26895 at NVDCVE-2024-26896 at SUSECVE-2024-26896 at NVDCVE-2024-26897 at SUSECVE-2024-26897 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26901 at SUSECVE-2024-26901 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26915 at SUSECVE-2024-26915 at NVDCVE-2024-26917 at SUSECVE-2024-26917 at NVDCVE-2024-26927 at SUSECVE-2024-26927 at NVDCVE-2024-26933 at SUSECVE-2024-26933 at NVDCVE-2024-26939 at SUSECVE-2024-26939 at NVDCVE-2024-26948 at SUSECVE-2024-26948 at NVDCVE-2024-26950 at SUSECVE-2024-26950 at NVDCVE-2024-26951 at SUSECVE-2024-26951 at NVDCVE-2024-26955 at SUSECVE-2024-26955 at NVDCVE-2024-26956 at SUSECVE-2024-26956 at NVDCVE-2024-26960 at SUSECVE-2024-26960 at NVDCVE-2024-26965 at SUSECVE-2024-26965 at NVDCVE-2024-26966 at SUSECVE-2024-26966 at NVDCVE-2024-26969 at SUSECVE-2024-26969 at NVDCVE-2024-26970 at SUSECVE-2024-26970 at NVDCVE-2024-26972 at SUSECVE-2024-26972 at NVDCVE-2024-26979 at SUSECVE-2024-26979 at NVDCVE-2024-26981 at SUSECVE-2024-26981 at NVDCVE-2024-26982 at SUSECVE-2024-26982 at NVDCVE-2024-26993 at SUSECVE-2024-26993 at NVDCVE-2024-27013 at SUSECVE-2024-27013 at NVDCVE-2024-27014 at SUSECVE-2024-27014 at NVDCVE-2024-27030 at SUSECVE-2024-27030 at NVDCVE-2024-27038 at SUSECVE-2024-27038 at NVDCVE-2024-27039 at SUSECVE-2024-27039 at NVDCVE-2024-27041 at SUSECVE-2024-27041 at NVDCVE-2024-27042 at SUSECVE-2024-27042 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27046 at SUSECVE-2024-27046 at NVDCVE-2024-27056 at SUSECVE-2024-27056 at NVDCVE-2024-27059 at SUSECVE-2024-27059 at NVDCVE-2024-27062 at SUSECVE-2024-27062 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Moderate)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
PostgreSQL upgrade to version 16.3 (bsc#1224051):
- CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038).
Bug fixes:
- Fix incompatibility with LLVM 18.
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.
- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.
- Remove constraints file because improved memory usage for s390x
- Use %patch -P N instead of deprecated %patchN.
Release notes:
- https://www.postgresql.org/docs/release/16.3/
ModerateSUSE bug 1224038SUSE bug 1224051CVE-2024-4317 at SUSECVE-2024-4317 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes).
- Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
- Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes).
- Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
- Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
- Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes).
- dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
ImportantSUSE bug 1177529SUSE bug 1192145SUSE bug 1211592SUSE bug 1217408SUSE bug 1218562SUSE bug 1218917SUSE bug 1219104SUSE bug 1219126SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220569SUSE bug 1220761SUSE bug 1220901SUSE bug 1220915SUSE bug 1220935SUSE bug 1221042SUSE bug 1221044SUSE bug 1221080SUSE bug 1221084SUSE bug 1221088SUSE bug 1221162SUSE bug 1221299SUSE bug 1221612SUSE bug 1221617SUSE bug 1221645SUSE bug 1221791SUSE bug 1221825SUSE bug 1222011SUSE bug 1222051SUSE bug 1222247SUSE bug 1222266SUSE bug 1222294SUSE bug 1222307SUSE bug 1222357SUSE bug 1222368SUSE bug 1222379SUSE bug 1222416SUSE bug 1222422SUSE bug 1222424SUSE bug 1222427SUSE bug 1222428SUSE bug 1222430SUSE bug 1222431SUSE bug 1222435SUSE bug 1222437SUSE bug 1222445SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222520SUSE bug 1222536SUSE bug 1222549SUSE bug 1222550SUSE bug 1222557SUSE bug 1222559SUSE bug 1222585SUSE bug 1222586SUSE bug 1222596SUSE bug 1222609SUSE bug 1222610SUSE bug 1222613SUSE bug 1222615SUSE bug 1222618SUSE bug 1222624SUSE bug 1222630SUSE bug 1222632SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222677SUSE bug 1222678SUSE bug 1222680SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222710SUSE bug 1222720SUSE bug 1222721SUSE bug 1222724SUSE bug 1222726SUSE bug 1222727SUSE bug 1222764SUSE bug 1222772SUSE bug 1222773SUSE bug 1222776SUSE bug 1222781SUSE bug 1222784SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222798SUSE bug 1222801SUSE bug 1222812SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1222968SUSE bug 1223012SUSE bug 1223014SUSE bug 1223016SUSE bug 1223024SUSE bug 1223030SUSE bug 1223033SUSE bug 1223034SUSE bug 1223035SUSE bug 1223036SUSE bug 1223037SUSE bug 1223041SUSE bug 1223042SUSE bug 1223051SUSE bug 1223052SUSE bug 1223056SUSE bug 1223057SUSE bug 1223058SUSE bug 1223060SUSE bug 1223061SUSE bug 1223065SUSE bug 1223066SUSE bug 1223067SUSE bug 1223068SUSE bug 1223076SUSE bug 1223078SUSE bug 1223111SUSE bug 1223115SUSE bug 1223118SUSE bug 1223187SUSE bug 1223189SUSE bug 1223190SUSE bug 1223191SUSE bug 1223196SUSE bug 1223197SUSE bug 1223198SUSE bug 1223275SUSE bug 1223323SUSE bug 1223369SUSE bug 1223380SUSE bug 1223473SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223478SUSE bug 1223479SUSE bug 1223481SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223490SUSE bug 1223496SUSE bug 1223498SUSE bug 1223499SUSE bug 1223501SUSE bug 1223502SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223511SUSE bug 1223512SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223520SUSE bug 1223522SUSE bug 1223523SUSE bug 1223525SUSE bug 1223539SUSE bug 1223574SUSE bug 1223595SUSE bug 1223598SUSE bug 1223634SUSE bug 1223643SUSE bug 1223644SUSE bug 1223645SUSE bug 1223646SUSE bug 1223648SUSE bug 1223655SUSE bug 1223657SUSE bug 1223660SUSE bug 1223661SUSE bug 1223663SUSE bug 1223664SUSE bug 1223668SUSE bug 1223686SUSE bug 1223693SUSE bug 1223705SUSE bug 1223714SUSE bug 1223735SUSE bug 1223745SUSE bug 1223784SUSE bug 1223785SUSE bug 1223790SUSE bug 1223816SUSE bug 1223821SUSE bug 1223822SUSE bug 1223824SUSE bug 1223827SUSE bug 1223834SUSE bug 1223875SUSE bug 1223876SUSE bug 1223877SUSE bug 1223878SUSE bug 1223879SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223949SUSE bug 1223950SUSE bug 1223951SUSE bug 1223952SUSE bug 1223953SUSE bug 1223956SUSE bug 1223957SUSE bug 1223960SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47214 at SUSECVE-2021-47214 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48639 at SUSECVE-2022-48639 at NVDCVE-2022-48640 at SUSECVE-2022-48640 at NVDCVE-2022-48642 at SUSECVE-2022-48642 at NVDCVE-2022-48644 at SUSECVE-2022-48644 at NVDCVE-2022-48646 at SUSECVE-2022-48646 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48658 at SUSECVE-2022-48658 at NVDCVE-2022-48659 at SUSECVE-2022-48659 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48690 at SUSECVE-2022-48690 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48698 at SUSECVE-2022-48698 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-52488 at SUSECVE-2023-52488 at NVDCVE-2023-52503 at SUSECVE-2023-52503 at NVDCVE-2023-52561 at SUSECVE-2023-52561 at NVDCVE-2023-52585 at SUSECVE-2023-52585 at NVDCVE-2023-52589 at SUSECVE-2023-52589 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52593 at SUSECVE-2023-52593 at NVDCVE-2023-52614 at SUSECVE-2023-52614 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52620 at SUSECVE-2023-52620 at NVDCVE-2023-52627 at SUSECVE-2023-52627 at NVDCVE-2023-52635 at SUSECVE-2023-52635 at NVDCVE-2023-52636 at SUSECVE-2023-52636 at NVDCVE-2023-52645 at SUSECVE-2023-52645 at NVDCVE-2023-52652 at SUSECVE-2023-52652 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26656 at SUSECVE-2024-26656 at NVDCVE-2024-26660 at SUSECVE-2024-26660 at NVDCVE-2024-26671 at SUSECVE-2024-26671 at NVDCVE-2024-26673 at SUSECVE-2024-26673 at NVDCVE-2024-26675 at SUSECVE-2024-26675 at NVDCVE-2024-26680 at SUSECVE-2024-26680 at NVDCVE-2024-26681 at SUSECVE-2024-26681 at NVDCVE-2024-26684 at SUSECVE-2024-26684 at NVDCVE-2024-26685 at SUSECVE-2024-26685 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26696 at SUSECVE-2024-26696 at NVDCVE-2024-26697 at SUSECVE-2024-26697 at NVDCVE-2024-26702 at SUSECVE-2024-26702 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26718 at SUSECVE-2024-26718 at NVDCVE-2024-26722 at SUSECVE-2024-26722 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26736 at SUSECVE-2024-26736 at NVDCVE-2024-26737 at SUSECVE-2024-26737 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26743 at SUSECVE-2024-26743 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26747 at SUSECVE-2024-26747 at NVDCVE-2024-26749 at SUSECVE-2024-26749 at NVDCVE-2024-26751 at SUSECVE-2024-26751 at NVDCVE-2024-26754 at SUSECVE-2024-26754 at NVDCVE-2024-26760 at SUSECVE-2024-26760 at NVDCVE-2024-26763 at SUSECVE-2024-26763 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26769 at SUSECVE-2024-26769 at NVDCVE-2024-26771 at SUSECVE-2024-26771 at NVDCVE-2024-26772 at SUSECVE-2024-26772 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26776 at SUSECVE-2024-26776 at NVDCVE-2024-26779 at SUSECVE-2024-26779 at NVDCVE-2024-26783 at SUSECVE-2024-26783 at NVDCVE-2024-26787 at SUSECVE-2024-26787 at NVDCVE-2024-26790 at SUSECVE-2024-26790 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26793 at SUSECVE-2024-26793 at NVDCVE-2024-26798 at SUSECVE-2024-26798 at NVDCVE-2024-26805 at SUSECVE-2024-26805 at NVDCVE-2024-26807 at SUSECVE-2024-26807 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26817 at SUSECVE-2024-26817 at NVDCVE-2024-26820 at SUSECVE-2024-26820 at NVDCVE-2024-26825 at SUSECVE-2024-26825 at NVDCVE-2024-26830 at SUSECVE-2024-26830 at NVDCVE-2024-26833 at SUSECVE-2024-26833 at NVDCVE-2024-26836 at SUSECVE-2024-26836 at NVDCVE-2024-26843 at SUSECVE-2024-26843 at NVDCVE-2024-26848 at SUSECVE-2024-26848 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26853 at SUSECVE-2024-26853 at NVDCVE-2024-26855 at SUSECVE-2024-26855 at NVDCVE-2024-26856 at SUSECVE-2024-26856 at NVDCVE-2024-26857 at SUSECVE-2024-26857 at NVDCVE-2024-26861 at SUSECVE-2024-26861 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26866 at SUSECVE-2024-26866 at NVDCVE-2024-26872 at SUSECVE-2024-26872 at NVDCVE-2024-26875 at SUSECVE-2024-26875 at NVDCVE-2024-26878 at SUSECVE-2024-26878 at NVDCVE-2024-26879 at SUSECVE-2024-26879 at NVDCVE-2024-26881 at SUSECVE-2024-26881 at NVDCVE-2024-26882 at SUSECVE-2024-26882 at NVDCVE-2024-26883 at SUSECVE-2024-26883 at NVDCVE-2024-26884 at SUSECVE-2024-26884 at NVDCVE-2024-26885 at SUSECVE-2024-26885 at NVDCVE-2024-26891 at SUSECVE-2024-26891 at NVDCVE-2024-26893 at SUSECVE-2024-26893 at NVDCVE-2024-26895 at SUSECVE-2024-26895 at NVDCVE-2024-26896 at SUSECVE-2024-26896 at NVDCVE-2024-26897 at SUSECVE-2024-26897 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26901 at SUSECVE-2024-26901 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26917 at SUSECVE-2024-26917 at NVDCVE-2024-26927 at SUSECVE-2024-26927 at NVDCVE-2024-26948 at SUSECVE-2024-26948 at NVDCVE-2024-26950 at SUSECVE-2024-26950 at NVDCVE-2024-26951 at SUSECVE-2024-26951 at NVDCVE-2024-26955 at SUSECVE-2024-26955 at NVDCVE-2024-26956 at SUSECVE-2024-26956 at NVDCVE-2024-26960 at SUSECVE-2024-26960 at NVDCVE-2024-26965 at SUSECVE-2024-26965 at NVDCVE-2024-26966 at SUSECVE-2024-26966 at NVDCVE-2024-26969 at SUSECVE-2024-26969 at NVDCVE-2024-26970 at SUSECVE-2024-26970 at NVDCVE-2024-26972 at SUSECVE-2024-26972 at NVDCVE-2024-26981 at SUSECVE-2024-26981 at NVDCVE-2024-26982 at SUSECVE-2024-26982 at NVDCVE-2024-26993 at SUSECVE-2024-26993 at NVDCVE-2024-27013 at SUSECVE-2024-27013 at NVDCVE-2024-27014 at SUSECVE-2024-27014 at NVDCVE-2024-27030 at SUSECVE-2024-27030 at NVDCVE-2024-27038 at SUSECVE-2024-27038 at NVDCVE-2024-27039 at SUSECVE-2024-27039 at NVDCVE-2024-27041 at SUSECVE-2024-27041 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27046 at SUSECVE-2024-27046 at NVDCVE-2024-27056 at SUSECVE-2024-27056 at NVDCVE-2024-27062 at SUSECVE-2024-27062 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Real Time kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705).
- CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834).
- CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822).
- CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827).
- CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824).
- CVE-2024-27041: Fixed drm/amd/display NULL checks for adev->dm.dc in amdgpu_dm_fini() (bsc#1223714).
- CVE-2024-27039: Fixed clk/hisilicon/hi3559a an erroneous devm_kfree() (bsc#1223821).
- CVE-2024-27038: Fixed clk_core_get NULL pointer dereference (bsc#1223816).
- CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790).
- CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735).
- CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745).
- CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693).
- CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634).
- CVE-2024-26970: Fixed clk/qcom/gcc-ipq6018 termination of frequency table arrays (bsc#1223644).
- CVE-2024-26969: Fixed clk/qcom/gcc-ipq8074 termination of frequency table arrays (bsc#1223645).
- CVE-2024-26966: Fixed clk/qcom/mmcc-apq8084 termination of frequency table arrays (bsc#1223646).
- CVE-2024-26965: Fixed clk/qcom/mmcc-msm8974 termination of frequency table arrays (bsc#1223648).
- CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655).
- CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660).
- CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661).
- CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664).
- CVE-2024-26927: Fixed ASoC/SOF bounds checking to firmware data Smatch (bsc#1223525).
- CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198).
- CVE-2024-26896: Fixed wifi/wfx memory leak when starting AP (bsc#1223042).
- CVE-2024-26893: Fixed firmware/arm_scmi for possible double free in SMC transport cleanup path (bsc#1223196).
- CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190).
- CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189).
- CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035).
- CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034).
- CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041).
- CVE-2024-26879: Fixed clk/meson by adding missing clocks to axg_clk_regmaps (bsc#1223066).
- CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060).
- CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024).
- CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111).
- CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076).
- CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058).
- CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052).
- CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051).
- CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061).
- CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057).
- CVE-2024-26848: Fixed afs endless loop in directory parsing (bsc#1223030).
- CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968).
- CVE-2024-26830: Fixed i40e to not allow untrusted VF to remove administratively set MAC (bsc#1223012).
- CVE-2024-26817: Fixed amdkfd to use calloc instead of kzalloc to avoid integer overflow (bsc#1222812).
- CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624).
- CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801).
- CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630).
- CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428).
- CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615).
- CVE-2024-26779: Fixed a race condition on enabling fast-xmit in mac80211 (bsc#1222772).
- CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618).
- CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613).
- CVE-2024-26771: Fixed a null pointer dereference on edma_probe in dmaengine ti edma (bsc#1222610)
- CVE-2024-26766: Fixed SDMA off-by-one error in _pad_sdma_tx_descs() (bsc#1222726).
- CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721).
- CVE-2024-26763: Fixed user corruption via by writing data with O_DIRECT on device in dm-crypt (bsc#1222720).
- CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596).
- CVE-2024-267600: Fixed scsi/target/pscsi error case in bio_put() (bsc#1222596).
- CVE-2024-26754: Fixed an use-after-free and null-ptr-deref in gtp_genl_dump_pdp() in gtp (bsc#1222632).
- CVE-2024-26751: Fixed ARM/ep93xx terminator to gpiod_lookup_table (bsc#1222724).
- CVE-2024-26747: Fixed a NULL pointer issue with USB parent module's reference (bsc#1222609).
- CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449).
- CVE-2024-26743: Fixed memory leak in qedr_create_user_qp error flow in rdma/qedr (bsc#1222677).
- CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557).
- CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585).
- CVE-2024-26727: Fixed assertion if a newly created btrfs subvolume already gets read (bsc#1222536).
- CVE-2024-26718: Fixed dm-crypt/dm-verity disable tasklets (bsc#1222416).
- CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422).
- CVE-2024-26696: Fixed nilfs2 hang in nilfs_lookup_dirty_data_buffers() (bsc#1222549).
- CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503).
- CVE-2024-26687: Fixed xen/events close evtchn after mapping cleanup (bsc#1222435).
- CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437).
- CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445).
- CVE-2024-26681: Fixed netdevsim to avoid potential loop in nsim_dev_trap_report_work() (bsc#1222431).
- CVE-2024-26680: Fixed net/atlantic DMA mapping for PTP hwts ring (bsc#1222427).
- CVE-2024-26675: Fixed ppp_async to limit MRU to 64K (bsc#1222379).
- CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368).
- CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357).
- CVE-2024-26660: Fixed drm/amd/display bounds check for stream encoder creation (bsc#1222266).
- CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307).
- CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299).
- CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104).
- CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169).
- CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170).
- CVE-2024-0841: Fixed a null pointer dereference in the hugetlbfs_fill_super function in hugetlbfs (HugeTLB pages) functionality (bsc#1219264).
- CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686).
- CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033).
- CVE-2023-52636: Fixed libceph cursor init when preparing sparse read in msgr2 (bsc#1222247).
- CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294).
- CVE-2023-52627: Fixed iio:adc:ad7091r exports into IIO_AD7091R namespace (bsc#1222051).
- CVE-2023-52620: Fixed netfilter/nf_tables to disallow timeout for anonymous sets never used from userspace (bsc#1221825).
- CVE-2023-52616: Fixed unexpected pointer access in crypto/lib/mpi in mpi_ec_init (bsc#1221612).
- CVE-2023-52614: Fixed PM/devfreq buffer overflow in trans_stat_show (bsc#1221617).
- CVE-2023-52593: Fixed wifi/wfx possible NULL pointer dereference in wfx_set_mfp_ap() (bsc#1221042).
- CVE-2023-52591: Fixed a possible reiserfs filesystem corruption via directory renaming (bsc#1221044).
- CVE-2023-52590: Fixed a possible ocfs2 filesystem corruption via directory renaming (bsc#1221088).
- CVE-2023-52589: Fixed media/rkisp1 IRQ disable race issue (bsc#1221084).
- CVE-2023-52585: Fixed drm/amdgpu for possible NULL pointer dereference in amdgpu_ras_query_error_status_helper() (bsc#1221080).
- CVE-2023-52561: Fixed arm64/dts/qcom/sdm845-db845c to mark cont splash memory region (bsc#1220935).
- CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915).
- CVE-2023-52488: Fixed serial/sc16is7xx convert from _raw_ to _noinc_ regmap functions for FIFO (bsc#1221162).
- CVE-2022-48701: Fixed an out-of-bounds bug in __snd_usb_parse_audio_interface() (bsc#1223921).
- CVE-2022-48662: Fixed a general protection fault (GPF) in i915_perf_open_ioctl (bsc#1223505).
- CVE-2022-48659: Fixed mm/slub to return errno if kmalloc() fails (bsc#1223498).
- CVE-2022-48658: Fixed mm/slub to avoid a problem in flush_cpu_slab()/__free_slab() task context (bsc#1223496).
- CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513).
- CVE-2022-48642: Fixed netfilter/nf_tables percpu memory leak at nf_tables_addchain() (bsc#1223478).
- CVE-2022-48640: Fixed bonding for possible NULL pointer dereference in bond_rr_gen_slave_id (bsc#1223499).
- CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475).
- CVE-2021-47214: Fixed hugetlb/userfaultfd during restore reservation in hugetlb_mcopy_atomic_pte() (bsc#1222710).
- CVE-2021-47211: Fixed a null pointer dereference on pointer cs_desc in usb-audio (bsc#1222869).
- CVE-2021-47207: Fixed a null pointer dereference on pointer block in gus (bsc#1222790).
- CVE-2021-47205: Unregistered clocks/resets when unbinding in sunxi-ng (bsc#1222888).
- CVE-2021-47202: Fixed NULL pointer dereferences in of_thermal_ functions (bsc#1222878)
- CVE-2021-47200: Fixed drm/prime for possible use-after-free in mmap within drm_gem_ttm_mmap() and drm_gem_ttm_mmap() (bsc#1222838).
- CVE-2021-47195: Fixed use-after-free inside SPI via add_lock mutex (bsc#1222832).
- CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706).
- CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669).
- CVE-2021-47184: Fixed NULL pointer dereference on VSI filter sync (bsc#1222666).
- CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664).
- CVE-2021-47182: Fixed scsi_mode_sense() buffer length handling (bsc#1222662).
- CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660).
The following non-security bugs were fixed:
- ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes).
- ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes).
- ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes).
- ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes).
- ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes).
- ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes).
- ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes).
- ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes).
- ALSA: scarlett2: Add correct product series name to messages (stable-fixes).
- ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes).
- ALSA: scarlett2: Default mixer driver to enabled (stable-fixes).
- ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes).
- ASoC: meson: axg-card: make links nonatomic (git-fixes).
- ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes).
- ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes).
- ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes).
- ASoC: tegra: Fix DSPK 16-bit playback (git-fixes).
- ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes).
- Bluetooth: Add new quirk for broken read key length on ATS2851 (git-fixes).
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes).
- Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes).
- Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes).
- Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: add quirk for broken address properties (git-fixes).
- Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes).
- Bluetooth: btintel: Fixe build regression (git-fixes).
- Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes).
- Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes).
- Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes).
- Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes).
- Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes).
- Documentation: Add missing documentation for EXPORT_OP flags (stable-fixes).
- HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes).
- HID: logitech-dj: allow mice to use all types of reports (git-fixes).
- HID: uhid: Use READ_ONCE()/WRITE_ONCE() for ->running (stable-fixes).
- Input: allocate keycode for Display refresh rate toggle (stable-fixes).
- Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes).
- NFC: trf7970a: disable all regulators on removal (git-fixes).
- NFS: avoid spurious warning of lost lock that is being unlocked (bsc#1221791).
- PCI/AER: Block runtime suspend when handling errors (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (git-fixes).
- PCI/DPC: Quirk PIO log size for certain Intel Root Ports (git-fixes).
- PCI/PM: Drain runtime-idle callbacks before driver removal (git-fixes).
- PCI: Drop pci_device_remove() test of pci_dev->driver (git-fixes).
- PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888).
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (jsc#PED-7619).
- RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes).
- RDMA/cm: add timeout to cm_destroy_id wait (git-fixes)
- README.BRANCH: Correct email address for Petr Tesarik
- README.BRANCH: Remove copy of branch name
- Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes).
- Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes).
- Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes).
- Revert 'ice: Fix ice VF reset during iavf initialization (jsc#PED-376).' (bsc#1223275)
- Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes).
- Revert 'usb: phy: generic: Get the vbus supply' (git-fixes).
- USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes).
- USB: serial: add device ID for VeriFone adapter (stable-fixes).
- USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes).
- USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes).
- USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes).
- USB: serial: option: add Fibocom FM135-GL variants (stable-fixes).
- USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes).
- USB: serial: option: add MeiG Smart SLM320 product (stable-fixes).
- USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes).
- USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes).
- USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes).
- USB: serial: option: support Quectel EM060K sub-models (stable-fixes).
- ahci: asm1064: asm1166: do not limit reported ports (git-fixes).
- ahci: asm1064: correct count of reported ports (stable-fixes).
- arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes)
- arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes)
- arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes)
- arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes)
- arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes)
- arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes)
- arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes).
- ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes).
- batman-adv: Avoid infinite loop trying to resize local TT (git-fixes).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove dead references to cache_readaheads (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: bset: Fix comment typos (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fix NULL pointer reference in cached_dev_detach_finish (git-fixes).
- bcache: fix error info in register_bcache() (git-fixes).
- bcache: fixup bcache_dev_sectors_dirty_add() multithreaded CPU false sharing (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: move calc_cached_dev_sectors to proper place on backing device detach (git-fixes).
- bcache: move uapi header bcache.h to bcache code directory (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove EXPERIMENTAL for Kconfig option 'Asynchronous device registration' (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: remove the backing_dev_name field from struct cached_dev (git-fixes).
- bcache: remove the cache_dev_name field from struct cache (git-fixes).
- bcache: remove unnecessary flush_workqueue (git-fixes).
- bcache: remove unused bch_mark_cache_readahead function def in stats.h (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: replace snprintf in show functions with sysfs_emit (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- bcache: use bvec_kmap_local in bch_data_verify (git-fixes).
- bcache: use bvec_kmap_local in bio_csum (git-fixes).
- bcache: use default_groups in kobj_type (git-fixes).
- bcache:: fix repeated words in comments (git-fixes).
- ceph: stop copying to iter at EOF on sync reads (bsc#1223068).
- ceph: switch to corrected encoding of max_xattr_size in mdsmap (bsc#1223067).
- clk: Get runtime PM before walking tree during disable_unused (git-fixes).
- clk: Initialize struct clk_core kref earlier (stable-fixes).
- clk: Mark 'all_lists' as const (stable-fixes).
- clk: Print an info line before disabling unused clocks (stable-fixes).
- clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes).
- clk: remove extra empty line (stable-fixes).
- comedi: vmk80xx: fix incomplete endpoint checking (git-fixes).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a bug with 32-bit highmem systems (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: fix out-of-range warning (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix false positive for requeue needed during reshape (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-raid: fix lockdep waring in 'pers->hot_add_disk' (git-fixes).
- dm-verity, dm-crypt: align 'struct bvec_iter' correctly (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: call the resume method on internal suspend (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- dma: xilinx_dpdma: Fix locking (git-fixes).
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes).
- dmaengine: owl: fix register access functions (git-fixes).
- dmaengine: tegra186: Fix residual calculation (git-fixes).
- docs: Document the FAN_FS_ERROR event (stable-fixes).
- drm-print: add drm_dbg_driver to improve namespace symmetry (stable-fixes).
- drm/amd/display: Do not recursively call manual trigger programming (stable-fixes).
- drm/amd/display: Fix nanosec stat overflow (stable-fixes).
- drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes).
- drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes).
- drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes).
- drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes).
- drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes).
- drm/amdgpu: always force full reset for SOC21 (stable-fixes).
- drm/amdgpu: fix incorrect active rb bitmap for gfx11 (stable-fixes).
- drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes).
- drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes).
- drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes).
- drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes).
- drm/ast: Fix soft lockup (git-fixes).
- drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes).
- drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes).
- drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes).
- drm/i915: Disable port sync when bigjoiner is used (stable-fixes).
- drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes).
- drm/nouveau/nvkm: add a replacement for nvkm_notify (bsc#1223834)
- drm/panel: ili9341: Respect deferred probe (git-fixes).
- drm/panel: ili9341: Use predefined error codes (git-fixes).
- drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes).
- drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes).
- drm/vmwgfx: Enable DMA mappings with SEV (git-fixes).
- drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes).
- drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes).
- drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes).
- drm: nv04: Fix out of bounds access (git-fixes).
- drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Legion Go (stable-fixes).
- dump_stack: Do not get cpu_sync for panic CPU (bsc#1223574).
- fbdev: fix incorrect address computation in deferred IO (git-fixes).
- fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes).
- fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes).
- fix build warning
- fuse: do not unhash root (bsc#1223951).
- fuse: fix root lookup with nonzero generation (bsc#1223950).
- hwmon: (amc6821) add of_match table (stable-fixes).
- i2c: pxa: hide unused icr_bits[] variable (git-fixes).
- i2c: smbus: fix NULL function pointer dereference (git-fixes).
- i40e: Fix VF MAC filter removal (git-fixes).
- idma64: Do not try to serve interrupts when device is powered off (git-fixes).
- iio: accel: mxc4005: Interrupt handling fixes (git-fixes).
- iio:imu: adis16475: Fix sync mode setting (git-fixes).
- init/main.c: Fix potential static_command_line memory overflow (git-fixes).
- iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter (git-fixes).
- iommu/amd: Do not block updates to GATag if guest mode is on (git-fixes).
- iommu/amd: Fix 'Guest Virtual APIC Table Root Pointer' configuration in IRTE (git-fixes).
- iommu/amd: Fix domain flush size when syncing iotlb (git-fixes).
- iommu/amd: Fix error handling for pdev_pri_ats_enable() (git-fixes).
- iommu/arm-smmu-qcom: Limit the SMR groups to 128 (git-fixes).
- iommu/arm-smmu-v3: Acknowledge pri/event queue overflow if any (git-fixes).
- iommu/arm-smmu-v3: Work around MMU-600 erratum 1076982 (git-fixes).
- iommu/fsl: fix all kernel-doc warnings in fsl_pamu.c (git-fixes).
- iommu/iova: Fix alloc iova overflows issue (git-fixes).
- iommu/mediatek: Flush IOTLB completely only if domain has been attached (git-fixes).
- iommu/rockchip: Fix unwind goto issue (git-fixes).
- iommu/sprd: Release dma buffer to avoid memory leak (git-fixes).
- iommu/vt-d: Allocate local memory for page request queue (git-fixes).
- iommu/vt-d: Allow zero SAGAW if second-stage not supported (git-fixes).
- iommu/vt-d: Fix error handling in sva enable/disable paths (git-fixes).
- iommu: Fix error unwind in iommu_group_alloc() (git-fixes).
- ipv6/addrconf: fix a potential refcount underflow for idev (git-fixes).
- kABI: Adjust trace_iterator.wait_index (git-fixes).
- kprobes: Fix double free of kretprobe_holder (bsc#1220901).
- kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes).
- libnvdimm/of_pmem: Use devm_kstrdup instead of kstrdup and check its return value (git-fixes).
- libnvdimm/region: Allow setting align attribute on regions without mappings (git-fixes).
- livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539).
- md/raid1: fix choose next idle in read_balance() (git-fixes).
- md: Do not clear MD_CLOSING when the raid is about to stop (git-fixes).
- md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (git-fixes).
- media: cec: core: remove length check of Timer Status (stable-fixes).
- media: sta2x11: fix irq handler cast (stable-fixes).
- mei: me: add arrow lake point H DID (stable-fixes).
- mei: me: add arrow lake point S DID (stable-fixes).
- mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes).
- mm/vmscan: make sure wakeup_kswapd with managed zone (bsc#1223473).
- mmc: sdhci-msm: pervent access to suspended controller (git-fixes).
- mtd: diskonchip: work around ubsan link failure (stable-fixes).
- nd_btt: Make BTT lanes preemptible (git-fixes).
- net: bridge: vlan: fix memory leak in __allowed_ingress (git-fixes).
- net: fix a memleak when uncloning an skb dst and its metadata (git-fixes).
- net: fix skb leak in __skb_tstamp_tx() (git-fixes).
- net: ipv6: ensure we call ipv6_mc_down() at most once (git-fixes).
- net: mld: fix reference count leak in mld_{query | report}_work() (git-fixes).
- net: stream: purge sk_error_queue in sk_stream_kill_queues() (git-fixes).
- net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes).
- net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes).
- net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes).
- net: vlan: fix underflow for the real_dev refcnt (git-fixes).
- netfilter: br_netfilter: Drop dst references before setting (git-fixes).
- netfilter: ipt_CLUSTERIP: fix refcount leak in clusterip_tg_check() (git-fixes).
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes).
- nfsd: Fixed mount issue with KOTD (bsc#1223380 bsc#1217408 bsc#1223640).
- nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nilfs2: fix OOB in nilfs_set_de_type (git-fixes).
- nouveau: fix function cast warning (git-fixes).
- nouveau: fix instmem race condition around ptr stores (git-fixes).
- nvdimm/namespace: drop nested variable in create_namespace_pmem() (git-fixes).
- nvdimm: Allow overwrite in the presence of disabled dimms (git-fixes).
- nvdimm: Fix badblocks clear off-by-one error (git-fixes).
- nvdimm: Fix dereference after free in register_nvdimm_pmu() (git-fixes).
- nvdimm: Fix firmware activation deadlock scenarios (git-fixes).
- nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu() (git-fixes).
- pci_iounmap(): Fix MMIO mapping leak (git-fixes).
- phy: tegra: xusb: Add API to retrieve the port number of phy (stable-fixes).
- pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes).
- platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes).
- platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes).
- powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191).
- powerpc/pseries/iommu: LPAR panics when rebooted with a frozen PE (bsc#1222011 ltc#205900).
- powerpc/rtas: define pr_fmt and convert printk call sites (bsc#1223369 ltc#205888).
- powerpc/rtas: export rtas_error_rc() for reuse (bsc#1223369 ltc#205888).
- powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191).
- powerpc: Refactor verification of MSR_RI (bsc#1223191).
- printk: Add this_cpu_in_panic() (bsc#1223574).
- printk: Adjust mapping for 32bit seq macros (bsc#1223574).
- printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1223574).
- printk: Disable passing console lock owner completely during panic() (bsc#1223574).
- printk: Drop console_sem during panic (bsc#1223574).
- printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1223574).
- printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1223574).
- printk: Wait for all reserved records with pr_flush() (bsc#1223574).
- printk: nbcon: Relocate 32bit seq macros (bsc#1223574).
- printk: ringbuffer: Clarify special lpos values (bsc#1223574).
- printk: ringbuffer: Cleanup reader terminology (bsc#1223574).
- printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1223574).
- printk: ringbuffer: Improve prb_next_seq() performance (bsc#1223574).
- printk: ringbuffer: Skip non-finalized records in panic (bsc#1223574).
- pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes).
- ring-buffer: Do not set shortest_full when full target is hit (git-fixes).
- ring-buffer: Fix full_waiters_pending in poll (git-fixes).
- ring-buffer: Fix resetting of shortest_full (git-fixes).
- ring-buffer: Fix waking up ring buffer readers (git-fixes).
- ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes).
- ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes).
- ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes).
- s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223875).
- s390/decompressor: fix misaligned symbol build error (git-fixes bsc#1223785).
- s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223877).
- s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223878).
- s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223879).
- s390/scm: fix virtual vs physical address confusion (git-fixes bsc#1223784).
- s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223876).
- s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223598).
- s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223595).
- s390: Fixed LPM of lpar failure with error HSCLA2CF in 19th loops (jsc#PED-542 git-fixes bsc#1213573 ltc#203238).
- s390: Fixed kernel backtrack (bsc#1141539 git-fixes).
- serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes).
- serial: core: Provide port lock wrappers (stable-fixes).
- serial: core: fix kernel-doc for uart_port_unlock_irqrestore() (git-fixes).
- serial: mxs-auart: add spinlock around changing cts state (git-fixes).
- slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes).
- speakup: Avoid crash on very long word (git-fixes).
- speakup: Fix 8bit characters from direct synth (git-fixes).
- tcp/udp: Fix memleaks of sk and zerocopy skbs with TX timestamp (git-fixes).
- thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes).
- thunderbolt: Fix wake configurations after device unplug (stable-fixes).
- tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes).
- tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes).
- tracing: Have saved_cmdlines arrays all in one allocation (git-fixes).
- tracing: Remove precision vsnprintf() check from print event (git-fixes).
- tracing: Show size of requested perf buffer (git-fixes).
- tracing: Use .flush() call to wake up readers (git-fixes).
- usb: Disable USB3 LPM at shutdown (stable-fixes).
- usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (git-fixes).
- usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes).
- usb: gadget: composite: fix OS descriptors w_value logic (git-fixes).
- usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes).
- usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes).
- usb: gadget: tegra-xudc: Fix USB3 PHY retrieval logic (git-fixes).
- usb: ohci: Prevent missed ohci interrupts (git-fixes).
- usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes).
- usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes).
- usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes).
- usb: typec: tcpm: unregister existing source caps before re-registration (bsc#1220569).
- usb: typec: ucsi: Ack unsupported commands (stable-fixes).
- usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes).
- usb: typec: ucsi: Fix connector check on init (git-fixes).
- usb: udc: remove warning when queue disabled ep (stable-fixes).
- vdpa/mlx5: Allow CVQ size changes (git-fixes).
- virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223949).
- wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes).
- wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes).
- wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes).
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes).
- wifi: nl80211: do not free NULL coalescing rule (git-fixes).
- x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes).
- x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type (jsc#PED-7167 git-fixes).
- x86/sev: Skip ROM range scans and validation for SEV-SNP guests (jsc#PED-7167 git-fixes).
- x86/xen: Add some null pointer checking to smp.c (git-fixes).
- x86/xen: add CPU dependencies for 32-bit build (git-fixes).
- x86/xen: fix percpu vcpu_info allocation (git-fixes).
- xen-netback: properly sync TX responses (git-fixes).
- xen-netfront: Add missing skb_mark_for_recycle (git-fixes).
- xen/gntdev: Fix the abuse of underlying struct page in DMA-buf import (git-fixes).
- xen/xenbus: document will_handle argument for xenbus_watch_path() (git-fixes).
- xfrm6: fix inet6_dev refcount underflow problem (git-fixes).
ImportantSUSE bug 1141539SUSE bug 1177529SUSE bug 1190576SUSE bug 1192145SUSE bug 1192837SUSE bug 1193629SUSE bug 1196869SUSE bug 1200313SUSE bug 1201308SUSE bug 1201489SUSE bug 1203906SUSE bug 1203935SUSE bug 1204614SUSE bug 1207361SUSE bug 1211592SUSE bug 1213573SUSE bug 1217408SUSE bug 1218562SUSE bug 1218917SUSE bug 1219104SUSE bug 1219126SUSE bug 1219141SUSE bug 1219169SUSE bug 1219170SUSE bug 1219264SUSE bug 1220342SUSE bug 1220492SUSE bug 1220569SUSE bug 1220761SUSE bug 1220901SUSE bug 1220915SUSE bug 1220935SUSE bug 1221042SUSE bug 1221044SUSE bug 1221080SUSE bug 1221084SUSE bug 1221088SUSE bug 1221162SUSE bug 1221299SUSE bug 1221612SUSE bug 1221617SUSE bug 1221645SUSE bug 1221791SUSE bug 1221825SUSE bug 1222011SUSE bug 1222051SUSE bug 1222247SUSE bug 1222266SUSE bug 1222294SUSE bug 1222307SUSE bug 1222357SUSE bug 1222368SUSE bug 1222379SUSE bug 1222416SUSE bug 1222422SUSE bug 1222424SUSE bug 1222427SUSE bug 1222428SUSE bug 1222430SUSE bug 1222431SUSE bug 1222435SUSE bug 1222437SUSE bug 1222445SUSE bug 1222449SUSE bug 1222482SUSE bug 1222503SUSE bug 1222520SUSE bug 1222536SUSE bug 1222549SUSE bug 1222550SUSE bug 1222557SUSE bug 1222559SUSE bug 1222585SUSE bug 1222586SUSE bug 1222596SUSE bug 1222609SUSE bug 1222610SUSE bug 1222613SUSE bug 1222615SUSE bug 1222618SUSE bug 1222624SUSE bug 1222630SUSE bug 1222632SUSE bug 1222660SUSE bug 1222662SUSE bug 1222664SUSE bug 1222666SUSE bug 1222669SUSE bug 1222671SUSE bug 1222677SUSE bug 1222678SUSE bug 1222680SUSE bug 1222703SUSE bug 1222704SUSE bug 1222706SUSE bug 1222709SUSE bug 1222710SUSE bug 1222720SUSE bug 1222721SUSE bug 1222724SUSE bug 1222726SUSE bug 1222727SUSE bug 1222764SUSE bug 1222772SUSE bug 1222773SUSE bug 1222776SUSE bug 1222781SUSE bug 1222784SUSE bug 1222785SUSE bug 1222787SUSE bug 1222790SUSE bug 1222791SUSE bug 1222792SUSE bug 1222796SUSE bug 1222798SUSE bug 1222801SUSE bug 1222812SUSE bug 1222824SUSE bug 1222829SUSE bug 1222832SUSE bug 1222836SUSE bug 1222838SUSE bug 1222866SUSE bug 1222867SUSE bug 1222869SUSE bug 1222876SUSE bug 1222878SUSE bug 1222879SUSE bug 1222881SUSE bug 1222883SUSE bug 1222888SUSE bug 1222894SUSE bug 1222901SUSE bug 1222968SUSE bug 1223012SUSE bug 1223014SUSE bug 1223016SUSE bug 1223024SUSE bug 1223030SUSE bug 1223033SUSE bug 1223034SUSE bug 1223035SUSE bug 1223036SUSE bug 1223037SUSE bug 1223041SUSE bug 1223042SUSE bug 1223051SUSE bug 1223052SUSE bug 1223056SUSE bug 1223057SUSE bug 1223058SUSE bug 1223060SUSE bug 1223061SUSE bug 1223065SUSE bug 1223066SUSE bug 1223067SUSE bug 1223068SUSE bug 1223076SUSE bug 1223078SUSE bug 1223111SUSE bug 1223115SUSE bug 1223118SUSE bug 1223187SUSE bug 1223189SUSE bug 1223190SUSE bug 1223191SUSE bug 1223196SUSE bug 1223197SUSE bug 1223198SUSE bug 1223275SUSE bug 1223323SUSE bug 1223369SUSE bug 1223380SUSE bug 1223473SUSE bug 1223474SUSE bug 1223475SUSE bug 1223477SUSE bug 1223478SUSE bug 1223479SUSE bug 1223481SUSE bug 1223482SUSE bug 1223484SUSE bug 1223487SUSE bug 1223490SUSE bug 1223496SUSE bug 1223498SUSE bug 1223499SUSE bug 1223501SUSE bug 1223502SUSE bug 1223503SUSE bug 1223505SUSE bug 1223509SUSE bug 1223511SUSE bug 1223512SUSE bug 1223513SUSE bug 1223516SUSE bug 1223517SUSE bug 1223518SUSE bug 1223519SUSE bug 1223520SUSE bug 1223522SUSE bug 1223523SUSE bug 1223525SUSE bug 1223536SUSE bug 1223539SUSE bug 1223574SUSE bug 1223595SUSE bug 1223598SUSE bug 1223634SUSE bug 1223640SUSE bug 1223643SUSE bug 1223644SUSE bug 1223645SUSE bug 1223646SUSE bug 1223648SUSE bug 1223655SUSE bug 1223657SUSE bug 1223660SUSE bug 1223661SUSE bug 1223663SUSE bug 1223664SUSE bug 1223668SUSE bug 1223686SUSE bug 1223693SUSE bug 1223705SUSE bug 1223714SUSE bug 1223735SUSE bug 1223745SUSE bug 1223784SUSE bug 1223785SUSE bug 1223790SUSE bug 1223816SUSE bug 1223821SUSE bug 1223822SUSE bug 1223824SUSE bug 1223827SUSE bug 1223834SUSE bug 1223875SUSE bug 1223876SUSE bug 1223877SUSE bug 1223878SUSE bug 1223879SUSE bug 1223894SUSE bug 1223921SUSE bug 1223922SUSE bug 1223923SUSE bug 1223924SUSE bug 1223929SUSE bug 1223931SUSE bug 1223932SUSE bug 1223934SUSE bug 1223941SUSE bug 1223948SUSE bug 1223949SUSE bug 1223950SUSE bug 1223951SUSE bug 1223952SUSE bug 1223953SUSE bug 1223956SUSE bug 1223957SUSE bug 1223960SUSE bug 1223962SUSE bug 1223963SUSE bug 1223964CVE-2021-47047 at SUSECVE-2021-47047 at NVDCVE-2021-47181 at SUSECVE-2021-47181 at NVDCVE-2021-47182 at SUSECVE-2021-47182 at NVDCVE-2021-47183 at SUSECVE-2021-47183 at NVDCVE-2021-47184 at SUSECVE-2021-47184 at NVDCVE-2021-47185 at SUSECVE-2021-47185 at NVDCVE-2021-47187 at SUSECVE-2021-47187 at NVDCVE-2021-47188 at SUSECVE-2021-47188 at NVDCVE-2021-47189 at SUSECVE-2021-47189 at NVDCVE-2021-47191 at SUSECVE-2021-47191 at NVDCVE-2021-47192 at SUSECVE-2021-47192 at NVDCVE-2021-47193 at SUSECVE-2021-47193 at NVDCVE-2021-47194 at SUSECVE-2021-47194 at NVDCVE-2021-47195 at SUSECVE-2021-47195 at NVDCVE-2021-47196 at SUSECVE-2021-47196 at NVDCVE-2021-47197 at SUSECVE-2021-47197 at NVDCVE-2021-47198 at SUSECVE-2021-47198 at NVDCVE-2021-47199 at SUSECVE-2021-47199 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47201 at SUSECVE-2021-47201 at NVDCVE-2021-47202 at SUSECVE-2021-47202 at NVDCVE-2021-47203 at SUSECVE-2021-47203 at NVDCVE-2021-47204 at SUSECVE-2021-47204 at NVDCVE-2021-47205 at SUSECVE-2021-47205 at NVDCVE-2021-47206 at SUSECVE-2021-47206 at NVDCVE-2021-47207 at SUSECVE-2021-47207 at NVDCVE-2021-47209 at SUSECVE-2021-47209 at NVDCVE-2021-47210 at SUSECVE-2021-47210 at NVDCVE-2021-47211 at SUSECVE-2021-47211 at NVDCVE-2021-47212 at SUSECVE-2021-47212 at NVDCVE-2021-47214 at SUSECVE-2021-47214 at NVDCVE-2021-47215 at SUSECVE-2021-47215 at NVDCVE-2021-47216 at SUSECVE-2021-47216 at NVDCVE-2021-47217 at SUSECVE-2021-47217 at NVDCVE-2021-47218 at SUSECVE-2021-47218 at NVDCVE-2021-47219 at SUSECVE-2021-47219 at NVDCVE-2022-48631 at SUSECVE-2022-48631 at NVDCVE-2022-48632 at SUSECVE-2022-48632 at NVDCVE-2022-48634 at SUSECVE-2022-48634 at NVDCVE-2022-48636 at SUSECVE-2022-48636 at NVDCVE-2022-48637 at SUSECVE-2022-48637 at NVDCVE-2022-48638 at SUSECVE-2022-48638 at NVDCVE-2022-48639 at SUSECVE-2022-48639 at NVDCVE-2022-48640 at SUSECVE-2022-48640 at NVDCVE-2022-48642 at SUSECVE-2022-48642 at NVDCVE-2022-48644 at SUSECVE-2022-48644 at NVDCVE-2022-48646 at SUSECVE-2022-48646 at NVDCVE-2022-48647 at SUSECVE-2022-48647 at NVDCVE-2022-48648 at SUSECVE-2022-48648 at NVDCVE-2022-48650 at SUSECVE-2022-48650 at NVDCVE-2022-48651 at SUSECVE-2022-48651 at NVDCVE-2022-48652 at SUSECVE-2022-48652 at NVDCVE-2022-48653 at SUSECVE-2022-48653 at NVDCVE-2022-48654 at SUSECVE-2022-48654 at NVDCVE-2022-48655 at SUSECVE-2022-48655 at NVDCVE-2022-48656 at SUSECVE-2022-48656 at NVDCVE-2022-48657 at SUSECVE-2022-48657 at NVDCVE-2022-48658 at SUSECVE-2022-48658 at NVDCVE-2022-48659 at SUSECVE-2022-48659 at NVDCVE-2022-48660 at SUSECVE-2022-48660 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48663 at SUSECVE-2022-48663 at NVDCVE-2022-48667 at SUSECVE-2022-48667 at NVDCVE-2022-48668 at SUSECVE-2022-48668 at NVDCVE-2022-48671 at SUSECVE-2022-48671 at NVDCVE-2022-48672 at SUSECVE-2022-48672 at NVDCVE-2022-48673 at SUSECVE-2022-48673 at NVDCVE-2022-48675 at SUSECVE-2022-48675 at NVDCVE-2022-48686 at SUSECVE-2022-48686 at NVDCVE-2022-48687 at SUSECVE-2022-48687 at NVDCVE-2022-48688 at SUSECVE-2022-48688 at NVDCVE-2022-48690 at SUSECVE-2022-48690 at NVDCVE-2022-48692 at SUSECVE-2022-48692 at NVDCVE-2022-48693 at SUSECVE-2022-48693 at NVDCVE-2022-48694 at SUSECVE-2022-48694 at NVDCVE-2022-48695 at SUSECVE-2022-48695 at NVDCVE-2022-48697 at SUSECVE-2022-48697 at NVDCVE-2022-48698 at SUSECVE-2022-48698 at NVDCVE-2022-48700 at SUSECVE-2022-48700 at NVDCVE-2022-48701 at SUSECVE-2022-48701 at NVDCVE-2022-48702 at SUSECVE-2022-48702 at NVDCVE-2022-48703 at SUSECVE-2022-48703 at NVDCVE-2022-48704 at SUSECVE-2022-48704 at NVDCVE-2023-2860 at SUSECVE-2023-2860 at NVDCVE-2023-52488 at SUSECVE-2023-52488 at NVDCVE-2023-52503 at SUSECVE-2023-52503 at NVDCVE-2023-52561 at SUSECVE-2023-52561 at NVDCVE-2023-52585 at SUSECVE-2023-52585 at NVDCVE-2023-52589 at SUSECVE-2023-52589 at NVDCVE-2023-52590 at SUSECVE-2023-52590 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52593 at SUSECVE-2023-52593 at NVDCVE-2023-52614 at SUSECVE-2023-52614 at NVDCVE-2023-52616 at SUSECVE-2023-52616 at NVDCVE-2023-52620 at SUSECVE-2023-52620 at NVDCVE-2023-52627 at SUSECVE-2023-52627 at NVDCVE-2023-52635 at SUSECVE-2023-52635 at NVDCVE-2023-52636 at SUSECVE-2023-52636 at NVDCVE-2023-52645 at SUSECVE-2023-52645 at NVDCVE-2023-52652 at SUSECVE-2023-52652 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-0639 at SUSECVE-2024-0639 at NVDCVE-2024-0841 at SUSECVE-2024-0841 at NVDCVE-2024-22099 at SUSECVE-2024-22099 at NVDCVE-2024-23307 at SUSECVE-2024-23307 at NVDCVE-2024-23848 at SUSECVE-2024-23848 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-26601 at SUSECVE-2024-26601 at NVDCVE-2024-26610 at SUSECVE-2024-26610 at NVDCVE-2024-26656 at SUSECVE-2024-26656 at NVDCVE-2024-26660 at SUSECVE-2024-26660 at NVDCVE-2024-26671 at SUSECVE-2024-26671 at NVDCVE-2024-26673 at SUSECVE-2024-26673 at NVDCVE-2024-26675 at SUSECVE-2024-26675 at NVDCVE-2024-26680 at SUSECVE-2024-26680 at NVDCVE-2024-26681 at SUSECVE-2024-26681 at NVDCVE-2024-26684 at SUSECVE-2024-26684 at NVDCVE-2024-26685 at SUSECVE-2024-26685 at NVDCVE-2024-26687 at SUSECVE-2024-26687 at NVDCVE-2024-26688 at SUSECVE-2024-26688 at NVDCVE-2024-26689 at SUSECVE-2024-26689 at NVDCVE-2024-26696 at SUSECVE-2024-26696 at NVDCVE-2024-26697 at SUSECVE-2024-26697 at NVDCVE-2024-26702 at SUSECVE-2024-26702 at NVDCVE-2024-26704 at SUSECVE-2024-26704 at NVDCVE-2024-26718 at SUSECVE-2024-26718 at NVDCVE-2024-26722 at SUSECVE-2024-26722 at NVDCVE-2024-26727 at SUSECVE-2024-26727 at NVDCVE-2024-26733 at SUSECVE-2024-26733 at NVDCVE-2024-26736 at SUSECVE-2024-26736 at NVDCVE-2024-26737 at SUSECVE-2024-26737 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26743 at SUSECVE-2024-26743 at NVDCVE-2024-26744 at SUSECVE-2024-26744 at NVDCVE-2024-26745 at SUSECVE-2024-26745 at NVDCVE-2024-26747 at SUSECVE-2024-26747 at NVDCVE-2024-26749 at SUSECVE-2024-26749 at NVDCVE-2024-26751 at SUSECVE-2024-26751 at NVDCVE-2024-26754 at SUSECVE-2024-26754 at NVDCVE-2024-26760 at SUSECVE-2024-26760 at NVDCVE-2024-26763 at SUSECVE-2024-26763 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26766 at SUSECVE-2024-26766 at NVDCVE-2024-26769 at SUSECVE-2024-26769 at NVDCVE-2024-26771 at SUSECVE-2024-26771 at NVDCVE-2024-26772 at SUSECVE-2024-26772 at NVDCVE-2024-26773 at SUSECVE-2024-26773 at NVDCVE-2024-26776 at SUSECVE-2024-26776 at NVDCVE-2024-26779 at SUSECVE-2024-26779 at NVDCVE-2024-26783 at SUSECVE-2024-26783 at NVDCVE-2024-26787 at SUSECVE-2024-26787 at NVDCVE-2024-26790 at SUSECVE-2024-26790 at NVDCVE-2024-26792 at SUSECVE-2024-26792 at NVDCVE-2024-26793 at SUSECVE-2024-26793 at NVDCVE-2024-26798 at SUSECVE-2024-26798 at NVDCVE-2024-26805 at SUSECVE-2024-26805 at NVDCVE-2024-26807 at SUSECVE-2024-26807 at NVDCVE-2024-26816 at SUSECVE-2024-26816 at NVDCVE-2024-26817 at SUSECVE-2024-26817 at NVDCVE-2024-26820 at SUSECVE-2024-26820 at NVDCVE-2024-26825 at SUSECVE-2024-26825 at NVDCVE-2024-26830 at SUSECVE-2024-26830 at NVDCVE-2024-26833 at SUSECVE-2024-26833 at NVDCVE-2024-26836 at SUSECVE-2024-26836 at NVDCVE-2024-26843 at SUSECVE-2024-26843 at NVDCVE-2024-26848 at SUSECVE-2024-26848 at NVDCVE-2024-26852 at SUSECVE-2024-26852 at NVDCVE-2024-26853 at SUSECVE-2024-26853 at NVDCVE-2024-26855 at SUSECVE-2024-26855 at NVDCVE-2024-26856 at SUSECVE-2024-26856 at NVDCVE-2024-26857 at SUSECVE-2024-26857 at NVDCVE-2024-26861 at SUSECVE-2024-26861 at NVDCVE-2024-26862 at SUSECVE-2024-26862 at NVDCVE-2024-26866 at SUSECVE-2024-26866 at NVDCVE-2024-26872 at SUSECVE-2024-26872 at NVDCVE-2024-26875 at SUSECVE-2024-26875 at NVDCVE-2024-26878 at SUSECVE-2024-26878 at NVDCVE-2024-26879 at SUSECVE-2024-26879 at NVDCVE-2024-26881 at SUSECVE-2024-26881 at NVDCVE-2024-26882 at SUSECVE-2024-26882 at NVDCVE-2024-26883 at SUSECVE-2024-26883 at NVDCVE-2024-26884 at SUSECVE-2024-26884 at NVDCVE-2024-26885 at SUSECVE-2024-26885 at NVDCVE-2024-26891 at SUSECVE-2024-26891 at NVDCVE-2024-26893 at SUSECVE-2024-26893 at NVDCVE-2024-26895 at SUSECVE-2024-26895 at NVDCVE-2024-26896 at SUSECVE-2024-26896 at NVDCVE-2024-26897 at SUSECVE-2024-26897 at NVDCVE-2024-26898 at SUSECVE-2024-26898 at NVDCVE-2024-26901 at SUSECVE-2024-26901 at NVDCVE-2024-26903 at SUSECVE-2024-26903 at NVDCVE-2024-26917 at SUSECVE-2024-26917 at NVDCVE-2024-26927 at SUSECVE-2024-26927 at NVDCVE-2024-26948 at SUSECVE-2024-26948 at NVDCVE-2024-26950 at SUSECVE-2024-26950 at NVDCVE-2024-26951 at SUSECVE-2024-26951 at NVDCVE-2024-26955 at SUSECVE-2024-26955 at NVDCVE-2024-26956 at SUSECVE-2024-26956 at NVDCVE-2024-26960 at SUSECVE-2024-26960 at NVDCVE-2024-26965 at SUSECVE-2024-26965 at NVDCVE-2024-26966 at SUSECVE-2024-26966 at NVDCVE-2024-26969 at SUSECVE-2024-26969 at NVDCVE-2024-26970 at SUSECVE-2024-26970 at NVDCVE-2024-26972 at SUSECVE-2024-26972 at NVDCVE-2024-26981 at SUSECVE-2024-26981 at NVDCVE-2024-26982 at SUSECVE-2024-26982 at NVDCVE-2024-26993 at SUSECVE-2024-26993 at NVDCVE-2024-27013 at SUSECVE-2024-27013 at NVDCVE-2024-27014 at SUSECVE-2024-27014 at NVDCVE-2024-27030 at SUSECVE-2024-27030 at NVDCVE-2024-27038 at SUSECVE-2024-27038 at NVDCVE-2024-27039 at SUSECVE-2024-27039 at NVDCVE-2024-27041 at SUSECVE-2024-27041 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-27046 at SUSECVE-2024-27046 at NVDCVE-2024-27056 at SUSECVE-2024-27056 at NVDCVE-2024-27062 at SUSECVE-2024-27062 at NVDCVE-2024-27389 at SUSECVE-2024-27389 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Critical)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- Fixed ImagePath.Path array handling (bsc#1194552, CVE-2022-22815, bsc#1194551, CVE-2022-22816)
- Use snprintf instead of sprintf (bsc#1188574, CVE-2021-34552)
- Fix Memory DOS in Icns, Ico and Blp Image Plugins. (bsc#1183110, CVE-2021-27921, bsc#1183108, CVE-2021-27922, bsc#1183107, CVE-2021-27923)
- Fix OOB read in SgiRleDecode.c (bsc#1183102, CVE-2021-25293)
- Use more specific regex chars to prevent ReDoS (bsc#1183101, CVE-2021-25292)
- Fix negative size read in TiffDecode.c (bsc#1183105, CVE-2021-25290)
- Raise ValueError if color specifier is too long (bsc#1190229, CVE-2021-23437)
- Incorrect error code checking in TiffDecode.c (bsc#1183103, CVE-2021-25289)
- OOB Write in TiffDecode.c (bsc#1180833, CVE-2020-35654)
CriticalSUSE bug 1180833SUSE bug 1183101SUSE bug 1183102SUSE bug 1183103SUSE bug 1183105SUSE bug 1183107SUSE bug 1183108SUSE bug 1183110SUSE bug 1188574SUSE bug 1190229SUSE bug 1194551SUSE bug 1194552CVE-2020-35654 at SUSECVE-2020-35654 at NVDCVE-2021-23437 at SUSECVE-2021-23437 at NVDCVE-2021-25289 at SUSECVE-2021-25289 at NVDCVE-2021-25290 at SUSECVE-2021-25290 at NVDCVE-2021-25292 at SUSECVE-2021-25292 at NVDCVE-2021-25293 at SUSECVE-2021-25293 at NVDCVE-2021-27921 at SUSECVE-2021-27921 at NVDCVE-2021-27922 at SUSECVE-2021-27922 at NVDCVE-2021-27923 at SUSECVE-2021-27923 at NVDCVE-2021-34552 at SUSECVE-2021-34552 at NVDCVE-2022-22815 at SUSECVE-2022-22815 at NVDCVE-2022-22816 at SUSECVE-2022-22816 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
Updated to version 3.8.6:
- CVE-2023-49082: Fixed an HTTP header injection via a crafted method (bsc#1217682).
ModerateSUSE bug 1217682CVE-2023-49082 at SUSECVE-2023-49082 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Moderate)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2023-52425: Fixed using the system libexpat (bsc#1219559).
ModerateSUSE bug 1219559CVE-2023-52425 at SUSECVE-2023-52425 at NVDcpe:/o:opensuse:leap:15.5Security update for cairo (Low)openSUSE Leap 15.5
This update for cairo fixes the following issues:
- CVE-2019-6462: Fixed a potentially infinite loop (bsc#1122321).
LowSUSE bug 1122321CVE-2019-6462 at SUSECVE-2019-6462 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-6129: Fixed vector register clobbering on PowerPC. (bsc#1218690)
- CVE-2023-6237: Fixed excessive time spent checking invalid RSA public keys. (bsc#1218810)
ModerateSUSE bug 1218690SUSE bug 1218810CVE-2023-6129 at SUSECVE-2023-6129 at NVDCVE-2023-6237 at SUSECVE-2023-6237 at NVDcpe:/o:opensuse:leap:15.5Security update for perl (Important)openSUSE Leap 15.5
This update for perl fixes the following issues:
Security issues fixed:
- CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216)
- CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233)
Non-security issue fixed:
- make Net::FTP work with TLS 1.3 (bsc#1213638)
ImportantSUSE bug 1082216SUSE bug 1082233SUSE bug 1213638CVE-2018-6798 at SUSECVE-2018-6798 at NVDCVE-2018-6913 at SUSECVE-2018-6913 at NVDcpe:/o:opensuse:leap:15.5Security update for python-sqlparse (Important)openSUSE Leap 15.5
This update for python-sqlparse fixes the following issues:
- CVE-2024-4340: Catch RecursionError to avoid a denial of service. (bsc#1223603)
ImportantSUSE bug 1223603CVE-2024-4340 at SUSECVE-2024-4340 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql14 (Moderate)openSUSE Leap 15.5
This update for postgresql14 fixes the following issues:
PostgreSQL upgrade to version 14.12 (bsc#1224051):
- CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038).
Bug fixes:
- Fix incompatibility with LLVM 18.
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.
- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.
- Remove constraints file because improved memory usage for s390x
- Use %patch -P N instead of deprecated %patchN.
Release notes:
- https://www.postgresql.org/docs/release/14.12/
ModerateSUSE bug 1224038SUSE bug 1224051CVE-2024-4317 at SUSECVE-2024-4317 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to version 115.11.0 ESR (bsc#1224056):
- CVE-2024-4367: Arbitrary JavaScript execution in PDF.js
- CVE-2024-4767: IndexedDB files retained in private browsing mode
- CVE-2024-4768: Potential permissions request bypass via clickjacking
- CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types
- CVE-2024-4770: Use-after-free could occur when printing to PDF
- CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
ImportantSUSE bug 1222535SUSE bug 1224056CVE-2024-2609 at SUSECVE-2024-2609 at NVDCVE-2024-3302 at SUSECVE-2024-3302 at NVDCVE-2024-3852 at SUSECVE-2024-3852 at NVDCVE-2024-3854 at SUSECVE-2024-3854 at NVDCVE-2024-3857 at SUSECVE-2024-3857 at NVDCVE-2024-3859 at SUSECVE-2024-3859 at NVDCVE-2024-3861 at SUSECVE-2024-3861 at NVDCVE-2024-3863 at SUSECVE-2024-3863 at NVDCVE-2024-3864 at SUSECVE-2024-3864 at NVDCVE-2024-4367 at SUSECVE-2024-4367 at NVDCVE-2024-4767 at SUSECVE-2024-4767 at NVDCVE-2024-4768 at SUSECVE-2024-4768 at NVDCVE-2024-4769 at SUSECVE-2024-4769 at NVDCVE-2024-4770 at SUSECVE-2024-4770 at NVDCVE-2024-4777 at SUSECVE-2024-4777 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
Intel CPU Microcode was updated to the 20240514 release (bsc#1224277)
- CVE-2023-45733: Fixed a potential security vulnerability in some
Intel? Processors that may have allowed information disclosure.
- CVE-2023-46103: Fixed a potential security vulnerability in Intel?
Core™ Ultra Processors that may have allowed denial of service.
- CVE-2023-45745,CVE-2023-47855: Fixed a potential security
vulnerabilities in some Intel? Trust Domain Extensions (TDX) module
software that may have allowed escalation of privilege.
ImportantSUSE bug 1224277CVE-2023-45733 at SUSECVE-2023-45733 at NVDCVE-2023-45745 at SUSECVE-2023-45745 at NVDCVE-2023-46103 at SUSECVE-2023-46103 at NVDCVE-2023-47855 at SUSECVE-2023-47855 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Moderate)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
PostgreSQL upgrade to version 15.7 (bsc#1224051):
- CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038).
Bug fixes:
- Fix incompatibility with LLVM 18.
- Prepare for PostgreSQL 17.
- Make sure all compilation and doc generation happens in %build.
- Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work.
- Remove constraints file because improved memory usage for s390x
- Use %patch -P N instead of deprecated %patchN.
Release notes:
- https://www.postgresql.org/docs/release/15.7/
ModerateSUSE bug 1224038SUSE bug 1224051CVE-2024-4317 at SUSECVE-2024-4317 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
ImportantSUSE bug 1223858SUSE bug 1224169SUSE bug 1224340cpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-4603: Fixed DSA parameter checks for excessive sizes before validating (bsc#1224388).
ModerateSUSE bug 1224388CVE-2024-4603 at SUSECVE-2024-4603 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openj9 (Moderate)openSUSE Leap 15.5
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u412 build 08 with OpenJ9 0.44.0 virtual machine:
- CVE-2024-21094: Fixed C2 compilation failure with 'Exceeded _node_regs array' (bsc#1222986).
- CVE-2024-21011: Fixed long Exception message leading to crash (bsc#1222979).
- CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984).
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983).
ModerateSUSE bug 1213470SUSE bug 1222979SUSE bug 1222983SUSE bug 1222984SUSE bug 1222986CVE-2024-21011 at SUSECVE-2024-21011 at NVDCVE-2024-21068 at SUSECVE-2024-21068 at NVDCVE-2024-21085 at SUSECVE-2024-21085 at NVDCVE-2024-21094 at SUSECVE-2024-21094 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
ImportantSUSE bug 1223858SUSE bug 1224169SUSE bug 1224340cpe:/o:opensuse:leap:15.5Security update for xdg-desktop-portal (Important)openSUSE Leap 15.5
This update for xdg-desktop-portal fixes the following issues:
- CVE-2024-32462: Fixed sandbox escape via RequestBackground portal (bsc#1223110).
ImportantSUSE bug 1223110CVE-2024-32462 at SUSECVE-2024-32462 at NVDcpe:/o:opensuse:leap:15.5Security update for git (Important)openSUSE Leap 15.5
This update for git fixes the following issues:
- CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168).
- CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170).
- CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171).
- CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172).
- CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).
ImportantSUSE bug 1224168SUSE bug 1224170SUSE bug 1224171SUSE bug 1224172SUSE bug 1224173CVE-2024-32002 at SUSECVE-2024-32002 at NVDCVE-2024-32004 at SUSECVE-2024-32004 at NVDCVE-2024-32020 at SUSECVE-2024-32020 at NVDCVE-2024-32021 at SUSECVE-2024-32021 at NVDCVE-2024-32465 at SUSECVE-2024-32465 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Moderate)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548).
ModerateSUSE bug 1222548CVE-2024-2511 at SUSECVE-2024-2511 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
This update fixes a regression with kerberized nfs4 shares in the previous update (bsc#1223858).
ImportantSUSE bug 1223858SUSE bug 1224169SUSE bug 1224340cpe:/o:opensuse:leap:15.5Security update for bluez (Important)openSUSE Leap 15.5
This update for bluez fixes the following issues:
- CVE-2023-50229: Fixed an out of bounds write in the primary version
counter for the Phone Book Access Profile implementation
(bsc#1218300).
- CVE-2023-50230: Fixed an out of bounds write in the secondary
version counter for the Phone Book Access Profile implementation
(bsc#1218301).
ImportantSUSE bug 1218300SUSE bug 1218301CVE-2023-50229 at SUSECVE-2023-50229 at NVDCVE-2023-50230 at SUSECVE-2023-50230 at NVDcpe:/o:opensuse:leap:15.5Security update for glib2 (Low)openSUSE Leap 15.5
This update for glib2 fixes the following issues:
- CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:opensuse:leap:15.5Security update for warewulf4 (Important)openSUSE Leap 15.5
This update for warewulf4 fixes the following issues:
- fixed wwctl configure --all doesn't configure ssh (bsc#1225402)
- update to 4.5.2 with following changes:
* Reorder dnsmasq config to put iPXE last
* Update go-digest dependency to fix
CVE-2024-3727: digest values not always validated (bsc#1224124)
- updated to version 4.5.1 with following changes
* wwctl [profile|node] list -a handles now slices correclty
* Fix a locking issue with concurrent read/writes for node status
- Remove API package as use of this wasn't documented
- use tftp.socket for activation (bsc#1216994)
ImportantSUSE bug 1216994SUSE bug 1224124SUSE bug 1225402CVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:opensuse:leap:15.5Recommended update for tmux (Moderate)openSUSE Leap 15.5
This update for tmux fixes the following issues:
- tmux: Null pointer dereference in window.c (bsc#1207393) (CVE-2022-47016)
- add patch for compactibility with new ncurses fixes bsc#1210552
- disable utf8proc (following upstreams not use it by default on non-macOS)
- switch to screen-256color as default terminal to fix incompatibility
with yast2-ruby-testsuite
- update to 3.3a:
- build with utf8proc enabled
- refresh tmux-socket-path patch:
restore ability to overwrite socket path using $TMUX_TMPDIR (bsc#1185572)
- Drop pkgconfig(systemd) BuildRequires: there is no reason to pull
in systemd into the build.
- Use %tmpfiles_create instead of calling systemd-tmpfiles
directly.
- Replace systemd_requires with systemd_ordering: tmux is very well
capable to run without systemd (and by using tmpfiles_create, the
post script can also cope with the absence of if). ModerateSUSE bug 1185572SUSE bug 1207393SUSE bug 1210552CVE-2022-47016 at SUSECVE-2022-47016 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048)
ImportantSUSE bug 1219048CVE-2023-50447 at SUSECVE-2023-50447 at NVDcpe:/o:opensuse:leap:15.5Security update for python-PyMySQL (Important)openSUSE Leap 15.5
This update for python-PyMySQL fixes the following issues:
- CVE-2024-36039: Fixed SQL injection if used with untrusted JSON input (bsc#1225070).
ImportantSUSE bug 1225070CVE-2024-36039 at SUSECVE-2024-36039 at NVDcpe:/o:opensuse:leap:15.5Security update for freerdp (Important)openSUSE Leap 15.5
This update for freerdp fixes the following issues:
- CVE-2024-32658: Fixed out-of-bounds read in Interleaved RLE Bitmap Codec (bsc#1223353).
- CVE-2024-32659: Fixed out-of-bounds read if `((nWidth == 0) and (nHeight == 0))` (bsc#1223346)
- CVE-2024-32660: Fixed client crash via invalid huge allocation size (bsc#1223347)
- CVE-2024-32661: Fixed client NULL pointer dereference (bsc#1223348)
ImportantSUSE bug 1223346SUSE bug 1223347SUSE bug 1223348SUSE bug 1223353CVE-2024-32658 at SUSECVE-2024-32658 at NVDCVE-2024-32659 at SUSECVE-2024-32659 at NVDCVE-2024-32660 at SUSECVE-2024-32660 at NVDCVE-2024-32661 at SUSECVE-2024-32661 at NVDcpe:/o:opensuse:leap:15.5Security update for python-requests (Moderate)openSUSE Leap 15.5
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update to version 115.11 (bsc#1224056):
- CVE-2024-4367: Arbitrary JavaScript execution in PDF.js
- CVE-2024-4767: IndexedDB files retained in private browsing mode
- CVE-2024-4768: Potential permissions request bypass via clickjacking
- CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types
- CVE-2024-4770: Use-after-free could occur when printing to PDF
- CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11
- fixed: Splitter arrow between task list and task description did not behave as expected
- fixed: Calendar Event Attendees dialog had incorrectly sized rows
ImportantSUSE bug 1224056CVE-2024-4367 at SUSECVE-2024-4367 at NVDCVE-2024-4767 at SUSECVE-2024-4767 at NVDCVE-2024-4768 at SUSECVE-2024-4768 at NVDCVE-2024-4769 at SUSECVE-2024-4769 at NVDCVE-2024-4770 at SUSECVE-2024-4770 at NVDCVE-2024-4777 at SUSECVE-2024-4777 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 8 Fix Pack 25 (bsc#1223470):
- CVE-2023-38264: Fixed Object Request Broker (ORB) denial of service (bsc#1224164).
- CVE-2024-21094: Fixed C2 compilation fails with 'Exceeded _node_regs array' (bsc#1222986).
- CVE-2024-21068: Fixed integer overflow in C1 compiler address generation (bsc#1222983).
- CVE-2024-21085: Fixed Pack200 excessive memory allocation (bsc#1222984).
- CVE-2024-21011: Fixed Long Exception message leading to crash (bsc#1222979).
- CVE-2024-21012: Fixed HTTP/2 client improper reverse DNS lookup (bsc#1222987).
ImportantSUSE bug 1222979SUSE bug 1222983SUSE bug 1222984SUSE bug 1222986SUSE bug 1222987SUSE bug 1223470SUSE bug 1224164CVE-2023-38264 at SUSECVE-2023-38264 at NVDCVE-2024-21011 at SUSECVE-2024-21011 at NVDCVE-2024-21012 at SUSECVE-2024-21012 at NVDCVE-2024-21068 at SUSECVE-2024-21068 at NVDCVE-2024-21085 at SUSECVE-2024-21085 at NVDCVE-2024-21094 at SUSECVE-2024-21094 at NVDcpe:/o:opensuse:leap:15.5Security update for uriparser (Important)openSUSE Leap 15.5
This update for uriparser fixes the following issues:
- CVE-2024-34402: Fixed integer overflow protection in ComposeQueryEngine (bsc#1223887).
- CVE-2024-34403: Fixed integer overflow protection in ComposeQueryMallocExMm (bsc#1223888).
ImportantSUSE bug 1223887SUSE bug 1223888CVE-2024-34402 at SUSECVE-2024-34402 at NVDCVE-2024-34403 at SUSECVE-2024-34403 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-sqlparse (Important)openSUSE Leap 15.5
This update for python3-sqlparse fixes the following issues:
- CVE-2024-4340: Fixed RecursionError catch to avoid a denial-of-service issue (bsc#1223603).
ImportantSUSE bug 1223603CVE-2024-4340 at SUSECVE-2024-4340 at NVDcpe:/o:opensuse:leap:15.5Security update for python (Moderate)openSUSE Leap 15.5
This update for python fixes the following issues:
- CVE-2023-52425: Fixed using the system libexpat (bsc#1219559).
- CVE-2023-27043: Modifed fix for unicode string handling in email.utils.parseaddr() (bsc#1222537).
- CVE-2022-48560: Fixed use-after-free in Python via heappushpop in heapq (bsc#1214675).
- CVE-2024-0450: Detect the vulnerability of the 'quoted-overlap' zipbomb (bsc#1221854).
Bug fixes:
- Switch off tests. ONLY FOR FACTORY!!! (bsc#1219306).
- Build with -std=gnu89 to build correctly with gcc14 (bsc#1220970).
- Switch from %patchN style to the %patch -P N one.
ModerateSUSE bug 1214675SUSE bug 1219306SUSE bug 1219559SUSE bug 1220970SUSE bug 1221854SUSE bug 1222537CVE-2022-48560 at SUSECVE-2022-48560 at NVDCVE-2023-27043 at SUSECVE-2023-27043 at NVDCVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Jinja2 (Moderate)openSUSE Leap 15.5
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Jinja2 (Moderate)openSUSE Leap 15.5
This update for python-Jinja2 fixes the following issues:
- Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722)
ModerateSUSE bug 1218722SUSE bug 1223980CVE-2024-22195 at SUSECVE-2024-22195 at NVDCVE-2024-34064 at SUSECVE-2024-34064 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Moderate)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
Update to version 3.6.22:
- CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops (bsc#1224274)
- CVE-2024-4853: The editcap command line utility could crash
when chopping bytes from the beginning of a packet (bsc#1224259)
- CVE-2024-4855: The editcap command line utility could crash
when injecting secrets while writing multiple files (bsc#1224276)
ModerateSUSE bug 1224259SUSE bug 1224274SUSE bug 1224276CVE-2024-4853 at SUSECVE-2024-4853 at NVDCVE-2024-4854 at SUSECVE-2024-4854 at NVDCVE-2024-4855 at SUSECVE-2024-4855 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-27306: Fixed XSS on index pages for static file handling (bsc#1223098)
ModerateSUSE bug 1223098CVE-2024-27306 at SUSECVE-2024-27306 at NVDcpe:/o:opensuse:leap:15.5Security update for fwupdate (Moderate)openSUSE Leap 15.5
This update of fwupdate fixes the following issues:
- rebuild the package with the new secure boot key (bsc#1209188).
- Update the email address of security team in SBAT (bsc#1221301)
- elf_aarch64_efi.lds: set the memory permission explicitly to
avoid ld warning like 'LOAD segment with RWX permissions'
ModerateSUSE bug 1209188SUSE bug 1221301cpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2023-38709: Fixed faulty input validation inside the HTTP response splitting code (bsc#1222330).
- CVE-2024-24795: Fixed handling of malicious HTTP splitting response headers in multiple modules (bsc#1222332).
- CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames that could have been utilized for DoS attacks (bsc#1221401).
ImportantSUSE bug 1221401SUSE bug 1222330SUSE bug 1222332CVE-2023-38709 at SUSECVE-2023-38709 at NVDCVE-2024-24795 at SUSECVE-2024-24795 at NVDCVE-2024-27316 at SUSECVE-2024-27316 at NVDcpe:/o:opensuse:leap:15.5Security update for python-tqdm (Moderate)openSUSE Leap 15.5
This update for python-tqdm fixes the following issues:
Update to version 4.66.4:
* rich: fix completion
* cli: eval safety (CVE-2024-34062, bsc#1223880)
* pandas: add DataFrame.progress_map
* notebook: fix HTML padding
* keras: fix resuming training when verbose>=2
* fix format_num negative fractions missing leading zero
* fix Python 3.12 DeprecationWarning on import
ModerateSUSE bug 1223880CVE-2024-34062 at SUSECVE-2024-34062 at NVDcpe:/o:opensuse:leap:15.5Security update for Java (Important)openSUSE Leap 15.5
This update for Java fixes thefollowing issues:
apiguardian was updated to vesion 1.1.2:
- Added LICENSE/NOTICE to the generated jar
- Allow @API to be declared at the package level
- Explain usage of Status.DEPRECATED
- Include OSGi metadata in manifest
assertj-core was implemented at version 3.25.3:
- New package implementation needed by Junit5
byte-buddy was updated to version v1.14.16:
- `byte-buddy` is required by `assertj-core`
- Changes in version v1.14.16:
* Update ASM and introduce support for Java 23.
- Changes in version v1.14.15:
* Allow attaching from root on J9.
- Changes of v1.14.14:
* Adjust type validation to accept additional names that are
legal in the class file format.
* Fix dynamic attach on Windows when a service user is active.
* Avoid failure when using Android's strict mode.
dom4j was updated to version 2.1.4:
- Improvements and potentially breaking changes:
* Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(),
which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser().
* If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit
dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j.
* Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were
enabled in previous versions):
+ http://xml.org/sax/properties/external-general-entities
+ http://xml.org/sax/properties/external-parameter-entities
- Other changes:
* Do not depend on jtidy, since it is not used during build
* Fixed license to Plexus
* JPMS: Add the Automatic-Module-Name attribute to the manifest.
* Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j`
* Updated pull-parser version
* Reuse the writeAttribute method in writeAttributes
* Support build on OS with non-UTF8 as default charset
* Gradle: add an automatic module name
* Use Correct License Name 'Plexus'
* Possible vulnerability of DocumentHelper.parseText() to XML injection
* CVS directories left in the source tree
* XMLWriter does not escape supplementary unicode characters correctly
* writer.writeOpen(x) doesn't write namespaces
* Fixed concurrency problem with QNameCache
* All dependencies are optional
* SAXReader: hardcoded namespace features
* Validate QNames
* StringIndexOutOfBoundsException in XMLWriter.writeElementContent()
* TreeNode has grown some generics
* QName serialization fix
* DocumentException initialize with nested exception
* Accidentally occurring error in a multi-threaded test
* Added compatibility with W3C DOM Level 3
* Use Java generics
hamcrest:
- `hamcrest-core` has been replaced by `hamcrest` (no source changes)
junit had the following change:
- Require hamcrest >= 2.2
junit5 was updated to version 5.10.2:
- Conditional execution based on OS architectures
- Configurable cleanup mode for @TempDir
- Configurable thread mode for @Timeout
- Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf
- Dry-run mode for test execution
- Failure threshold for @RepeatedTest
- Fixed build with the latest open-test-reporting milestone
- Fixed dependencies in module-info.java files
- Fixed unreported exception error that is fatal with JDK 21
- Improved configurability of parallel execution
- New @SelectMethod support in test @Suite classes.
- New ConsoleLauncher subcommand for test discovery without execution
- New convenience base classes for implementing ArgumentsProvider and ArgumentConverter
- New IterationSelector
- New LauncherInterceptor SPI
- New NamespacedHierarchicalStore for use in third-party test engines
- New TempDirFactory SPI for customizing how temporary directories are created
- New testfeed details mode for ConsoleLauncher
- New TestInstancePreConstructCallback extension API
- Numerous bug fixes and minor improvements
- Parameter injection for @MethodSource methods
- Promotion of various experimental APIs to stable
- Reusable parameter resolution for custom extension methods via ExecutableInvoker
- Stacktrace pruning to hide internal JUnit calls
- The binaries are compatible with java 1.8
- Various improvements to ConsoleLauncher
- XML reports in new Open Test Reporting format
jdom:
- Security issues fixed:
* CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service
via a crafted HTTP request (bsc#1187446)
- Other changes and bugs fixed:
* Fixed wrong entries in changelog (bsc#1224410)
* The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part of `jdom`
jaxen was implemented at version 2.0.0:
- New standalone RPM package implementation, originally part of `jdom` source package
- Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis tools.
- The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation
- Despite the major version bump, this should be a drop in replacement for almost every project.
The two major possible incompatibilities are:
* The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6.
* dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded transitively
it will need to add explicit dependencies to build.
jopt-simple:
- Included jopt-simple to Package Hub 15 SP5 (no source changes)
objectweb-asm was updated to version 9.7:
- New Opcodes.V23 constant for Java 23
- Bugs fixed
* Fixed unit test regression in dex2jar.
* Fixed 'ClassNode#outerClass' with incorrect JavaDocs.
* asm-bom packaging should be 'pom'.
* The Textifier prints a supplementary space at the end of each method that throws at least one exception.
open-test-reporting:
- Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are runtime
dependencies of Junit5 (no source changes)
saxpath was implemented at version 1.0 FCS:
- New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5 package only)
xom was implemented at version 1.3.9:
- New standalone RPM package implementation, originally part of `jdom` source package
- The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of these classes.
- The copy() method is now covariant.
- Adds Automatic-Moduole-Name to jar
- Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core runtime.
- Eliminate usage of com.sun classes to make XOM compatible with JDK 16.
- Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance.
ImportantSUSE bug 1187446SUSE bug 1224410CVE-2021-33813 at SUSECVE-2021-33813 at NVDcpe:/o:opensuse:leap:15.5Security update for python-requests (Moderate)openSUSE Leap 15.5
This update for python-requests fixes the following issues:
- CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-base (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806)
ImportantSUSE bug 1224806CVE-2024-4453 at SUSECVE-2024-4453 at NVDcpe:/o:opensuse:leap:15.5Security update for glibc (Important)openSUSE Leap 15.5
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
ImportantSUSE bug 1221940SUSE bug 1223423SUSE bug 1223424SUSE bug 1223425CVE-2024-33599 at SUSECVE-2024-33599 at NVDCVE-2024-33600 at SUSECVE-2024-33600 at NVDCVE-2024-33601 at SUSECVE-2024-33601 at NVDCVE-2024-33602 at SUSECVE-2024-33602 at NVDcpe:/o:opensuse:leap:15.5Security update for squid (Moderate)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2024-33427: Fixed possible buffer overread that could have led to a denial-of-service (bsc#1225417).
ModerateSUSE bug 1225417CVE-2024-33427 at SUSECVE-2024-33427 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg-4 (Important)openSUSE Leap 15.5
This update for ffmpeg-4 fixes the following issues:
- CVE-2020-22021: Fixed a buffer overflow vulnerability in filter_edges() (bsc#1186586)
- CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437)
ImportantSUSE bug 1186586SUSE bug 1223437CVE-2020-22021 at SUSECVE-2020-22021 at NVDCVE-2023-51794 at SUSECVE-2023-51794 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg (Important)openSUSE Leap 15.5
This update for ffmpeg fixes the following issues:
- CVE-2023-51794: Fixed a heap buffer overflow in libavfilter. (bsc#1223437)
ImportantSUSE bug 1223437CVE-2023-51794 at SUSECVE-2023-51794 at NVDcpe:/o:opensuse:leap:15.5Security update for python-docker (Moderate)openSUSE Leap 15.5
This update for python-docker fixes the following issues:
- CVE-2024-35195: Fixed missing certificate verification (bsc#1224788).
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:opensuse:leap:15.5Security update for python-docker (Moderate)openSUSE Leap 15.5
This update for python-docker fixes the following issues:
- CVE-2024-35195: Fix failure with updated python-requests. (bsc#1224788)
ModerateSUSE bug 1224788CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:opensuse:leap:15.5Security update for python-idna (Moderate)openSUSE Leap 15.5
This update for python-idna fixes the following issues:
- CVE-2024-3651: Fixed a denial of service via resource consumption through
specially crafted inputs to idna.encode() (bsc#1222842)
ModerateSUSE bug 1222842CVE-2024-3651 at SUSECVE-2024-3651 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Brotli (Moderate)openSUSE Leap 15.5
This update for python-Brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB. (bsc#1175825)
ModerateSUSE bug 1175825CVE-2020-8927 at SUSECVE-2020-8927 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Moderate)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
go1.21.11 release (bsc#1212475).
- CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973).
- CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974).
ModerateSUSE bug 1212475SUSE bug 1225973SUSE bug 1225974CVE-2024-24789 at SUSECVE-2024-24789 at NVDCVE-2024-24790 at SUSECVE-2024-24790 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22 (Moderate)openSUSE Leap 15.5
This update for go1.22 fixes the following issues:
go1.21.11 release (bsc#1212475).
- CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973).
- CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974).
ModerateSUSE bug 1218424SUSE bug 1225973SUSE bug 1225974CVE-2024-24789 at SUSECVE-2024-24789 at NVDCVE-2024-24790 at SUSECVE-2024-24790 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2024-34088: Fixed null pointer via get_edge() function can trigger a denial of service (bsc#1223786).
- CVE-2024-31951: Fixed buffer overflow in ospf_te_parse_ext_link (bsc#1222528).
- CVE-2024-31950: Fixed buffer overflow and daemon crash in ospf_te_parse_ri (bsc#1222526).
ImportantSUSE bug 1222526SUSE bug 1222528SUSE bug 1223786CVE-2024-31950 at SUSECVE-2024-31950 at NVDCVE-2024-31951 at SUSECVE-2024-31951 at NVDCVE-2024-34088 at SUSECVE-2024-34088 at NVDcpe:/o:opensuse:leap:15.5Security update for rmt-server (Moderate)openSUSE Leap 15.5
This update for rmt-server fixes the following issues:
- Update to version 2.17
- CVE-2024-28103: Fixed Permissions-Policy that was only served on responses with an HTML related Content-Type. (bsc#1225997)
ModerateSUSE bug 1203171SUSE bug 1225997CVE-2024-28103 at SUSECVE-2024-28103 at NVDcpe:/o:opensuse:leap:15.5Security update for poppler (Low)openSUSE Leap 15.5
This update for poppler fixes the following issues:
- CVE-2024-4141: Fixed out-of-bounds array write (bsc#1223375).
LowSUSE bug 1223375CVE-2024-4141 at SUSECVE-2024-4141 at NVDcpe:/o:opensuse:leap:15.5Security update for iperf (Moderate)openSUSE Leap 15.5
This update for iperf fixes the following issues:
- Update to version 3.17.1
- CVE-2024-26306: Fixed a vulnerability that could led to marvin attack if the authentication option is used. (bsc#1224262)
ModerateSUSE bug 1224262CVE-2024-26306 at SUSECVE-2024-26306 at NVDcpe:/o:opensuse:leap:15.5Security update for aws-nitro-enclaves-cli (Moderate)openSUSE Leap 15.5
This update for aws-nitro-enclaves-cli fixes the following issues:
- CVE-2023-50711: Fixed out of bounds memory accesses in embedded vmm-sys-util (bsc#1218501).
ModerateSUSE bug 1218501CVE-2023-50711 at SUSECVE-2023-50711 at NVDcpe:/o:opensuse:leap:15.5Security update for mariadb (Moderate)openSUSE Leap 15.5
This update for mariadb fixes the following issues:
- CVE-2024-21096: Fixed mysqldump unspecified vulnerability (bsc#1225983).
- CVE-2023-22084: Fixed a vulnerability allows high privileged attacker with network access via multiple protocols to compromise the server (bsc#1217405).
- Update to 10.6.18.
ModerateSUSE bug 1217405SUSE bug 1225983CVE-2023-22084 at SUSECVE-2023-22084 at NVDCVE-2024-21096 at SUSECVE-2024-21096 at NVDcpe:/o:opensuse:leap:15.5Security update for skopeo (Important)openSUSE Leap 15.5
This update for skopeo fixes the following issues:
- Update to version 1.14.4:
- CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123)
ImportantSUSE bug 1224123CVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:opensuse:leap:15.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)openSUSE Leap 15.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Rebuild against current updated packages and go compiler.
- Bump github.com/containers/image/v5 (bsc#1224119, CVE-2024-3727)
- Add LABEL with source URL
ImportantSUSE bug 1224119CVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)openSUSE Leap 15.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Security Update 550.90.07:
- CVE-2024-0090: Fixed out of bounds write (bsc#1223356).
- CVE-2024-0092: Fixed incorrect exception handling (bsc#1223356).
- CVE-2024-0091: Fixed untrusted pointer dereference (bsc#1223356).
ImportantSUSE bug 1223356CVE-2024-0090 at SUSECVE-2024-0090 at NVDCVE-2024-0091 at SUSECVE-2024-0091 at NVDCVE-2024-0092 at SUSECVE-2024-0092 at NVDcpe:/o:opensuse:leap:15.5Security update for unbound (Important)openSUSE Leap 15.5
This update for unbound fixes the following issues:
unbound was updated to 1.20.0:
* A lot of bugfixes and added features.
For a complete list take a look at the changelog located at:
/usr/share/doc/packages/unbound/Changelog or
https://www.nlnetlabs.nl/projects/unbound/download/
Some Noteworthy Changes:
* Removed DLV. The DLV has been decommisioned since unbound
1.5.4 and has been advised to stop using it since. The use of
dlv options displays a warning.
* Remove EDNS lame procedure, do not re-query without EDNS after
timeout.
* Add DNS over HTTPS
* libunbound has been upgraded to major version 8
Security Fixes:
* CVE-2023-50387: DNSSEC verification complexity can be
exploited to exhaust CPU resources and stall DNS resolvers. [bsc#1219823]
* CVE-2023-50868: NSEC3 closest encloser proof can exhaust CPU.
[bsc#1219826]
* CVE-2022-30698: Novel 'ghost domain names' attack by
introducing subdomain delegations. [bsc#1202033]
* CVE-2022-30699: Novel 'ghost domain names' attack by
updating almost expired delegation information. [bsc#1202031]
* CVE-2022-3204: NRDelegation attack leads to uncontrolled
resource consumption (Non-Responsive Delegation Attack). [bsc#1203643]
Packaging Changes:
* Use prefixes instead of sudo in unbound.service
* Remove no longer necessary BuildRequires: libfstrm-devel and
libprotobuf-c-devel
ImportantSUSE bug 1202031SUSE bug 1202033SUSE bug 1203643SUSE bug 1219823SUSE bug 1219826CVE-2022-30698 at SUSECVE-2022-30698 at NVDCVE-2022-30699 at SUSECVE-2022-30699 at NVDCVE-2022-3204 at SUSECVE-2022-3204 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDcpe:/o:opensuse:leap:15.5Security update for redis7 (Important)openSUSE Leap 15.5
This update for redis7 fixes the following issues:
- CVE-2023-45145: Fixed a potential permission bypass due to a race
condition during UNIX socket creation (bsc#1216376).
The following non-security issues were fixed:
- Redis services are no longer disabled after an upgrade (bsc#1212119).
ImportantSUSE bug 1212119SUSE bug 1216376CVE-2023-45145 at SUSECVE-2023-45145 at NVDcpe:/o:opensuse:leap:15.5Security update for cups (Important)openSUSE Leap 15.5
This update for cups fixes the following issues:
- CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365)
- Handle local 'Negotiate' authentication response for cli clients (bsc#1223179)
ImportantSUSE bug 1223179SUSE bug 1225365CVE-2024-35235 at SUSECVE-2024-35235 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621)
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- KVM: x86: Delete duplicate documentation for KVM_X86_SET_MSR_FILTER (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge
- Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020).
- Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb3: show beginning time for per share stats (bsc#1224020).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- Sort recent BHI patches
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- Update patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch (bsc#1222893).
- Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852)
- Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852)
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: add missing cmap->br_state = XFS_EXT_NORM update (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1141539SUSE bug 1174585SUSE bug 1181674SUSE bug 1187716SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200465SUSE bug 1205205SUSE bug 1207284SUSE bug 1207361SUSE bug 1207948SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1209980SUSE bug 1210335SUSE bug 1213863SUSE bug 1214852SUSE bug 1215322SUSE bug 1215702SUSE bug 1216358SUSE bug 1216702SUSE bug 1217169SUSE bug 1217339SUSE bug 1217515SUSE bug 1218447SUSE bug 1220021SUSE bug 1220267SUSE bug 1220363SUSE bug 1220783SUSE bug 1221044SUSE bug 1221081SUSE bug 1221615SUSE bug 1221777SUSE bug 1221816SUSE bug 1221829SUSE bug 1222011SUSE bug 1222374SUSE bug 1222385SUSE bug 1222413SUSE bug 1222464SUSE bug 1222513SUSE bug 1222559SUSE bug 1222561SUSE bug 1222608SUSE bug 1222619SUSE bug 1222627SUSE bug 1222721SUSE bug 1222765SUSE bug 1222770SUSE bug 1222783SUSE bug 1222793SUSE bug 1222838SUSE bug 1222870SUSE bug 1222893SUSE bug 1222960SUSE bug 1222961SUSE bug 1222974SUSE bug 1222975SUSE bug 1222976SUSE bug 1223011SUSE bug 1223023SUSE bug 1223027SUSE bug 1223031SUSE bug 1223043SUSE bug 1223046SUSE bug 1223048SUSE bug 1223049SUSE bug 1223084SUSE bug 1223113SUSE bug 1223119SUSE bug 1223137SUSE bug 1223138SUSE bug 1223140SUSE bug 1223188SUSE bug 1223203SUSE bug 1223207SUSE bug 1223315SUSE bug 1223360SUSE bug 1223384SUSE bug 1223390SUSE bug 1223432SUSE bug 1223489SUSE bug 1223505SUSE bug 1223532SUSE bug 1223575SUSE bug 1223595SUSE bug 1223626SUSE bug 1223627SUSE bug 1223628SUSE bug 1223631SUSE bug 1223633SUSE bug 1223638SUSE bug 1223650SUSE bug 1223653SUSE bug 1223666SUSE bug 1223670SUSE bug 1223671SUSE bug 1223675SUSE bug 1223677SUSE bug 1223678SUSE bug 1223679SUSE bug 1223698SUSE bug 1223712SUSE bug 1223715SUSE bug 1223717SUSE bug 1223718SUSE bug 1223737SUSE bug 1223738SUSE bug 1223741SUSE bug 1223744SUSE bug 1223747SUSE bug 1223748SUSE bug 1223750SUSE bug 1223752SUSE bug 1223754SUSE bug 1223756SUSE bug 1223757SUSE bug 1223762SUSE bug 1223769SUSE bug 1223770SUSE bug 1223779SUSE bug 1223780SUSE bug 1223781SUSE bug 1223788SUSE bug 1223802SUSE bug 1223819SUSE bug 1223823SUSE bug 1223826SUSE bug 1223828SUSE bug 1223829SUSE bug 1223837SUSE bug 1223842SUSE bug 1223843SUSE bug 1223844SUSE bug 1223847SUSE bug 1223858SUSE bug 1223875SUSE bug 1223879SUSE bug 1223895SUSE bug 1223959SUSE bug 1223961SUSE bug 1223991SUSE bug 1223996SUSE bug 1224020SUSE bug 1224076SUSE bug 1224096SUSE bug 1224098SUSE bug 1224099SUSE bug 1224137SUSE bug 1224166SUSE bug 1224174SUSE bug 1224177SUSE bug 1224180SUSE bug 1224181SUSE bug 1224187SUSE bug 1224331SUSE bug 1224346SUSE bug 1224423SUSE bug 1224432SUSE bug 1224437SUSE bug 1224438SUSE bug 1224442SUSE bug 1224443SUSE bug 1224445SUSE bug 1224449SUSE bug 1224479SUSE bug 1224482SUSE bug 1224487SUSE bug 1224488SUSE bug 1224492SUSE bug 1224494SUSE bug 1224495SUSE bug 1224502SUSE bug 1224508SUSE bug 1224509SUSE bug 1224511SUSE bug 1224519SUSE bug 1224524SUSE bug 1224525SUSE bug 1224530SUSE bug 1224531SUSE bug 1224534SUSE bug 1224535SUSE bug 1224537SUSE bug 1224541SUSE bug 1224543SUSE bug 1224549SUSE bug 1224550SUSE bug 1224558SUSE bug 1224559SUSE bug 1224566SUSE bug 1224567SUSE bug 1224571SUSE bug 1224575SUSE bug 1224576SUSE bug 1224579SUSE bug 1224580SUSE bug 1224581SUSE bug 1224582SUSE bug 1224586SUSE bug 1224587SUSE bug 1224592SUSE bug 1224598SUSE bug 1224601SUSE bug 1224607SUSE bug 1224608SUSE bug 1224611SUSE bug 1224615SUSE bug 1224617SUSE bug 1224618SUSE bug 1224621SUSE bug 1224622SUSE bug 1224624SUSE bug 1224627SUSE bug 1224628SUSE bug 1224629SUSE bug 1224632SUSE bug 1224636SUSE bug 1224637SUSE bug 1224638SUSE bug 1224640SUSE bug 1224643SUSE bug 1224644SUSE bug 1224645SUSE bug 1224647SUSE bug 1224648SUSE bug 1224649SUSE bug 1224650SUSE bug 1224651SUSE bug 1224657SUSE bug 1224659SUSE bug 1224660SUSE bug 1224663SUSE bug 1224664SUSE bug 1224665SUSE bug 1224666SUSE bug 1224667SUSE bug 1224668SUSE bug 1224671SUSE bug 1224672SUSE bug 1224676SUSE bug 1224678SUSE bug 1224679SUSE bug 1224680SUSE bug 1224681SUSE bug 1224682SUSE bug 1224685SUSE bug 1224686SUSE bug 1224692SUSE bug 1224697SUSE bug 1224699SUSE bug 1224701SUSE bug 1224703SUSE bug 1224705SUSE bug 1224707SUSE bug 1224717SUSE bug 1224718SUSE bug 1224721SUSE bug 1224722SUSE bug 1224723SUSE bug 1224725SUSE bug 1224727SUSE bug 1224728SUSE bug 1224729SUSE bug 1224730SUSE bug 1224731SUSE bug 1224732SUSE bug 1224733SUSE bug 1224736SUSE bug 1224738SUSE bug 1224739SUSE bug 1224740SUSE bug 1224747SUSE bug 1224749SUSE bug 1224759SUSE bug 1224763SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224794SUSE bug 1224795SUSE bug 1224796SUSE bug 1224803SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224929SUSE bug 1224930SUSE bug 1224931SUSE bug 1224932SUSE bug 1224936SUSE bug 1224937SUSE bug 1224941SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1224992SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225008SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225041SUSE bug 1225044SUSE bug 1225053SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225085SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225097SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225114SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225138SUSE bug 1225139SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225222SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225382SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225408SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225424SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225442SUSE bug 1225443SUSE bug 1225444SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225467SUSE bug 1225468SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225480SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225502SUSE bug 1225506SUSE bug 1225508SUSE bug 1225510SUSE bug 1225513SUSE bug 1225515SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225535SUSE bug 1225548SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225555SUSE bug 1225556SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225568SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225587SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225593SUSE bug 1225595SUSE bug 1225599SUSE bug 1225616SUSE bug 1225640SUSE bug 1225642SUSE bug 1225705SUSE bug 1225708SUSE bug 1225715SUSE bug 1225720SUSE bug 1225722SUSE bug 1225734SUSE bug 1225735SUSE bug 1225747SUSE bug 1225748SUSE bug 1225756SUSE bug 1225761SUSE bug 1225766SUSE bug 1225775SUSE bug 1225810SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225842CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-42327 at SUSECVE-2021-42327 at NVDCVE-2021-43056 at SUSECVE-2021-43056 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47200 at SUSECVE-2021-47200 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47504 at SUSECVE-2021-47504 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47508 at SUSECVE-2021-47508 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47530 at SUSECVE-2021-47530 at NVDCVE-2021-47531 at SUSECVE-2021-47531 at NVDCVE-2021-47532 at SUSECVE-2021-47532 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47548 at SUSECVE-2021-47548 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47552 at SUSECVE-2021-47552 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2021-47569 at SUSECVE-2021-47569 at NVDCVE-2022-48633 at SUSECVE-2022-48633 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48669 at SUSECVE-2022-48669 at NVDCVE-2022-48689 at SUSECVE-2022-48689 at NVDCVE-2022-48691 at SUSECVE-2022-48691 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48705 at SUSECVE-2022-48705 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-42755 at SUSECVE-2023-42755 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52586 at SUSECVE-2023-52586 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52618 at SUSECVE-2023-52618 at NVDCVE-2023-52642 at SUSECVE-2023-52642 at NVDCVE-2023-52643 at SUSECVE-2023-52643 at NVDCVE-2023-52644 at SUSECVE-2023-52644 at NVDCVE-2023-52646 at SUSECVE-2023-52646 at NVDCVE-2023-52650 at SUSECVE-2023-52650 at NVDCVE-2023-52653 at SUSECVE-2023-52653 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52656 at SUSECVE-2023-52656 at NVDCVE-2023-52657 at SUSECVE-2023-52657 at NVDCVE-2023-52659 at SUSECVE-2023-52659 at NVDCVE-2023-52660 at SUSECVE-2023-52660 at NVDCVE-2023-52661 at SUSECVE-2023-52661 at NVDCVE-2023-52662 at SUSECVE-2023-52662 at NVDCVE-2023-52664 at SUSECVE-2023-52664 at NVDCVE-2023-52669 at SUSECVE-2023-52669 at NVDCVE-2023-52671 at SUSECVE-2023-52671 at NVDCVE-2023-52674 at SUSECVE-2023-52674 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52678 at SUSECVE-2023-52678 at NVDCVE-2023-52679 at SUSECVE-2023-52679 at NVDCVE-2023-52680 at SUSECVE-2023-52680 at NVDCVE-2023-52683 at SUSECVE-2023-52683 at NVDCVE-2023-52685 at SUSECVE-2023-52685 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52691 at SUSECVE-2023-52691 at NVDCVE-2023-52692 at SUSECVE-2023-52692 at NVDCVE-2023-52693 at SUSECVE-2023-52693 at NVDCVE-2023-52694 at SUSECVE-2023-52694 at NVDCVE-2023-52696 at SUSECVE-2023-52696 at NVDCVE-2023-52698 at SUSECVE-2023-52698 at NVDCVE-2023-52699 at SUSECVE-2023-52699 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52705 at SUSECVE-2023-52705 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52731 at SUSECVE-2023-52731 at NVDCVE-2023-52732 at SUSECVE-2023-52732 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52746 at SUSECVE-2023-52746 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52757 at SUSECVE-2023-52757 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52773 at SUSECVE-2023-52773 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52777 at SUSECVE-2023-52777 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52795 at SUSECVE-2023-52795 at NVDCVE-2023-52796 at SUSECVE-2023-52796 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52803 at SUSECVE-2023-52803 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52807 at SUSECVE-2023-52807 at NVDCVE-2023-52808 at SUSECVE-2023-52808 at NVDCVE-2023-52809 at SUSECVE-2023-52809 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52815 at SUSECVE-2023-52815 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52851 at SUSECVE-2023-52851 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52860 at SUSECVE-2023-52860 at NVDCVE-2023-52861 at SUSECVE-2023-52861 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-26597 at SUSECVE-2024-26597 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26679 at SUSECVE-2024-26679 at NVDCVE-2024-26692 at SUSECVE-2024-26692 at NVDCVE-2024-26698 at SUSECVE-2024-26698 at NVDCVE-2024-26700 at SUSECVE-2024-26700 at NVDCVE-2024-26715 at SUSECVE-2024-26715 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26742 at SUSECVE-2024-26742 at NVDCVE-2024-26748 at SUSECVE-2024-26748 at NVDCVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26775 at SUSECVE-2024-26775 at NVDCVE-2024-26777 at SUSECVE-2024-26777 at NVDCVE-2024-26778 at SUSECVE-2024-26778 at NVDCVE-2024-26788 at SUSECVE-2024-26788 at NVDCVE-2024-26791 at SUSECVE-2024-26791 at NVDCVE-2024-26801 at SUSECVE-2024-26801 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26829 at SUSECVE-2024-26829 at NVDCVE-2024-26838 at SUSECVE-2024-26838 at NVDCVE-2024-26839 at SUSECVE-2024-26839 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26846 at SUSECVE-2024-26846 at NVDCVE-2024-26859 at SUSECVE-2024-26859 at NVDCVE-2024-26870 at SUSECVE-2024-26870 at NVDCVE-2024-26874 at SUSECVE-2024-26874 at NVDCVE-2024-26876 at SUSECVE-2024-26876 at NVDCVE-2024-26877 at SUSECVE-2024-26877 at NVDCVE-2024-26880 at SUSECVE-2024-26880 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26894 at SUSECVE-2024-26894 at NVDCVE-2024-26900 at SUSECVE-2024-26900 at NVDCVE-2024-26907 at SUSECVE-2024-26907 at NVDCVE-2024-26915 at SUSECVE-2024-26915 at NVDCVE-2024-26916 at SUSECVE-2024-26916 at NVDCVE-2024-26919 at SUSECVE-2024-26919 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26922 at SUSECVE-2024-26922 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-26931 at SUSECVE-2024-26931 at NVDCVE-2024-26933 at SUSECVE-2024-26933 at NVDCVE-2024-26934 at SUSECVE-2024-26934 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26937 at SUSECVE-2024-26937 at NVDCVE-2024-26938 at SUSECVE-2024-26938 at NVDCVE-2024-26939 at SUSECVE-2024-26939 at NVDCVE-2024-26940 at SUSECVE-2024-26940 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-26957 at SUSECVE-2024-26957 at NVDCVE-2024-26958 at SUSECVE-2024-26958 at NVDCVE-2024-26964 at SUSECVE-2024-26964 at NVDCVE-2024-26974 at SUSECVE-2024-26974 at NVDCVE-2024-26977 at SUSECVE-2024-26977 at NVDCVE-2024-26979 at SUSECVE-2024-26979 at NVDCVE-2024-26984 at SUSECVE-2024-26984 at NVDCVE-2024-26988 at SUSECVE-2024-26988 at NVDCVE-2024-26989 at SUSECVE-2024-26989 at NVDCVE-2024-26994 at SUSECVE-2024-26994 at NVDCVE-2024-26996 at SUSECVE-2024-26996 at NVDCVE-2024-26997 at SUSECVE-2024-26997 at NVDCVE-2024-26999 at SUSECVE-2024-26999 at NVDCVE-2024-27000 at SUSECVE-2024-27000 at NVDCVE-2024-27001 at SUSECVE-2024-27001 at NVDCVE-2024-27004 at SUSECVE-2024-27004 at NVDCVE-2024-27008 at SUSECVE-2024-27008 at NVDCVE-2024-27028 at SUSECVE-2024-27028 at NVDCVE-2024-27037 at SUSECVE-2024-27037 at NVDCVE-2024-27042 at SUSECVE-2024-27042 at NVDCVE-2024-27045 at SUSECVE-2024-27045 at NVDCVE-2024-27047 at SUSECVE-2024-27047 at NVDCVE-2024-27051 at SUSECVE-2024-27051 at NVDCVE-2024-27052 at SUSECVE-2024-27052 at NVDCVE-2024-27053 at SUSECVE-2024-27053 at NVDCVE-2024-27054 at SUSECVE-2024-27054 at NVDCVE-2024-27059 at SUSECVE-2024-27059 at NVDCVE-2024-27072 at SUSECVE-2024-27072 at NVDCVE-2024-27073 at SUSECVE-2024-27073 at NVDCVE-2024-27074 at SUSECVE-2024-27074 at NVDCVE-2024-27075 at SUSECVE-2024-27075 at NVDCVE-2024-27076 at SUSECVE-2024-27076 at NVDCVE-2024-27077 at SUSECVE-2024-27077 at NVDCVE-2024-27078 at SUSECVE-2024-27078 at NVDCVE-2024-27388 at SUSECVE-2024-27388 at NVDCVE-2024-27393 at SUSECVE-2024-27393 at NVDCVE-2024-27395 at SUSECVE-2024-27395 at NVDCVE-2024-27396 at SUSECVE-2024-27396 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27399 at SUSECVE-2024-27399 at NVDCVE-2024-27400 at SUSECVE-2024-27400 at NVDCVE-2024-27401 at SUSECVE-2024-27401 at NVDCVE-2024-27405 at SUSECVE-2024-27405 at NVDCVE-2024-27410 at SUSECVE-2024-27410 at NVDCVE-2024-27412 at SUSECVE-2024-27412 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-27416 at SUSECVE-2024-27416 at NVDCVE-2024-27417 at SUSECVE-2024-27417 at NVDCVE-2024-27419 at SUSECVE-2024-27419 at NVDCVE-2024-27431 at SUSECVE-2024-27431 at NVDCVE-2024-27435 at SUSECVE-2024-27435 at NVDCVE-2024-27436 at SUSECVE-2024-27436 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35791 at SUSECVE-2024-35791 at NVDCVE-2024-35796 at SUSECVE-2024-35796 at NVDCVE-2024-35799 at SUSECVE-2024-35799 at NVDCVE-2024-35801 at SUSECVE-2024-35801 at NVDCVE-2024-35804 at SUSECVE-2024-35804 at NVDCVE-2024-35806 at SUSECVE-2024-35806 at NVDCVE-2024-35809 at SUSECVE-2024-35809 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35812 at SUSECVE-2024-35812 at NVDCVE-2024-35813 at SUSECVE-2024-35813 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35821 at SUSECVE-2024-35821 at NVDCVE-2024-35822 at SUSECVE-2024-35822 at NVDCVE-2024-35823 at SUSECVE-2024-35823 at NVDCVE-2024-35825 at SUSECVE-2024-35825 at NVDCVE-2024-35828 at SUSECVE-2024-35828 at NVDCVE-2024-35829 at SUSECVE-2024-35829 at NVDCVE-2024-35830 at SUSECVE-2024-35830 at NVDCVE-2024-35833 at SUSECVE-2024-35833 at NVDCVE-2024-35845 at SUSECVE-2024-35845 at NVDCVE-2024-35847 at SUSECVE-2024-35847 at NVDCVE-2024-35849 at SUSECVE-2024-35849 at NVDCVE-2024-35851 at SUSECVE-2024-35851 at NVDCVE-2024-35852 at SUSECVE-2024-35852 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35860 at SUSECVE-2024-35860 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35865 at SUSECVE-2024-35865 at NVDCVE-2024-35866 at SUSECVE-2024-35866 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35870 at SUSECVE-2024-35870 at NVDCVE-2024-35872 at SUSECVE-2024-35872 at NVDCVE-2024-35875 at SUSECVE-2024-35875 at NVDCVE-2024-35877 at SUSECVE-2024-35877 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35879 at SUSECVE-2024-35879 at NVDCVE-2024-35885 at SUSECVE-2024-35885 at NVDCVE-2024-35887 at SUSECVE-2024-35887 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35907 at SUSECVE-2024-35907 at NVDCVE-2024-35912 at SUSECVE-2024-35912 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-35915 at SUSECVE-2024-35915 at NVDCVE-2024-35922 at SUSECVE-2024-35922 at NVDCVE-2024-35924 at SUSECVE-2024-35924 at NVDCVE-2024-35930 at SUSECVE-2024-35930 at NVDCVE-2024-35932 at SUSECVE-2024-35932 at NVDCVE-2024-35933 at SUSECVE-2024-35933 at NVDCVE-2024-35935 at SUSECVE-2024-35935 at NVDCVE-2024-35936 at SUSECVE-2024-35936 at NVDCVE-2024-35938 at SUSECVE-2024-35938 at NVDCVE-2024-35939 at SUSECVE-2024-35939 at NVDCVE-2024-35940 at SUSECVE-2024-35940 at NVDCVE-2024-35943 at SUSECVE-2024-35943 at NVDCVE-2024-35944 at SUSECVE-2024-35944 at NVDCVE-2024-35947 at SUSECVE-2024-35947 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35951 at SUSECVE-2024-35951 at NVDCVE-2024-35952 at SUSECVE-2024-35952 at NVDCVE-2024-35955 at SUSECVE-2024-35955 at NVDCVE-2024-35959 at SUSECVE-2024-35959 at NVDCVE-2024-35963 at SUSECVE-2024-35963 at NVDCVE-2024-35964 at SUSECVE-2024-35964 at NVDCVE-2024-35965 at SUSECVE-2024-35965 at NVDCVE-2024-35966 at SUSECVE-2024-35966 at NVDCVE-2024-35967 at SUSECVE-2024-35967 at NVDCVE-2024-35969 at SUSECVE-2024-35969 at NVDCVE-2024-35973 at SUSECVE-2024-35973 at NVDCVE-2024-35976 at SUSECVE-2024-35976 at NVDCVE-2024-35978 at SUSECVE-2024-35978 at NVDCVE-2024-35982 at SUSECVE-2024-35982 at NVDCVE-2024-35984 at SUSECVE-2024-35984 at NVDCVE-2024-35989 at SUSECVE-2024-35989 at NVDCVE-2024-35990 at SUSECVE-2024-35990 at NVDCVE-2024-35998 at SUSECVE-2024-35998 at NVDCVE-2024-35999 at SUSECVE-2024-35999 at NVDCVE-2024-36006 at SUSECVE-2024-36006 at NVDCVE-2024-36007 at SUSECVE-2024-36007 at NVDCVE-2024-36012 at SUSECVE-2024-36012 at NVDCVE-2024-36014 at SUSECVE-2024-36014 at NVDCVE-2024-36015 at SUSECVE-2024-36015 at NVDCVE-2024-36016 at SUSECVE-2024-36016 at NVDCVE-2024-36026 at SUSECVE-2024-36026 at NVDCVE-2024-36029 at SUSECVE-2024-36029 at NVDCVE-2024-36032 at SUSECVE-2024-36032 at NVDCVE-2024-36880 at SUSECVE-2024-36880 at NVDCVE-2024-36893 at SUSECVE-2024-36893 at NVDCVE-2024-36896 at SUSECVE-2024-36896 at NVDCVE-2024-36897 at SUSECVE-2024-36897 at NVDCVE-2024-36906 at SUSECVE-2024-36906 at NVDCVE-2024-36918 at SUSECVE-2024-36918 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36928 at SUSECVE-2024-36928 at NVDCVE-2024-36931 at SUSECVE-2024-36931 at NVDCVE-2024-36938 at SUSECVE-2024-36938 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621)
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- KVM: x86: Delete duplicate documentation for KVM_X86_SET_MSR_FILTER (git-fixes).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: max3100: Update uart_driver_registered on driver removal (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- smb3: show beginning time for per share stats (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: add missing cmap->br_state = XFS_EXT_NORM update (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1141539SUSE bug 1174585SUSE bug 1181674SUSE bug 1187716SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200465SUSE bug 1205205SUSE bug 1207284SUSE bug 1207361SUSE bug 1207948SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1209980SUSE bug 1210335SUSE bug 1213863SUSE bug 1214852SUSE bug 1215322SUSE bug 1215702SUSE bug 1216358SUSE bug 1216702SUSE bug 1217169SUSE bug 1217515SUSE bug 1218447SUSE bug 1220021SUSE bug 1220363SUSE bug 1220783SUSE bug 1221044SUSE bug 1221081SUSE bug 1221615SUSE bug 1221777SUSE bug 1221816SUSE bug 1221829SUSE bug 1222011SUSE bug 1222374SUSE bug 1222413SUSE bug 1222464SUSE bug 1222513SUSE bug 1222561SUSE bug 1222608SUSE bug 1222619SUSE bug 1222627SUSE bug 1222721SUSE bug 1222765SUSE bug 1222770SUSE bug 1222783SUSE bug 1222893SUSE bug 1222960SUSE bug 1222961SUSE bug 1222974SUSE bug 1222975SUSE bug 1223011SUSE bug 1223023SUSE bug 1223027SUSE bug 1223031SUSE bug 1223043SUSE bug 1223046SUSE bug 1223048SUSE bug 1223049SUSE bug 1223084SUSE bug 1223113SUSE bug 1223137SUSE bug 1223138SUSE bug 1223188SUSE bug 1223203SUSE bug 1223315SUSE bug 1223384SUSE bug 1223390SUSE bug 1223489SUSE bug 1223532SUSE bug 1223575SUSE bug 1223595SUSE bug 1223626SUSE bug 1223627SUSE bug 1223631SUSE bug 1223633SUSE bug 1223638SUSE bug 1223650SUSE bug 1223653SUSE bug 1223666SUSE bug 1223671SUSE bug 1223675SUSE bug 1223677SUSE bug 1223678SUSE bug 1223698SUSE bug 1223712SUSE bug 1223715SUSE bug 1223717SUSE bug 1223718SUSE bug 1223737SUSE bug 1223741SUSE bug 1223744SUSE bug 1223747SUSE bug 1223748SUSE bug 1223750SUSE bug 1223752SUSE bug 1223754SUSE bug 1223756SUSE bug 1223757SUSE bug 1223762SUSE bug 1223769SUSE bug 1223770SUSE bug 1223779SUSE bug 1223780SUSE bug 1223781SUSE bug 1223788SUSE bug 1223802SUSE bug 1223819SUSE bug 1223826SUSE bug 1223828SUSE bug 1223829SUSE bug 1223837SUSE bug 1223842SUSE bug 1223843SUSE bug 1223844SUSE bug 1223847SUSE bug 1223858SUSE bug 1223875SUSE bug 1223879SUSE bug 1223895SUSE bug 1223959SUSE bug 1223961SUSE bug 1223991SUSE bug 1224020SUSE bug 1224076SUSE bug 1224096SUSE bug 1224098SUSE bug 1224099SUSE bug 1224137SUSE bug 1224166SUSE bug 1224174SUSE bug 1224177SUSE bug 1224180SUSE bug 1224181SUSE bug 1224187SUSE bug 1224331SUSE bug 1224346SUSE bug 1224423SUSE bug 1224432SUSE bug 1224437SUSE bug 1224438SUSE bug 1224442SUSE bug 1224443SUSE bug 1224445SUSE bug 1224449SUSE bug 1224479SUSE bug 1224482SUSE bug 1224487SUSE bug 1224488SUSE bug 1224492SUSE bug 1224494SUSE bug 1224495SUSE bug 1224502SUSE bug 1224508SUSE bug 1224509SUSE bug 1224511SUSE bug 1224519SUSE bug 1224524SUSE bug 1224525SUSE bug 1224530SUSE bug 1224531SUSE bug 1224534SUSE bug 1224535SUSE bug 1224537SUSE bug 1224541SUSE bug 1224543SUSE bug 1224549SUSE bug 1224550SUSE bug 1224558SUSE bug 1224559SUSE bug 1224566SUSE bug 1224567SUSE bug 1224571SUSE bug 1224575SUSE bug 1224576SUSE bug 1224579SUSE bug 1224580SUSE bug 1224581SUSE bug 1224582SUSE bug 1224586SUSE bug 1224587SUSE bug 1224592SUSE bug 1224598SUSE bug 1224601SUSE bug 1224607SUSE bug 1224608SUSE bug 1224611SUSE bug 1224615SUSE bug 1224617SUSE bug 1224618SUSE bug 1224621SUSE bug 1224622SUSE bug 1224624SUSE bug 1224627SUSE bug 1224628SUSE bug 1224629SUSE bug 1224632SUSE bug 1224636SUSE bug 1224637SUSE bug 1224638SUSE bug 1224640SUSE bug 1224643SUSE bug 1224644SUSE bug 1224645SUSE bug 1224647SUSE bug 1224648SUSE bug 1224649SUSE bug 1224650SUSE bug 1224651SUSE bug 1224657SUSE bug 1224659SUSE bug 1224660SUSE bug 1224663SUSE bug 1224664SUSE bug 1224665SUSE bug 1224666SUSE bug 1224667SUSE bug 1224668SUSE bug 1224671SUSE bug 1224672SUSE bug 1224676SUSE bug 1224678SUSE bug 1224679SUSE bug 1224680SUSE bug 1224681SUSE bug 1224682SUSE bug 1224685SUSE bug 1224686SUSE bug 1224692SUSE bug 1224697SUSE bug 1224699SUSE bug 1224701SUSE bug 1224703SUSE bug 1224705SUSE bug 1224707SUSE bug 1224717SUSE bug 1224718SUSE bug 1224721SUSE bug 1224722SUSE bug 1224723SUSE bug 1224725SUSE bug 1224727SUSE bug 1224728SUSE bug 1224729SUSE bug 1224730SUSE bug 1224731SUSE bug 1224732SUSE bug 1224733SUSE bug 1224736SUSE bug 1224738SUSE bug 1224739SUSE bug 1224740SUSE bug 1224747SUSE bug 1224749SUSE bug 1224759SUSE bug 1224763SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224794SUSE bug 1224795SUSE bug 1224796SUSE bug 1224803SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224929SUSE bug 1224930SUSE bug 1224931SUSE bug 1224932SUSE bug 1224936SUSE bug 1224937SUSE bug 1224941SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1224992SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225008SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225041SUSE bug 1225044SUSE bug 1225053SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225085SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225097SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225114SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225138SUSE bug 1225139SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225222SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225382SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225408SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225424SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225442SUSE bug 1225443SUSE bug 1225444SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225467SUSE bug 1225468SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225480SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225502SUSE bug 1225506SUSE bug 1225508SUSE bug 1225510SUSE bug 1225513SUSE bug 1225515SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225535SUSE bug 1225548SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225555SUSE bug 1225556SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225568SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225587SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225593SUSE bug 1225595SUSE bug 1225599SUSE bug 1225616SUSE bug 1225640SUSE bug 1225642SUSE bug 1225705SUSE bug 1225708SUSE bug 1225715SUSE bug 1225720SUSE bug 1225722SUSE bug 1225734SUSE bug 1225735SUSE bug 1225747SUSE bug 1225748SUSE bug 1225756SUSE bug 1225761SUSE bug 1225766SUSE bug 1225775SUSE bug 1225810SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225842CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-39698 at SUSECVE-2021-39698 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47504 at SUSECVE-2021-47504 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47508 at SUSECVE-2021-47508 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47530 at SUSECVE-2021-47530 at NVDCVE-2021-47531 at SUSECVE-2021-47531 at NVDCVE-2021-47532 at SUSECVE-2021-47532 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47548 at SUSECVE-2021-47548 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47552 at SUSECVE-2021-47552 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2021-47569 at SUSECVE-2021-47569 at NVDCVE-2022-48633 at SUSECVE-2022-48633 at NVDCVE-2022-48669 at SUSECVE-2022-48669 at NVDCVE-2022-48689 at SUSECVE-2022-48689 at NVDCVE-2022-48691 at SUSECVE-2022-48691 at NVDCVE-2022-48705 at SUSECVE-2022-48705 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-42755 at SUSECVE-2023-42755 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52586 at SUSECVE-2023-52586 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52618 at SUSECVE-2023-52618 at NVDCVE-2023-52642 at SUSECVE-2023-52642 at NVDCVE-2023-52643 at SUSECVE-2023-52643 at NVDCVE-2023-52644 at SUSECVE-2023-52644 at NVDCVE-2023-52650 at SUSECVE-2023-52650 at NVDCVE-2023-52653 at SUSECVE-2023-52653 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52656 at SUSECVE-2023-52656 at NVDCVE-2023-52657 at SUSECVE-2023-52657 at NVDCVE-2023-52659 at SUSECVE-2023-52659 at NVDCVE-2023-52660 at SUSECVE-2023-52660 at NVDCVE-2023-52661 at SUSECVE-2023-52661 at NVDCVE-2023-52662 at SUSECVE-2023-52662 at NVDCVE-2023-52664 at SUSECVE-2023-52664 at NVDCVE-2023-52669 at SUSECVE-2023-52669 at NVDCVE-2023-52671 at SUSECVE-2023-52671 at NVDCVE-2023-52674 at SUSECVE-2023-52674 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52678 at SUSECVE-2023-52678 at NVDCVE-2023-52679 at SUSECVE-2023-52679 at NVDCVE-2023-52680 at SUSECVE-2023-52680 at NVDCVE-2023-52683 at SUSECVE-2023-52683 at NVDCVE-2023-52685 at SUSECVE-2023-52685 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52691 at SUSECVE-2023-52691 at NVDCVE-2023-52692 at SUSECVE-2023-52692 at NVDCVE-2023-52693 at SUSECVE-2023-52693 at NVDCVE-2023-52694 at SUSECVE-2023-52694 at NVDCVE-2023-52696 at SUSECVE-2023-52696 at NVDCVE-2023-52698 at SUSECVE-2023-52698 at NVDCVE-2023-52699 at SUSECVE-2023-52699 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52705 at SUSECVE-2023-52705 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52731 at SUSECVE-2023-52731 at NVDCVE-2023-52732 at SUSECVE-2023-52732 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52746 at SUSECVE-2023-52746 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52757 at SUSECVE-2023-52757 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52773 at SUSECVE-2023-52773 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52777 at SUSECVE-2023-52777 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52795 at SUSECVE-2023-52795 at NVDCVE-2023-52796 at SUSECVE-2023-52796 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52803 at SUSECVE-2023-52803 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52807 at SUSECVE-2023-52807 at NVDCVE-2023-52808 at SUSECVE-2023-52808 at NVDCVE-2023-52809 at SUSECVE-2023-52809 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52815 at SUSECVE-2023-52815 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52851 at SUSECVE-2023-52851 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52860 at SUSECVE-2023-52860 at NVDCVE-2023-52861 at SUSECVE-2023-52861 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-26597 at SUSECVE-2024-26597 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26692 at SUSECVE-2024-26692 at NVDCVE-2024-26698 at SUSECVE-2024-26698 at NVDCVE-2024-26715 at SUSECVE-2024-26715 at NVDCVE-2024-26742 at SUSECVE-2024-26742 at NVDCVE-2024-26748 at SUSECVE-2024-26748 at NVDCVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26775 at SUSECVE-2024-26775 at NVDCVE-2024-26777 at SUSECVE-2024-26777 at NVDCVE-2024-26778 at SUSECVE-2024-26778 at NVDCVE-2024-26788 at SUSECVE-2024-26788 at NVDCVE-2024-26801 at SUSECVE-2024-26801 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26829 at SUSECVE-2024-26829 at NVDCVE-2024-26838 at SUSECVE-2024-26838 at NVDCVE-2024-26839 at SUSECVE-2024-26839 at NVDCVE-2024-26846 at SUSECVE-2024-26846 at NVDCVE-2024-26859 at SUSECVE-2024-26859 at NVDCVE-2024-26870 at SUSECVE-2024-26870 at NVDCVE-2024-26874 at SUSECVE-2024-26874 at NVDCVE-2024-26880 at SUSECVE-2024-26880 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26894 at SUSECVE-2024-26894 at NVDCVE-2024-26900 at SUSECVE-2024-26900 at NVDCVE-2024-26907 at SUSECVE-2024-26907 at NVDCVE-2024-26916 at SUSECVE-2024-26916 at NVDCVE-2024-26919 at SUSECVE-2024-26919 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26922 at SUSECVE-2024-26922 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-26931 at SUSECVE-2024-26931 at NVDCVE-2024-26934 at SUSECVE-2024-26934 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26937 at SUSECVE-2024-26937 at NVDCVE-2024-26938 at SUSECVE-2024-26938 at NVDCVE-2024-26940 at SUSECVE-2024-26940 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-26957 at SUSECVE-2024-26957 at NVDCVE-2024-26958 at SUSECVE-2024-26958 at NVDCVE-2024-26964 at SUSECVE-2024-26964 at NVDCVE-2024-26974 at SUSECVE-2024-26974 at NVDCVE-2024-26977 at SUSECVE-2024-26977 at NVDCVE-2024-26984 at SUSECVE-2024-26984 at NVDCVE-2024-26988 at SUSECVE-2024-26988 at NVDCVE-2024-26989 at SUSECVE-2024-26989 at NVDCVE-2024-26994 at SUSECVE-2024-26994 at NVDCVE-2024-26996 at SUSECVE-2024-26996 at NVDCVE-2024-26997 at SUSECVE-2024-26997 at NVDCVE-2024-26999 at SUSECVE-2024-26999 at NVDCVE-2024-27000 at SUSECVE-2024-27000 at NVDCVE-2024-27001 at SUSECVE-2024-27001 at NVDCVE-2024-27004 at SUSECVE-2024-27004 at NVDCVE-2024-27008 at SUSECVE-2024-27008 at NVDCVE-2024-27028 at SUSECVE-2024-27028 at NVDCVE-2024-27037 at SUSECVE-2024-27037 at NVDCVE-2024-27045 at SUSECVE-2024-27045 at NVDCVE-2024-27047 at SUSECVE-2024-27047 at NVDCVE-2024-27051 at SUSECVE-2024-27051 at NVDCVE-2024-27052 at SUSECVE-2024-27052 at NVDCVE-2024-27053 at SUSECVE-2024-27053 at NVDCVE-2024-27054 at SUSECVE-2024-27054 at NVDCVE-2024-27072 at SUSECVE-2024-27072 at NVDCVE-2024-27073 at SUSECVE-2024-27073 at NVDCVE-2024-27074 at SUSECVE-2024-27074 at NVDCVE-2024-27075 at SUSECVE-2024-27075 at NVDCVE-2024-27076 at SUSECVE-2024-27076 at NVDCVE-2024-27077 at SUSECVE-2024-27077 at NVDCVE-2024-27078 at SUSECVE-2024-27078 at NVDCVE-2024-27388 at SUSECVE-2024-27388 at NVDCVE-2024-27393 at SUSECVE-2024-27393 at NVDCVE-2024-27395 at SUSECVE-2024-27395 at NVDCVE-2024-27396 at SUSECVE-2024-27396 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27399 at SUSECVE-2024-27399 at NVDCVE-2024-27400 at SUSECVE-2024-27400 at NVDCVE-2024-27401 at SUSECVE-2024-27401 at NVDCVE-2024-27405 at SUSECVE-2024-27405 at NVDCVE-2024-27410 at SUSECVE-2024-27410 at NVDCVE-2024-27412 at SUSECVE-2024-27412 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-27416 at SUSECVE-2024-27416 at NVDCVE-2024-27417 at SUSECVE-2024-27417 at NVDCVE-2024-27419 at SUSECVE-2024-27419 at NVDCVE-2024-27431 at SUSECVE-2024-27431 at NVDCVE-2024-27435 at SUSECVE-2024-27435 at NVDCVE-2024-27436 at SUSECVE-2024-27436 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35791 at SUSECVE-2024-35791 at NVDCVE-2024-35796 at SUSECVE-2024-35796 at NVDCVE-2024-35799 at SUSECVE-2024-35799 at NVDCVE-2024-35801 at SUSECVE-2024-35801 at NVDCVE-2024-35804 at SUSECVE-2024-35804 at NVDCVE-2024-35806 at SUSECVE-2024-35806 at NVDCVE-2024-35809 at SUSECVE-2024-35809 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35812 at SUSECVE-2024-35812 at NVDCVE-2024-35813 at SUSECVE-2024-35813 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35821 at SUSECVE-2024-35821 at NVDCVE-2024-35822 at SUSECVE-2024-35822 at NVDCVE-2024-35823 at SUSECVE-2024-35823 at NVDCVE-2024-35825 at SUSECVE-2024-35825 at NVDCVE-2024-35828 at SUSECVE-2024-35828 at NVDCVE-2024-35829 at SUSECVE-2024-35829 at NVDCVE-2024-35830 at SUSECVE-2024-35830 at NVDCVE-2024-35833 at SUSECVE-2024-35833 at NVDCVE-2024-35845 at SUSECVE-2024-35845 at NVDCVE-2024-35847 at SUSECVE-2024-35847 at NVDCVE-2024-35849 at SUSECVE-2024-35849 at NVDCVE-2024-35851 at SUSECVE-2024-35851 at NVDCVE-2024-35852 at SUSECVE-2024-35852 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35860 at SUSECVE-2024-35860 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35865 at SUSECVE-2024-35865 at NVDCVE-2024-35866 at SUSECVE-2024-35866 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35870 at SUSECVE-2024-35870 at NVDCVE-2024-35872 at SUSECVE-2024-35872 at NVDCVE-2024-35875 at SUSECVE-2024-35875 at NVDCVE-2024-35877 at SUSECVE-2024-35877 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35879 at SUSECVE-2024-35879 at NVDCVE-2024-35885 at SUSECVE-2024-35885 at NVDCVE-2024-35887 at SUSECVE-2024-35887 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35907 at SUSECVE-2024-35907 at NVDCVE-2024-35912 at SUSECVE-2024-35912 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-35915 at SUSECVE-2024-35915 at NVDCVE-2024-35922 at SUSECVE-2024-35922 at NVDCVE-2024-35924 at SUSECVE-2024-35924 at NVDCVE-2024-35930 at SUSECVE-2024-35930 at NVDCVE-2024-35932 at SUSECVE-2024-35932 at NVDCVE-2024-35933 at SUSECVE-2024-35933 at NVDCVE-2024-35935 at SUSECVE-2024-35935 at NVDCVE-2024-35936 at SUSECVE-2024-35936 at NVDCVE-2024-35938 at SUSECVE-2024-35938 at NVDCVE-2024-35939 at SUSECVE-2024-35939 at NVDCVE-2024-35940 at SUSECVE-2024-35940 at NVDCVE-2024-35943 at SUSECVE-2024-35943 at NVDCVE-2024-35944 at SUSECVE-2024-35944 at NVDCVE-2024-35947 at SUSECVE-2024-35947 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35951 at SUSECVE-2024-35951 at NVDCVE-2024-35952 at SUSECVE-2024-35952 at NVDCVE-2024-35955 at SUSECVE-2024-35955 at NVDCVE-2024-35959 at SUSECVE-2024-35959 at NVDCVE-2024-35963 at SUSECVE-2024-35963 at NVDCVE-2024-35964 at SUSECVE-2024-35964 at NVDCVE-2024-35965 at SUSECVE-2024-35965 at NVDCVE-2024-35966 at SUSECVE-2024-35966 at NVDCVE-2024-35967 at SUSECVE-2024-35967 at NVDCVE-2024-35969 at SUSECVE-2024-35969 at NVDCVE-2024-35973 at SUSECVE-2024-35973 at NVDCVE-2024-35976 at SUSECVE-2024-35976 at NVDCVE-2024-35978 at SUSECVE-2024-35978 at NVDCVE-2024-35982 at SUSECVE-2024-35982 at NVDCVE-2024-35984 at SUSECVE-2024-35984 at NVDCVE-2024-35989 at SUSECVE-2024-35989 at NVDCVE-2024-35990 at SUSECVE-2024-35990 at NVDCVE-2024-35998 at SUSECVE-2024-35998 at NVDCVE-2024-35999 at SUSECVE-2024-35999 at NVDCVE-2024-36006 at SUSECVE-2024-36006 at NVDCVE-2024-36007 at SUSECVE-2024-36007 at NVDCVE-2024-36012 at SUSECVE-2024-36012 at NVDCVE-2024-36014 at SUSECVE-2024-36014 at NVDCVE-2024-36015 at SUSECVE-2024-36015 at NVDCVE-2024-36016 at SUSECVE-2024-36016 at NVDCVE-2024-36026 at SUSECVE-2024-36026 at NVDCVE-2024-36029 at SUSECVE-2024-36029 at NVDCVE-2024-36032 at SUSECVE-2024-36032 at NVDCVE-2024-36880 at SUSECVE-2024-36880 at NVDCVE-2024-36893 at SUSECVE-2024-36893 at NVDCVE-2024-36896 at SUSECVE-2024-36896 at NVDCVE-2024-36897 at SUSECVE-2024-36897 at NVDCVE-2024-36906 at SUSECVE-2024-36906 at NVDCVE-2024-36918 at SUSECVE-2024-36918 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36928 at SUSECVE-2024-36928 at NVDCVE-2024-36931 at SUSECVE-2024-36931 at NVDCVE-2024-36938 at SUSECVE-2024-36938 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Important)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Moderate)openSUSE Leap 15.5
This update for tiff fixes the following issues:
- CVE-2023-3164: Fixed a heap buffer overflow in tiffcrop. (bsc#1212233)
ModerateSUSE bug 1212233CVE-2023-3164 at SUSECVE-2023-3164 at NVDcpe:/o:opensuse:leap:15.5Security update for python-scikit-learn (Moderate)openSUSE Leap 15.5
This update for python-scikit-learn fixes the following issues:
-CVE-2024-5206: Fixed a possible sensitive data leak in TfidfVectorizer. (bsc#1226185)
ModerateSUSE bug 1226185CVE-2024-5206 at SUSECVE-2024-5206 at NVDcpe:/o:opensuse:leap:15.5Security update for podman (Important)openSUSE Leap 15.5
This update for podman fixes the following issues:
- Update to version 4.9.5
- CVE-2024-3727: Fixed a flaw that allowed attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks. (bsc#1224122)
- CVE-2024-24786: Fixed an infinite loop in protojson. (bsc#1226136)
ImportantSUSE bug 1224122SUSE bug 1226136CVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:opensuse:leap:15.5Security update for php8 (Important)openSUSE Leap 15.5
This update for php8 fixes the following issues:
- CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073)
ImportantSUSE bug 1226073CVE-2024-5458 at SUSECVE-2024-5458 at NVDcpe:/o:opensuse:leap:15.5Security update for php8 (Important)openSUSE Leap 15.5
This update for php8 fixes the following issues:
- CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073)
ImportantSUSE bug 1226073CVE-2024-5458 at SUSECVE-2024-5458 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Important)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2023-50447: Fixed arbitrary code execution via the environment parameter. (bsc#1219048)
ImportantSUSE bug 1219048CVE-2023-50447 at SUSECVE-2023-50447 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Important)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)
ImportantSUSE bug 1225551CVE-2024-4741 at SUSECVE-2024-4741 at NVDcpe:/o:opensuse:leap:15.5Security update for libaom (Important)openSUSE Leap 15.5
This update for libaom fixes the following issues:
- CVE-2024-5171: Fixed heap buffer overflow in img_alloc_helper() caused by integer overflow (bsc#1226020).
ImportantSUSE bug 1226020CVE-2024-5171 at SUSECVE-2024-5171 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
- Update to version 115.12.0 ESR (bsc#1226027)
- CVE-2024-5702: Use-after-free in networking
- CVE-2024-5688: Use-after-free in JavaScript object transplant
- CVE-2024-5690: External protocol handlers leaked by timing attack
- CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
- CVE-2024-5692: Bypass of file name restrictions during saving
- CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
- CVE-2024-5696: Memory Corruption in Text Fragments
- CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
ImportantSUSE bug 1226027CVE-2024-5688 at SUSECVE-2024-5688 at NVDCVE-2024-5690 at SUSECVE-2024-5690 at NVDCVE-2024-5691 at SUSECVE-2024-5691 at NVDCVE-2024-5692 at SUSECVE-2024-5692 at NVDCVE-2024-5693 at SUSECVE-2024-5693 at NVDCVE-2024-5696 at SUSECVE-2024-5696 at NVDCVE-2024-5700 at SUSECVE-2024-5700 at NVDCVE-2024-5702 at SUSECVE-2024-5702 at NVDcpe:/o:opensuse:leap:15.5Security update for booth (Important)openSUSE Leap 15.5
This update for booth fixes the following issues:
- CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032)
ImportantSUSE bug 1226032CVE-2024-3049 at SUSECVE-2024-3049 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
- Update to version 2.44.2
- CVE-2024-27834: Fixed a vulnerability where an attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. (bsc#1225071)
ImportantSUSE bug 1222905SUSE bug 1225071CVE-2024-23226 at SUSECVE-2024-23226 at NVDCVE-2024-27834 at SUSECVE-2024-27834 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Update to version 115.12.0 ESR (bsc#1226027)
- CVE-2024-5702: Use-after-free in networking
- CVE-2024-5688: Use-after-free in JavaScript object transplant
- CVE-2024-5690: External protocol handlers leaked by timing attack
- CVE-2024-5691: Sandboxed iframes were able to bypass sandbox restrictions to open a new window
- CVE-2024-5692: Bypass of file name restrictions during saving
- CVE-2024-5693: Cross-Origin Image leak via Offscreen Canvas
- CVE-2024-5696: Memory Corruption in Text Fragments
- CVE-2024-5700: Memory safety bugs fixed in Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12
ImportantSUSE bug 1226027CVE-2024-5688 at SUSECVE-2024-5688 at NVDCVE-2024-5690 at SUSECVE-2024-5690 at NVDCVE-2024-5691 at SUSECVE-2024-5691 at NVDCVE-2024-5692 at SUSECVE-2024-5692 at NVDCVE-2024-5693 at SUSECVE-2024-5693 at NVDCVE-2024-5696 at SUSECVE-2024-5696 at NVDCVE-2024-5700 at SUSECVE-2024-5700 at NVDCVE-2024-5702 at SUSECVE-2024-5702 at NVDcpe:/o:opensuse:leap:15.5Security update for gdk-pixbuf (Important)openSUSE Leap 15.5
This update for gdk-pixbuf fixes the following issues:
gdk-pixbuf was updated to version 2.42.12:
- Security issues fixed:
* CVE-2022-48622: Fixed heap memory corruption on gdk-pixbuf (bsc#1219276)
- Changes in version 2.42.12:
+ ani: Reject files with multiple INA or IART chunks,
+ ani: validate chunk size,
+ Updated translations.
- Enable other image loaders such as xpm and xbm (bsc#1223903)
- Changes in version 2.42.11:
+ Disable fringe loaders by default.
+ Introspection fixes.
+ Updated translations.
- Changes in version 2.42.10:
+ Search for rst2man.py.
+ Update the memory size limit for JPEG images.
+ Updated translations.
- Fixed loading of larger images
- Avoid Bash specific syntax in baselibs postscript (bsc#1195391)
ImportantSUSE bug 1195391SUSE bug 1219276SUSE bug 1223903CVE-2022-48622 at SUSECVE-2022-48622 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat10 (Moderate)openSUSE Leap 15.5
This update for tomcat10 fixes the following issues:
Updated to Tomcat 10.1.18
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
ModerateSUSE bug 1217649CVE-2023-46589 at SUSECVE-2023-46589 at NVDcpe:/o:opensuse:leap:15.5Security update for erlang (Important)openSUSE Leap 15.5
This update for erlang fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218192)
ImportantSUSE bug 1218192CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for opencc (Moderate)openSUSE Leap 15.5
This update for opencc fixes the following issues:
- CVE-2018-16982: Check offset bounds in BinaryDict::NewFromFile method. (bsc#1108310)
ModerateSUSE bug 1108310CVE-2018-16982 at SUSECVE-2018-16982 at NVDcpe:/o:opensuse:leap:15.5Security update for php-composer2 (Important)openSUSE Leap 15.5
This update for php-composer2 fixes the following issues:
- CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181).
- CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182).
ImportantSUSE bug 1226181SUSE bug 1226182CVE-2024-35241 at SUSECVE-2024-35241 at NVDCVE-2024-35242 at SUSECVE-2024-35242 at NVDcpe:/o:opensuse:leap:15.5Security update for containerd (Important)openSUSE Leap 15.5
This update for containerd fixes the following issues:
Update to containerd v1.7.17.
- CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400).
- Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323).
ImportantSUSE bug 1221400SUSE bug 1224323CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Moderate)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2024-0408: Fixed SELinux unlabeled GLX PBuffer. (bsc#1218845)
- CVE-2024-0409: Fixed SELinux context corruption. (bsc#1218846)
ModerateSUSE bug 1218845SUSE bug 1218846CVE-2024-0408 at SUSECVE-2024-0408 at NVDCVE-2024-0409 at SUSECVE-2024-0409 at NVDcpe:/o:opensuse:leap:15.5Security update for podofo (Moderate)openSUSE Leap 15.5
This update for podofo fixes the following issues:
- CVE-2019-9199: Fixed a NULL pointer dereference in podofoimpose (bsc#1127855)
- CVE-2018-20797: Fixed an excessive memory allocation in PoDoFo:podofo_calloc (bsc#1127514)
- CVE-2019-10723: Fixed a memory leak in PdfPagesTreeCache (bsc#1131544)
ModerateSUSE bug 1127514SUSE bug 1127855SUSE bug 1131544CVE-2018-20797 at SUSECVE-2018-20797 at NVDCVE-2019-10723 at SUSECVE-2019-10723 at NVDCVE-2019-9199 at SUSECVE-2019-9199 at NVDcpe:/o:opensuse:leap:15.5Security update for gnome-settings-daemon (Important)openSUSE Leap 15.5
This update for gnome-settings-daemon fixes the following issues:
- CVE-2024-38394: Fixed mismatches in interpreting USB authorization policy (bsc#1226423).
ImportantSUSE bug 1226423CVE-2024-38394 at SUSECVE-2024-38394 at NVDcpe:/o:opensuse:leap:15.5Security update for libarchive (Important)openSUSE Leap 15.5
This update for libarchive fixes the following issues:
- CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971).
ImportantSUSE bug 1225971CVE-2024-20696 at SUSECVE-2024-20696 at NVDcpe:/o:opensuse:leap:15.5Security update for wget (Moderate)openSUSE Leap 15.5
This update for wget fixes the following issues:
- CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419)
ModerateSUSE bug 1226419CVE-2024-38428 at SUSECVE-2024-38428 at NVDcpe:/o:opensuse:leap:15.5Security update for vte (Important)openSUSE Leap 15.5
This update for vte fixes the following issues:
- CVE-2024-37535: Fixed a bug that allowed an attacker to cause a denial of service (memory consumption) via a window resize escape. (bsc#1226134)
ImportantSUSE bug 1226134CVE-2024-37535 at SUSECVE-2024-37535 at NVDcpe:/o:opensuse:leap:15.5Security update for ntfs-3g_ntfsprogs (Moderate)openSUSE Leap 15.5
This update for ntfs-3g_ntfsprogs fixes the following issue:
- CVE-2023-52890: fix a use after free in ntfs_uppercase_mbs (bsc#1226007)
ModerateSUSE bug 1226007CVE-2023-52890 at SUSECVE-2023-52890 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506)
- CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959)
- CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961)
- CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335).
- CVE-2023-42755: Check user supplied offsets (bsc#1215702).
- CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081).
- CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615).
- CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169).
- CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187).
- CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443).
- CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747).
- CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729).
- CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727).
- CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608).
- CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628).
- CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621)
- CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114)
- CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548).
- CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085).
- CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930).
- CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097).
- CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339).
- CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829).
- CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385).
- CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464).
- CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870)
- CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561).
- CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608).
- CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627).
- CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765)
- CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770)
- CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793)
- CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011).
- CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084).
- CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975)
- CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119).
- CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046).
- CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203).
- CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207)
- CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847).
- CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138).
- CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390).
- CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532).
- CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679).
- CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653).
- CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823).
- CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098).
- CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096).
- CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174).
- CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181).
- CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438).
- CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721)
- CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759)
- CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718).
- CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725).
- CVE-2024-35799: Prevent crash when disable stream (bsc#1224740).
- CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638).
- CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736).
- CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502).
- CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636).
- CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,).
- CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668).
- CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667).
- CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664).
- CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678).
- CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672).
- CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530).
- CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665).
- CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525).
- CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671).
- CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524).
- CVE-2024-35885: Stop interface during shutdown (bsc#1224519).
- CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494).
- CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488).
- CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492).
- CVE-2024-35924: Limit read size on v1.2 (bsc#1224657).
- CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535).
- CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649).
- CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648).
- CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701).
- CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666).
- CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581).
- CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580).
- CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586).
- CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575).
- CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549).
- CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550).
- CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541).
- CVE-2024-36007: Fixed warning during rehash (bsc#1224543).
- CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes).
- ACPI: disable -Wstringop-truncation (git-fixes).
- ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes).
- ACPI: LPSS: Advertise number of chip selects via property (git-fixes).
- admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes).
- af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384).
- af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384).
- af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384).
- ALSA: core: Fix NULL module pointer assignment at card init (git-fixes).
- ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes).
- ALSA: line6: Zero-initialize message buffers (stable-fixes).
- ARM: 9381/1: kasan: clear stale stack poison (git-fixes).
- ASoC: Intel: avs: Fix ASRC module initialization (git-fixes).
- ASoC: Intel: avs: Fix potential integer overflow (git-fixes).
- ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes).
- ASoC: Intel: Disable route checks for Skylake boards (git-fixes).
- ASoC: kirkwood: Fix potential NULL dereference (git-fixes).
- ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes).
- ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes).
- ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes).
- ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes).
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes).
- ata: pata_legacy: make legacy_exit() work again (git-fixes).
- ata: sata_gemini: Check clk_enable() result (stable-fixes).
- autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166).
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes).
- Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes).
- Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358).
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes).
- Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes).
- Bluetooth: qca: add missing firmware sanity checks (git-fixes).
- Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes).
- Bluetooth: qca: fix firmware check error path (git-fixes).
- Bluetooth: qca: fix info leak when fetching fw build id (git-fixes).
- Bluetooth: qca: fix NVM configuration parsing (git-fixes).
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes)
- bpf: decouple prune and jump points (bsc#1225756).
- bpf: fix precision backtracking instruction iteration (bsc#1225756).
- bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes).
- bpf: handle ldimm64 properly in check_cfg() (bsc#1225756).
- bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756).
- bpf: remove unnecessary prune and jump points (bsc#1225756).
- btrfs: add error messages to all unrecognized mount options (git-fixes)
- btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes)
- btrfs: extend locking to all space_info members accesses (git-fixes)
- btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes)
- btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes)
- btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes)
- btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes)
- btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes)
- btrfs: fix silent failure when deleting root reference (git-fixes)
- btrfs: fix use-after-free after failure to create a snapshot (git-fixes)
- btrfs: free exchange changeset on failures (git-fixes)
- btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes)
- btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes)
- btrfs: prevent copying too big compressed lzo segment (git-fixes)
- btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes)
- btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes)
- btrfs: repair super block num_devices automatically (git-fixes)
- btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes)
- btrfs: send: ensure send_fd is writable (git-fixes)
- btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes)
- btrfs: send: in case of IO error log it (git-fixes)
- btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes)
- btrfs: tree-checker: check item_size for dev_item (git-fixes)
- btrfs: tree-checker: check item_size for inode_item (git-fixes)
- cifs: account for primary channel in the interface list (bsc#1224020).
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020).
- cifs: distribute channels across interfaces based on speed (bsc#1224020).
- cifs: do not pass cifs_sb when trying to add channels (bsc#1224020).
- cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020).
- cifs: fix charset issue in reconnection (bsc#1224020).
- cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020).
- cifs: handle cases where a channel is closed (bsc#1224020).
- cifs: handle cases where multiple sessions share connection (bsc#1224020).
- cifs: reconnect work should have reference on server struct (bsc#1224020).
- clk: Do not hold prepare_lock when calling kref_put() (stable-fixes).
- clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes).
- counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes).
- counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes).
- cppc_cpufreq: Fix possible null pointer dereference (git-fixes).
- cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes).
- cpumask: Add for_each_cpu_from() (bsc#1225053).
- crypto: bcm - Fix pointer arithmetic (git-fixes).
- crypto: ccp - drop platform ifdef checks (git-fixes).
- crypto: ecdsa - Fix module auto-load on add-key (git-fixes).
- crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes).
- crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes).
- dmaengine: axi-dmac: fix possible race in remove() (git-fixes).
- dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes).
- dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes).
- dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575).
- docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes).
- drivers/nvme: Add quirks for device 126f:2262 (git-fixes).
- drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes).
- drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes).
- drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes).
- drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes).
- drm/amd: Flush GFXOFF requests in prepare stage (git-fixes).
- drm/amdgpu: Refine IB schedule error logging (stable-fixes).
- drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes).
- drm/arm/malidp: fix a possible null pointer dereference (git-fixes).
- drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes).
- drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes).
- drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes).
- drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes).
- drm/connector: Add \n to message about demoting connector force-probes (git-fixes).
- drm/i915/bios: Fix parsing backlight BDB data (git-fixes).
- drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes).
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes).
- drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes).
- drm/meson: dw-hdmi: power up phy on device init (git-fixes).
- drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes).
- drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes).
- drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes).
- drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes).
- drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes).
- drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes).
- drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes).
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes).
- drm: vc4: Fix possible null pointer dereference (git-fixes).
- dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes)
- dyndbg: fix old BUG_ON in >control parser (stable-fixes).
- efi: libstub: only free priv.runtime_map when allocated (git-fixes).
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes).
- fail_function: fix wrong use of fei_attr_remove().
- fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes).
- fbdev: shmobile: fix snprintf truncation (git-fixes).
- fbdev: sisfb: hide unused variables (git-fixes).
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes).
- firmware: dmi-id: add a release callback function (git-fixes).
- firmware: raspberrypi: Use correct device for DMA mappings (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes).
- fs/9p: translate O_TRUNC into OTRUNC (git-fixes).
- gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes).
- gpio: wcove: Use -ENOTSUPP consistently (stable-fixes).
- gpu: host1x: Do not setup DMA for virtual devices (stable-fixes).
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes).
- hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes).
- hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes).
- hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes).
- hwmon: (lm70) fix links in doc and comments (git-fixes).
- hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes).
- i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes).
- i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes).
- IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes)
- idpf: extend tx watchdog timeout (bsc#1224137).
- iio: core: Leave private pointer NULL when no private data supplied (git-fixes).
- iio: pressure: dps310: support negative temperature values (git-fixes).
- Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes).
- Input: ims-pcu - fix printf string overflow (git-fixes).
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes).
- iomap: Fix inline extent handling in iomap_readpage (git-fixes)
- iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes)
- iomap: Support partial direct I/O on user copy failures (git-fixes)
- iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331)
- io_uring/unix: drop usage of io_uring socket (git-fixes).
- irqchip/gic-v3-its: Prevent double free on error (git-fixes).
- jffs2: prevent xattr node from overflowing the eraseblock (git-fixes).
- kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756).
- kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959)
- KEYS: trusted: Do not use WARN when encode fails (git-fixes).
- KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes).
- KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794).
- leds: pwm: Disable PWM when going to suspend (git-fixes).
- libsubcmd: Fix parse-options memory leak (git-fixes).
- locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes).
- media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes).
- media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes).
- media: mc: mark the media devnode as registered from the, start (git-fixes).
- media: ngene: Add dvb_ca_en50221_init return value check (git-fixes).
- media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes).
- mei: me: add lunar lake point M DID (stable-fixes).
- mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes).
- mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes).
- mfd: tqmx86: Specify IO port register range more precisely (git-fixes).
- mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes).
- mlxbf_gige: Fix intermittent no ip issue (git-fixes).
- mlxbf_gige: stop PHY during open() error paths (git-fixes).
- mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes).
- mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes).
- Move upstreamed patches into sorted section
- mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes).
- mtd: rawnand: hynix: fixed typo (git-fixes).
- net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959)
- netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961)
- net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959)
- net: nfc: remove inappropriate attrs check (stable-fixes).
- net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes).
- net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes).
- net:usb:qmi_wwan: support Rolling modules (stable-fixes).
- net: usb: smsc95xx: stop lying about skb->truesize (git-fixes).
- net: usb: sr9700: stop lying about skb->truesize (git-fixes).
- net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360).
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes).
- nfc: nci: Fix uninit-value in nci_rx_work (git-fixes).
- nilfs2: fix out-of-range warning (git-fixes).
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes).
- nilfs2: fix use-after-free of timer for log writer thread (git-fixes).
- nilfs2: make superblock data array index computation sparse friendly (git-fixes).
- nvme: ensure disabling pairs with unquiesce (bsc#1224534).
- nvme: fix miss command type check (git-fixes).
- nvme: fix multipath batched completion accounting (git-fixes).
- nvme-multipath: fix io accounting on failover (git-fixes).
- nvmet: fix ns enable/disable possible hang (git-fixes).
- PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes).
- PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes).
- PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes).
- PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes).
- PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes).
- PCI: tegra194: Fix probe path for Endpoint mode (git-fixes).
- pinctrl: armada-37xx: remove an unused variable (git-fixes).
- pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes).
- pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes).
- pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes).
- pinctrl/meson: fix typo in PDM's pin name (git-fixes).
- pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes).
- platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes).
- platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes).
- powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740).
- powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740).
- powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes).
- powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783).
- powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869).
- powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869).
- power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes).
- ppdev: Add an error check in register_device (git-fixes).
- printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616).
- qibfs: fix dentry leak (git-fixes)
- RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes)
- RDMA/hns: Fix deadlock on SRQ async events. (git-fixes)
- RDMA/hns: Fix GMV table pagesize (git-fixes)
- RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes)
- RDMA/hns: Fix UAF for cq async event (git-fixes)
- RDMA/hns: Modify the print level of CQE error (git-fixes)
- RDMA/hns: Use complete parentheses in macros (git-fixes)
- RDMA/IPoIB: Fix format truncation compilation errors (git-fixes)
- RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes)
- RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes)
- RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes)
- RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes)
- RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes)
- RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes)
- RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes)
- RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes)
- regulator: bd71828: Do not overwrite runtime voltages (git-fixes).
- regulator: core: fix debugfs creation regression (git-fixes).
- regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes).
- remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes).
- Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020).
- Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes).
- ring-buffer: Fix a race between readers and resize checks (git-fixes).
- s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795).
- s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796).
- s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346).
- s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139).
- s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138).
- sched/topology: Optimize topology_span_sane() (bsc#1225053).
- scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes).
- scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes).
- scsi: core: Consult supported VPD page list prior to fetching page (git-fixes).
- scsi: core: Fix unremoved procfs host directory regression (git-fixes).
- scsi: csiostor: Avoid function pointer casts (git-fixes).
- scsi: libfc: Do not schedule abort twice (git-fixes).
- scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes).
- scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842).
- scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842).
- scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842).
- scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842).
- scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842).
- scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842).
- scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842).
- scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842).
- scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes).
- scsi: mylex: Fix sysfs buffer lengths (git-fixes).
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes).
- scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes).
- selftests/pidfd: Fix config for pidfd_setns_test (git-fixes).
- serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes).
- serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes).
- serial: max3100: Fix bitwise types (git-fixes).
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes).
- serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes).
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes).
- serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes).
- smb3: show beginning time for per share stats (bsc#1224020).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020).
- smb: client: get rid of dfs code dep in namespace.c (bsc#1224020).
- smb: client: get rid of dfs naming in automount code (bsc#1224020).
- smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020).
- smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020).
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020).
- smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020).
- soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes).
- soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes).
- Sort recent BHI patches
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes).
- spmi: Add a check for remove callback when removing a SPMI driver (git-fixes).
- spmi: hisi-spmi-controller: Do not override device identifier (git-fixes).
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331).
- swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331)
- swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331)
- swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331)
- sysv: do not call sb_bread() with pointers_lock held (git-fixes).
- thermal/drivers/tsens: Fix null pointer dereference (git-fixes).
- tools/latency-collector: Fix -Wformat-security compile warns (git-fixes).
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535)
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes).
- tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes).
- tracing: hide unused ftrace_event_id_fops (git-fixes).
- tty: n_gsm: fix missing receive state reset after mode switch (git-fixes).
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes).
- usb: aqc111: stop lying about skb->truesize (git-fixes).
- USB: core: Add hub_get() and hub_put() routines (git-fixes).
- USB: core: Fix access violation during port device removal (git-fixes).
- USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes).
- usb: dwc3: core: Prevent phy suspend during init (Git-fixes).
- usb: gadget: u_audio: Clear uac pointer when freed (git-fixes).
- usb: typec: tipd: fix event checking for tps6598x (git-fixes).
- usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes).
- VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes).
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes).
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes).
- watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes).
- watchdog: ixp4xx: Make sure restart always works (git-fixes).
- watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes).
- wifi: ar5523: enable proper endpoint verification (git-fixes).
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes).
- wifi: ath10k: poll service ready message before failing (git-fixes).
- wifi: ath10k: populate board data for WCN3990 (git-fixes).
- wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes).
- wifi: carl9170: add a proper sanity check for endpoints (git-fixes).
- wifi: carl9170: re-fix fortified-memset warning (git-fixes).
- wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes).
- wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes).
- wifi: mwl8k: initialize cmd->addr[] properly (git-fixes).
- x86/boot: Ignore NMIs during very early boot (git-fixes).
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes).
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes).
- x86/bugs: Fix BHI documentation (git-fixes).
- x86/bugs: Fix BHI handling of RRSBA (git-fixes).
- x86/bugs: Fix BHI retpoline check (git-fixes).
- x86/bugs: Fix return type of spectre_bhi_state() (git-fixes).
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes).
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes).
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes).
- x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes).
- x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes).
- x86/lib: Fix overflow when counting digits (git-fixes).
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes).
- x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes).
- x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes).
- x86/tdx: Preserve shared bit on mprotect() (git-fixes).
- xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes).
- xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes).
- xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes).
- xfs: fix inode reservation space for removing transaction (git-fixes).
- xfs: shrink failure needs to hold AGI buffer (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1141539SUSE bug 1174585SUSE bug 1181674SUSE bug 1187716SUSE bug 1190569SUSE bug 1191949SUSE bug 1192107SUSE bug 1193983SUSE bug 1194288SUSE bug 1194869SUSE bug 1196956SUSE bug 1197915SUSE bug 1200465SUSE bug 1205205SUSE bug 1207284SUSE bug 1207361SUSE bug 1207948SUSE bug 1208149SUSE bug 1209657SUSE bug 1209799SUSE bug 1209834SUSE bug 1209980SUSE bug 1210335SUSE bug 1213863SUSE bug 1214852SUSE bug 1215322SUSE bug 1215702SUSE bug 1216358SUSE bug 1216702SUSE bug 1217169SUSE bug 1217339SUSE bug 1217515SUSE bug 1218447SUSE bug 1220021SUSE bug 1220267SUSE bug 1220363SUSE bug 1220783SUSE bug 1221044SUSE bug 1221081SUSE bug 1221615SUSE bug 1221777SUSE bug 1221816SUSE bug 1221829SUSE bug 1222011SUSE bug 1222374SUSE bug 1222385SUSE bug 1222413SUSE bug 1222464SUSE bug 1222513SUSE bug 1222559SUSE bug 1222561SUSE bug 1222608SUSE bug 1222619SUSE bug 1222627SUSE bug 1222721SUSE bug 1222765SUSE bug 1222770SUSE bug 1222783SUSE bug 1222793SUSE bug 1222870SUSE bug 1222893SUSE bug 1222960SUSE bug 1222961SUSE bug 1222974SUSE bug 1222975SUSE bug 1222976SUSE bug 1223011SUSE bug 1223023SUSE bug 1223027SUSE bug 1223031SUSE bug 1223043SUSE bug 1223046SUSE bug 1223048SUSE bug 1223049SUSE bug 1223084SUSE bug 1223113SUSE bug 1223119SUSE bug 1223137SUSE bug 1223138SUSE bug 1223140SUSE bug 1223188SUSE bug 1223203SUSE bug 1223207SUSE bug 1223315SUSE bug 1223360SUSE bug 1223384SUSE bug 1223390SUSE bug 1223432SUSE bug 1223489SUSE bug 1223505SUSE bug 1223532SUSE bug 1223575SUSE bug 1223595SUSE bug 1223626SUSE bug 1223627SUSE bug 1223628SUSE bug 1223631SUSE bug 1223633SUSE bug 1223638SUSE bug 1223650SUSE bug 1223653SUSE bug 1223666SUSE bug 1223670SUSE bug 1223671SUSE bug 1223675SUSE bug 1223677SUSE bug 1223678SUSE bug 1223679SUSE bug 1223698SUSE bug 1223712SUSE bug 1223715SUSE bug 1223717SUSE bug 1223718SUSE bug 1223737SUSE bug 1223738SUSE bug 1223741SUSE bug 1223744SUSE bug 1223747SUSE bug 1223748SUSE bug 1223750SUSE bug 1223752SUSE bug 1223754SUSE bug 1223756SUSE bug 1223757SUSE bug 1223762SUSE bug 1223769SUSE bug 1223770SUSE bug 1223779SUSE bug 1223780SUSE bug 1223781SUSE bug 1223788SUSE bug 1223802SUSE bug 1223819SUSE bug 1223823SUSE bug 1223826SUSE bug 1223828SUSE bug 1223829SUSE bug 1223837SUSE bug 1223842SUSE bug 1223843SUSE bug 1223844SUSE bug 1223847SUSE bug 1223858SUSE bug 1223875SUSE bug 1223879SUSE bug 1223895SUSE bug 1223959SUSE bug 1223961SUSE bug 1223991SUSE bug 1223996SUSE bug 1224020SUSE bug 1224076SUSE bug 1224096SUSE bug 1224098SUSE bug 1224099SUSE bug 1224137SUSE bug 1224166SUSE bug 1224174SUSE bug 1224177SUSE bug 1224180SUSE bug 1224181SUSE bug 1224187SUSE bug 1224331SUSE bug 1224346SUSE bug 1224423SUSE bug 1224432SUSE bug 1224437SUSE bug 1224438SUSE bug 1224442SUSE bug 1224443SUSE bug 1224445SUSE bug 1224449SUSE bug 1224479SUSE bug 1224482SUSE bug 1224487SUSE bug 1224488SUSE bug 1224492SUSE bug 1224494SUSE bug 1224495SUSE bug 1224502SUSE bug 1224508SUSE bug 1224509SUSE bug 1224511SUSE bug 1224519SUSE bug 1224524SUSE bug 1224525SUSE bug 1224530SUSE bug 1224531SUSE bug 1224534SUSE bug 1224535SUSE bug 1224537SUSE bug 1224541SUSE bug 1224543SUSE bug 1224549SUSE bug 1224550SUSE bug 1224558SUSE bug 1224559SUSE bug 1224566SUSE bug 1224567SUSE bug 1224571SUSE bug 1224575SUSE bug 1224576SUSE bug 1224579SUSE bug 1224580SUSE bug 1224581SUSE bug 1224582SUSE bug 1224586SUSE bug 1224587SUSE bug 1224592SUSE bug 1224598SUSE bug 1224601SUSE bug 1224607SUSE bug 1224608SUSE bug 1224611SUSE bug 1224615SUSE bug 1224617SUSE bug 1224618SUSE bug 1224621SUSE bug 1224622SUSE bug 1224624SUSE bug 1224627SUSE bug 1224628SUSE bug 1224629SUSE bug 1224632SUSE bug 1224636SUSE bug 1224637SUSE bug 1224638SUSE bug 1224640SUSE bug 1224643SUSE bug 1224644SUSE bug 1224645SUSE bug 1224647SUSE bug 1224648SUSE bug 1224649SUSE bug 1224650SUSE bug 1224651SUSE bug 1224657SUSE bug 1224659SUSE bug 1224660SUSE bug 1224663SUSE bug 1224664SUSE bug 1224665SUSE bug 1224666SUSE bug 1224667SUSE bug 1224668SUSE bug 1224671SUSE bug 1224672SUSE bug 1224676SUSE bug 1224678SUSE bug 1224679SUSE bug 1224680SUSE bug 1224681SUSE bug 1224682SUSE bug 1224685SUSE bug 1224686SUSE bug 1224692SUSE bug 1224697SUSE bug 1224699SUSE bug 1224701SUSE bug 1224703SUSE bug 1224705SUSE bug 1224707SUSE bug 1224717SUSE bug 1224718SUSE bug 1224721SUSE bug 1224722SUSE bug 1224723SUSE bug 1224725SUSE bug 1224727SUSE bug 1224728SUSE bug 1224729SUSE bug 1224730SUSE bug 1224731SUSE bug 1224732SUSE bug 1224733SUSE bug 1224736SUSE bug 1224738SUSE bug 1224739SUSE bug 1224740SUSE bug 1224747SUSE bug 1224749SUSE bug 1224759SUSE bug 1224763SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224794SUSE bug 1224795SUSE bug 1224796SUSE bug 1224803SUSE bug 1224816SUSE bug 1224895SUSE bug 1224898SUSE bug 1224900SUSE bug 1224901SUSE bug 1224902SUSE bug 1224903SUSE bug 1224904SUSE bug 1224905SUSE bug 1224907SUSE bug 1224909SUSE bug 1224910SUSE bug 1224911SUSE bug 1224912SUSE bug 1224913SUSE bug 1224914SUSE bug 1224915SUSE bug 1224920SUSE bug 1224928SUSE bug 1224929SUSE bug 1224930SUSE bug 1224931SUSE bug 1224932SUSE bug 1224936SUSE bug 1224937SUSE bug 1224941SUSE bug 1224942SUSE bug 1224944SUSE bug 1224945SUSE bug 1224947SUSE bug 1224956SUSE bug 1224988SUSE bug 1224992SUSE bug 1225000SUSE bug 1225003SUSE bug 1225005SUSE bug 1225008SUSE bug 1225009SUSE bug 1225022SUSE bug 1225031SUSE bug 1225032SUSE bug 1225036SUSE bug 1225041SUSE bug 1225044SUSE bug 1225053SUSE bug 1225076SUSE bug 1225077SUSE bug 1225082SUSE bug 1225085SUSE bug 1225086SUSE bug 1225092SUSE bug 1225095SUSE bug 1225096SUSE bug 1225097SUSE bug 1225106SUSE bug 1225108SUSE bug 1225109SUSE bug 1225114SUSE bug 1225118SUSE bug 1225121SUSE bug 1225122SUSE bug 1225123SUSE bug 1225125SUSE bug 1225126SUSE bug 1225127SUSE bug 1225129SUSE bug 1225131SUSE bug 1225132SUSE bug 1225138SUSE bug 1225139SUSE bug 1225145SUSE bug 1225151SUSE bug 1225153SUSE bug 1225156SUSE bug 1225158SUSE bug 1225160SUSE bug 1225161SUSE bug 1225164SUSE bug 1225167SUSE bug 1225180SUSE bug 1225183SUSE bug 1225184SUSE bug 1225186SUSE bug 1225187SUSE bug 1225189SUSE bug 1225190SUSE bug 1225191SUSE bug 1225192SUSE bug 1225193SUSE bug 1225195SUSE bug 1225198SUSE bug 1225201SUSE bug 1225203SUSE bug 1225205SUSE bug 1225206SUSE bug 1225207SUSE bug 1225208SUSE bug 1225209SUSE bug 1225210SUSE bug 1225214SUSE bug 1225222SUSE bug 1225223SUSE bug 1225224SUSE bug 1225225SUSE bug 1225227SUSE bug 1225228SUSE bug 1225229SUSE bug 1225230SUSE bug 1225232SUSE bug 1225233SUSE bug 1225235SUSE bug 1225236SUSE bug 1225237SUSE bug 1225238SUSE bug 1225239SUSE bug 1225240SUSE bug 1225241SUSE bug 1225242SUSE bug 1225243SUSE bug 1225244SUSE bug 1225245SUSE bug 1225246SUSE bug 1225247SUSE bug 1225248SUSE bug 1225249SUSE bug 1225250SUSE bug 1225251SUSE bug 1225252SUSE bug 1225253SUSE bug 1225254SUSE bug 1225255SUSE bug 1225256SUSE bug 1225257SUSE bug 1225258SUSE bug 1225259SUSE bug 1225260SUSE bug 1225261SUSE bug 1225262SUSE bug 1225263SUSE bug 1225268SUSE bug 1225301SUSE bug 1225303SUSE bug 1225304SUSE bug 1225306SUSE bug 1225316SUSE bug 1225318SUSE bug 1225320SUSE bug 1225321SUSE bug 1225322SUSE bug 1225323SUSE bug 1225326SUSE bug 1225327SUSE bug 1225328SUSE bug 1225329SUSE bug 1225330SUSE bug 1225331SUSE bug 1225332SUSE bug 1225333SUSE bug 1225334SUSE bug 1225335SUSE bug 1225336SUSE bug 1225337SUSE bug 1225338SUSE bug 1225339SUSE bug 1225341SUSE bug 1225342SUSE bug 1225344SUSE bug 1225346SUSE bug 1225347SUSE bug 1225351SUSE bug 1225353SUSE bug 1225354SUSE bug 1225355SUSE bug 1225357SUSE bug 1225358SUSE bug 1225360SUSE bug 1225361SUSE bug 1225366SUSE bug 1225367SUSE bug 1225368SUSE bug 1225369SUSE bug 1225370SUSE bug 1225372SUSE bug 1225373SUSE bug 1225374SUSE bug 1225375SUSE bug 1225376SUSE bug 1225377SUSE bug 1225379SUSE bug 1225380SUSE bug 1225382SUSE bug 1225383SUSE bug 1225384SUSE bug 1225386SUSE bug 1225387SUSE bug 1225388SUSE bug 1225390SUSE bug 1225392SUSE bug 1225393SUSE bug 1225396SUSE bug 1225400SUSE bug 1225404SUSE bug 1225405SUSE bug 1225408SUSE bug 1225409SUSE bug 1225410SUSE bug 1225411SUSE bug 1225424SUSE bug 1225425SUSE bug 1225427SUSE bug 1225431SUSE bug 1225435SUSE bug 1225436SUSE bug 1225437SUSE bug 1225438SUSE bug 1225439SUSE bug 1225441SUSE bug 1225442SUSE bug 1225443SUSE bug 1225444SUSE bug 1225445SUSE bug 1225446SUSE bug 1225447SUSE bug 1225450SUSE bug 1225453SUSE bug 1225455SUSE bug 1225461SUSE bug 1225463SUSE bug 1225464SUSE bug 1225466SUSE bug 1225467SUSE bug 1225468SUSE bug 1225471SUSE bug 1225472SUSE bug 1225478SUSE bug 1225479SUSE bug 1225480SUSE bug 1225482SUSE bug 1225483SUSE bug 1225486SUSE bug 1225488SUSE bug 1225490SUSE bug 1225492SUSE bug 1225495SUSE bug 1225499SUSE bug 1225500SUSE bug 1225501SUSE bug 1225502SUSE bug 1225506SUSE bug 1225508SUSE bug 1225510SUSE bug 1225513SUSE bug 1225515SUSE bug 1225529SUSE bug 1225530SUSE bug 1225532SUSE bug 1225534SUSE bug 1225535SUSE bug 1225548SUSE bug 1225549SUSE bug 1225550SUSE bug 1225553SUSE bug 1225554SUSE bug 1225555SUSE bug 1225556SUSE bug 1225557SUSE bug 1225559SUSE bug 1225560SUSE bug 1225565SUSE bug 1225566SUSE bug 1225568SUSE bug 1225569SUSE bug 1225570SUSE bug 1225571SUSE bug 1225572SUSE bug 1225577SUSE bug 1225583SUSE bug 1225584SUSE bug 1225587SUSE bug 1225588SUSE bug 1225589SUSE bug 1225590SUSE bug 1225591SUSE bug 1225592SUSE bug 1225593SUSE bug 1225595SUSE bug 1225599SUSE bug 1225616SUSE bug 1225640SUSE bug 1225642SUSE bug 1225705SUSE bug 1225708SUSE bug 1225715SUSE bug 1225720SUSE bug 1225722SUSE bug 1225734SUSE bug 1225735SUSE bug 1225747SUSE bug 1225748SUSE bug 1225756SUSE bug 1225761SUSE bug 1225766SUSE bug 1225775SUSE bug 1225810SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225842CVE-2020-36788 at SUSECVE-2020-36788 at NVDCVE-2021-4148 at SUSECVE-2021-4148 at NVDCVE-2021-43527 at SUSECVE-2021-43527 at NVDCVE-2021-47358 at SUSECVE-2021-47358 at NVDCVE-2021-47359 at SUSECVE-2021-47359 at NVDCVE-2021-47360 at SUSECVE-2021-47360 at NVDCVE-2021-47361 at SUSECVE-2021-47361 at NVDCVE-2021-47362 at SUSECVE-2021-47362 at NVDCVE-2021-47363 at SUSECVE-2021-47363 at NVDCVE-2021-47364 at SUSECVE-2021-47364 at NVDCVE-2021-47365 at SUSECVE-2021-47365 at NVDCVE-2021-47366 at SUSECVE-2021-47366 at NVDCVE-2021-47367 at SUSECVE-2021-47367 at NVDCVE-2021-47368 at SUSECVE-2021-47368 at NVDCVE-2021-47369 at SUSECVE-2021-47369 at NVDCVE-2021-47370 at SUSECVE-2021-47370 at NVDCVE-2021-47371 at SUSECVE-2021-47371 at NVDCVE-2021-47372 at SUSECVE-2021-47372 at NVDCVE-2021-47373 at SUSECVE-2021-47373 at NVDCVE-2021-47374 at SUSECVE-2021-47374 at NVDCVE-2021-47375 at SUSECVE-2021-47375 at NVDCVE-2021-47376 at SUSECVE-2021-47376 at NVDCVE-2021-47378 at SUSECVE-2021-47378 at NVDCVE-2021-47379 at SUSECVE-2021-47379 at NVDCVE-2021-47380 at SUSECVE-2021-47380 at NVDCVE-2021-47381 at SUSECVE-2021-47381 at NVDCVE-2021-47382 at SUSECVE-2021-47382 at NVDCVE-2021-47383 at SUSECVE-2021-47383 at NVDCVE-2021-47384 at SUSECVE-2021-47384 at NVDCVE-2021-47385 at SUSECVE-2021-47385 at NVDCVE-2021-47386 at SUSECVE-2021-47386 at NVDCVE-2021-47387 at SUSECVE-2021-47387 at NVDCVE-2021-47388 at SUSECVE-2021-47388 at NVDCVE-2021-47389 at SUSECVE-2021-47389 at NVDCVE-2021-47390 at SUSECVE-2021-47390 at NVDCVE-2021-47391 at SUSECVE-2021-47391 at NVDCVE-2021-47392 at SUSECVE-2021-47392 at NVDCVE-2021-47393 at SUSECVE-2021-47393 at NVDCVE-2021-47394 at SUSECVE-2021-47394 at NVDCVE-2021-47395 at SUSECVE-2021-47395 at NVDCVE-2021-47396 at SUSECVE-2021-47396 at NVDCVE-2021-47397 at SUSECVE-2021-47397 at NVDCVE-2021-47398 at SUSECVE-2021-47398 at NVDCVE-2021-47399 at SUSECVE-2021-47399 at NVDCVE-2021-47400 at SUSECVE-2021-47400 at NVDCVE-2021-47401 at SUSECVE-2021-47401 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47403 at SUSECVE-2021-47403 at NVDCVE-2021-47404 at SUSECVE-2021-47404 at NVDCVE-2021-47405 at SUSECVE-2021-47405 at NVDCVE-2021-47406 at SUSECVE-2021-47406 at NVDCVE-2021-47407 at SUSECVE-2021-47407 at NVDCVE-2021-47408 at SUSECVE-2021-47408 at NVDCVE-2021-47409 at SUSECVE-2021-47409 at NVDCVE-2021-47410 at SUSECVE-2021-47410 at NVDCVE-2021-47412 at SUSECVE-2021-47412 at NVDCVE-2021-47413 at SUSECVE-2021-47413 at NVDCVE-2021-47414 at SUSECVE-2021-47414 at NVDCVE-2021-47415 at SUSECVE-2021-47415 at NVDCVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47417 at SUSECVE-2021-47417 at NVDCVE-2021-47418 at SUSECVE-2021-47418 at NVDCVE-2021-47419 at SUSECVE-2021-47419 at NVDCVE-2021-47420 at SUSECVE-2021-47420 at NVDCVE-2021-47421 at SUSECVE-2021-47421 at NVDCVE-2021-47422 at SUSECVE-2021-47422 at NVDCVE-2021-47423 at SUSECVE-2021-47423 at NVDCVE-2021-47424 at SUSECVE-2021-47424 at NVDCVE-2021-47425 at SUSECVE-2021-47425 at NVDCVE-2021-47426 at SUSECVE-2021-47426 at NVDCVE-2021-47427 at SUSECVE-2021-47427 at NVDCVE-2021-47428 at SUSECVE-2021-47428 at NVDCVE-2021-47429 at SUSECVE-2021-47429 at NVDCVE-2021-47430 at SUSECVE-2021-47430 at NVDCVE-2021-47431 at SUSECVE-2021-47431 at NVDCVE-2021-47433 at SUSECVE-2021-47433 at NVDCVE-2021-47434 at SUSECVE-2021-47434 at NVDCVE-2021-47435 at SUSECVE-2021-47435 at NVDCVE-2021-47436 at SUSECVE-2021-47436 at NVDCVE-2021-47437 at SUSECVE-2021-47437 at NVDCVE-2021-47438 at SUSECVE-2021-47438 at NVDCVE-2021-47439 at SUSECVE-2021-47439 at NVDCVE-2021-47440 at SUSECVE-2021-47440 at NVDCVE-2021-47441 at SUSECVE-2021-47441 at NVDCVE-2021-47442 at SUSECVE-2021-47442 at NVDCVE-2021-47443 at SUSECVE-2021-47443 at NVDCVE-2021-47444 at SUSECVE-2021-47444 at NVDCVE-2021-47445 at SUSECVE-2021-47445 at NVDCVE-2021-47446 at SUSECVE-2021-47446 at NVDCVE-2021-47447 at SUSECVE-2021-47447 at NVDCVE-2021-47448 at SUSECVE-2021-47448 at NVDCVE-2021-47449 at SUSECVE-2021-47449 at NVDCVE-2021-47450 at SUSECVE-2021-47450 at NVDCVE-2021-47451 at SUSECVE-2021-47451 at NVDCVE-2021-47452 at SUSECVE-2021-47452 at NVDCVE-2021-47453 at SUSECVE-2021-47453 at NVDCVE-2021-47454 at SUSECVE-2021-47454 at NVDCVE-2021-47455 at SUSECVE-2021-47455 at NVDCVE-2021-47456 at SUSECVE-2021-47456 at NVDCVE-2021-47457 at SUSECVE-2021-47457 at NVDCVE-2021-47458 at SUSECVE-2021-47458 at NVDCVE-2021-47459 at SUSECVE-2021-47459 at NVDCVE-2021-47460 at SUSECVE-2021-47460 at NVDCVE-2021-47461 at SUSECVE-2021-47461 at NVDCVE-2021-47462 at SUSECVE-2021-47462 at NVDCVE-2021-47463 at SUSECVE-2021-47463 at NVDCVE-2021-47464 at SUSECVE-2021-47464 at NVDCVE-2021-47465 at SUSECVE-2021-47465 at NVDCVE-2021-47466 at SUSECVE-2021-47466 at NVDCVE-2021-47467 at SUSECVE-2021-47467 at NVDCVE-2021-47468 at SUSECVE-2021-47468 at NVDCVE-2021-47469 at SUSECVE-2021-47469 at NVDCVE-2021-47470 at SUSECVE-2021-47470 at NVDCVE-2021-47471 at SUSECVE-2021-47471 at NVDCVE-2021-47472 at SUSECVE-2021-47472 at NVDCVE-2021-47473 at SUSECVE-2021-47473 at NVDCVE-2021-47474 at SUSECVE-2021-47474 at NVDCVE-2021-47475 at SUSECVE-2021-47475 at NVDCVE-2021-47476 at SUSECVE-2021-47476 at NVDCVE-2021-47477 at SUSECVE-2021-47477 at NVDCVE-2021-47478 at SUSECVE-2021-47478 at NVDCVE-2021-47479 at SUSECVE-2021-47479 at NVDCVE-2021-47480 at SUSECVE-2021-47480 at NVDCVE-2021-47481 at SUSECVE-2021-47481 at NVDCVE-2021-47482 at SUSECVE-2021-47482 at NVDCVE-2021-47483 at SUSECVE-2021-47483 at NVDCVE-2021-47484 at SUSECVE-2021-47484 at NVDCVE-2021-47485 at SUSECVE-2021-47485 at NVDCVE-2021-47486 at SUSECVE-2021-47486 at NVDCVE-2021-47488 at SUSECVE-2021-47488 at NVDCVE-2021-47489 at SUSECVE-2021-47489 at NVDCVE-2021-47490 at SUSECVE-2021-47490 at NVDCVE-2021-47491 at SUSECVE-2021-47491 at NVDCVE-2021-47492 at SUSECVE-2021-47492 at NVDCVE-2021-47493 at SUSECVE-2021-47493 at NVDCVE-2021-47494 at SUSECVE-2021-47494 at NVDCVE-2021-47495 at SUSECVE-2021-47495 at NVDCVE-2021-47496 at SUSECVE-2021-47496 at NVDCVE-2021-47497 at SUSECVE-2021-47497 at NVDCVE-2021-47498 at SUSECVE-2021-47498 at NVDCVE-2021-47499 at SUSECVE-2021-47499 at NVDCVE-2021-47500 at SUSECVE-2021-47500 at NVDCVE-2021-47501 at SUSECVE-2021-47501 at NVDCVE-2021-47502 at SUSECVE-2021-47502 at NVDCVE-2021-47503 at SUSECVE-2021-47503 at NVDCVE-2021-47504 at SUSECVE-2021-47504 at NVDCVE-2021-47505 at SUSECVE-2021-47505 at NVDCVE-2021-47506 at SUSECVE-2021-47506 at NVDCVE-2021-47507 at SUSECVE-2021-47507 at NVDCVE-2021-47508 at SUSECVE-2021-47508 at NVDCVE-2021-47509 at SUSECVE-2021-47509 at NVDCVE-2021-47510 at SUSECVE-2021-47510 at NVDCVE-2021-47511 at SUSECVE-2021-47511 at NVDCVE-2021-47512 at SUSECVE-2021-47512 at NVDCVE-2021-47513 at SUSECVE-2021-47513 at NVDCVE-2021-47514 at SUSECVE-2021-47514 at NVDCVE-2021-47516 at SUSECVE-2021-47516 at NVDCVE-2021-47518 at SUSECVE-2021-47518 at NVDCVE-2021-47520 at SUSECVE-2021-47520 at NVDCVE-2021-47521 at SUSECVE-2021-47521 at NVDCVE-2021-47522 at SUSECVE-2021-47522 at NVDCVE-2021-47523 at SUSECVE-2021-47523 at NVDCVE-2021-47524 at SUSECVE-2021-47524 at NVDCVE-2021-47525 at SUSECVE-2021-47525 at NVDCVE-2021-47526 at SUSECVE-2021-47526 at NVDCVE-2021-47528 at SUSECVE-2021-47528 at NVDCVE-2021-47529 at SUSECVE-2021-47529 at NVDCVE-2021-47530 at SUSECVE-2021-47530 at NVDCVE-2021-47531 at SUSECVE-2021-47531 at NVDCVE-2021-47532 at SUSECVE-2021-47532 at NVDCVE-2021-47533 at SUSECVE-2021-47533 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47535 at SUSECVE-2021-47535 at NVDCVE-2021-47536 at SUSECVE-2021-47536 at NVDCVE-2021-47537 at SUSECVE-2021-47537 at NVDCVE-2021-47540 at SUSECVE-2021-47540 at NVDCVE-2021-47541 at SUSECVE-2021-47541 at NVDCVE-2021-47542 at SUSECVE-2021-47542 at NVDCVE-2021-47544 at SUSECVE-2021-47544 at NVDCVE-2021-47548 at SUSECVE-2021-47548 at NVDCVE-2021-47549 at SUSECVE-2021-47549 at NVDCVE-2021-47550 at SUSECVE-2021-47550 at NVDCVE-2021-47551 at SUSECVE-2021-47551 at NVDCVE-2021-47552 at SUSECVE-2021-47552 at NVDCVE-2021-47553 at SUSECVE-2021-47553 at NVDCVE-2021-47554 at SUSECVE-2021-47554 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47556 at SUSECVE-2021-47556 at NVDCVE-2021-47557 at SUSECVE-2021-47557 at NVDCVE-2021-47558 at SUSECVE-2021-47558 at NVDCVE-2021-47559 at SUSECVE-2021-47559 at NVDCVE-2021-47560 at SUSECVE-2021-47560 at NVDCVE-2021-47562 at SUSECVE-2021-47562 at NVDCVE-2021-47563 at SUSECVE-2021-47563 at NVDCVE-2021-47564 at SUSECVE-2021-47564 at NVDCVE-2021-47565 at SUSECVE-2021-47565 at NVDCVE-2021-47569 at SUSECVE-2021-47569 at NVDCVE-2022-48633 at SUSECVE-2022-48633 at NVDCVE-2022-48662 at SUSECVE-2022-48662 at NVDCVE-2022-48669 at SUSECVE-2022-48669 at NVDCVE-2022-48689 at SUSECVE-2022-48689 at NVDCVE-2022-48691 at SUSECVE-2022-48691 at NVDCVE-2022-48699 at SUSECVE-2022-48699 at NVDCVE-2022-48705 at SUSECVE-2022-48705 at NVDCVE-2022-48708 at SUSECVE-2022-48708 at NVDCVE-2022-48709 at SUSECVE-2022-48709 at NVDCVE-2022-48710 at SUSECVE-2022-48710 at NVDCVE-2023-0160 at SUSECVE-2023-0160 at NVDCVE-2023-1829 at SUSECVE-2023-1829 at NVDCVE-2023-42755 at SUSECVE-2023-42755 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-52586 at SUSECVE-2023-52586 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52618 at SUSECVE-2023-52618 at NVDCVE-2023-52642 at SUSECVE-2023-52642 at NVDCVE-2023-52643 at SUSECVE-2023-52643 at NVDCVE-2023-52644 at SUSECVE-2023-52644 at NVDCVE-2023-52646 at SUSECVE-2023-52646 at NVDCVE-2023-52650 at SUSECVE-2023-52650 at NVDCVE-2023-52653 at SUSECVE-2023-52653 at NVDCVE-2023-52654 at SUSECVE-2023-52654 at NVDCVE-2023-52655 at SUSECVE-2023-52655 at NVDCVE-2023-52656 at SUSECVE-2023-52656 at NVDCVE-2023-52657 at SUSECVE-2023-52657 at NVDCVE-2023-52659 at SUSECVE-2023-52659 at NVDCVE-2023-52660 at SUSECVE-2023-52660 at NVDCVE-2023-52661 at SUSECVE-2023-52661 at NVDCVE-2023-52662 at SUSECVE-2023-52662 at NVDCVE-2023-52664 at SUSECVE-2023-52664 at NVDCVE-2023-52669 at SUSECVE-2023-52669 at NVDCVE-2023-52671 at SUSECVE-2023-52671 at NVDCVE-2023-52674 at SUSECVE-2023-52674 at NVDCVE-2023-52676 at SUSECVE-2023-52676 at NVDCVE-2023-52678 at SUSECVE-2023-52678 at NVDCVE-2023-52679 at SUSECVE-2023-52679 at NVDCVE-2023-52680 at SUSECVE-2023-52680 at NVDCVE-2023-52683 at SUSECVE-2023-52683 at NVDCVE-2023-52685 at SUSECVE-2023-52685 at NVDCVE-2023-52686 at SUSECVE-2023-52686 at NVDCVE-2023-52690 at SUSECVE-2023-52690 at NVDCVE-2023-52691 at SUSECVE-2023-52691 at NVDCVE-2023-52692 at SUSECVE-2023-52692 at NVDCVE-2023-52693 at SUSECVE-2023-52693 at NVDCVE-2023-52694 at SUSECVE-2023-52694 at NVDCVE-2023-52696 at SUSECVE-2023-52696 at NVDCVE-2023-52698 at SUSECVE-2023-52698 at NVDCVE-2023-52699 at SUSECVE-2023-52699 at NVDCVE-2023-52702 at SUSECVE-2023-52702 at NVDCVE-2023-52703 at SUSECVE-2023-52703 at NVDCVE-2023-52705 at SUSECVE-2023-52705 at NVDCVE-2023-52707 at SUSECVE-2023-52707 at NVDCVE-2023-52708 at SUSECVE-2023-52708 at NVDCVE-2023-52730 at SUSECVE-2023-52730 at NVDCVE-2023-52731 at SUSECVE-2023-52731 at NVDCVE-2023-52732 at SUSECVE-2023-52732 at NVDCVE-2023-52733 at SUSECVE-2023-52733 at NVDCVE-2023-52736 at SUSECVE-2023-52736 at NVDCVE-2023-52738 at SUSECVE-2023-52738 at NVDCVE-2023-52739 at SUSECVE-2023-52739 at NVDCVE-2023-52740 at SUSECVE-2023-52740 at NVDCVE-2023-52741 at SUSECVE-2023-52741 at NVDCVE-2023-52742 at SUSECVE-2023-52742 at NVDCVE-2023-52743 at SUSECVE-2023-52743 at NVDCVE-2023-52744 at SUSECVE-2023-52744 at NVDCVE-2023-52745 at SUSECVE-2023-52745 at NVDCVE-2023-52746 at SUSECVE-2023-52746 at NVDCVE-2023-52747 at SUSECVE-2023-52747 at NVDCVE-2023-52753 at SUSECVE-2023-52753 at NVDCVE-2023-52754 at SUSECVE-2023-52754 at NVDCVE-2023-52756 at SUSECVE-2023-52756 at NVDCVE-2023-52757 at SUSECVE-2023-52757 at NVDCVE-2023-52759 at SUSECVE-2023-52759 at NVDCVE-2023-52763 at SUSECVE-2023-52763 at NVDCVE-2023-52764 at SUSECVE-2023-52764 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52773 at SUSECVE-2023-52773 at NVDCVE-2023-52774 at SUSECVE-2023-52774 at NVDCVE-2023-52777 at SUSECVE-2023-52777 at NVDCVE-2023-52781 at SUSECVE-2023-52781 at NVDCVE-2023-52788 at SUSECVE-2023-52788 at NVDCVE-2023-52789 at SUSECVE-2023-52789 at NVDCVE-2023-52791 at SUSECVE-2023-52791 at NVDCVE-2023-52795 at SUSECVE-2023-52795 at NVDCVE-2023-52796 at SUSECVE-2023-52796 at NVDCVE-2023-52798 at SUSECVE-2023-52798 at NVDCVE-2023-52799 at SUSECVE-2023-52799 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52803 at SUSECVE-2023-52803 at NVDCVE-2023-52804 at SUSECVE-2023-52804 at NVDCVE-2023-52805 at SUSECVE-2023-52805 at NVDCVE-2023-52806 at SUSECVE-2023-52806 at NVDCVE-2023-52807 at SUSECVE-2023-52807 at NVDCVE-2023-52808 at SUSECVE-2023-52808 at NVDCVE-2023-52809 at SUSECVE-2023-52809 at NVDCVE-2023-52810 at SUSECVE-2023-52810 at NVDCVE-2023-52811 at SUSECVE-2023-52811 at NVDCVE-2023-52814 at SUSECVE-2023-52814 at NVDCVE-2023-52815 at SUSECVE-2023-52815 at NVDCVE-2023-52816 at SUSECVE-2023-52816 at NVDCVE-2023-52817 at SUSECVE-2023-52817 at NVDCVE-2023-52818 at SUSECVE-2023-52818 at NVDCVE-2023-52819 at SUSECVE-2023-52819 at NVDCVE-2023-52821 at SUSECVE-2023-52821 at NVDCVE-2023-52825 at SUSECVE-2023-52825 at NVDCVE-2023-52826 at SUSECVE-2023-52826 at NVDCVE-2023-52832 at SUSECVE-2023-52832 at NVDCVE-2023-52833 at SUSECVE-2023-52833 at NVDCVE-2023-52834 at SUSECVE-2023-52834 at NVDCVE-2023-52838 at SUSECVE-2023-52838 at NVDCVE-2023-52840 at SUSECVE-2023-52840 at NVDCVE-2023-52841 at SUSECVE-2023-52841 at NVDCVE-2023-52844 at SUSECVE-2023-52844 at NVDCVE-2023-52847 at SUSECVE-2023-52847 at NVDCVE-2023-52851 at SUSECVE-2023-52851 at NVDCVE-2023-52853 at SUSECVE-2023-52853 at NVDCVE-2023-52854 at SUSECVE-2023-52854 at NVDCVE-2023-52855 at SUSECVE-2023-52855 at NVDCVE-2023-52856 at SUSECVE-2023-52856 at NVDCVE-2023-52858 at SUSECVE-2023-52858 at NVDCVE-2023-52860 at SUSECVE-2023-52860 at NVDCVE-2023-52861 at SUSECVE-2023-52861 at NVDCVE-2023-52864 at SUSECVE-2023-52864 at NVDCVE-2023-52865 at SUSECVE-2023-52865 at NVDCVE-2023-52867 at SUSECVE-2023-52867 at NVDCVE-2023-52868 at SUSECVE-2023-52868 at NVDCVE-2023-52870 at SUSECVE-2023-52870 at NVDCVE-2023-52871 at SUSECVE-2023-52871 at NVDCVE-2023-52872 at SUSECVE-2023-52872 at NVDCVE-2023-52873 at SUSECVE-2023-52873 at NVDCVE-2023-52875 at SUSECVE-2023-52875 at NVDCVE-2023-52876 at SUSECVE-2023-52876 at NVDCVE-2023-52877 at SUSECVE-2023-52877 at NVDCVE-2023-52878 at SUSECVE-2023-52878 at NVDCVE-2023-52880 at SUSECVE-2023-52880 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2024-2201 at SUSECVE-2024-2201 at NVDCVE-2024-26597 at SUSECVE-2024-26597 at NVDCVE-2024-26643 at SUSECVE-2024-26643 at NVDCVE-2024-26679 at SUSECVE-2024-26679 at NVDCVE-2024-26692 at SUSECVE-2024-26692 at NVDCVE-2024-26698 at SUSECVE-2024-26698 at NVDCVE-2024-26700 at SUSECVE-2024-26700 at NVDCVE-2024-26715 at SUSECVE-2024-26715 at NVDCVE-2024-26739 at SUSECVE-2024-26739 at NVDCVE-2024-26742 at SUSECVE-2024-26742 at NVDCVE-2024-26748 at SUSECVE-2024-26748 at NVDCVE-2024-26758 at SUSECVE-2024-26758 at NVDCVE-2024-26764 at SUSECVE-2024-26764 at NVDCVE-2024-26775 at SUSECVE-2024-26775 at NVDCVE-2024-26777 at SUSECVE-2024-26777 at NVDCVE-2024-26778 at SUSECVE-2024-26778 at NVDCVE-2024-26788 at SUSECVE-2024-26788 at NVDCVE-2024-26791 at SUSECVE-2024-26791 at NVDCVE-2024-26801 at SUSECVE-2024-26801 at NVDCVE-2024-26822 at SUSECVE-2024-26822 at NVDCVE-2024-26828 at SUSECVE-2024-26828 at NVDCVE-2024-26829 at SUSECVE-2024-26829 at NVDCVE-2024-26838 at SUSECVE-2024-26838 at NVDCVE-2024-26839 at SUSECVE-2024-26839 at NVDCVE-2024-26840 at SUSECVE-2024-26840 at NVDCVE-2024-26846 at SUSECVE-2024-26846 at NVDCVE-2024-26859 at SUSECVE-2024-26859 at NVDCVE-2024-26870 at SUSECVE-2024-26870 at NVDCVE-2024-26874 at SUSECVE-2024-26874 at NVDCVE-2024-26876 at SUSECVE-2024-26876 at NVDCVE-2024-26877 at SUSECVE-2024-26877 at NVDCVE-2024-26880 at SUSECVE-2024-26880 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26894 at SUSECVE-2024-26894 at NVDCVE-2024-26900 at SUSECVE-2024-26900 at NVDCVE-2024-26907 at SUSECVE-2024-26907 at NVDCVE-2024-26915 at SUSECVE-2024-26915 at NVDCVE-2024-26916 at SUSECVE-2024-26916 at NVDCVE-2024-26919 at SUSECVE-2024-26919 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26921 at SUSECVE-2024-26921 at NVDCVE-2024-26922 at SUSECVE-2024-26922 at NVDCVE-2024-26925 at SUSECVE-2024-26925 at NVDCVE-2024-26928 at SUSECVE-2024-26928 at NVDCVE-2024-26929 at SUSECVE-2024-26929 at NVDCVE-2024-26930 at SUSECVE-2024-26930 at NVDCVE-2024-26931 at SUSECVE-2024-26931 at NVDCVE-2024-26933 at SUSECVE-2024-26933 at NVDCVE-2024-26934 at SUSECVE-2024-26934 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26937 at SUSECVE-2024-26937 at NVDCVE-2024-26938 at SUSECVE-2024-26938 at NVDCVE-2024-26939 at SUSECVE-2024-26939 at NVDCVE-2024-26940 at SUSECVE-2024-26940 at NVDCVE-2024-26943 at SUSECVE-2024-26943 at NVDCVE-2024-26957 at SUSECVE-2024-26957 at NVDCVE-2024-26958 at SUSECVE-2024-26958 at NVDCVE-2024-26964 at SUSECVE-2024-26964 at NVDCVE-2024-26974 at SUSECVE-2024-26974 at NVDCVE-2024-26977 at SUSECVE-2024-26977 at NVDCVE-2024-26979 at SUSECVE-2024-26979 at NVDCVE-2024-26984 at SUSECVE-2024-26984 at NVDCVE-2024-26988 at SUSECVE-2024-26988 at NVDCVE-2024-26989 at SUSECVE-2024-26989 at NVDCVE-2024-26994 at SUSECVE-2024-26994 at NVDCVE-2024-26996 at SUSECVE-2024-26996 at NVDCVE-2024-26997 at SUSECVE-2024-26997 at NVDCVE-2024-26999 at SUSECVE-2024-26999 at NVDCVE-2024-27000 at SUSECVE-2024-27000 at NVDCVE-2024-27001 at SUSECVE-2024-27001 at NVDCVE-2024-27004 at SUSECVE-2024-27004 at NVDCVE-2024-27008 at SUSECVE-2024-27008 at NVDCVE-2024-27028 at SUSECVE-2024-27028 at NVDCVE-2024-27037 at SUSECVE-2024-27037 at NVDCVE-2024-27042 at SUSECVE-2024-27042 at NVDCVE-2024-27045 at SUSECVE-2024-27045 at NVDCVE-2024-27047 at SUSECVE-2024-27047 at NVDCVE-2024-27051 at SUSECVE-2024-27051 at NVDCVE-2024-27052 at SUSECVE-2024-27052 at NVDCVE-2024-27053 at SUSECVE-2024-27053 at NVDCVE-2024-27054 at SUSECVE-2024-27054 at NVDCVE-2024-27059 at SUSECVE-2024-27059 at NVDCVE-2024-27072 at SUSECVE-2024-27072 at NVDCVE-2024-27073 at SUSECVE-2024-27073 at NVDCVE-2024-27074 at SUSECVE-2024-27074 at NVDCVE-2024-27075 at SUSECVE-2024-27075 at NVDCVE-2024-27076 at SUSECVE-2024-27076 at NVDCVE-2024-27077 at SUSECVE-2024-27077 at NVDCVE-2024-27078 at SUSECVE-2024-27078 at NVDCVE-2024-27388 at SUSECVE-2024-27388 at NVDCVE-2024-27393 at SUSECVE-2024-27393 at NVDCVE-2024-27395 at SUSECVE-2024-27395 at NVDCVE-2024-27396 at SUSECVE-2024-27396 at NVDCVE-2024-27398 at SUSECVE-2024-27398 at NVDCVE-2024-27399 at SUSECVE-2024-27399 at NVDCVE-2024-27400 at SUSECVE-2024-27400 at NVDCVE-2024-27401 at SUSECVE-2024-27401 at NVDCVE-2024-27405 at SUSECVE-2024-27405 at NVDCVE-2024-27410 at SUSECVE-2024-27410 at NVDCVE-2024-27412 at SUSECVE-2024-27412 at NVDCVE-2024-27413 at SUSECVE-2024-27413 at NVDCVE-2024-27416 at SUSECVE-2024-27416 at NVDCVE-2024-27417 at SUSECVE-2024-27417 at NVDCVE-2024-27419 at SUSECVE-2024-27419 at NVDCVE-2024-27431 at SUSECVE-2024-27431 at NVDCVE-2024-27435 at SUSECVE-2024-27435 at NVDCVE-2024-27436 at SUSECVE-2024-27436 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35791 at SUSECVE-2024-35791 at NVDCVE-2024-35796 at SUSECVE-2024-35796 at NVDCVE-2024-35799 at SUSECVE-2024-35799 at NVDCVE-2024-35801 at SUSECVE-2024-35801 at NVDCVE-2024-35804 at SUSECVE-2024-35804 at NVDCVE-2024-35806 at SUSECVE-2024-35806 at NVDCVE-2024-35809 at SUSECVE-2024-35809 at NVDCVE-2024-35811 at SUSECVE-2024-35811 at NVDCVE-2024-35812 at SUSECVE-2024-35812 at NVDCVE-2024-35813 at SUSECVE-2024-35813 at NVDCVE-2024-35815 at SUSECVE-2024-35815 at NVDCVE-2024-35817 at SUSECVE-2024-35817 at NVDCVE-2024-35821 at SUSECVE-2024-35821 at NVDCVE-2024-35822 at SUSECVE-2024-35822 at NVDCVE-2024-35823 at SUSECVE-2024-35823 at NVDCVE-2024-35825 at SUSECVE-2024-35825 at NVDCVE-2024-35828 at SUSECVE-2024-35828 at NVDCVE-2024-35829 at SUSECVE-2024-35829 at NVDCVE-2024-35830 at SUSECVE-2024-35830 at NVDCVE-2024-35833 at SUSECVE-2024-35833 at NVDCVE-2024-35845 at SUSECVE-2024-35845 at NVDCVE-2024-35847 at SUSECVE-2024-35847 at NVDCVE-2024-35849 at SUSECVE-2024-35849 at NVDCVE-2024-35851 at SUSECVE-2024-35851 at NVDCVE-2024-35852 at SUSECVE-2024-35852 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35860 at SUSECVE-2024-35860 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35863 at SUSECVE-2024-35863 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35865 at SUSECVE-2024-35865 at NVDCVE-2024-35866 at SUSECVE-2024-35866 at NVDCVE-2024-35867 at SUSECVE-2024-35867 at NVDCVE-2024-35868 at SUSECVE-2024-35868 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35870 at SUSECVE-2024-35870 at NVDCVE-2024-35872 at SUSECVE-2024-35872 at NVDCVE-2024-35875 at SUSECVE-2024-35875 at NVDCVE-2024-35877 at SUSECVE-2024-35877 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35879 at SUSECVE-2024-35879 at NVDCVE-2024-35885 at SUSECVE-2024-35885 at NVDCVE-2024-35887 at SUSECVE-2024-35887 at NVDCVE-2024-35895 at SUSECVE-2024-35895 at NVDCVE-2024-35901 at SUSECVE-2024-35901 at NVDCVE-2024-35904 at SUSECVE-2024-35904 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35907 at SUSECVE-2024-35907 at NVDCVE-2024-35912 at SUSECVE-2024-35912 at NVDCVE-2024-35914 at SUSECVE-2024-35914 at NVDCVE-2024-35915 at SUSECVE-2024-35915 at NVDCVE-2024-35922 at SUSECVE-2024-35922 at NVDCVE-2024-35924 at SUSECVE-2024-35924 at NVDCVE-2024-35930 at SUSECVE-2024-35930 at NVDCVE-2024-35932 at SUSECVE-2024-35932 at NVDCVE-2024-35933 at SUSECVE-2024-35933 at NVDCVE-2024-35935 at SUSECVE-2024-35935 at NVDCVE-2024-35936 at SUSECVE-2024-35936 at NVDCVE-2024-35938 at SUSECVE-2024-35938 at NVDCVE-2024-35939 at SUSECVE-2024-35939 at NVDCVE-2024-35940 at SUSECVE-2024-35940 at NVDCVE-2024-35943 at SUSECVE-2024-35943 at NVDCVE-2024-35944 at SUSECVE-2024-35944 at NVDCVE-2024-35947 at SUSECVE-2024-35947 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35951 at SUSECVE-2024-35951 at NVDCVE-2024-35952 at SUSECVE-2024-35952 at NVDCVE-2024-35955 at SUSECVE-2024-35955 at NVDCVE-2024-35959 at SUSECVE-2024-35959 at NVDCVE-2024-35963 at SUSECVE-2024-35963 at NVDCVE-2024-35964 at SUSECVE-2024-35964 at NVDCVE-2024-35965 at SUSECVE-2024-35965 at NVDCVE-2024-35966 at SUSECVE-2024-35966 at NVDCVE-2024-35967 at SUSECVE-2024-35967 at NVDCVE-2024-35969 at SUSECVE-2024-35969 at NVDCVE-2024-35973 at SUSECVE-2024-35973 at NVDCVE-2024-35976 at SUSECVE-2024-35976 at NVDCVE-2024-35978 at SUSECVE-2024-35978 at NVDCVE-2024-35982 at SUSECVE-2024-35982 at NVDCVE-2024-35984 at SUSECVE-2024-35984 at NVDCVE-2024-35989 at SUSECVE-2024-35989 at NVDCVE-2024-35990 at SUSECVE-2024-35990 at NVDCVE-2024-35998 at SUSECVE-2024-35998 at NVDCVE-2024-35999 at SUSECVE-2024-35999 at NVDCVE-2024-36006 at SUSECVE-2024-36006 at NVDCVE-2024-36007 at SUSECVE-2024-36007 at NVDCVE-2024-36012 at SUSECVE-2024-36012 at NVDCVE-2024-36014 at SUSECVE-2024-36014 at NVDCVE-2024-36015 at SUSECVE-2024-36015 at NVDCVE-2024-36016 at SUSECVE-2024-36016 at NVDCVE-2024-36026 at SUSECVE-2024-36026 at NVDCVE-2024-36029 at SUSECVE-2024-36029 at NVDCVE-2024-36032 at SUSECVE-2024-36032 at NVDCVE-2024-36880 at SUSECVE-2024-36880 at NVDCVE-2024-36893 at SUSECVE-2024-36893 at NVDCVE-2024-36896 at SUSECVE-2024-36896 at NVDCVE-2024-36897 at SUSECVE-2024-36897 at NVDCVE-2024-36906 at SUSECVE-2024-36906 at NVDCVE-2024-36918 at SUSECVE-2024-36918 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36928 at SUSECVE-2024-36928 at NVDCVE-2024-36931 at SUSECVE-2024-36931 at NVDCVE-2024-36938 at SUSECVE-2024-36938 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDcpe:/o:opensuse:leap:15.5Security update for hdf5 (Important)openSUSE Leap 15.5
This update for hdf5 fixes the following issues:
- Fix bsc#1224158 - this fixes:
CVE-2024-29158, CVE-2024-29161, CVE-2024-29166, CVE-2024-32608,
CVE-2024-32610, CVE-2024-32614, CVE-2024-32619, CVE-2024-32620,
CVE-2024-33873, CVE-2024-33874, CVE-2024-33875
Additionally, these fixes resolve crashes triggered by the
reproducers for CVE-2017-17507, CVE-2018-11205. These crashes
appear to be unrelated to the original problems.
This update also ships several missing PackageHub packages for 15 SP5 and 15 SP6.
ImportantSUSE bug 1224158CVE-2017-17507 at SUSECVE-2017-17507 at NVDCVE-2018-11205 at SUSECVE-2018-11205 at NVDCVE-2024-29158 at SUSECVE-2024-29158 at NVDCVE-2024-29161 at SUSECVE-2024-29161 at NVDCVE-2024-29166 at SUSECVE-2024-29166 at NVDCVE-2024-32608 at SUSECVE-2024-32608 at NVDCVE-2024-32610 at SUSECVE-2024-32610 at NVDCVE-2024-32614 at SUSECVE-2024-32614 at NVDCVE-2024-32619 at SUSECVE-2024-32619 at NVDCVE-2024-32620 at SUSECVE-2024-32620 at NVDCVE-2024-33873 at SUSECVE-2024-33873 at NVDCVE-2024-33874 at SUSECVE-2024-33874 at NVDCVE-2024-33875 at SUSECVE-2024-33875 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Important)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2024-33871: Prevent OPVP device arbitrary code execution via custom Driver library. (bsc#1225491)
ImportantSUSE bug 1225491CVE-2024-33871 at SUSECVE-2024-33871 at NVDcpe:/o:opensuse:leap:15.5Security update for apache-parent, apache-sshd (Important)openSUSE Leap 15.5
This update for apache-parent, apache-sshd fixes the following issues:
apache-parent was updated from version 28 to 31:
- Version 31:
* New Features:
+ Added maven-checkstyle-plugin to pluginManagement
* Improvements:
+ Set minimalMavenBuildVersion to 3.6.3 - the minimum
used by plugins
+ Using an SPDX identifier as the license name is
recommended by Maven
+ Use properties to define the versions of plugins
* Bugs fixed:
+ Updated documentation for previous changes
apache-sshd was updated from version 2.7.0 to 2.12.0:
- Security issues fixed:
* CVE-2023-48795: Implemented OpenSSH 'strict key exchange' protocol in apache-sshd version 2.12.0 (bsc#1218189)
* CVE-2022-45047: Java unsafe deserialization vulnerability fixed in apache-sshd version 2.9.2 (bsc#1205463)
- Other changes in version 2.12.0:
* Bugs fixed:
+ SCP client fails silently when error signalled due to missing file or lacking permissions
+ Ignore unknown key types from agent or in OpenSSH host keys extension
* New Features:
+ Support GIT protocol-v2
- Other changes in version 2.11.0:
* Bugs fixed:
+ Added configurable timeout(s) to DefaultSftpClient
+ Compare file keys in ModifiableFileWatcher.
+ Fixed channel pool in SftpFileSystem.
+ Use correct default OpenOptions in SftpFileSystemProvider.newFileChannel().
+ Use correct lock modes for SFTP FileChannel.lock().
+ ScpClient: support issuing commands to a server that uses a non-UTF-8 locale.
+ SftpInputStreamAsync: fix reporting EOF on zero-length reads.
+ Work-around a bug in WS_FTP <= 12.9 SFTP clients.
+ (Regression in 2.10.0) SFTP performance fix: override FilterOutputStream.write(byte[], int, int).
+ Fixed a race condition to ensure SSH_MSG_CHANNEL_EOF is always sent before SSH_MSG_CHANNEL_CLOSE.
+ Fixed error handling while flushing queued packets at end of KEX.
+ Fixed wrong log level on closing an Nio2Session.
+ Fixed detection of Android O/S from system properties.
+ Consider all applicable host keys from the known_hosts files.
+ SftpFileSystem: do not close user session.
+ ChannelAsyncOutputStream: remove write future when done.
+ SSHD-1332 (Regression in 2.10.0) Resolve ~ in IdentityFile file names in HostConfigEntry.
* New Features:
+ Use KeepAliveHandler global request instance in client as well
+ Publish snapshot maven artifacts to the Apache Snapshots maven repository.
+ Bundle sshd-contrib has support classes for the HAProxy protocol V2.
- Other changes in version 2.10.0:
* Bugs fixed:
+ Connection attempt not canceled when a connection timeout occurs
+ Possible OOM in ChannelPipedInputStream
+ SftpRemotePathChannel.transferFrom(...) ignores position argument
+ Rooted file system can leak informations
+ Failed to establish an SSH connection because the server identifier exceeds the int range
* Improvements:
+ Password in clear in SSHD server's logs
- Other changes in version 2.9.2:
* Bugs fixed:
+ SFTP worker threads got stuck while processing PUT methods against one specific SFTP server
+ Use the maximum packet size of the communication partner
+ ExplicitPortForwardingTracker does not unbind auto-allocated one
+ Default SshClient FD leak because Selector not closed
+ Reading again from exhausted ChannelExec#getInvertedOut() throws IOException instead of returning -1
+ Keeping error streams and input streams separate after ChannelExec#setRedirectErrorStream(true) is called
+ Nio2Session.shutdownOutput() should wait for writes in progress
* Test:
+ Research intermittent failure in unit tests using various I/O
service factories
- Other changes in version 2.9.1:
* Bugs fixed:
+ ClientSession.auth().verify() is terminated with timeout
+ 2.9.0 release broken on Java 8
+ Infinite loop in org.apache.sshd.sftp.client.impl.SftpInputStreamAsync#doRead
+ Deadlock during session exit
+ Race condition is logged in ChannelAsyncOutputStream
- Other changes in version 2.9.0:
* Bugs fixed:
+ Deadlock on disconnection at the end of key-exchange
+ Remote port forwarding mode does not handle EOF properly
+ Public key authentication: wrong signature algorithm used (ed25519 key with ssh-rsa signature)
+ Client fails window adjust above Integer.MAX_VALUE
+ class loader fails to load org.apache.sshd.common.cipher.BaseGCMCipher
+ Shell is not getting closed if the command has already closed the OutputStream it is using.
+ Sometimes async write listener is not called
+ Unhandled SSH_MSG_CHANNEL_WINDOW_ADJUST leeds to SocketTimeoutException
+ different host key algorithm used on rekey than used for the initial connection
+ OpenSSH certificate is not properly encoded when critical options are included
+ TCP/IP remote port forwarding with wildcard IP addresses doesn't work with OpenSSH
+ UserAuthPublicKey: uses ssh-rsa signatures for RSA keys from an agent
* New Features:
+ Added support for Argon2 encrypted PUTTY key files
+ Added support for merged inverted output and error streams of remote process
* Improvements:
+ Added support for 'limits@openssh.com' SFTP extension
+ Support host-based pubkey authentication in the client
+ Send environment variable and open subsystem at the same time for SSH session
- Other changes in version 2.8.0:
* Bugs fixed:
+ Fixed wrong server key algorithm choice
+ Expiration of OpenSshCertificates needs to compare timestamps as unsigned long
+ SFTP Get downloads empty file from servers which supports EOF indication after data
+ skip() doesn't work properly in SftpInputStreamAsync
+ OpenMode and CopyMode is not honored as expected in version > 4 of SFTP api
+ SftpTransferTest sometimes hangs (failure during rekeying)
+ Race condition in KEX
+ Fix the ciphers supported documentation
+ Update tarLongFileMode to use POSIX
+ WinsCP transfer failure to Apache SSHD Server
+ Pubkey auth: keys from ssh-agent are used even if HostConfigEntry.isIdentitiesOnly() is true
+ Support RSA SHA2 signatures via SSH agent
+ NOTICE: wrong copyright year range
+ Wrong creationTime in writeAttrs for SFTP
+ sshd-netty logs all traffic on INFO level
* New Features:
+ Add support for chacha20-poly1305@openssh.com
+ Parsing of ~/.ssh/config Host patterns fails with extra
whitespace
+ Support generating OpenSSH client certificates
* Improvements:
+ Add support for curve25519-sha256@libssh.org key exchange
+ OpenSSH certificates: check certificate type
+ OpenSSHCertificatesTest: certificates expire in 2030
+ Display IdleTimeOut in more user-friendly format
+ sendChunkIfRemoteWindowIsSmallerThanPacketSize flag in ChannelAsyncOutputStream constructor configurable from
outside using variable/config file
+ Intercepting the server exception message from server in SSHD client
+ Implement RFC 8332 server-sig-algs on the server
+ Slow performance listing huge number of files on Apache SSHD server
+ SFTP: too many LSTAT calls
+ Support key constraints when adding a key to an SSH agent
+ Add SFTP server side file custom attributes hook
ImportantSUSE bug 1205463SUSE bug 1218189CVE-2022-45047 at SUSECVE-2022-45047 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Important)openSUSE Leap 15.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Collect component Role rules under operator Role instead of
ClusterRole (bsc#1223965, CVE-2024-33394)
- Ensure procps is installed (provides ps for tests)
This update also rebuilds it against current go releases.
ImportantSUSE bug 1223965CVE-2024-33394 at SUSECVE-2024-33394 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Low)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
LowSUSE bug 1226448CVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:opensuse:leap:15.5Security update for libreoffice (Important)openSUSE Leap 15.5
This update for libreoffice fixes the following issues:
Libreoffice was updated to version 24.2.4.2:
- Release notes:
* https://wiki.documentfoundation.org/Releases/24.2.1/RC1
* https://wiki.documentfoundation.org/Releases/24.2.1/RC2
- Security issues fixed:
* CVE-2024-3044: Fixed unchecked script execution in graphic on-click binding (bsc#1224279)
- Other issues fixed:
* Fixed LibreOffice build failures with ICU 75 (bsc#1224309)
- Updated bundled dependencies:
* curl version update from 8.6.0 to 8.7.1
* gpgme version update from 1.20.0 to 1.23.2
* libassuan version update from 2.5.6 to 2.5.7
* libgpg-error version update from 1.47 to 1.48
ImportantSUSE bug 1224279SUSE bug 1224309CVE-2024-3044 at SUSECVE-2024-3044 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Low)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:opensuse:leap:15.5Security update for squid (Moderate)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2024-37894: Fixed a denial of Service issue in ESI processing (bsc#1227086)
ModerateSUSE bug 1227086CVE-2024-37894 at SUSECVE-2024-37894 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Moderate)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ModerateSUSE bug 1226447SUSE bug 1226448CVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:opensuse:leap:15.5Security update for podofo (Low)openSUSE Leap 15.5
This update for podofo fixes the following issues:
- PdfEncrypt: Validate more encrypt dictionary parameters (bsc#1213720)
- PdfXRefStreamParserObject: Fixed handling of invalid XRef stream entries (bsc#1213720)
LowSUSE bug 1213720cpe:/o:opensuse:leap:15.5Security update for libndp (Important)openSUSE Leap 15.5
This update for libndp fixes the following issues:
- CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771)
ImportantSUSE bug 1225771CVE-2024-5564 at SUSECVE-2024-5564 at NVDcpe:/o:opensuse:leap:15.5Security update for podman (Moderate)openSUSE Leap 15.5
This update for podman fixes the following issues:
- CVE-2024-6104: Fixed a potential leak of sensitive information on
HTTP log file (bsc#1227052).
ModerateSUSE bug 1227052CVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 115.7.0 ESR (MFSA2024-02) (bsc#1218955):
- CVE-2024-0741: Out of bounds write in ANGLE
- CVE-2024-0742: Failure to update user input timestamp
- CVE-2024-0746: Crash when listing printers on Linux
- CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
- CVE-2024-0749: Phishing site popup could show local origin in address bar
- CVE-2024-0750: Potential permissions request bypass via clickjacking
- CVE-2024-0751: Privilege escalation through devtools
- CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
- CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
ImportantSUSE bug 1218955CVE-2024-0741 at SUSECVE-2024-0741 at NVDCVE-2024-0742 at SUSECVE-2024-0742 at NVDCVE-2024-0746 at SUSECVE-2024-0746 at NVDCVE-2024-0747 at SUSECVE-2024-0747 at NVDCVE-2024-0749 at SUSECVE-2024-0749 at NVDCVE-2024-0750 at SUSECVE-2024-0750 at NVDCVE-2024-0751 at SUSECVE-2024-0751 at NVDCVE-2024-0753 at SUSECVE-2024-0753 at NVDCVE-2024-0755 at SUSECVE-2024-0755 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Low)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).
LowSUSE bug 1224282CVE-2024-34459 at SUSECVE-2024-34459 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Important)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2024-29510: Fixed an arbitrary path traversal when running in a
permitted path (bsc#1226945).
- CVE-2024-33870: Fixed a format string injection that could lead to
command execution (bsc#1226944).
- CVE-2024-33869: Fixed a path validation bypass that could lead to
path traversal (bsc#1226946).
ImportantSUSE bug 1226944SUSE bug 1226945SUSE bug 1226946CVE-2024-29510 at SUSECVE-2024-29510 at NVDCVE-2024-33869 at SUSECVE-2024-33869 at NVDCVE-2024-33870 at SUSECVE-2024-33870 at NVDcpe:/o:opensuse:leap:15.5Security update for krb5 (Important)openSUSE Leap 15.5
This update for krb5 fixes the following issues:
- CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186).
- CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).
ImportantSUSE bug 1227186SUSE bug 1227187CVE-2024-37370 at SUSECVE-2024-37370 at NVDCVE-2024-37371 at SUSECVE-2024-37371 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
Updated to version 1.21.12 (bsc#1212475):
- CVE-2024-24791: Fixed a potential denial of service due to
improper handling of HTTP 100-continue headers (bsc#1227314).
ImportantSUSE bug 1212475SUSE bug 1227314CVE-2024-24791 at SUSECVE-2024-24791 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22 (Important)openSUSE Leap 15.5
This update for go1.22 fixes the following issues:
Updated to version 1.22.5 (bsc#1218424):
- CVE-2024-24791: Fixed a potential denial of service due to
improper handling of HTTP 100-continue headers (bsc#1227314).
ImportantSUSE bug 1218424SUSE bug 1227314CVE-2024-24791 at SUSECVE-2024-24791 at NVDcpe:/o:opensuse:leap:15.5Security update for netty3 (Important)openSUSE Leap 15.5
This update for netty3 fixes the following issues:
- CVE-2024-29025: Fixed HttpPostRequestDecoder can out of memory due to large number of form fields (bsc#1222045).
ImportantSUSE bug 1222045CVE-2024-29025 at SUSECVE-2024-29025 at NVDcpe:/o:opensuse:leap:15.5Security update for python-urllib3 (Moderate)openSUSE Leap 15.5
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header not stripped during cross-origin redirects (bsc#1226469).
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:opensuse:leap:15.5Security update for poppler (Low)openSUSE Leap 15.5
This update for poppler fixes the following issues:
- CVE-2024-6239: Fixed crash when using pdfinfo with -dests parameter on malformed input files (bsc#1226916).
LowSUSE bug 1226916CVE-2024-6239 at SUSECVE-2024-6239 at NVDcpe:/o:opensuse:leap:15.5Security update for freeradius-server (Important)openSUSE Leap 15.5
This update for freeradius-server fixes the following issues:
- CVE-2024-3596: Fixed chosen-prefix collision attack against MD5 (bsc#1223414).
ImportantSUSE bug 1223414CVE-2024-3596 at SUSECVE-2024-3596 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958.
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282bsc#1222072).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (git-fixesbsc#1223641).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
The following non-security bugs were fixed:
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- Add remote for nfs maintainer
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- Fix new build warnings regarding unused variables: Changed build warnings: ***** 2 warnings ***** * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work': ../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable] * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work': ../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- HID: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679, CVE-35869).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576: Drop 'always-running' property (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193883SUSE bug 1194826SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195775SUSE bug 1196746SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202767SUSE bug 1202780SUSE bug 1205205SUSE bug 1207361SUSE bug 1217912SUSE bug 1218148SUSE bug 1218570SUSE bug 1218820SUSE bug 1219224SUSE bug 1219633SUSE bug 1219847SUSE bug 1220368SUSE bug 1220812SUSE bug 1220958SUSE bug 1221086SUSE bug 1221282SUSE bug 1221958SUSE bug 1222015SUSE bug 1222072SUSE bug 1222080SUSE bug 1222241SUSE bug 1222254SUSE bug 1222364SUSE bug 1222893SUSE bug 1223013SUSE bug 1223018SUSE bug 1223265SUSE bug 1223384SUSE bug 1223641SUSE bug 1224020SUSE bug 1224331SUSE bug 1224488SUSE bug 1224497SUSE bug 1224498SUSE bug 1224504SUSE bug 1224520SUSE bug 1224539SUSE bug 1224540SUSE bug 1224552SUSE bug 1224583SUSE bug 1224588SUSE bug 1224602SUSE bug 1224603SUSE bug 1224605SUSE bug 1224612SUSE bug 1224614SUSE bug 1224619SUSE bug 1224661SUSE bug 1224662SUSE bug 1224670SUSE bug 1224671SUSE bug 1224674SUSE bug 1224677SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224712SUSE bug 1224716SUSE bug 1224719SUSE bug 1224735SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1224946SUSE bug 1224951SUSE bug 1225050SUSE bug 1225098SUSE bug 1225105SUSE bug 1225300SUSE bug 1225389SUSE bug 1225391SUSE bug 1225419SUSE bug 1225426SUSE bug 1225448SUSE bug 1225452SUSE bug 1225467SUSE bug 1225475SUSE bug 1225484SUSE bug 1225487SUSE bug 1225514SUSE bug 1225518SUSE bug 1225535SUSE bug 1225585SUSE bug 1225602SUSE bug 1225611SUSE bug 1225681SUSE bug 1225692SUSE bug 1225698SUSE bug 1225699SUSE bug 1225704SUSE bug 1225714SUSE bug 1225726SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225758SUSE bug 1225759SUSE bug 1225760SUSE bug 1225767SUSE bug 1225770SUSE bug 1225823SUSE bug 1225834SUSE bug 1225840SUSE bug 1225866SUSE bug 1225872SUSE bug 1225894SUSE bug 1225945SUSE bug 1226022SUSE bug 1226131SUSE bug 1226145SUSE bug 1226149SUSE bug 1226155SUSE bug 1226211SUSE bug 1226212SUSE bug 1226226SUSE bug 1226514SUSE bug 1226520SUSE bug 1226537SUSE bug 1226538SUSE bug 1226539SUSE bug 1226550SUSE bug 1226552SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226566SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226579SUSE bug 1226580SUSE bug 1226581SUSE bug 1226582SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226588SUSE bug 1226593SUSE bug 1226595SUSE bug 1226597SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226610SUSE bug 1226614SUSE bug 1226616SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226622SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226632SUSE bug 1226633SUSE bug 1226634SUSE bug 1226637SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226653SUSE bug 1226657SUSE bug 1226658SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226678SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226693SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226704SUSE bug 1226705SUSE bug 1226706SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226718SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226730SUSE bug 1226732SUSE bug 1226734SUSE bug 1226735SUSE bug 1226737SUSE bug 1226738SUSE bug 1226739SUSE bug 1226740SUSE bug 1226744SUSE bug 1226746SUSE bug 1226747SUSE bug 1226749SUSE bug 1226754SUSE bug 1226762SUSE bug 1226764SUSE bug 1226767SUSE bug 1226768SUSE bug 1226769SUSE bug 1226771SUSE bug 1226774SUSE bug 1226777SUSE bug 1226780SUSE bug 1226781SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226791SUSE bug 1226839SUSE bug 1226840SUSE bug 1226841SUSE bug 1226842SUSE bug 1226848SUSE bug 1226852SUSE bug 1226857SUSE bug 1226861SUSE bug 1226863SUSE bug 1226864SUSE bug 1226867SUSE bug 1226868SUSE bug 1226876SUSE bug 1226878SUSE bug 1226883SUSE bug 1226886SUSE bug 1226890SUSE bug 1226891SUSE bug 1226895SUSE bug 1226908SUSE bug 1226915SUSE bug 1226928SUSE bug 1226948SUSE bug 1226949SUSE bug 1226950SUSE bug 1226953SUSE bug 1226962SUSE bug 1226976SUSE bug 1226992SUSE bug 1226994SUSE bug 1226996SUSE bug 1227066SUSE bug 1227096SUSE bug 1227101SUSE bug 1227103SUSE bug 1227274CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47089 at SUSECVE-2021-47089 at NVDCVE-2021-47432 at SUSECVE-2021-47432 at NVDCVE-2021-47515 at SUSECVE-2021-47515 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47539 at SUSECVE-2021-47539 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47566 at SUSECVE-2021-47566 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47572 at SUSECVE-2021-47572 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47577 at SUSECVE-2021-47577 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47604 at SUSECVE-2021-47604 at NVDCVE-2021-47605 at SUSECVE-2021-47605 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47610 at SUSECVE-2021-47610 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48714 at SUSECVE-2022-48714 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48716 at SUSECVE-2022-48716 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48718 at SUSECVE-2022-48718 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48733 at SUSECVE-2022-48733 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48753 at SUSECVE-2022-48753 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48755 at SUSECVE-2022-48755 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48766 at SUSECVE-2022-48766 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48770 at SUSECVE-2022-48770 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48772 at SUSECVE-2022-48772 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52622 at SUSECVE-2023-52622 at NVDCVE-2023-52658 at SUSECVE-2023-52658 at NVDCVE-2023-52667 at SUSECVE-2023-52667 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52672 at SUSECVE-2023-52672 at NVDCVE-2023-52675 at SUSECVE-2023-52675 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52737 at SUSECVE-2023-52737 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52784 at SUSECVE-2023-52784 at NVDCVE-2023-52787 at SUSECVE-2023-52787 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52835 at SUSECVE-2023-52835 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52843 at SUSECVE-2023-52843 at NVDCVE-2023-52845 at SUSECVE-2023-52845 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52869 at SUSECVE-2023-52869 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52882 at SUSECVE-2023-52882 at NVDCVE-2023-52884 at SUSECVE-2023-52884 at NVDCVE-2024-26625 at SUSECVE-2024-26625 at NVDCVE-2024-26644 at SUSECVE-2024-26644 at NVDCVE-2024-26720 at SUSECVE-2024-26720 at NVDCVE-2024-26842 at SUSECVE-2024-26842 at NVDCVE-2024-26845 at SUSECVE-2024-26845 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-26973 at SUSECVE-2024-26973 at NVDCVE-2024-27432 at SUSECVE-2024-27432 at NVDCVE-2024-33619 at SUSECVE-2024-33619 at NVDCVE-2024-35247 at SUSECVE-2024-35247 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35790 at SUSECVE-2024-35790 at NVDCVE-2024-35807 at SUSECVE-2024-35807 at NVDCVE-2024-35814 at SUSECVE-2024-35814 at NVDCVE-2024-35835 at SUSECVE-2024-35835 at NVDCVE-2024-35848 at SUSECVE-2024-35848 at NVDCVE-2024-35857 at SUSECVE-2024-35857 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35884 at SUSECVE-2024-35884 at NVDCVE-2024-35886 at SUSECVE-2024-35886 at NVDCVE-2024-35896 at SUSECVE-2024-35896 at NVDCVE-2024-35898 at SUSECVE-2024-35898 at NVDCVE-2024-35900 at SUSECVE-2024-35900 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35925 at SUSECVE-2024-35925 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35956 at SUSECVE-2024-35956 at NVDCVE-2024-35958 at SUSECVE-2024-35958 at NVDCVE-2024-35960 at SUSECVE-2024-35960 at NVDCVE-2024-35962 at SUSECVE-2024-35962 at NVDCVE-2024-35997 at SUSECVE-2024-35997 at NVDCVE-2024-36005 at SUSECVE-2024-36005 at NVDCVE-2024-36008 at SUSECVE-2024-36008 at NVDCVE-2024-36017 at SUSECVE-2024-36017 at NVDCVE-2024-36020 at SUSECVE-2024-36020 at NVDCVE-2024-36021 at SUSECVE-2024-36021 at NVDCVE-2024-36025 at SUSECVE-2024-36025 at NVDCVE-2024-36477 at SUSECVE-2024-36477 at NVDCVE-2024-36478 at SUSECVE-2024-36478 at NVDCVE-2024-36479 at SUSECVE-2024-36479 at NVDCVE-2024-36890 at SUSECVE-2024-36890 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36900 at SUSECVE-2024-36900 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-36916 at SUSECVE-2024-36916 at NVDCVE-2024-36917 at SUSECVE-2024-36917 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36934 at SUSECVE-2024-36934 at NVDCVE-2024-36937 at SUSECVE-2024-36937 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36945 at SUSECVE-2024-36945 at NVDCVE-2024-36949 at SUSECVE-2024-36949 at NVDCVE-2024-36960 at SUSECVE-2024-36960 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36965 at SUSECVE-2024-36965 at NVDCVE-2024-36967 at SUSECVE-2024-36967 at NVDCVE-2024-36969 at SUSECVE-2024-36969 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-36975 at SUSECVE-2024-36975 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-37021 at SUSECVE-2024-37021 at NVDCVE-2024-37078 at SUSECVE-2024-37078 at NVDCVE-2024-37354 at SUSECVE-2024-37354 at NVDCVE-2024-38381 at SUSECVE-2024-38381 at NVDCVE-2024-38388 at SUSECVE-2024-38388 at NVDCVE-2024-38390 at SUSECVE-2024-38390 at NVDCVE-2024-38540 at SUSECVE-2024-38540 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38544 at SUSECVE-2024-38544 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38546 at SUSECVE-2024-38546 at NVDCVE-2024-38547 at SUSECVE-2024-38547 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38549 at SUSECVE-2024-38549 at NVDCVE-2024-38550 at SUSECVE-2024-38550 at NVDCVE-2024-38552 at SUSECVE-2024-38552 at NVDCVE-2024-38553 at SUSECVE-2024-38553 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38556 at SUSECVE-2024-38556 at NVDCVE-2024-38557 at SUSECVE-2024-38557 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38565 at SUSECVE-2024-38565 at NVDCVE-2024-38567 at SUSECVE-2024-38567 at NVDCVE-2024-38568 at SUSECVE-2024-38568 at NVDCVE-2024-38571 at SUSECVE-2024-38571 at NVDCVE-2024-38573 at SUSECVE-2024-38573 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDCVE-2024-38579 at SUSECVE-2024-38579 at NVDCVE-2024-38580 at SUSECVE-2024-38580 at NVDCVE-2024-38581 at SUSECVE-2024-38581 at NVDCVE-2024-38582 at SUSECVE-2024-38582 at NVDCVE-2024-38583 at SUSECVE-2024-38583 at NVDCVE-2024-38587 at SUSECVE-2024-38587 at NVDCVE-2024-38590 at SUSECVE-2024-38590 at NVDCVE-2024-38591 at SUSECVE-2024-38591 at NVDCVE-2024-38594 at SUSECVE-2024-38594 at NVDCVE-2024-38597 at SUSECVE-2024-38597 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-38600 at SUSECVE-2024-38600 at NVDCVE-2024-38601 at SUSECVE-2024-38601 at NVDCVE-2024-38603 at SUSECVE-2024-38603 at NVDCVE-2024-38605 at SUSECVE-2024-38605 at NVDCVE-2024-38608 at SUSECVE-2024-38608 at NVDCVE-2024-38616 at SUSECVE-2024-38616 at NVDCVE-2024-38618 at SUSECVE-2024-38618 at NVDCVE-2024-38619 at SUSECVE-2024-38619 at NVDCVE-2024-38621 at SUSECVE-2024-38621 at NVDCVE-2024-38627 at SUSECVE-2024-38627 at NVDCVE-2024-38630 at SUSECVE-2024-38630 at NVDCVE-2024-38633 at SUSECVE-2024-38633 at NVDCVE-2024-38634 at SUSECVE-2024-38634 at NVDCVE-2024-38635 at SUSECVE-2024-38635 at NVDCVE-2024-38659 at SUSECVE-2024-38659 at NVDCVE-2024-38661 at SUSECVE-2024-38661 at NVDCVE-2024-38780 at SUSECVE-2024-38780 at NVDCVE-2024-39301 at SUSECVE-2024-39301 at NVDCVE-2024-39468 at SUSECVE-2024-39468 at NVDCVE-2024-39469 at SUSECVE-2024-39469 at NVDCVE-2024-39471 at SUSECVE-2024-39471 at NVDcpe:/o:opensuse:leap:15.5Security update for cpio (Moderate)openSUSE Leap 15.5
This update for cpio fixes the following issues:
- CVE-2023-7207: Fixed a path traversal issue that could lead to an
arbitrary file write during archive extraction (bsc#1218571).
ModerateSUSE bug 1218571CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958.
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103.
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
The following non-security bugs were fixed:
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes).
- ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- ALSA: timer: Set lower bound of start tick time (stable-fixes).
- ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes).
- ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- ASoC: rt715-sdca: volume step modification (stable-fixes).
- ASoC: rt715: add vendor clear control register (stable-fixes).
- Add remote for nfs maintainer
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- Fix new build warnings regarding unused variables: Changed build warnings: ***** 2 warnings ***** * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work': ../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable] * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work': ../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable]
- HID: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- PCI/ASPM: Update save_state when configuration changes (bsc#1226915)
- PCI: Clear Secondary Status errors after enumeration (bsc#1226928)
- RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300).
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- RDMA/hns: Fix incorrect sge nums calculation (git-fixes)
- RDMA/irdma: Drop unused kernel push code (git-fixes)
- RDMA/mlx5: Add check for srq max_sge attribute (git-fixes)
- Revert 'Add remote for nfs maintainer'
- Revert 'build initrd without systemd' (bsc#1195775)'
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- X.509: Fix the parser of extended key usage for length (bsc#1218820).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: speed up chain-list searching (bsc#1219224).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build.
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter.
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them.
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576: Drop 'always-running' property (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
ImportantSUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193883SUSE bug 1194826SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195775SUSE bug 1196746SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202767SUSE bug 1202780SUSE bug 1205205SUSE bug 1207361SUSE bug 1217912SUSE bug 1218148SUSE bug 1218570SUSE bug 1218820SUSE bug 1219224SUSE bug 1219633SUSE bug 1219847SUSE bug 1220368SUSE bug 1220812SUSE bug 1220958SUSE bug 1221086SUSE bug 1221282SUSE bug 1221958SUSE bug 1222015SUSE bug 1222072SUSE bug 1222080SUSE bug 1222241SUSE bug 1222254SUSE bug 1222364SUSE bug 1222893SUSE bug 1223013SUSE bug 1223018SUSE bug 1223265SUSE bug 1223384SUSE bug 1223641SUSE bug 1224020SUSE bug 1224331SUSE bug 1224488SUSE bug 1224497SUSE bug 1224498SUSE bug 1224504SUSE bug 1224520SUSE bug 1224539SUSE bug 1224540SUSE bug 1224552SUSE bug 1224583SUSE bug 1224588SUSE bug 1224602SUSE bug 1224603SUSE bug 1224605SUSE bug 1224612SUSE bug 1224614SUSE bug 1224619SUSE bug 1224661SUSE bug 1224662SUSE bug 1224670SUSE bug 1224671SUSE bug 1224674SUSE bug 1224677SUSE bug 1224679SUSE bug 1224696SUSE bug 1224703SUSE bug 1224712SUSE bug 1224716SUSE bug 1224719SUSE bug 1224735SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1224946SUSE bug 1224951SUSE bug 1225050SUSE bug 1225098SUSE bug 1225105SUSE bug 1225300SUSE bug 1225389SUSE bug 1225391SUSE bug 1225419SUSE bug 1225426SUSE bug 1225448SUSE bug 1225452SUSE bug 1225467SUSE bug 1225475SUSE bug 1225484SUSE bug 1225487SUSE bug 1225514SUSE bug 1225518SUSE bug 1225535SUSE bug 1225585SUSE bug 1225602SUSE bug 1225611SUSE bug 1225681SUSE bug 1225692SUSE bug 1225698SUSE bug 1225699SUSE bug 1225704SUSE bug 1225714SUSE bug 1225726SUSE bug 1225732SUSE bug 1225737SUSE bug 1225749SUSE bug 1225758SUSE bug 1225759SUSE bug 1225760SUSE bug 1225767SUSE bug 1225770SUSE bug 1225823SUSE bug 1225834SUSE bug 1225840SUSE bug 1225866SUSE bug 1225872SUSE bug 1225894SUSE bug 1226022SUSE bug 1226131SUSE bug 1226145SUSE bug 1226149SUSE bug 1226155SUSE bug 1226211SUSE bug 1226212SUSE bug 1226226SUSE bug 1226514SUSE bug 1226520SUSE bug 1226537SUSE bug 1226538SUSE bug 1226539SUSE bug 1226550SUSE bug 1226552SUSE bug 1226553SUSE bug 1226554SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226566SUSE bug 1226567SUSE bug 1226569SUSE bug 1226572SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226579SUSE bug 1226580SUSE bug 1226581SUSE bug 1226582SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226588SUSE bug 1226593SUSE bug 1226595SUSE bug 1226597SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226610SUSE bug 1226614SUSE bug 1226616SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226622SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226632SUSE bug 1226633SUSE bug 1226634SUSE bug 1226637SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226653SUSE bug 1226657SUSE bug 1226658SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226678SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226693SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226704SUSE bug 1226705SUSE bug 1226706SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226718SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226730SUSE bug 1226732SUSE bug 1226734SUSE bug 1226735SUSE bug 1226737SUSE bug 1226738SUSE bug 1226739SUSE bug 1226740SUSE bug 1226744SUSE bug 1226746SUSE bug 1226747SUSE bug 1226749SUSE bug 1226754SUSE bug 1226762SUSE bug 1226764SUSE bug 1226767SUSE bug 1226768SUSE bug 1226769SUSE bug 1226771SUSE bug 1226774SUSE bug 1226777SUSE bug 1226780SUSE bug 1226781SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226791SUSE bug 1226839SUSE bug 1226840SUSE bug 1226841SUSE bug 1226842SUSE bug 1226848SUSE bug 1226852SUSE bug 1226857SUSE bug 1226861SUSE bug 1226863SUSE bug 1226864SUSE bug 1226867SUSE bug 1226868SUSE bug 1226876SUSE bug 1226878SUSE bug 1226883SUSE bug 1226886SUSE bug 1226890SUSE bug 1226891SUSE bug 1226895SUSE bug 1226908SUSE bug 1226915SUSE bug 1226928SUSE bug 1226948SUSE bug 1226949SUSE bug 1226950SUSE bug 1226953SUSE bug 1226962SUSE bug 1226976SUSE bug 1226992SUSE bug 1226994SUSE bug 1226996SUSE bug 1227066SUSE bug 1227096SUSE bug 1227101SUSE bug 1227103SUSE bug 1227274CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47089 at SUSECVE-2021-47089 at NVDCVE-2021-47432 at SUSECVE-2021-47432 at NVDCVE-2021-47515 at SUSECVE-2021-47515 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47539 at SUSECVE-2021-47539 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47566 at SUSECVE-2021-47566 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47572 at SUSECVE-2021-47572 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47577 at SUSECVE-2021-47577 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47604 at SUSECVE-2021-47604 at NVDCVE-2021-47605 at SUSECVE-2021-47605 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47610 at SUSECVE-2021-47610 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48714 at SUSECVE-2022-48714 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48716 at SUSECVE-2022-48716 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48718 at SUSECVE-2022-48718 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48733 at SUSECVE-2022-48733 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48753 at SUSECVE-2022-48753 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48755 at SUSECVE-2022-48755 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48766 at SUSECVE-2022-48766 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48770 at SUSECVE-2022-48770 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48772 at SUSECVE-2022-48772 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52622 at SUSECVE-2023-52622 at NVDCVE-2023-52658 at SUSECVE-2023-52658 at NVDCVE-2023-52667 at SUSECVE-2023-52667 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52672 at SUSECVE-2023-52672 at NVDCVE-2023-52675 at SUSECVE-2023-52675 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52737 at SUSECVE-2023-52737 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52784 at SUSECVE-2023-52784 at NVDCVE-2023-52787 at SUSECVE-2023-52787 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52835 at SUSECVE-2023-52835 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52843 at SUSECVE-2023-52843 at NVDCVE-2023-52845 at SUSECVE-2023-52845 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52869 at SUSECVE-2023-52869 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52882 at SUSECVE-2023-52882 at NVDCVE-2023-52884 at SUSECVE-2023-52884 at NVDCVE-2024-26625 at SUSECVE-2024-26625 at NVDCVE-2024-26644 at SUSECVE-2024-26644 at NVDCVE-2024-26720 at SUSECVE-2024-26720 at NVDCVE-2024-26842 at SUSECVE-2024-26842 at NVDCVE-2024-26845 at SUSECVE-2024-26845 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-26973 at SUSECVE-2024-26973 at NVDCVE-2024-27432 at SUSECVE-2024-27432 at NVDCVE-2024-33619 at SUSECVE-2024-33619 at NVDCVE-2024-35247 at SUSECVE-2024-35247 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35790 at SUSECVE-2024-35790 at NVDCVE-2024-35807 at SUSECVE-2024-35807 at NVDCVE-2024-35814 at SUSECVE-2024-35814 at NVDCVE-2024-35835 at SUSECVE-2024-35835 at NVDCVE-2024-35848 at SUSECVE-2024-35848 at NVDCVE-2024-35857 at SUSECVE-2024-35857 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35884 at SUSECVE-2024-35884 at NVDCVE-2024-35886 at SUSECVE-2024-35886 at NVDCVE-2024-35896 at SUSECVE-2024-35896 at NVDCVE-2024-35898 at SUSECVE-2024-35898 at NVDCVE-2024-35900 at SUSECVE-2024-35900 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35925 at SUSECVE-2024-35925 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35956 at SUSECVE-2024-35956 at NVDCVE-2024-35958 at SUSECVE-2024-35958 at NVDCVE-2024-35960 at SUSECVE-2024-35960 at NVDCVE-2024-35962 at SUSECVE-2024-35962 at NVDCVE-2024-35997 at SUSECVE-2024-35997 at NVDCVE-2024-36005 at SUSECVE-2024-36005 at NVDCVE-2024-36008 at SUSECVE-2024-36008 at NVDCVE-2024-36017 at SUSECVE-2024-36017 at NVDCVE-2024-36020 at SUSECVE-2024-36020 at NVDCVE-2024-36021 at SUSECVE-2024-36021 at NVDCVE-2024-36025 at SUSECVE-2024-36025 at NVDCVE-2024-36477 at SUSECVE-2024-36477 at NVDCVE-2024-36478 at SUSECVE-2024-36478 at NVDCVE-2024-36479 at SUSECVE-2024-36479 at NVDCVE-2024-36890 at SUSECVE-2024-36890 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36900 at SUSECVE-2024-36900 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-36916 at SUSECVE-2024-36916 at NVDCVE-2024-36917 at SUSECVE-2024-36917 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36934 at SUSECVE-2024-36934 at NVDCVE-2024-36937 at SUSECVE-2024-36937 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36945 at SUSECVE-2024-36945 at NVDCVE-2024-36949 at SUSECVE-2024-36949 at NVDCVE-2024-36960 at SUSECVE-2024-36960 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36965 at SUSECVE-2024-36965 at NVDCVE-2024-36967 at SUSECVE-2024-36967 at NVDCVE-2024-36969 at SUSECVE-2024-36969 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-36975 at SUSECVE-2024-36975 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-37021 at SUSECVE-2024-37021 at NVDCVE-2024-37078 at SUSECVE-2024-37078 at NVDCVE-2024-37354 at SUSECVE-2024-37354 at NVDCVE-2024-38381 at SUSECVE-2024-38381 at NVDCVE-2024-38388 at SUSECVE-2024-38388 at NVDCVE-2024-38390 at SUSECVE-2024-38390 at NVDCVE-2024-38540 at SUSECVE-2024-38540 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38544 at SUSECVE-2024-38544 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38546 at SUSECVE-2024-38546 at NVDCVE-2024-38547 at SUSECVE-2024-38547 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38549 at SUSECVE-2024-38549 at NVDCVE-2024-38550 at SUSECVE-2024-38550 at NVDCVE-2024-38552 at SUSECVE-2024-38552 at NVDCVE-2024-38553 at SUSECVE-2024-38553 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38556 at SUSECVE-2024-38556 at NVDCVE-2024-38557 at SUSECVE-2024-38557 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38565 at SUSECVE-2024-38565 at NVDCVE-2024-38567 at SUSECVE-2024-38567 at NVDCVE-2024-38568 at SUSECVE-2024-38568 at NVDCVE-2024-38571 at SUSECVE-2024-38571 at NVDCVE-2024-38573 at SUSECVE-2024-38573 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDCVE-2024-38579 at SUSECVE-2024-38579 at NVDCVE-2024-38580 at SUSECVE-2024-38580 at NVDCVE-2024-38581 at SUSECVE-2024-38581 at NVDCVE-2024-38582 at SUSECVE-2024-38582 at NVDCVE-2024-38583 at SUSECVE-2024-38583 at NVDCVE-2024-38587 at SUSECVE-2024-38587 at NVDCVE-2024-38590 at SUSECVE-2024-38590 at NVDCVE-2024-38591 at SUSECVE-2024-38591 at NVDCVE-2024-38594 at SUSECVE-2024-38594 at NVDCVE-2024-38597 at SUSECVE-2024-38597 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-38600 at SUSECVE-2024-38600 at NVDCVE-2024-38601 at SUSECVE-2024-38601 at NVDCVE-2024-38603 at SUSECVE-2024-38603 at NVDCVE-2024-38605 at SUSECVE-2024-38605 at NVDCVE-2024-38608 at SUSECVE-2024-38608 at NVDCVE-2024-38616 at SUSECVE-2024-38616 at NVDCVE-2024-38618 at SUSECVE-2024-38618 at NVDCVE-2024-38619 at SUSECVE-2024-38619 at NVDCVE-2024-38621 at SUSECVE-2024-38621 at NVDCVE-2024-38627 at SUSECVE-2024-38627 at NVDCVE-2024-38630 at SUSECVE-2024-38630 at NVDCVE-2024-38633 at SUSECVE-2024-38633 at NVDCVE-2024-38634 at SUSECVE-2024-38634 at NVDCVE-2024-38635 at SUSECVE-2024-38635 at NVDCVE-2024-38659 at SUSECVE-2024-38659 at NVDCVE-2024-38661 at SUSECVE-2024-38661 at NVDCVE-2024-38780 at SUSECVE-2024-38780 at NVDCVE-2024-39301 at SUSECVE-2024-39301 at NVDCVE-2024-39468 at SUSECVE-2024-39468 at NVDCVE-2024-39469 at SUSECVE-2024-39469 at NVDCVE-2024-39471 at SUSECVE-2024-39471 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316):
- CVE-2024-6600: Memory corruption in WebGL API
- CVE-2024-6601: Race condition in permission assignment
- CVE-2024-6602: Memory corruption in NSS
- CVE-2024-6603: Memory corruption in thread creation
- CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
Other fixes:
- Fix GNOME search provider (bsc#1225278)
ImportantSUSE bug 1225278SUSE bug 1226316CVE-2024-5688 at SUSECVE-2024-5688 at NVDCVE-2024-5690 at SUSECVE-2024-5690 at NVDCVE-2024-5691 at SUSECVE-2024-5691 at NVDCVE-2024-5692 at SUSECVE-2024-5692 at NVDCVE-2024-5693 at SUSECVE-2024-5693 at NVDCVE-2024-5696 at SUSECVE-2024-5696 at NVDCVE-2024-5700 at SUSECVE-2024-5700 at NVDCVE-2024-5702 at SUSECVE-2024-5702 at NVDCVE-2024-6600 at SUSECVE-2024-6600 at NVDCVE-2024-6601 at SUSECVE-2024-6601 at NVDCVE-2024-6602 at SUSECVE-2024-6602 at NVDCVE-2024-6603 at SUSECVE-2024-6603 at NVDCVE-2024-6604 at SUSECVE-2024-6604 at NVDcpe:/o:opensuse:leap:15.5Security update for python-zipp (Low)openSUSE Leap 15.5
This update for python-zipp fixes the following issues:
- CVE-2024-5569: Fixed DoS vulnerability when processing a specially crafted zip file (bsc#1227547).
LowSUSE bug 1227547CVE-2024-5569 at SUSECVE-2024-5569 at NVDcpe:/o:opensuse:leap:15.5Security update for oniguruma (Moderate)openSUSE Leap 15.5
This update for oniguruma fixes the following issues:
- CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157).
ModerateSUSE bug 1141157CVE-2019-13225 at SUSECVE-2019-13225 at NVDcpe:/o:opensuse:leap:15.5Security update for libvpx (Important)openSUSE Leap 15.5
This update for libvpx fixes the following issues:
- CVE-2024-5197: Fixed interger overflow when calling vpx_img_alloc() or vpx_img_wrap() with large parameters (bsc#1225879).
- CVE-2023-6349: Fixed heap overflow when encoding a frame that has larger dimensions than the originally configured size (bsc#1225403).
- CVE-2023-44488: Fixed heap buffer overflow in vp8 encoding (bsc#1216879).
ImportantSUSE bug 1216879SUSE bug 1225403SUSE bug 1225879CVE-2023-44488 at SUSECVE-2023-44488 at NVDCVE-2023-6349 at SUSECVE-2023-6349 at NVDCVE-2024-5197 at SUSECVE-2024-5197 at NVDcpe:/o:opensuse:leap:15.5Security update for jasper (Moderate)openSUSE Leap 15.5
This update for jasper fixes the following issues:
- CVE-2023-51257: Fixed an out of bounds write in the JPC encoder (bsc#1218802).
ModerateSUSE bug 1218802CVE-2023-51257 at SUSECVE-2023-51257 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat10 (Important)openSUSE Leap 15.5
This update for tomcat10 fixes the following issues:
- CVE-2024-34750: Fixed an improper handling of exceptional
conditions (bsc#1227399).
ImportantSUSE bug 1227399CVE-2024-34750 at SUSECVE-2024-34750 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Low)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
LowSUSE bug 1226448CVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Moderate)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Security fixes:
- CVE-2024-34703: Fixed denial of service due to overly large elliptic curve parameters in Botan (bsc#1227239)
Other fixes:
- Mozilla Thunderbird 115.12.1
* 115.12.0 got pulled because of upstream automation process errors
and Windows installer signing changes.
No code changes, changelog is the same as 115.12.0 (bsc#1226495)
ModerateSUSE bug 1226495SUSE bug 1227239CVE-2024-34703 at SUSECVE-2024-34703 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 115.7 (MFSA 2024-04) (bsc#1218955):
- CVE-2024-0741: Out of bounds write in ANGLE
- CVE-2024-0742: Failure to update user input timestamp
- CVE-2024-0746: Crash when listing printers on Linux
- CVE-2024-0747: Bypass of Content Security Policy when directive unsafe-inline was set
- CVE-2024-0749: Phishing site popup could show local origin in address bar
- CVE-2024-0750: Potential permissions request bypass via clickjacking
- CVE-2024-0751: Privilege escalation through devtools
- CVE-2024-0753: HSTS policy on subdomain could bypass policy of upper domain
- CVE-2024-0755: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
Other fixes:
* new: Autocrypt Gossip key distribution added (bmo#1853674)
* fixed: When starting Thunderbird, unread message count did
not appear on collapsed accounts (bmo#1862774)
* fixed: Blank window was sometimes displayed when starting
Thunderbird (bmo#1870817)
* fixed: Thunderbird '--chrome' flag incorrectly opened extra
messenger.xhtml (bmo#1866915)
* fixed: Add-ons did not start correctly when opening
Thunderbird from other programs (bmo#1800423)
* fixed: Drag-and-drop installation of add-ons did not work if
Add-ons Manager was opened from Unified Toolbar (bmo#1862978)
* fixed: Double-clicking empty space in message pane
incorrectly opened the currently selected message
(bmo#1867407)
* fixed: Canceling SMTP send before progress reached 100% did
not stop message from sending (bmo#1816540)
* fixed: PDF attachments open in a separate tab did not always
restore correctly after restarting Thunderbird (bmo#1846054)
* fixed: Some OpenPGP dialogs were too small for their contents
(bmo#1870809)
* fixed: Account Manager did not work with hostnames entered as
punycode (bmo#1870720,bmo#1872632)
* fixed: Downloading complete message from POP3 headers caused
message tab/window to close when 'Close message window/tab on
move or delete' was enabled (bmo#1861886)
* fixed: Some ECC GPG keys could not be exported (bmo#1867765)
* fixed: Contacts deleted from mailing list view still visible
in Details view (bmo#1799362)
* fixed: After selecting contacts in Address Book and starting
a new search, the search results list did not update
(bmo#1812726)
* fixed: Various UX and visual improvements (bmo#1866061,bmo#18
67169,bmo#1867728,bmo#1868079,bmo#1869519,bmo#1832149,bmo#185
6495,bmo#1861210,bmo#1861286,bmo#1863296,bmo#1864979)
* fixed: Security fixes
- Mozilla Thunderbird 115.6.1
* new: OAuth2 now supported for comcast.net (bmo#1844810)
* fixed: High CPU usage sometimes occurred with IMAP CONDSTORE
(conditional STORE) enabled (bmo#1839256)
* fixed: Replying to a collapsed thread via keyboard shortcut
(Ctrl+R/Cmd+R) opened a reply for every message in the thread
(bmo#1866819)
* fixed: Enabling Grouped By view after reversing sort order of
column header caused messages to be grouped incorrectly
(bmo#1868794)
* fixed: Opening thread pane context menu via keyboard did not
always scroll view to selection (bmo#1867532)
* fixed: New mail indicator for POP3 accounts did not indicate
new messages ready to be downloaded (bmo#1870619)
* fixed: Messages could not be moved to folders using Message >
Move To if text or a link in the message had been clicked on
first (bmo#1868474)
* fixed: MIME part boundaries were not properly terminated
(bmo#1805558)
ImportantSUSE bug 1218955CVE-2024-0741 at SUSECVE-2024-0741 at NVDCVE-2024-0742 at SUSECVE-2024-0742 at NVDCVE-2024-0746 at SUSECVE-2024-0746 at NVDCVE-2024-0747 at SUSECVE-2024-0747 at NVDCVE-2024-0749 at SUSECVE-2024-0749 at NVDCVE-2024-0750 at SUSECVE-2024-0750 at NVDCVE-2024-0751 at SUSECVE-2024-0751 at NVDCVE-2024-0753 at SUSECVE-2024-0753 at NVDCVE-2024-0755 at SUSECVE-2024-0755 at NVDcpe:/o:opensuse:leap:15.5Security update for rear23a (Important)openSUSE Leap 15.5
This update for rear23a fixes the following issues:
- CVE-2024-23301: Fixed ReaR creates world-readable initrd with GRUB_RESCUE=Y. (bsc#1218728)
ImportantSUSE bug 1218728CVE-2024-23301 at SUSECVE-2024-23301 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Important)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559).
- CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854).
- CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448)
- CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447)
ImportantSUSE bug 1219559SUSE bug 1220664SUSE bug 1221563SUSE bug 1221854SUSE bug 1222075SUSE bug 1226447SUSE bug 1226448CVE-2023-52425 at SUSECVE-2023-52425 at NVDCVE-2024-0397 at SUSECVE-2024-0397 at NVDCVE-2024-0450 at SUSECVE-2024-0450 at NVDCVE-2024-4032 at SUSECVE-2024-4032 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat (Important)openSUSE Leap 15.5
This update for tomcat fixes the following issues:
Updated to version 9.0.91:
- CVE-2024-34750: Fixed an improper handling of exceptional
conditions (bsc#1227399).
ImportantSUSE bug 1227399CVE-2024-34750 at SUSECVE-2024-34750 at NVDcpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Moderate)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
- CVE-2024-0408: Fixed SELinux unlabeled GLX PBuffer. (bsc#1218845)
- CVE-2024-0409: Fixed SELinux context corruption. (bsc#1218846)
ModerateSUSE bug 1218845SUSE bug 1218846CVE-2024-0408 at SUSECVE-2024-0408 at NVDCVE-2024-0409 at SUSECVE-2024-0409 at NVDcpe:/o:opensuse:leap:15.5Security update for sevctl (Important)openSUSE Leap 15.5
This update for sevctl fixes the following issues:
- CVE-2023-50711: Fixed out of bounds memory accesses in vmm-sys-util
(bsc#1218502, bsc#1218499)
Non-security fixes:
- Updated to version 0.4.3 (jsc#PED-4981)
ImportantSUSE bug 1218499SUSE bug 1218502CVE-2023-50711 at SUSECVE-2023-50711 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Moderate)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
Update to 18.20.4:
- CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560)
- CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554)
Changes in 18.20.3:
- This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections.
deps:
- acorn updated to 8.11.3.
- acorn-walk updated to 8.3.2.
- ada updated to 2.7.8.
- c-ares updated to 1.28.1.
- corepack updated to 0.28.0.
- nghttp2 updated to 1.61.0.
- ngtcp2 updated to 1.3.0.
- npm updated to 10.7.0. Includes a fix from npm@10.5.1 to limit the number of open connections npm/cli#7324.
- simdutf updated to 5.2.4.
Changes in 18.20.2:
- CVE-2024-27980: Fixed command injection via args parameter of child_process.spawn without shell option enabled on Windows (bsc#1222665)
ModerateSUSE bug 1222665SUSE bug 1227554SUSE bug 1227560CVE-2024-22020 at SUSECVE-2024-22020 at NVDCVE-2024-27980 at SUSECVE-2024-27980 at NVDCVE-2024-36138 at SUSECVE-2024-36138 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs20 (Moderate)openSUSE Leap 15.5
This update for nodejs20 fixes the following issues:
Update to 20.15.1:
- CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560)
- CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554)
- CVE-2024-22018: Fixed fs.lstat bypasses permission model (bsc#1227562)
- CVE-2024-36137: Fixed fs.fchown/fchmod bypasses permission model (bsc#1227561)
- CVE-2024-37372: Fixed Permission model improperly processes UNC paths (bsc#1227563)
Changes in 20.15.0:
- test_runner: support test plans
- inspector: introduce the --inspect-wait flag
- zlib: expose zlib.crc32()
- cli: allow running wasm in limited vmem with --disable-wasm-trap-handler
Changes in 20.14.0
- src,permission: throw async errors on async APIs
- test_runner: support forced exit
Changes in 20.13.1:
- buffer: improve base64 and base64url performance
- crypto: deprecate implicitly shortened GCM tags
- events,doc: mark CustomEvent as stable
- fs: add stacktrace to fs/promises
- report: add --report-exclude-network option
- src: add uv_get_available_memory to report and process
- stream: support typed arrays
- util: support array of formats in util.styleText
- v8: implement v8.queryObjects() for memory leak regression testing
- watch: mark as stable
ModerateSUSE bug 1227554SUSE bug 1227560SUSE bug 1227561SUSE bug 1227562SUSE bug 1227563CVE-2024-22018 at SUSECVE-2024-22018 at NVDCVE-2024-22020 at SUSECVE-2024-22020 at NVDCVE-2024-27980 at SUSECVE-2024-27980 at NVDCVE-2024-36137 at SUSECVE-2024-36137 at NVDCVE-2024-36138 at SUSECVE-2024-36138 at NVDCVE-2024-37372 at SUSECVE-2024-37372 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- CVE-2024-38875: Fixed potential denial-of-service attack via certain inputs with a very large number of brackets (bsc#1227590)
- CVE-2024-39329: Fixed username enumeration through timing difference for users with unusable passwords (bsc#1227593)
- CVE-2024-39330: Fixed potential directory traversal in django.core.files.storage.Storage.save() (bsc#1227594)
- CVE-2024-39614: Fixed potential denial-of-service through django.utils.translation.get_supported_language_variant() (bsc#1227595)
- CVE-2023-23969: Fixed potential denial-of-service via Accept-Language headers (bsc#1207565)
ImportantSUSE bug 1207565SUSE bug 1227590SUSE bug 1227593SUSE bug 1227594SUSE bug 1227595CVE-2023-23969 at SUSECVE-2023-23969 at NVDCVE-2024-38875 at SUSECVE-2024-38875 at NVDCVE-2024-39329 at SUSECVE-2024-39329 at NVDCVE-2024-39330 at SUSECVE-2024-39330 at NVDCVE-2024-39614 at SUSECVE-2024-39614 at NVDcpe:/o:opensuse:leap:15.5Security update for emacs (Important)openSUSE Leap 15.5
This update for emacs fixes the following issues:
- CVE-2024-39331: Fixed evaluation of arbitrary unsafe Elisp code in Org mode (bsc#1226957).
ImportantSUSE bug 1226957CVE-2024-39331 at SUSECVE-2024-39331 at NVDcpe:/o:opensuse:leap:15.5Security update for mockito, snakeyaml, testng (Important)openSUSE Leap 15.5
This update for mockito, snakeyaml, testng fixes the following issues:
mockito was updated to version 5.11.0:
- Added bundle manifest to the mockito-core artifact
- Mockito 5 is making core changes to ensure compatibility with future JDK versions.
- Switch the Default MockMaker to mockito-inline (not applicable to mockito-android)
* Mockito 2.7.6 introduced the mockito-inline mockmaker based on the 'inline bytecode' principle, offering
compatibility advantages over the subclass mockmaker
* This change avoids JDK restrictions, such as violating module boundaries and leaking subclass creation
- Legitimate use cases for the subclass mockmaker:
* Scenarios where the inline mockmaker does not function, such as on Graal VM's native image
* If avoiding mocking final classes, the subclass mockmaker remains a viable option, although issues may arise on
JDK 17+
* Mockito aims to support both mockmakers, allowing users to choose based on their requirements.
- Update the Minimum Supported Java Version to 11
* Mockito 5 raised the minimum supported Java version to 11
* Community member @reta contributed to this change.
* Users still on JDK 8 can continue using Mockito 4, with minimal API differences between versions
- New type() Method on ArgumentMatcher
* The ArgumentMatcher interface now includes a new type() method to support varargs methods, addressing previous
limitations
* Users can now differentiate between matching calls with any exact number of arguments or match any number of
arguments
* Mockito 5 provides a default implementation of the new method, ensuring backward compatibility.
* No obligation for users to implement the new method; Mockito 5 considers Void.type by default for varargs handling
* ArgumentCaptor is now fully type-aware, enabling capturing specific subclasses on a generic method.
- byte-buddy does not bundle asm, but uses objectweb-asm as external library
snake-yaml was updated to version 2.2:
- Changes of version 2.2:
* Define default scalar style as PLAIN (for polyglot Maven)
* Add missing 'exports org.yaml.snakeyaml.inspector' to module-info.java
- Changes of version 2.1:
* Heavy Allocation in Emitter.analyzeScalar(String) due to Regex Overhead
* Use identity in toString() for sequences to avoid OutOfMemoryError
* NumberFormatException from SnakeYAML due to int overflow for corrupt YAML version
* Document size limit should be applied to single document notthe whole input stream
* Detect invalid Unicode code point (thanks to Tatu Saloranta)
* Remove Trusted*Inspector classes from main sources tree
- Changes of version 2.0:
* Rollback to Java 7 target
* Add module-info.java
* Migrate to Java 8
* Remove many deprecated constructors
* Remove long deprecated methods in FlowStyle
* Do not allow global tags by default
* Yaml.LoadAs() signature to support Class<? super T> type instead of Class<T>
* CustomClassLoaderConstructor takes LoaderOptions
* Check input parameters for non-null values
testng was updated to version 7.10.1:
- Security issues fixed:
* CVE-2022-4065: Fixed Zip Slip Vulnerability (bsc#1205628)
- Changes of version 7.10.1:
* Fixed maven build with junit5
- Changes of version 7.10.0:
* Minor discrepancy fixes
* Deleting TestNG eclipse plugin specific classes
* Remove deprecated JUnit related support in TestNG
* Handle exceptions in emailable Reporter
* Added wrapperbot and update workflow order
* Support ITestNGFactory customisation
* Streamlined data provider listener invocation
* Streamlined Guice Module creation in concurrency.
* Copy test result attributes when unexpected failures
* chore: use explicit dependency versions instead of refreshVersions
* Removed Ant
* Support ordering of listeners
* Added errorprone
* Allow custom thread pool executors to be wired in.
* Allow data providers to be non cacheable
* Use Locks instead of synchronised keyword
* Document pgp artifact signing keys
* Added Unique Id for all test class instances
* Added issue management workflows
* Map object to configurations
* Allow listeners to be disabled at runtime
* Streamlined Data Provider execution
* Honour inheritance when parsing listener factories
* Tweaks around accessing SuiteResult
* Streamlined random generation
* Streamlined dependencies for configurations
- Changes of version 7.9.0:
* Fixed maps containing nulls can be incorrectly considered equal
* Test Results as artifacts for failed runs
* Fixed data races
* Dont honour params specified in suite-file tag
* Decouple SuiteRunner and TestRunner
* Disable Native DI for BeforeSuite methods
* Streamlined running Parallel Dataproviders+retries
* Removed extra whitespace in log for Configuration.createMethods()
* Added the link for TestNG Documentation's GitHub Repo in README.md
* FirstTimeOnlyConfig methods + Listener invocations
* Added overrideGroupsFromCliInParentChildXml test
* Ensure thread safety for attribute access
* Added @inherited to the Listeners annotation
* Restrict Group inheritance to Before|AfterGroups
* Ensure ITestResult injected to @AfterMethod is apt
* Support suite level thread pools for data provider
* Favour CompletableFuture instead of PoolService
* Favour FutureTask for concurrency support
* Shared Threadpool for normal/datadriven tests.
* Abort for invalid combinations
- Changes of version 7.8.0:
* [Feature] Not exception but warning if some (not all) of the given test names are not found in suite files.
* [Feature] Generate testng-results.xml per test suite
* [Feature] Allow test classes to define 'configfailurepolicy' at a per class level
* XmlTest index is not set for test suites invoked with YAML
* Listener's onAfterClass is called before @afterclass configuration methods are executed.
* After upgrading to TestNG 7.5.0, setting ITestResult.status to FAILURE doesn't fail the test anymore
* JUnitReportReporter should capture the test case output at the test case level
* TestNG.xml doesn't honour Parallel value of a clone
* before configuration and before invocation should be 'SKIP' when beforeMethod is 'skip'
* Test listeners specified in parent testng.xml file are not included in testng-failed.xml file
* Discrepancies with DataProvider and Retry of failed tests
* Skipped Tests with DataProvider appear as failed
* testng-results xml reports config skips from base classes as ignored
* Feature: Check that specific object present in List
* Upgraded snakeyaml to 2.0
- Changes of version 7.7.1:
* Streamline overloaded assertion methods for Groovy
- Changes of version 7.7.0:
* Replace FindBugs by SpotBugs
* Gradle: Drop forUseAtConfigurationTime()
* Added ability to provide custom message to assertThrows\expectThrows methods
* Only resolve hostname once
* Prevent overlogging of debug msgs in Graph impl
* Streamlined dataprovider invoking in abstract classes
* Streamlined TestResult due to expectedExceptions
* Unexpected test runs count with retry analyzer
* Make PackageUtils compliant with JPMS
* Ability to retry a data provider during failures
* Fixing bug with DataProvider retry
* Added config key for callback discrepancy behavior
* Fixed FileAlreadyExistsException error on copy
* JarFileUtils.delete(File f) throw actual exception (instead of FileNotFound) when file cannot be deleted #2825
* Changing assertion message of the osgitest
* Enhancing the Matrix
* Avoid Compilation errors on Semeru JDK flavour.
* Add addition yml extension
* Support getting dependencies info for a test
* Honour regex in dependsOnMethods
* Ensure All tests run all the time
* Deprecate support for running Spock Tests
* Streamline dependsOnMethods for configurations
* Ensure ITestContext available for JUnit4 tests
* Deprecate support for running JUnit tests
* Changes of 7.6.1
* Fix Files.copy() such that parent dirs are created
* Remove deprecated utility methods
- Changes of version 7.6.0:
* Remove redundant Parameter implementation
* Upgraded to JDK11
* Move SimpleBaseTest to be Kotlin based
* Restore testnames when using suites in suite.
* Moving ClassHelperTests into Kotlin
* IHookable and IConfigurable callback discrepancy
* Minor refactoring
* Add additional condition for assertEqualsNoOrder
* beforeConfiguration() listener method should be invoked for skipped configurations as well
* Keep the initial order of listeners
* SuiteRunner could not be initial by default Configuration
* Enable Dataprovider failures to be considered.
* BeforeGroups should run before any matched test
* Fixed possible StringIndexOutOfBoundsException exception in XmlReporter
* DataProvider: possibility to unload dataprovider class, when done with it
* Fixed possibilty that AfterGroups method is invoked before all tests
* Fixed equals implementation for WrappedTestNGMethod
* Wire-In listeners consistently
* Streamline AfterClass invocation
* Show FQMN for tests in console
* Honour custom attribute values in TestNG default reports
ImportantSUSE bug 1205628CVE-2022-4065 at SUSECVE-2022-4065 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- Fixed regression in previous CVE fixes that made the package not work with Python 3.6
Importantcpe:/o:opensuse:leap:15.5Security update for gnome-shell (Moderate)openSUSE Leap 15.5
This update for gnome-shell fixes the following issues:
- CVE-2024-36472: Fixed portal helper automatically launched without user confirmation (bsc#1225567)
ModerateSUSE bug 1225567CVE-2024-36472 at SUSECVE-2024-36472 at NVDcpe:/o:opensuse:leap:15.5Security update for libgit2 (Important)openSUSE Leap 15.5
This update for libgit2 fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
ImportantSUSE bug 1219660CVE-2024-24577 at SUSECVE-2024-24577 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268)
- CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269)
- CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270)
- CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271)
ImportantSUSE bug 1227268SUSE bug 1227269SUSE bug 1227270SUSE bug 1227271CVE-2024-38475 at SUSECVE-2024-38475 at NVDCVE-2024-38476 at SUSECVE-2024-38476 at NVDCVE-2024-38477 at SUSECVE-2024-38477 at NVDCVE-2024-39573 at SUSECVE-2024-39573 at NVDcpe:/o:opensuse:leap:15.5Security update for p7zip (Important)openSUSE Leap 15.5
This update for p7zip fixes the following issues:
- CVE-2023-52168: Fixed heap-based buffer overflow in the NTFS handler allows two bytes to be overwritten at multiple offsets (bsc#1227358)
- CVE-2023-52169: Fixed out-of-bounds read in NTFS handler (bsc#1227359)
ImportantSUSE bug 1227358SUSE bug 1227359CVE-2023-52168 at SUSECVE-2023-52168 at NVDCVE-2023-52169 at SUSECVE-2023-52169 at NVDcpe:/o:opensuse:leap:15.5Security update for python-dnspython (Moderate)openSUSE Leap 15.5
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
ModerateSUSE bug 1222693CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Moderate)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2024-29508: Fixed heap pointer leak in pdf_base_font_alloc (bsc#1227380)
ModerateSUSE bug 1227380CVE-2024-29508 at SUSECVE-2024-29508 at NVDcpe:/o:opensuse:leap:15.5Security update for java-17-openjdk (Important)openSUSE Leap 15.5
This update for java-17-openjdk fixes the following issues:
Updated to version 17.0.12+7 (July 2024 CPU):
- CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046).
- CVE-2024-21138: Fixed an infinite loop due to excessive symbol
length (bsc#1228047).
- CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check
Elimination (bsc#1228048).
- CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling
(bsc#1228052).
- CVE-2024-21145: Fixed an index overflow in RangeCheckElimination
(bsc#1228051).
ImportantSUSE bug 1227298SUSE bug 1228046SUSE bug 1228047SUSE bug 1228048SUSE bug 1228051SUSE bug 1228052CVE-2024-21131 at SUSECVE-2024-21131 at NVDCVE-2024-21138 at SUSECVE-2024-21138 at NVDCVE-2024-21140 at SUSECVE-2024-21140 at NVDCVE-2024-21145 at SUSECVE-2024-21145 at NVDCVE-2024-21147 at SUSECVE-2024-21147 at NVDcpe:/o:opensuse:leap:15.5Security update for java-11-openjdk (Important)openSUSE Leap 15.5
This update for java-11-openjdk fixes the following issues:
Updated to version 11.0.24+8 (July 2024 CPU):
- CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046).
- CVE-2024-21138: Fixed an infinite loop due to excessive symbol
length (bsc#1228047).
- CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check
Elimination (bsc#1228048).
- CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling
(bsc#1228052).
- CVE-2024-21145: Fixed an index overflow in RangeCheckElimination
(bsc#1228051).
- CVE-2024-21144: Fixed an excessive loading time in Pack200 due to
improper header validation (bsc#1228050).
ImportantSUSE bug 1227298SUSE bug 1228046SUSE bug 1228047SUSE bug 1228048SUSE bug 1228050SUSE bug 1228051SUSE bug 1228052CVE-2024-21131 at SUSECVE-2024-21131 at NVDCVE-2024-21138 at SUSECVE-2024-21138 at NVDCVE-2024-21140 at SUSECVE-2024-21140 at NVDCVE-2024-21144 at SUSECVE-2024-21144 at NVDCVE-2024-21145 at SUSECVE-2024-21145 at NVDCVE-2024-21147 at SUSECVE-2024-21147 at NVDcpe:/o:opensuse:leap:15.5Security update for espeak-ng (Moderate)openSUSE Leap 15.5
This update for espeak-ng fixes the following issues:
- CVE-2023-49990: Fixed buffer overflow in SetUpPhonemeTable function at synthdata.c (bsc#1218010)
- CVE-2023-49991: Fixed stack-buffer-underflow exists in the function CountVowelPosition in synthdata.c (bsc#1218006)
- CVE-2023-49992: Fixed stack-buffer-overflow exists in the function RemoveEnding in dictionary.c (bsc#1218007)
- CVE-2023-49993: Fixed buffer overflow in ReadClause function at readclause.c (bsc#1218008)
- CVE-2023-49994: Fixed floating point exception in PeaksToHarmspect at wavegen.c (bsc#1218009)
ModerateSUSE bug 1218006SUSE bug 1218007SUSE bug 1218008SUSE bug 1218009SUSE bug 1218010CVE-2023-49990 at SUSECVE-2023-49990 at NVDCVE-2023-49991 at SUSECVE-2023-49991 at NVDCVE-2023-49992 at SUSECVE-2023-49992 at NVDCVE-2023-49993 at SUSECVE-2023-49993 at NVDCVE-2023-49994 at SUSECVE-2023-49994 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984).
- CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355).
ImportantSUSE bug 1027519SUSE bug 1214718SUSE bug 1221984SUSE bug 1227355CVE-2023-46842 at SUSECVE-2023-46842 at NVDCVE-2024-31143 at SUSECVE-2024-31143 at NVDcpe:/o:opensuse:leap:15.5Security update for python-dnspython (Moderate)openSUSE Leap 15.5
This update for python-dnspython fixes the following issues:
- CVE-2023-29483: Fixed an issue that allowed remote attackers to
interfere with DNS name resolution (bsc#1222693).
ModerateSUSE bug 1222693CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:opensuse:leap:15.5Security update for git (Important)openSUSE Leap 15.5
This update for git fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
ImportantSUSE bug 1219660CVE-2024-24577 at SUSECVE-2024-24577 at NVDcpe:/o:opensuse:leap:15.5Security update for shadow (Important)openSUSE Leap 15.5
This update for shadow fixes the following issues:
- CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845).
ImportantSUSE bug 916845CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851)
- CVE-2023-46840: Fixed VT-d: Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080)
ModerateSUSE bug 1218851SUSE bug 1219080CVE-2023-46839 at SUSECVE-2023-46839 at NVDCVE-2023-46840 at SUSECVE-2023-46840 at NVDcpe:/o:opensuse:leap:15.5Security update for gtk2 (Important)openSUSE Leap 15.5
This update for gtk2 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:opensuse:leap:15.5Security update for gtk3 (Important)openSUSE Leap 15.5
This update for gtk3 fixes the following issues:
- CVE-2024-6655: Fixed library injection from current working directory (bsc#1228120)
ImportantSUSE bug 1228120CVE-2024-6655 at SUSECVE-2024-6655 at NVDcpe:/o:opensuse:leap:15.5Security update for python-urllib3 (Moderate)openSUSE Leap 15.5
This update for python-urllib3 fixes the following issues:
- CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469)
ModerateSUSE bug 1226469CVE-2024-37891 at SUSECVE-2024-37891 at NVDcpe:/o:opensuse:leap:15.5Security update for orc (Important)openSUSE Leap 15.5
This update for orc fixes the following issues:
- CVE-2024-40897: Fixed stack-based buffer overflow in the orc compiler when formatting error messages for certain input files (bsc#1228184)
ImportantSUSE bug 1228184CVE-2024-40897 at SUSECVE-2024-40897 at NVDcpe:/o:opensuse:leap:15.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Moderate)openSUSE Leap 15.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
Update to version 1.59.0
* Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.59.0
* Release notes https://github.com/kubevirt/containerized-data-importer/releases/tag/v1.58.1
Moderatecpe:/o:opensuse:leap:15.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate)openSUSE Leap 15.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
- Update to version 1.2.2
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.2
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.1
Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.2.0
- Use predefined configuration files for libvirt
- Install psmisc (provides killall for tests)
Moderatecpe:/o:opensuse:leap:15.5Recommended update for mozilla-nss (Moderate)openSUSE Leap 15.5
This update for mozilla-nss fixes the following issues:
- Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724).
- Added 'Provides: nss' so other RPMs that require 'nss' can
be installed (jira PED-6358).
- FIPS: added safe memsets (bsc#1222811)
- FIPS: restrict AES-GCM (bsc#1222830)
- FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118)
- FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834)
- FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116)
- Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh
depends on it and will create a broken, empty config, if sed is
missing (bsc#1227918)
Update to NSS 3.101.2:
* bmo#1905691 - ChaChaXor to return after the function
update to NSS 3.101.1:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
update to NSS 3.101:
* add diagnostic assertions for SFTKObject refcount.
* freeing the slot in DeleteCertAndKey if authentication failed
* fix formatting issues.
* Add Firmaprofesional CA Root-A Web to NSS.
* remove invalid acvp fuzz test vectors.
* pad short P-384 and P-521 signatures gtests.
* remove unused FreeBL ECC code.
* pad short P-384 and P-521 signatures.
* be less strict about ECDSA private key length.
* Integrate HACL* P-521.
* Integrate HACL* P-384.
* memory leak in create_objects_from_handles.
* ensure all input is consumed in a few places in mozilla::pkix
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* clean up escape handling
* Use lib::pkix as default validator instead of the old-one
* Need to add high level support for PQ signing.
* Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation
* SMIME/CMS and PKCS #12 do not integrate with modern NSS policy
* Allow for non-full length ecdsa signature when using softoken
* Modification of .taskcluster.yml due to mozlint indent defects
* Implement support for PBMAC1 in PKCS#12
* disable VLA warnings for fuzz builds.
* remove redundant AllocItem implementation.
* add PK11_ReadDistrustAfterAttribute.
* - Clang-formatting of SEC_GetMgfTypeByOidTag update
* Set SEC_ERROR_LIBRARY_FAILURE on self-test failure
* sftk_getParameters(): Fix fallback to default variable after error with configfile.
* Switch to the mozillareleases/image_builder image
- switch from ec_field_GFp to ec_field_plain
Update to NSS 3.100:
* merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations.
* remove ckcapi.
* avoid a potential PK11GenericObject memory leak.
* Remove incomplete ESDH code.
* Decrypt RSA OAEP encrypted messages.
* Fix certutil CRLDP URI code.
* Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys.
* Add ability to encrypt and decrypt CMS messages using ECDH.
* Correct Templates for key agreement in smime/cmsasn.c.
* Moving the decodedCert allocation to NSS.
* Allow developers to speed up repeated local execution of NSS tests that depend on certificates.
Update to NSS 3.99:
* Removing check for message len in ed25519 (bmo#1325335)
* add ed25519 to SECU_ecName2params. (bmo#1884276)
* add EdDSA wycheproof tests. (bmo#1325335)
* nss/lib layer code for EDDSA. (bmo#1325335)
* Adding EdDSA implementation. (bmo#1325335)
* Exporting Certificate Compression types (bmo#1881027)
* Updating ACVP docker to rust 1.74 (bmo#1880857)
* Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335)
* Add NSS_CMSRecipient_IsSupported. (bmo#1877730)
Update to NSS 3.98:
* (CVE-2023-5388) Timing attack against RSA decryption in TLS
* Certificate Compression: enabling the check that the compression was advertised
* Move Windows workers to nss-1/b-win2022-alpha
* Remove Email trust bit from OISTE WISeKey Global Root GC CA
* Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss`
* Certificate Compression: Updating nss_bogo_shim to support Certificate compression
* TLS Certificate Compression (RFC 8879) Implementation
* Add valgrind annotations to freebl kyber operations for constant-time execution tests
* Set nssckbi version number to 2.66
* Add Telekom Security roots
* Add D-Trust 2022 S/MIME roots
* Remove expired Security Communication RootCA1 root
* move keys to a slot that supports concatenation in PK11_ConcatSymKeys
* remove unmaintained tls-interop tests
* bogo: add support for the -ipv6 and -shim-id shim flags
* bogo: add support for the -curves shim flag and update Kyber expectations
* bogo: adjust expectation for a key usage bit test
* mozpkix: add option to ignore invalid subject alternative names
* Fix selfserv not stripping `publicname:` from -X value
* take ownership of ecckilla shims
* add valgrind annotations to freebl/ec.c
* PR_INADDR_ANY needs PR_htonl before assignment to inet.ip
* Update zlib to 1.3.1
Update to NSS 3.97:
* make Xyber768d00 opt-in by policy
* add libssl support for xyber768d00
* add PK11_ConcatSymKeys
* add Kyber and a PKCS#11 KEM interface to softoken
* add a FreeBL API for Kyber
* part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* part 1: add a script for vendoring kyber from pq-crystals repo
* Removing the calls to RSA Blind from loader.*
* fix worker type for level3 mac tasks
* RSA Blind implementation
* Remove DSA selftests
* read KWP testvectors from JSON
* Backed out changeset dcb174139e4f
* Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* Wrap CC shell commands in gyp expansions
Update to NSS 3.96.1:
* Use pypi dependencies for MacOS worker in ./build_gyp.sh
* p7sign: add -a hash and -u certusage (also p7verify cleanups)
* add a defensive check for large ssl_DefSend return values
* Add dependency to the taskcluster script for Darwin
* Upgrade version of the MacOS worker for the CI
Update to NSS 3.95:
* Bump builtins version number.
* Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert.
* Remove 4 DigiCert (Symantec/Verisign) Root Certificates
* Remove 3 TrustCor Root Certificates from NSS.
* Remove Camerfirma root certificates from NSS.
* Remove old Autoridad de Certificacion Firmaprofesional Certificate.
* Add four Commscope root certificates to NSS.
* Add TrustAsia Global Root CA G3 and G4 root certificates.
* Include P-384 and P-521 Scalar Validation from HACL*
* Include P-256 Scalar Validation from HACL*.
* After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level
* Add means to provide library parameters to C_Initialize
* add OSXSAVE and XCR0 tests to AVX2 detection.
* Typo in ssl3_AppendHandshakeNumber
* Introducing input check of ssl3_AppendHandshakeNumber
* Fix Invalid casts in instance.c
Update to NSS 3.94:
* Updated code and commit ID for HACL*
* update ACVP fuzzed test vector: refuzzed with current NSS
* Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants
* NSS needs a database tool that can dump the low level representation of the database
* declare string literals using char in pkixnames_tests.cpp
* avoid implicit conversion for ByteString
* update rust version for acvp docker
* Moving the init function of the mpi_ints before clean-up in ec.c
* P-256 ECDH and ECDSA from HACL*
* Add ACVP test vectors to the repository
* Stop relying on std::basic_string<uint8_t>
* Transpose the PPC_ABI check from Makefile to gyp
Update to NSS 3.93:
* Update zlib in NSS to 1.3.
* softoken: iterate hashUpdate calls for long inputs.
* regenerate NameConstraints test certificates (bsc#1214980).
Update to NSS 3.92:
* Set nssckbi version number to 2.62
* Add 4 Atos TrustedRoot Root CA certificates to NSS
* Add 4 SSL.com Root CA certificates
* Add Sectigo E46 and R46 Root CA certificates
* Add LAWtrust Root CA2 (4096)
* Remove E-Tugra Certification Authority root
* Remove Camerfirma Chambers of Commerce Root.
* Remove Hongkong Post Root CA 1
* Remove E-Tugra Global Root CA ECC v3 and RSA v3
* Avoid redefining BYTE_ORDER on hppa Linux
Update to NSS 3.91:
* Implementation of the HW support check for ADX instruction
* Removing the support of Curve25519
* Fix comment about the addition of ticketSupportsEarlyData
* Adding args to enable-legacy-db build
* dbtests.sh failure in 'certutil dump keys with explicit default trust flags'
* Initialize flags in slot structures
* Improve the length check of RSA input to avoid heap overflow
* Followup Fixes
* avoid processing unexpected inputs by checking for m_exptmod base sign
* add a limit check on order_k to avoid infinite loop
* Update HACL* to commit 5f6051d2
* add SHA3 to cryptohi and softoken
* HACL SHA3
* Disabling ASM C25519 for A but X86_64
Update to NSS 3.90.3:
* GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME.
* clean up escape handling.
* remove redundant AllocItem implementation.
* Disable ASM support for Curve25519.
* Disable ASM support for Curve25519 for all but X86_64.
ModerateSUSE bug 1214980SUSE bug 1222804SUSE bug 1222807SUSE bug 1222811SUSE bug 1222813SUSE bug 1222814SUSE bug 1222821SUSE bug 1222822SUSE bug 1222826SUSE bug 1222828SUSE bug 1222830SUSE bug 1222833SUSE bug 1222834SUSE bug 1223724SUSE bug 1224113SUSE bug 1224115SUSE bug 1224116SUSE bug 1224118SUSE bug 1227918CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:opensuse:leap:15.5Security update for dri3proto, presentproto, wayland-protocols, xwayland (Moderate)openSUSE Leap 15.5
This update for dri3proto, presentproto, wayland-protocols, xwayland fixes the following issues:
Changes in presentproto:
* update to version 1.4 (patch generated from xorgproto-2024.1 sources)
Changes in wayland-protocols:
- Update to version 1.36:
* xdg-dialog: fix missing namespace in protocol name
- Changes from version 1.35:
* cursor-shape-v1: Does not advertises the list of supported cursors
* xdg-shell: add missing enum attribute to set_constraint_adjustment
* xdg-shell: recommend against drawing decorations when tiled
* tablet-v2: mark as stable
* staging: add alpha-modifier protocol
- Update to 1.36
* Fix to the xdg dialog protocol
* tablet-v2 protocol is now stable
* alpha-modifier: new protocol
* Bug fix to the cursor shape documentation
* The xdg-shell protocol now also explicitly recommends against
drawing decorations outside of the window geometry when tiled
- Update to 1.34:
* xdg-dialog: new protocol
* xdg-toplevel-drag: new protocol
* Fix typo in ext-foreign-toplevel-list-v1
* tablet-v2: clarify that name/id events are optional
* linux-drm-syncobj-v1: new protocol
* linux-explicit-synchronization-v1: add linux-drm-syncobj note
- Update to version 1.33:
* xdg-shell: Clarify what a toplevel by default includes
* linux-dmabuf: sync changes from unstable to stable
* linux-dmabuf: require all planes to use the same modifier
* presentation-time: stop referring to Linux/glibc
* security-context-v1: Make sandbox engine names use reverse-DNS
* xdg-decoration: remove ambiguous wording in configure event
* xdg-decoration: fix configure event summary
* linux-dmabuf: mark as stable
* linux-dmabuf: add note about implicit sync
* security-context-v1: Document what can be done with the open
sockets
* security-context-v1: Document out of band metadata for flatpak
Changes in dri3proto:
* update to version 1.4 (patch generated from xorgproto-2024.1 sources)
Changes in xwayland:
- Update to bugfix release 24.1.1 for the current stable 24.1
branch of Xwayland
* xwayland: fix segment fault in `xwl_glamor_gbm_init_main_dev`
* os: Explicitly include X11/Xmd.h for CARD32 definition to fix
building on i686
* present: On *BSD, epoll-shim is needed to emulate eventfd()
* xwayland: Stop on first unmapped child
* xwayland/window-buffers: Promote xwl_window_buffer
* xwayland/window-buffers: Add xwl_window_buffer_release()
* xwayland/glamor/gbm: Copy explicit sync code to GLAMOR/GBM
* xwayland/window-buffers: Use synchronization from GLAMOR/GBM
* xwayland/window-buffers: Do not always set syncpnts
* xwayland/window-buffers: Move code to submit pixmaps
* xwayland/window-buffers: Set syncpnts for all pixmaps
* xwayland: Move xwl_window disposal to its own function
* xwayland: Make sure we do not leak xwl_window on destroy
* wayland/window-buffers: Move buffer disposal to its own function
* xwayland/window-buffers: optionally force disposal
* wayland: Force disposal of windows buffers for root on destroy
* xwayland: Check for pointer in xwl_seat_leave_ptr()
* xwayland: remove includedir from pkgconfig
- disable DPMS on sle15 due to missing proto package
- Update to feature release 24.1.0
* This fixes a couple of regressions introduced in the previous release
candidate versions along with a fix for XTEST emulation with EI.
+ xwayland: Send ei_device_frame on device_scroll_discrete
+ xwayland: Restore the ResizeWindow handler
+ xwayland: Handle rootful resize in ResizeWindow
+ xwayland: Move XRandR emulation to the ResizeWindow hook
+ xwayland: Use correct xwl_window lookup function in xwl_set_shape
- eglstreams has been dropped
- Update to bug fix relesae 23.2.7
* m4: drop autoconf leftovers
* xwayland: Send ei_device_frame on device_scroll_discrete
* xwayland: Call drmFreeDevice for dma-buf default feedback
* xwayland: Use drmDevicesEqual in xwl_dmabuf_feedback_tranche_done
* dri3: Free formats in cache_formats_and_modifiers
* xwayland/glamor: Handle depth 15 in gbm_format_for_depth
* Revert 'xwayland/glamor: Avoid implicit redirection with depth 32 parent windows'
* xwayland: Check for outputs before lease devices
* xwayland: Do not remove output on withdraw if leased
- Update to 23.2.6
* This is a quick bug fix release to address a regression
introduced by the fix for CVE-2024-31083 in xwayland-23.2.5.
- Security update 23.2.5
This release contains the 3 security fixes that actually apply to
Xwayland reported in the security advisory of April 3rd 2024
* CVE-2024-31080
* CVE-2024-31081
* CVE-2024-31083
Additionally, it also contains a couple of other fixes, a copy/paste
error in the DeviceStateNotify event and a fix to enable buttons with
pointer gestures for backward compatibility with legacy X11 clients.
- Don't provide xorg-x11-server-source
* xwayland sources are not meant for a generic server.
ModerateSUSE bug 1219892SUSE bug 1222309SUSE bug 1222310SUSE bug 1222312SUSE bug 1222442CVE-2024-31080 at SUSECVE-2024-31080 at NVDCVE-2024-31081 at SUSECVE-2024-31081 at NVDCVE-2024-31083 at SUSECVE-2024-31083 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm_20_02 (Important)openSUSE Leap 15.5
This update for slurm_20_02 fixes the following issues:
Security fixes:
- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)
Other fixes:
- Fix slurm upgrading to incompatible versions (bsc#1216869).
ImportantSUSE bug 1216869SUSE bug 1218046SUSE bug 1218050SUSE bug 1218051SUSE bug 1218053CVE-2023-49933 at SUSECVE-2023-49933 at NVDCVE-2023-49936 at SUSECVE-2023-49936 at NVDCVE-2023-49937 at SUSECVE-2023-49937 at NVDCVE-2023-49938 at SUSECVE-2023-49938 at NVDcpe:/o:opensuse:leap:15.5Security update for patch (Low)openSUSE Leap 15.5
This update for patch fixes the following issues:
- CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721)
LowSUSE bug 1167721CVE-2019-20633 at SUSECVE-2019-20633 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Important)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u422 (icedtea-3.32.0):
* Security fixes
+ JDK-8314794, CVE-2024-21131, bsc#1228046: Improve UTF8 String supports
+ JDK-8319859, CVE-2024-21138, bsc#1228047: Better symbol storage
+ JDK-8320097: Improve Image transformations
+ JDK-8320548, CVE-2024-21140, bsc#1228048: Improved loop handling
+ JDK-8322106, CVE-2024-21144, bsc#1228050: Enhance Pack 200 loading
+ JDK-8323231, CVE-2024-21147, bsc#1228052: Improve array management
+ JDK-8323390: Enhance mask blit functionality
+ JDK-8324559, CVE-2024-21145, bsc#1228051: Improve 2D image handling
+ JDK-8325600: Better symbol storage
* Import of OpenJDK 8 u422 build 05
+ JDK-8025439: [TEST BUG] [macosx]
PrintServiceLookup.lookupPrintServices doesn't work properly
since jdk8b105
+ JDK-8069389: CompilerOracle prefix wildcarding is broken for
long strings
+ JDK-8159454: [TEST_BUG] javax/swing/ToolTipManager/7123767/
/bug7123767.java: number of checked graphics configurations
should be limited
+ JDK-8198321: javax/swing/JEditorPane/5076514/bug5076514.java fails
+ JDK-8203691: [TESTBUG] Test
/runtime/containers/cgroup/PlainRead.java fails
+ JDK-8205407: [windows, vs<2017] C4800 after 8203197
+ JDK-8235834: IBM-943 charset encoder needs updating
+ JDK-8239965: XMLEncoder/Test4625418.java fails due to 'Error:
Cp943 - can't read properly'
+ JDK-8240756: [macos] SwingSet2:TableDemo:Printed Japanese
characters were garbled
+ JDK-8256152: tests fail because of ambiguous method resolution
+ JDK-8258855: Two tests sun/security/krb5/auto/
/ReplayCacheTestProc.java and ReplayCacheTestProcWithMD5.java
failed on OL8.3
+ JDK-8262017: C2: assert(n != __null) failed: Bad immediate
dominator info.
+ JDK-8268916: Tests for AffirmTrust roots
+ JDK-8278067: Make HttpURLConnection default keep alive
timeout configurable
+ JDK-8291226: Create Test Cases to cover scenarios for
JDK-8278067
+ JDK-8291637: HttpClient default keep alive timeout not
followed if server sends invalid value
+ JDK-8291638: Keep-Alive timeout of 0 should close connection
immediately
+ JDK-8293562: KeepAliveCache Blocks Threads while Closing
Connections
+ JDK-8303466: C2: failed: malformed control flow. Limit type
made precise with MaxL/MinL
+ JDK-8304074: [JMX] Add an approximation of total bytes
allocated on the Java heap by the JVM
+ JDK-8313081: MonitoringSupport_lock should be unconditionally
initialized after 8304074
+ JDK-8315020: The macro definition for LoongArch64 zero build
is not accurate.
+ JDK-8316138: Add GlobalSign 2 TLS root certificates
+ JDK-8318410: jdk/java/lang/instrument/BootClassPath/
/BootClassPathTest.sh fails on Japanese Windows
+ JDK-8320005: Allow loading of shared objects with .a
extension on AIX
+ JDK-8324185: [8u] Accept Xcode 12+ builds on macOS
+ JDK-8325096: Test java/security/cert/CertPathBuilder/akiExt/
/AKISerialNumber.java is failing
+ JDK-8325927: [8u] Backport of JDK-8170552 missed part of the test
+ JDK-8326686: Bump update version of OpenJDK: 8u422
+ JDK-8327440: Fix 'bad source file' error during beaninfo
generation
+ JDK-8328809: [8u] Problem list some CA tests
+ JDK-8328825: Google CAInterop test failures
+ JDK-8329544: [8u] sun/security/krb5/auto/
/ReplayCacheTestProc.java cannot find the testlibrary
+ JDK-8331791: [8u] AIX build break from JDK-8320005 backport
+ JDK-8331980: [8u] Problem list CAInterop.java#certignarootca test
+ JDK-8335552: [8u] JDK-8303466 backport to 8u requires 3
::Identity signature fixes
* Bug fixes
+ JDK-8331730: [8u] GHA: update sysroot for cross builds to
Debian bullseye
+ JDK-8333669: [8u] GHA: Dead VS2010 download link
+ JDK-8318039: GHA: Bump macOS and Xcode versions
ImportantSUSE bug 1228046SUSE bug 1228047SUSE bug 1228048SUSE bug 1228050SUSE bug 1228051SUSE bug 1228052CVE-2024-21131 at SUSECVE-2024-21131 at NVDCVE-2024-21138 at SUSECVE-2024-21138 at NVDCVE-2024-21140 at SUSECVE-2024-21140 at NVDCVE-2024-21144 at SUSECVE-2024-21144 at NVDCVE-2024-21145 at SUSECVE-2024-21145 at NVDCVE-2024-21147 at SUSECVE-2024-21147 at NVDcpe:/o:opensuse:leap:15.5Security update for libnbd (Important)openSUSE Leap 15.5
This update for libnbd fixes the following issues:
- CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872)
Other fixes:
- Update to version 1.18.5.
ImportantSUSE bug 1228872CVE-2024-7383 at SUSECVE-2024-7383 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 115.13 (MFSA 2024-31, bsc#1226316):
Security fixes:
- CVE-2024-6600: Memory corruption in WebGL API (bmo#1888340)
- CVE-2024-6601: Race condition in permission assignment (bmo#1890748)
- CVE-2024-6602: Memory corruption in NSS (bmo#1895032)
- CVE-2024-6603: Memory corruption in thread creation (bmo#1895081)
- CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird 115.13 (bmo#1748105, bmo#1837550, bmo#1884266)
Other fixes:
- fixed: After starting Thunderbird, the message list position was sometimes set to an incorrect position (bmo#1896009)
ImportantSUSE bug 1226316CVE-2024-6600 at SUSECVE-2024-6600 at NVDCVE-2024-6601 at SUSECVE-2024-6601 at NVDCVE-2024-6602 at SUSECVE-2024-6602 at NVDCVE-2024-6603 at SUSECVE-2024-6603 at NVDCVE-2024-6604 at SUSECVE-2024-6604 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg-4 (Moderate)openSUSE Leap 15.5
This update for ffmpeg-4 fixes the following issues:
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug in load_input_picture() (bsc#1227296).
- CVE-2023-51798: Fixed floating point exception in the via the interpolate function in libavfilter/vf_minterpolate.c (bsc#1223304).
ModerateSUSE bug 1223304SUSE bug 1227296CVE-2023-51798 at SUSECVE-2023-51798 at NVDCVE-2024-32230 at SUSECVE-2024-32230 at NVDcpe:/o:opensuse:leap:15.5Security update for shadow (Moderate)openSUSE Leap 15.5
This update for shadow fixes the following issues:
- Fixed not copying of skel files (bsc#1228770)
ModerateSUSE bug 1228770CVE-2013-4235 at SUSECVE-2013-4235 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg (Moderate)openSUSE Leap 15.5
This update for ffmpeg fixes the following issues:
- CVE-2024-32230: Fixed buffer overflow due to negative-size-param bug at libavcodec/mpegvideo_enc.c in load_input_picture (bsc#1227296)
ModerateSUSE bug 1227296CVE-2024-32230 at SUSECVE-2024-32230 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- CVE-2024-42005: Fixed SQL injection in QuerySet.values() and values_list() (bsc#1228629)
- CVE-2024-41989: Fixed Memory exhaustion in django.utils.numberformat.floatformat() (bsc#1228630)
- CVE-2024-41990: Fixed denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228631)
- CVE-2024-41991: Fixed another denial-of-service vulnerability in django.utils.html.urlize() (bsc#1228632)
- CVE-2022-28346: Fixed SQL injection in QuerySet.annotate(),aggregate() and extra() (bsc#1198398)
- CVE-2019-12308: Fixed XSS in AdminURLFieldWidget (bsc#1136468)
ImportantSUSE bug 1136468SUSE bug 1198398SUSE bug 1228629SUSE bug 1228630SUSE bug 1228631SUSE bug 1228632CVE-2019-12308 at SUSECVE-2019-12308 at NVDCVE-2022-28346 at SUSECVE-2022-28346 at NVDCVE-2024-41989 at SUSECVE-2024-41989 at NVDCVE-2024-41990 at SUSECVE-2024-41990 at NVDCVE-2024-41991 at SUSECVE-2024-41991 at NVDCVE-2024-42005 at SUSECVE-2024-42005 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm_22_05 (Important)openSUSE Leap 15.5
This update for slurm_22_05 fixes the following issues:
Update to slurm 22.05.11:
Security fixes:
- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)
Other fixes:
- Add missing service file for slurmrestd (bsc#1217711).
- Fix slurm upgrading to incompatible versions (bsc#1216869).
ImportantSUSE bug 1216869SUSE bug 1217711SUSE bug 1218046SUSE bug 1218050SUSE bug 1218051SUSE bug 1218053CVE-2023-49933 at SUSECVE-2023-49933 at NVDCVE-2023-49936 at SUSECVE-2023-49936 at NVDCVE-2023-49937 at SUSECVE-2023-49937 at NVDCVE-2023-49938 at SUSECVE-2023-49938 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm (Important)openSUSE Leap 15.5
This update for slurm fixes the following issues:
Update to slurm 23.02.6:
Security fixes:
- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49935: Prevent message hash bypass in slurmd which can allow an attacker to reuse root-level MUNGE tokens and escalate permissions. (bsc#1218049)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)
Other fixes:
- Add missing service file for slurmrestd (bsc#1217711).
- Fix slurm upgrading to incompatible versions (bsc#1216869).
ImportantSUSE bug 1216869SUSE bug 1217711SUSE bug 1218046SUSE bug 1218049SUSE bug 1218050SUSE bug 1218051SUSE bug 1218053CVE-2023-49933 at SUSECVE-2023-49933 at NVDCVE-2023-49935 at SUSECVE-2023-49935 at NVDCVE-2023-49936 at SUSECVE-2023-49936 at NVDCVE-2023-49937 at SUSECVE-2023-49937 at NVDCVE-2023-49938 at SUSECVE-2023-49938 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.23 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.23 fixes the following issues:
- CVE-2021-25743: Fixed sanitization of raw data of escape, meta or control sequences before output it to terminal (bsc#1194400)
ModerateSUSE bug 1194400CVE-2021-25743 at SUSECVE-2021-25743 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.24 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.24 fixes the following issues:
- CVE-2021-25743: Fixed sanitization of raw data of escape, meta or control sequences before output it to terminal (bsc#1194400)
ModerateSUSE bug 1194400CVE-2021-25743 at SUSECVE-2021-25743 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-Twisted (Important)openSUSE Leap 15.5
This update for python3-Twisted fixes the following issues:
- CVE-2024-41671: Fixed HTTP pipelined requests processed out of order in twisted.web (bsc#1228549)
- CVE-2024-41810: Fixed reflected XSS via HTML Injection in Redirect Response (bsc#1228552)
ImportantSUSE bug 1228549SUSE bug 1228552CVE-2024-41671 at SUSECVE-2024-41671 at NVDCVE-2024-41810 at SUSECVE-2024-41810 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- Fixed code in CVE-2024-41990 patch
ImportantSUSE bug 1228630CVE-2024-41990 at SUSECVE-2024-41990 at NVDcpe:/o:opensuse:leap:15.5Security update for bind (Important)openSUSE Leap 15.5
This update for bind fixes the following issues:
Update to 9.16.50:
- Bug Fixes:
* A regression in cache-cleaning code enabled memory use to grow
significantly more quickly than before, until the configured
max-cache-size limit was reached. This has been fixed.
* Using rndc flush inadvertently caused cache cleaning to become
less effective. This could ultimately lead to the configured
max-cache-size limit being exceeded and has now been fixed.
* The logic for cleaning up expired cached DNS records was
tweaked to be more aggressive. This change helps with enforcing
max-cache-ttl and max-ncache-ttl in a timely manner.
* It was possible to trigger a use-after-free assertion when the
overmem cache cleaning was initiated. This has been fixed.
New Features:
* Added RESOLVER.ARPA to the built in empty zones.
- Security Fixes:
* It is possible to craft excessively large numbers of resource
record types for a given owner name, which has the effect of
slowing down database processing. This has been addressed by
adding a configurable limit to the number of records that can
be stored per name and type in a cache or zone database. The
default is 100, which can be tuned with the new
max-types-per-name option. (CVE-2024-1737, bsc#1228256)
* Validating DNS messages signed using the SIG(0) protocol (RFC
2931) could cause excessive CPU load, leading to a
denial-of-service condition. Support for SIG(0) message
validation was removed from this version of named.
(CVE-2024-1975, bsc#1228257)
* When looking up the NS records of parent zones as part of
looking up DS records, it was possible for named to trigger an
assertion failure if serve-stale was enabled. This has been
fixed. (CVE-2024-4076, bsc#1228258)
ImportantSUSE bug 1228256SUSE bug 1228257SUSE bug 1228258CVE-2024-1737 at SUSECVE-2024-1737 at NVDCVE-2024-1975 at SUSECVE-2024-1975 at NVDCVE-2024-4076 at SUSECVE-2024-4076 at NVDcpe:/o:opensuse:leap:15.5Security update for ca-certificates-mozilla (Important)openSUSE Leap 15.5
This update for ca-certificates-mozilla fixes the following issues:
- Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525)
- Added: FIRMAPROFESIONAL CA ROOT-A WEB
- Distrust: GLOBALTRUST 2020
- Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356)
Added:
- CommScope Public Trust ECC Root-01
- CommScope Public Trust ECC Root-02
- CommScope Public Trust RSA Root-01
- CommScope Public Trust RSA Root-02
- D-Trust SBR Root CA 1 2022
- D-Trust SBR Root CA 2 2022
- Telekom Security SMIME ECC Root 2021
- Telekom Security SMIME RSA Root 2023
- Telekom Security TLS ECC Root 2020
- Telekom Security TLS RSA Root 2023
- TrustAsia Global Root CA G3
- TrustAsia Global Root CA G4
Removed:
- Autoridad de Certificacion Firmaprofesional CIF A62634068
- Chambers of Commerce Root - 2008
- Global Chambersign Root - 2008
- Security Communication Root CA
- Symantec Class 1 Public Primary Certification Authority - G6
- Symantec Class 2 Public Primary Certification Authority - G6
- TrustCor ECA-1
- TrustCor RootCert CA-1
- TrustCor RootCert CA-2
- VeriSign Class 1 Public Primary Certification Authority - G3
- VeriSign Class 2 Public Primary Certification Authority - G3
ImportantSUSE bug 1220356SUSE bug 1227525cpe:/o:opensuse:leap:15.5Security update for qt6-base (Important)openSUSE Leap 15.5
This update for qt6-base fixes the following issues:
- CVE-2024-33861: Fixed an invalid pointer being passed as a callback which coud lead to modification of the stack (bsc#1223917)
- CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)
- CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120)
ImportantSUSE bug 1222120SUSE bug 1223917SUSE bug 1227426CVE-2023-45935 at SUSECVE-2023-45935 at NVDCVE-2024-33861 at SUSECVE-2024-33861 at NVDCVE-2024-39936 at SUSECVE-2024-39936 at NVDcpe:/o:opensuse:leap:15.5Security update for slurm_20_11 (Important)openSUSE Leap 15.5
This update for slurm_20_11 fixes the following issues:
Security fixes:
- CVE-2023-41914: Prevent filesystem race conditions that could let an attacker take control of an arbitrary file, or remove entire directories' contents. (bsc#1216207)
- CVE-2023-49933: Prevent message extension attacks that could bypass the message hash. (bsc#1218046)
- CVE-2023-49936: Prevent NULL pointer dereference on `size_valp` overflow. (bsc#1218050)
- CVE-2023-49937: Prevent double-xfree() on error in `_unpack_node_reg_resp()`. (bsc#1218051)
- CVE-2023-49938: Prevent modified `sbcast` RPCs from opening a file with the wrong group permissions. (bsc#1218053)
Other fixes:
- Add missing service file for slurmrestd (bsc#1217711).
- Fix slurm upgrading to incompatible versions (bsc#1216869).
ImportantSUSE bug 1216207SUSE bug 1216869SUSE bug 1217711SUSE bug 1218046SUSE bug 1218050SUSE bug 1218051SUSE bug 1218053CVE-2023-41914 at SUSECVE-2023-41914 at NVDCVE-2023-49933 at SUSECVE-2023-49933 at NVDCVE-2023-49936 at SUSECVE-2023-49936 at NVDCVE-2023-49937 at SUSECVE-2023-49937 at NVDCVE-2023-49938 at SUSECVE-2023-49938 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Twisted (Important)openSUSE Leap 15.5
This update for python-Twisted fixes the following issues:
- CVE-2024-41671: Fixed an information disclosure due to HTTP requests processed out-of-order (bsc#1228549)
- CVE-2024-41810: Fixed reflected XSS via HTML injection in redirect response (bsc#1228552)
ImportantSUSE bug 1228549SUSE bug 1228552CVE-2024-41671 at SUSECVE-2024-41671 at NVDCVE-2024-41810 at SUSECVE-2024-41810 at NVDcpe:/o:opensuse:leap:15.5Security update for python-gunicorn (Important)openSUSE Leap 15.5
This update for python-gunicorn fixes the following issues:
- CVE-2024-1135: Fixed HTTP Request Smuggling due to improperly validate Transfer-Encoding headers (bsc#1222950)
ImportantSUSE bug 1222950CVE-2024-1135 at SUSECVE-2024-1135 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtbase (Important)openSUSE Leap 15.5
This update for libqt5-qtbase fixes the following issues:
- CVE-2023-45935: Fixed NULL pointer dereference in QXcbConnection::initializeAllAtoms() due to anomalous behavior from the X server (bsc#1222120)
- CVE-2024-39936: Fixed information leakage due to process HTTP2 communication before encrypted() can be responded to (bsc#1227426)
ImportantSUSE bug 1222120SUSE bug 1227426CVE-2023-45935 at SUSECVE-2023-45935 at NVDCVE-2024-39936 at SUSECVE-2024-39936 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Moderate)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571)
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071)
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869)
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323)
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700)
- CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722)
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518)
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520)
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565)
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580)
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617)
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470)
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591)
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723)
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- ACPI: EC: Abort address space access upon error (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products (stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- ASoC: amd: Adjust error handling in case of absent codec device (git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error (git-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- block, loop: support partitions without scanning (bsc#1227162).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fix build warning
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- HID: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kernel-binary: vdso: Own module_dir
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- KVM: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- KVM: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes).
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- NFSD enforce filehandle check for source file in COPY (git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- NFSD: Replace the 'init once' mechanism (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: verify the opened dentry after setting a delegation (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- NFSD: Zero counters when the filecache is re-initialized (git-fixes).
- NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- PCI: Extend ACS configurability (bsc#1228090).
- PCI: Fix resource double counting on remove & rescan (git-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- RDMA/hns: Check atomic wr length (git-fixes)
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783).
- Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783).
- Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
- Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rpm/guards: fix precedence issue with control flow operator With perl 5.40 it report the following error on rpm/guards script: Possible precedence issue with control flow operator (exit) at scripts/guards line 208. Fix the issue by adding parenthesis around ternary operator.
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf:
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- USB: serial: option: add Rolling RW350-GL variants (stable-fixes).
- USB: serial: option: add support for Foxconn T99W651 (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- USB: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
ImportantSUSE bug 1082555SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1194324SUSE bug 1194869SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1202346SUSE bug 1202686SUSE bug 1208783SUSE bug 1209636SUSE bug 1213123SUSE bug 1215492SUSE bug 1215587SUSE bug 1216834SUSE bug 1219832SUSE bug 1220138SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1220869SUSE bug 1220876SUSE bug 1220942SUSE bug 1220952SUSE bug 1221010SUSE bug 1221044SUSE bug 1221647SUSE bug 1221654SUSE bug 1221656SUSE bug 1221659SUSE bug 1221777SUSE bug 1222011SUSE bug 1222323SUSE bug 1222326SUSE bug 1222328SUSE bug 1222625SUSE bug 1222702SUSE bug 1222728SUSE bug 1222799SUSE bug 1222809SUSE bug 1222810SUSE bug 1223021SUSE bug 1223180SUSE bug 1223635SUSE bug 1223652SUSE bug 1223675SUSE bug 1223778SUSE bug 1223806SUSE bug 1223813SUSE bug 1223815SUSE bug 1223836SUSE bug 1223863SUSE bug 1224414SUSE bug 1224499SUSE bug 1224500SUSE bug 1224512SUSE bug 1224516SUSE bug 1224517SUSE bug 1224545SUSE bug 1224548SUSE bug 1224557SUSE bug 1224572SUSE bug 1224573SUSE bug 1224585SUSE bug 1224604SUSE bug 1224636SUSE bug 1224641SUSE bug 1224683SUSE bug 1224694SUSE bug 1224700SUSE bug 1224743SUSE bug 1225088SUSE bug 1225272SUSE bug 1225301SUSE bug 1225475SUSE bug 1225489SUSE bug 1225504SUSE bug 1225505SUSE bug 1225564SUSE bug 1225573SUSE bug 1225581SUSE bug 1225586SUSE bug 1225711SUSE bug 1225717SUSE bug 1225719SUSE bug 1225744SUSE bug 1225745SUSE bug 1225746SUSE bug 1225752SUSE bug 1225753SUSE bug 1225757SUSE bug 1225767SUSE bug 1225810SUSE bug 1225815SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225838SUSE bug 1225839SUSE bug 1225843SUSE bug 1225847SUSE bug 1225851SUSE bug 1225856SUSE bug 1225895SUSE bug 1225898SUSE bug 1225903SUSE bug 1226202SUSE bug 1226502SUSE bug 1226519SUSE bug 1226551SUSE bug 1226555SUSE bug 1226565SUSE bug 1226568SUSE bug 1226570SUSE bug 1226571SUSE bug 1226574SUSE bug 1226588SUSE bug 1226607SUSE bug 1226650SUSE bug 1226698SUSE bug 1226713SUSE bug 1226716SUSE bug 1226750SUSE bug 1226757SUSE bug 1226758SUSE bug 1226775SUSE bug 1226783SUSE bug 1226785SUSE bug 1226834SUSE bug 1226837SUSE bug 1226911SUSE bug 1226990SUSE bug 1226993SUSE bug 1227090SUSE bug 1227121SUSE bug 1227157SUSE bug 1227162SUSE bug 1227362SUSE bug 1227383SUSE bug 1227432SUSE bug 1227435SUSE bug 1227447SUSE bug 1227487SUSE bug 1227549SUSE bug 1227573SUSE bug 1227618SUSE bug 1227620SUSE bug 1227626SUSE bug 1227635SUSE bug 1227661SUSE bug 1227716SUSE bug 1227722SUSE bug 1227724SUSE bug 1227725SUSE bug 1227728SUSE bug 1227729SUSE bug 1227730SUSE bug 1227732SUSE bug 1227733SUSE bug 1227750SUSE bug 1227754SUSE bug 1227755SUSE bug 1227760SUSE bug 1227762SUSE bug 1227763SUSE bug 1227764SUSE bug 1227766SUSE bug 1227770SUSE bug 1227771SUSE bug 1227772SUSE bug 1227774SUSE bug 1227779SUSE bug 1227780SUSE bug 1227783SUSE bug 1227786SUSE bug 1227787SUSE bug 1227790SUSE bug 1227792SUSE bug 1227796SUSE bug 1227797SUSE bug 1227798SUSE bug 1227800SUSE bug 1227802SUSE bug 1227806SUSE bug 1227808SUSE bug 1227810SUSE bug 1227812SUSE bug 1227813SUSE bug 1227814SUSE bug 1227816SUSE bug 1227820SUSE bug 1227823SUSE bug 1227824SUSE bug 1227828SUSE bug 1227829SUSE bug 1227836SUSE bug 1227846SUSE bug 1227849SUSE bug 1227851SUSE bug 1227862SUSE bug 1227864SUSE bug 1227865SUSE bug 1227866SUSE bug 1227870SUSE bug 1227884SUSE bug 1227886SUSE bug 1227891SUSE bug 1227893SUSE bug 1227899SUSE bug 1227900SUSE bug 1227910SUSE bug 1227913SUSE bug 1227917SUSE bug 1227919SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227927SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227936SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227947SUSE bug 1227948SUSE bug 1227949SUSE bug 1227950SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227957SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227992SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228003SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228011SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228020SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228067SUSE bug 1228068SUSE bug 1228071SUSE bug 1228079SUSE bug 1228090SUSE bug 1228114SUSE bug 1228140SUSE bug 1228190SUSE bug 1228191SUSE bug 1228195SUSE bug 1228202SUSE bug 1228226SUSE bug 1228235SUSE bug 1228237SUSE bug 1228247SUSE bug 1228327SUSE bug 1228328SUSE bug 1228330SUSE bug 1228403SUSE bug 1228405SUSE bug 1228408SUSE bug 1228409SUSE bug 1228410SUSE bug 1228418SUSE bug 1228440SUSE bug 1228459SUSE bug 1228462SUSE bug 1228470SUSE bug 1228518SUSE bug 1228520SUSE bug 1228530SUSE bug 1228561SUSE bug 1228565SUSE bug 1228580SUSE bug 1228581SUSE bug 1228591SUSE bug 1228599SUSE bug 1228617SUSE bug 1228625SUSE bug 1228626SUSE bug 1228633SUSE bug 1228640SUSE bug 1228644SUSE bug 1228649SUSE bug 1228655SUSE bug 1228665SUSE bug 1228672SUSE bug 1228680SUSE bug 1228705SUSE bug 1228723SUSE bug 1228743SUSE bug 1228756SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857CVE-2021-47086 at SUSECVE-2021-47086 at NVDCVE-2021-47103 at SUSECVE-2021-47103 at NVDCVE-2021-47186 at SUSECVE-2021-47186 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2021-47547 at SUSECVE-2021-47547 at NVDCVE-2021-47588 at SUSECVE-2021-47588 at NVDCVE-2021-47590 at SUSECVE-2021-47590 at NVDCVE-2021-47591 at SUSECVE-2021-47591 at NVDCVE-2021-47593 at SUSECVE-2021-47593 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47599 at SUSECVE-2021-47599 at NVDCVE-2021-47606 at SUSECVE-2021-47606 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47623 at SUSECVE-2021-47623 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48785 at SUSECVE-2022-48785 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48809 at SUSECVE-2022-48809 at NVDCVE-2022-48810 at SUSECVE-2022-48810 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48844 at SUSECVE-2022-48844 at NVDCVE-2022-48846 at SUSECVE-2022-48846 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48850 at SUSECVE-2022-48850 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48852 at SUSECVE-2022-48852 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48855 at SUSECVE-2022-48855 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48864 at SUSECVE-2022-48864 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-52435 at SUSECVE-2023-52435 at NVDCVE-2023-52573 at SUSECVE-2023-52573 at NVDCVE-2023-52580 at SUSECVE-2023-52580 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52751 at SUSECVE-2023-52751 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52775 at SUSECVE-2023-52775 at NVDCVE-2023-52812 at SUSECVE-2023-52812 at NVDCVE-2023-52857 at SUSECVE-2023-52857 at NVDCVE-2023-52863 at SUSECVE-2023-52863 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-25741 at SUSECVE-2024-25741 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26615 at SUSECVE-2024-26615 at NVDCVE-2024-26633 at SUSECVE-2024-26633 at NVDCVE-2024-26635 at SUSECVE-2024-26635 at NVDCVE-2024-26636 at SUSECVE-2024-26636 at NVDCVE-2024-26641 at SUSECVE-2024-26641 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26663 at SUSECVE-2024-26663 at NVDCVE-2024-26665 at SUSECVE-2024-26665 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26802 at SUSECVE-2024-26802 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26863 at SUSECVE-2024-26863 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26961 at SUSECVE-2024-26961 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-27015 at SUSECVE-2024-27015 at NVDCVE-2024-27019 at SUSECVE-2024-27019 at NVDCVE-2024-27020 at SUSECVE-2024-27020 at NVDCVE-2024-27025 at SUSECVE-2024-27025 at NVDCVE-2024-27065 at SUSECVE-2024-27065 at NVDCVE-2024-27402 at SUSECVE-2024-27402 at NVDCVE-2024-27437 at SUSECVE-2024-27437 at NVDCVE-2024-35805 at SUSECVE-2024-35805 at NVDCVE-2024-35819 at SUSECVE-2024-35819 at NVDCVE-2024-35837 at SUSECVE-2024-35837 at NVDCVE-2024-35853 at SUSECVE-2024-35853 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35855 at SUSECVE-2024-35855 at NVDCVE-2024-35889 at SUSECVE-2024-35889 at NVDCVE-2024-35890 at SUSECVE-2024-35890 at NVDCVE-2024-35893 at SUSECVE-2024-35893 at NVDCVE-2024-35899 at SUSECVE-2024-35899 at NVDCVE-2024-35934 at SUSECVE-2024-35934 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-35961 at SUSECVE-2024-35961 at NVDCVE-2024-35979 at SUSECVE-2024-35979 at NVDCVE-2024-35995 at SUSECVE-2024-35995 at NVDCVE-2024-36000 at SUSECVE-2024-36000 at NVDCVE-2024-36004 at SUSECVE-2024-36004 at NVDCVE-2024-36288 at SUSECVE-2024-36288 at NVDCVE-2024-36889 at SUSECVE-2024-36889 at NVDCVE-2024-36901 at SUSECVE-2024-36901 at NVDCVE-2024-36902 at SUSECVE-2024-36902 at NVDCVE-2024-36909 at SUSECVE-2024-36909 at NVDCVE-2024-36910 at SUSECVE-2024-36910 at NVDCVE-2024-36911 at SUSECVE-2024-36911 at NVDCVE-2024-36912 at SUSECVE-2024-36912 at NVDCVE-2024-36913 at SUSECVE-2024-36913 at NVDCVE-2024-36914 at SUSECVE-2024-36914 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36923 at SUSECVE-2024-36923 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36939 at SUSECVE-2024-36939 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36946 at SUSECVE-2024-36946 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38558 at SUSECVE-2024-38558 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38570 at SUSECVE-2024-38570 at NVDCVE-2024-38586 at SUSECVE-2024-38586 at NVDCVE-2024-38588 at SUSECVE-2024-38588 at NVDCVE-2024-38598 at SUSECVE-2024-38598 at NVDCVE-2024-38628 at SUSECVE-2024-38628 at NVDCVE-2024-39276 at SUSECVE-2024-39276 at NVDCVE-2024-39371 at SUSECVE-2024-39371 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39472 at SUSECVE-2024-39472 at NVDCVE-2024-39475 at SUSECVE-2024-39475 at NVDCVE-2024-39482 at SUSECVE-2024-39482 at NVDCVE-2024-39487 at SUSECVE-2024-39487 at NVDCVE-2024-39488 at SUSECVE-2024-39488 at NVDCVE-2024-39490 at SUSECVE-2024-39490 at NVDCVE-2024-39493 at SUSECVE-2024-39493 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-39497 at SUSECVE-2024-39497 at NVDCVE-2024-39499 at SUSECVE-2024-39499 at NVDCVE-2024-39500 at SUSECVE-2024-39500 at NVDCVE-2024-39501 at SUSECVE-2024-39501 at NVDCVE-2024-39502 at SUSECVE-2024-39502 at NVDCVE-2024-39505 at SUSECVE-2024-39505 at NVDCVE-2024-39506 at SUSECVE-2024-39506 at NVDCVE-2024-39507 at SUSECVE-2024-39507 at NVDCVE-2024-39508 at SUSECVE-2024-39508 at NVDCVE-2024-39509 at SUSECVE-2024-39509 at NVDCVE-2024-40900 at SUSECVE-2024-40900 at NVDCVE-2024-40901 at SUSECVE-2024-40901 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40903 at SUSECVE-2024-40903 at NVDCVE-2024-40904 at SUSECVE-2024-40904 at NVDCVE-2024-40906 at SUSECVE-2024-40906 at NVDCVE-2024-40908 at SUSECVE-2024-40908 at NVDCVE-2024-40909 at SUSECVE-2024-40909 at NVDCVE-2024-40911 at SUSECVE-2024-40911 at NVDCVE-2024-40912 at SUSECVE-2024-40912 at NVDCVE-2024-40916 at SUSECVE-2024-40916 at NVDCVE-2024-40919 at SUSECVE-2024-40919 at NVDCVE-2024-40923 at SUSECVE-2024-40923 at NVDCVE-2024-40924 at SUSECVE-2024-40924 at NVDCVE-2024-40927 at SUSECVE-2024-40927 at NVDCVE-2024-40929 at SUSECVE-2024-40929 at NVDCVE-2024-40931 at SUSECVE-2024-40931 at NVDCVE-2024-40932 at SUSECVE-2024-40932 at NVDCVE-2024-40934 at SUSECVE-2024-40934 at NVDCVE-2024-40935 at SUSECVE-2024-40935 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40940 at SUSECVE-2024-40940 at NVDCVE-2024-40941 at SUSECVE-2024-40941 at NVDCVE-2024-40942 at SUSECVE-2024-40942 at NVDCVE-2024-40943 at SUSECVE-2024-40943 at NVDCVE-2024-40945 at SUSECVE-2024-40945 at NVDCVE-2024-40953 at SUSECVE-2024-40953 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40958 at SUSECVE-2024-40958 at NVDCVE-2024-40959 at SUSECVE-2024-40959 at NVDCVE-2024-40960 at SUSECVE-2024-40960 at NVDCVE-2024-40961 at SUSECVE-2024-40961 at NVDCVE-2024-40966 at SUSECVE-2024-40966 at NVDCVE-2024-40967 at SUSECVE-2024-40967 at NVDCVE-2024-40970 at SUSECVE-2024-40970 at NVDCVE-2024-40972 at SUSECVE-2024-40972 at NVDCVE-2024-40976 at SUSECVE-2024-40976 at NVDCVE-2024-40977 at SUSECVE-2024-40977 at NVDCVE-2024-40981 at SUSECVE-2024-40981 at NVDCVE-2024-40982 at SUSECVE-2024-40982 at NVDCVE-2024-40984 at SUSECVE-2024-40984 at NVDCVE-2024-40987 at SUSECVE-2024-40987 at NVDCVE-2024-40988 at SUSECVE-2024-40988 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40990 at SUSECVE-2024-40990 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-40998 at SUSECVE-2024-40998 at NVDCVE-2024-40999 at SUSECVE-2024-40999 at NVDCVE-2024-41002 at SUSECVE-2024-41002 at NVDCVE-2024-41004 at SUSECVE-2024-41004 at NVDCVE-2024-41006 at SUSECVE-2024-41006 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41013 at SUSECVE-2024-41013 at NVDCVE-2024-41014 at SUSECVE-2024-41014 at NVDCVE-2024-41015 at SUSECVE-2024-41015 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41017 at SUSECVE-2024-41017 at NVDCVE-2024-41040 at SUSECVE-2024-41040 at NVDCVE-2024-41041 at SUSECVE-2024-41041 at NVDCVE-2024-41044 at SUSECVE-2024-41044 at NVDCVE-2024-41048 at SUSECVE-2024-41048 at NVDCVE-2024-41057 at SUSECVE-2024-41057 at NVDCVE-2024-41058 at SUSECVE-2024-41058 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41063 at SUSECVE-2024-41063 at NVDCVE-2024-41064 at SUSECVE-2024-41064 at NVDCVE-2024-41066 at SUSECVE-2024-41066 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41070 at SUSECVE-2024-41070 at NVDCVE-2024-41071 at SUSECVE-2024-41071 at NVDCVE-2024-41072 at SUSECVE-2024-41072 at NVDCVE-2024-41076 at SUSECVE-2024-41076 at NVDCVE-2024-41078 at SUSECVE-2024-41078 at NVDCVE-2024-41081 at SUSECVE-2024-41081 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-41091 at SUSECVE-2024-41091 at NVDCVE-2024-42070 at SUSECVE-2024-42070 at NVDCVE-2024-42079 at SUSECVE-2024-42079 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42096 at SUSECVE-2024-42096 at NVDCVE-2024-42105 at SUSECVE-2024-42105 at NVDCVE-2024-42122 at SUSECVE-2024-42122 at NVDCVE-2024-42124 at SUSECVE-2024-42124 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42161 at SUSECVE-2024-42161 at NVDCVE-2024-42224 at SUSECVE-2024-42224 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:opensuse:leap:15.5Security update for python39-setuptools (Important)openSUSE Leap 15.5
This update for python39-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:opensuse:leap:15.5Security update for python310-setuptools (Important)openSUSE Leap 15.5
This update for python310-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Pillow (Moderate)openSUSE Leap 15.5
This update for python-Pillow fixes the following issues:
- CVE-2022-45198: Fixed improper handling of highly compressed GIF data (bsc#1205416)
ModerateSUSE bug 1205416CVE-2022-45198 at SUSECVE-2022-45198 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.25 (Moderate)openSUSE Leap 15.5
This update for kubernetes1.25 fixes the following issues:
- CVE-2021-25743: Fixed sanitization of raw data of escape, meta or control sequences before output it to terminal (bsc#1194400)
Other fixes:
- Included kubernetes1.25-client package. (jsc#PED-5755)
ModerateSUSE bug 1194400CVE-2021-25743 at SUSECVE-2021-25743 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391).
- CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426).
- CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448).
- CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452).
- CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467).
- CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514).
- CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518).
- CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571).
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071).
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869).
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080).
- CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719).
- CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603).
- CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696).
- CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614).
- CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504).
- CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475).
- CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487).
- CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946).
- CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602).
- CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935).
- CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951).
- CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585).
- CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050).
- CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611).
- CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086)
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323).
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809).
- CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810).
- CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013).
- CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948).
- CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749).
- CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619).
- CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766).
- CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764).
- CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765).
- CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679).
- CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520).
- CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498).
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497).
- CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661).
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700).
- CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703).
- CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674)
- CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677).
- CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588).
- CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585).
- CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572).
- CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557).
- CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539).
- CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540).
- CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681).
- CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698).
- CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699).
- CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841).
- CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949).
- CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714).
- CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749).
- CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737).
- CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726).
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759).
- CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760).
- CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840).
- CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872)
- CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866).
- CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514).
- CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950).
- CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066).
- CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101).
- CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595).
- CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774).
- CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785).
- CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786).
- CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789).
- CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634).
- CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734).
- CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842).
- CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746).
- CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883).
- CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996).
- CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103).
- CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435)
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722).
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810).
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518).
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520).
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565).
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580).
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626).
- CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617).
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470).
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591).
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705).
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723).
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- acpi: EC: Abort address space access upon error (stable-fixes).
- acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes).
- acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- acpi: x86: Force StorageD3Enable on more products (stable-fixes).
- acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes).
- alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- alsa: emux: improve patch ioctl data validation (stable-fixes).
- alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes).
- alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes).
- alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes).
- alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes).
- alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes).
- alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes).
- alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes).
- alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes).
- alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- alsa: timer: Set lower bound of start tick time (stable-fixes).
- alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes).
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690).
- arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690).
- arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690).
- arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690).
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- asoc: amd: acp: add a null check for chip_pdev structure (git-fixes).
- asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes).
- asoc: amd: Adjust error handling in case of absent codec device (git-fixes).
- asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes).
- asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes).
- asoc: max98088: Check for clk_prepare_enable() error (git-fixes).
- asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes).
- asoc: rt715-sdca: volume step modification (stable-fixes).
- asoc: rt715: add vendor clear control register (stable-fixes).
- asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- ata: ahci: Clean up sysfs file on error (git-fixes).
- ata: libata-core: Fix double free on error (git-fixes).
- ata: libata-core: Fix null pointer dereference on error (git-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block, loop: support partitions without scanning (bsc#1227162).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes).
- bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes).
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- cachefiles: remove requests from xarray during flushing requests (bsc#1226588).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022).
- ceph: always check dir caps asynchronously (bsc#1226022).
- ceph: always queue a writeback when revoking the Fb caps (bsc#1226022).
- ceph: break the check delayed cap loop every 5s (bsc#1226022).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022).
- cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254).
- cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254).
- cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254).
- cgroup: preserve KABI of cgroup_root (bsc#1222254).
- cgroup: Remove unnecessary list_empty() (bsc#1222254).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN .
- checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes).
- cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368).
- cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes).
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drivers: core: synchronize really_probe() and dev_uevent() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Add dtbclk access to dcn315 (stable-fixes).
- drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes).
- drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes).
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes).
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amdgpu: Update BO eviction priorities (stable-fixes).
- drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu/mes: fix use-after-free issue (stable-fixes).
- drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes).
- drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes).
- drm/amdkfd: Rework kfd_locked handling (bsc#1225872)
- drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes).
- drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/dpt: Make DPT object unshrinkable (git-fixes).
- drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes).
- drm/i915/guc: avoid FIELD_PREP warning (git-fixes).
- drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes).
- drm/komeda: check for error-valued pointer (git-fixes).
- drm/lima: add mask irq callback to gp and pp (stable-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/lima: mask irqs in timeout path before hard reset (stable-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes).
- drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes).
- drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes).
- drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes).
- drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: davinci: Validate the obtained number of IRQs (git-fixes).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- gpio: tqmx86: fix typo in Kconfig label (git-fixes).
- gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes).
- gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- hid: Add quirk for Logitech Casa touchpad (stable-fixes).
- hid: core: remove unnecessary WARN_ON() in implement() (git-fixes).
- hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes).
- hid: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- hwmon: (shtc1) Fix property misspelling (git-fixes).
- i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: ocores: set IACK bit after core is enabled (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- i2c: testunit: discard write requests while old command is running (git-fixes).
- i2c: testunit: do not erase registers after STOP (git-fixes).
- iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes).
- iio: adc: ad7266: Fix variable checking bug (git-fixes).
- iio: adc: ad9467: fix scan type sign (git-fixes).
- iio: chemical: bme680: Fix calibration data variable (git-fixes).
- iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes).
- iio: chemical: bme680: Fix pressure value output (git-fixes).
- iio: chemical: bme680: Fix sensor data read operation (git-fixes).
- iio: dac: ad5592r: fix temperature channel scaling value (git-fixes).
- iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes).
- input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes).
- input: qt1050 - handle CHIP_ID reading error (git-fixes).
- input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu: mtk: fix module autoloading (git-fixes).
- iommu: Return right value in iommu_sva_bind_device() (git-fixes).
- iommu/amd: Fix sysfs leak in iommu init (git-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958)
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kabi: bpf: callback fixes kABI workaround (bsc#1225903).
- kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kabi: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274).
- kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes).
- kconfig: doc: fix a typo in the note about 'imply' (git-fixes).
- kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes).
- kernel-binary: vdso: Own module_dir
- kernel-doc: fix struct_group_tagged() parsing (git-fixes).
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869).
- kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- kvm: x86: Add IBPB_BRTYPE support (bsc#1228079).
- kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes).
- kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: flexcop-usb: clean up endpoint sanity checks (stable-fixes).
- media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes).
- media: lgdt3306a: Add a check against null-pointer-def (stable-fixes).
- media: mxl5xx: Move xpt structures off stack (stable-fixes).
- media: radio-shark2: Avoid led_names truncations (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mei: me: release irq in mei_me_pci_resume error path (git-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mkspec-dtb: add toplevel symlinks also on arm
- mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes).
- mmc: core: Do not force a retune before RPMB switch (stable-fixes).
- mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes).
- mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes).
- mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes).
- mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes).
- mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes).
- mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes).
- mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes).
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes).
- mmc: sdhci: Do not invert write-protect twice (git-fixes).
- mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes).
- mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes).
- mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes).
- net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes).
- net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes).
- net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes).
- net: ena: Fix redundant device NUMA node override (jsc#PED-8690).
- net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes).
- net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes).
- net: usb: ax88179_178a: improve link status logs (git-fixes).
- net: usb: ax88179_178a: improve reset check (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes).
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes).
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- net/mlx5e: Fix a race in command alloc flow (git-fixes).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847).
- nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226).
- nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- nfsd enforce filehandle check for source file in COPY (git-fixes).
- nfsd: Add an nfsd_file_fsync tracepoint (git-fixes).
- nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- nfsd: Clean up nfsd_open_verified() (git-fixes).
- nfsd: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up unused code after rhashtable conversion (git-fixes).
- nfsd: Convert filecache to rhltable (git-fixes).
- nfsd: Convert the filecache to use rhashtable (git-fixes).
- nfsd: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- nfsd: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- nfsd: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- nfsd: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- nfsd: Flesh out a documenting comment for filecache.c (git-fixes).
- nfsd: handle errors better in write_ports_addfd() (git-fixes).
- nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- nfsd: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- nfsd: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- nfsd: nfsd_file_put() can sleep (git-fixes).
- nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- nfsd: No longer record nf_hashval in the trace log (git-fixes).
- nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912).
- nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- nfsd: Record number of flush calls (git-fixes).
- nfsd: Refactor __nfsd_file_close_inode() (git-fixes).
- nfsd: Refactor nfsd_create_setattr() (git-fixes).
- nfsd: Refactor nfsd_file_gc() (git-fixes).
- nfsd: Refactor nfsd_file_lru_scan() (git-fixes).
- nfsd: Refactor NFSv3 CREATE (git-fixes).
- nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- nfsd: Remove do_nfsd_create() (git-fixes).
- nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- nfsd: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- nfsd: Replace the 'init once' mechanism (git-fixes).
- nfsd: Report average age of filecache items (git-fixes).
- nfsd: Report count of calls to nfsd_file_acquire() (git-fixes).
- nfsd: Report count of freed filecache items (git-fixes).
- nfsd: Report filecache LRU size (git-fixes).
- nfsd: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- nfsd: Separate tracepoints for acquire and create (git-fixes).
- nfsd: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- nfsd: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- nfsd: Trace filecache LRU activity (git-fixes).
- nfsd: Trace filecache opens (git-fixes).
- nfsd: update comment over __nfsd_file_cache_purge (git-fixes).
- nfsd: verify the opened dentry after setting a delegation (git-fixes).
- nfsd: WARN when freeing an item still linked via nf_lru (git-fixes).
- nfsd: Write verifier might go backwards (git-fixes).
- nfsd: Zero counters when the filecache is re-initialized (git-fixes).
- nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nfsv4: Fixup smatch warning for ambiguous return (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: ensure reset state check ordering (bsc#1215492).
- nvme: find numa distance only if controller has valid numa id (git-fixes).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet-passthru: propagate status from id override functions (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- ocfs2: adjust enabling place for la window (bsc#1219224).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: fix sparse warnings (bsc#1219224).
- ocfs2: improve write IO performance when fragmentation is high (bsc#1219224).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: speed up chain-list searching (bsc#1219224).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- pci: Clear Secondary Status errors after enumeration (bsc#1226928)
- pci: Extend ACS configurability (bsc#1228090).
- pci: Fix resource double counting on remove & rescan (git-fixes).
- pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- pci: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- pci: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pci/aspm: Update save_state when configuration changes (bsc#1226915)
- pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes).
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes).
- pinctrl: rockchip: update rk3308 iomux routes (git-fixes).
- pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- pwm: stm32: Always do lazy disabling (git-fixes).
- random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953).
- ras/amd/atl: Fix MI300 bank hash (bsc#1225300).
- ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300).
- rdma/cache: Release GID table even if leak is detected (git-fixes)
- rdma/device: Return error earlier if port in not valid (git-fixes)
- rdma/hns: Check atomic wr length (git-fixes)
- rdma/hns: Fix incorrect sge nums calculation (git-fixes)
- rdma/hns: Fix insufficient extend DB for VFs. (git-fixes)
- rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- rdma/irdma: Drop unused kernel push code (git-fixes)
- rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- rdma/mana_ib: Ignore optional access flags for MRs (git-fixes).
- rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- rdma/mlx4: Fix truncated output warning in mad.c (git-fixes)
- rdma/mlx5: Add check for srq max_sge attribute (git-fixes)
- rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- rdma/restrack: Fix potential invalid address access (git-fixes)
- rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- regulator: bd71815: fix ramp values (git-fixes).
- regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes).
- regulator: irq_helpers: duplicate IRQ name (stable-fixes).
- regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes).
- Revert 'Add remote for nfs maintainer'
- Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783).
- Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783).
- Revert 'build initrd without systemd' (bsc#1195775)'.
- Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
- Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rpm/guards: fix precedence issue with control flow operator
- rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212)
- rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211)
- rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2.
- rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- smb: client: ensure to try all targets when finding nested links (bsc#1224020).
- smb: client: guarantee refcounted children from parent session (bsc#1224679.
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- soundwire: cadence: fix invalid PDI offset (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- spi: stm32: Do not warn about spurious interrupts (git-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- sunrpc: Fix gss_free_in_token_pages() (git-fixes).
- sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- sunrpc: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570)
- supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional.
- supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems.
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- tty: mcf: MCF54418 has 10 UARTS (git-fixes).
- usb-storage: alauda: Check whether the media is initialized (git-fixes).
- usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes).
- usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: fotg210-hcd: delete an incorrect bounds test (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: fix races against disable (git-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- usb: musb: da8xx: fix a resource leak in probe() (git-fixes).
- usb: serial: mos7840: fix crash on resume (git-fixes).
- usb: serial: option: add Fibocom FM350-GL (stable-fixes).
- usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- usb: serial: option: add Rolling RW350-GL variants (stable-fixes).
- usb: serial: option: add support for Foxconn T99W651 (stable-fixes).
- usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- usb: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes).
- usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes).
- usb: typec: ucsi: Ack also failed Get Error commands (git-fixes).
- usb: typec: ucsi: Never send a lone connector change ack (git-fixes).
- usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- usb: xhci-plat: fix legacy PHY double init (git-fixes).
- usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes).
- usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes).
- usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes).
- watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes).
- watchdog: bd9576: Drop 'always-running' property (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes).
- wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes).
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes).
- wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes).
- wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x.509: Fix the parser of extended key usage for length (bsc#1218820).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mce: Dynamically size space for machine check records (bsc#1222241).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xfs: make sure sb_fdblocks is non-negative (bsc#1225419).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Fix failure to detect ring expansion need (git-fixes).
- xhci: fix matching completion events with TDs (git-fixes).
- xhci: Fix transfer ring expansion size calculation (git-fixes).
- xhci: Handle TD clearing for multiple streams case (git-fixes).
- xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes).
- xhci: restre deleted trb fields for tracing (git-fixes).
- xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
- xhci: Simplify event ring dequeue pointer update for port change events (git-fixes).
- xhci: simplify event ring dequeue tracking for transfer events (git-fixes).
- xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes).
- xhci: update event ring dequeue pointer position to controller correctly (git-fixes).
ImportantSUSE bug 1082555SUSE bug 1156395SUSE bug 1190336SUSE bug 1191958SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1193883SUSE bug 1194324SUSE bug 1194826SUSE bug 1194869SUSE bug 1195065SUSE bug 1195254SUSE bug 1195341SUSE bug 1195349SUSE bug 1195357SUSE bug 1195668SUSE bug 1195775SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196746SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1197915SUSE bug 1198014SUSE bug 1199295SUSE bug 1202346SUSE bug 1202686SUSE bug 1202767SUSE bug 1202780SUSE bug 1205205SUSE bug 1207361SUSE bug 1208783SUSE bug 1209636SUSE bug 1213123SUSE bug 1215492SUSE bug 1215587SUSE bug 1216834SUSE bug 1217912SUSE bug 1218148SUSE bug 1218570SUSE bug 1218820SUSE bug 1219224SUSE bug 1219633SUSE bug 1219832SUSE bug 1219847SUSE bug 1220138SUSE bug 1220185SUSE bug 1220186SUSE bug 1220368SUSE bug 1220812SUSE bug 1220869SUSE bug 1220876SUSE bug 1220942SUSE bug 1220952SUSE bug 1220958SUSE bug 1221010SUSE bug 1221086SUSE bug 1221282SUSE bug 1221647SUSE bug 1221654SUSE bug 1221656SUSE bug 1221659SUSE bug 1221958SUSE bug 1222015SUSE bug 1222072SUSE bug 1222080SUSE bug 1222241SUSE bug 1222254SUSE bug 1222323SUSE bug 1222326SUSE bug 1222328SUSE bug 1222364SUSE bug 1222625SUSE bug 1222702SUSE bug 1222728SUSE bug 1222799SUSE bug 1222809SUSE bug 1222810SUSE bug 1222893SUSE bug 1223013SUSE bug 1223018SUSE bug 1223021SUSE bug 1223180SUSE bug 1223265SUSE bug 1223384SUSE bug 1223635SUSE bug 1223641SUSE bug 1223652SUSE bug 1223675SUSE bug 1223778SUSE bug 1223806SUSE bug 1223813SUSE bug 1223815SUSE bug 1223836SUSE bug 1223863SUSE bug 1224020SUSE bug 1224331SUSE bug 1224414SUSE bug 1224488SUSE bug 1224497SUSE bug 1224498SUSE bug 1224499SUSE bug 1224500SUSE bug 1224504SUSE bug 1224512SUSE bug 1224516SUSE bug 1224517SUSE bug 1224520SUSE bug 1224539SUSE bug 1224540SUSE bug 1224545SUSE bug 1224548SUSE bug 1224552SUSE bug 1224557SUSE bug 1224572SUSE bug 1224573SUSE bug 1224583SUSE bug 1224585SUSE bug 1224588SUSE bug 1224602SUSE bug 1224603SUSE bug 1224604SUSE bug 1224605SUSE bug 1224612SUSE bug 1224614SUSE bug 1224619SUSE bug 1224636SUSE bug 1224641SUSE bug 1224661SUSE bug 1224662SUSE bug 1224670SUSE bug 1224671SUSE bug 1224674SUSE bug 1224677SUSE bug 1224679SUSE bug 1224683SUSE bug 1224694SUSE bug 1224696SUSE bug 1224700SUSE bug 1224703SUSE bug 1224712SUSE bug 1224716SUSE bug 1224719SUSE bug 1224735SUSE bug 1224743SUSE bug 1224749SUSE bug 1224764SUSE bug 1224765SUSE bug 1224766SUSE bug 1224935SUSE bug 1224946SUSE bug 1224951SUSE bug 1225050SUSE bug 1225088SUSE bug 1225098SUSE bug 1225105SUSE bug 1225272SUSE bug 1225300SUSE bug 1225389SUSE bug 1225391SUSE bug 1225419SUSE bug 1225426SUSE bug 1225448SUSE bug 1225452SUSE bug 1225467SUSE bug 1225475SUSE bug 1225484SUSE bug 1225487SUSE bug 1225489SUSE bug 1225504SUSE bug 1225505SUSE bug 1225514SUSE bug 1225518SUSE bug 1225535SUSE bug 1225564SUSE bug 1225573SUSE bug 1225581SUSE bug 1225585SUSE bug 1225586SUSE bug 1225602SUSE bug 1225611SUSE bug 1225681SUSE bug 1225692SUSE bug 1225698SUSE bug 1225699SUSE bug 1225704SUSE bug 1225711SUSE bug 1225714SUSE bug 1225717SUSE bug 1225719SUSE bug 1225726SUSE bug 1225732SUSE bug 1225737SUSE bug 1225744SUSE bug 1225745SUSE bug 1225746SUSE bug 1225749SUSE bug 1225752SUSE bug 1225753SUSE bug 1225757SUSE bug 1225758SUSE bug 1225759SUSE bug 1225760SUSE bug 1225767SUSE bug 1225770SUSE bug 1225815SUSE bug 1225823SUSE bug 1225834SUSE bug 1225838SUSE bug 1225840SUSE bug 1225851SUSE bug 1225866SUSE bug 1225872SUSE bug 1225894SUSE bug 1225903SUSE bug 1226022SUSE bug 1226131SUSE bug 1226145SUSE bug 1226149SUSE bug 1226155SUSE bug 1226202SUSE bug 1226211SUSE bug 1226212SUSE bug 1226226SUSE bug 1226502SUSE bug 1226514SUSE bug 1226519SUSE bug 1226520SUSE bug 1226537SUSE bug 1226538SUSE bug 1226539SUSE bug 1226550SUSE bug 1226551SUSE bug 1226552SUSE bug 1226553SUSE bug 1226554SUSE bug 1226555SUSE bug 1226556SUSE bug 1226557SUSE bug 1226558SUSE bug 1226559SUSE bug 1226561SUSE bug 1226562SUSE bug 1226563SUSE bug 1226564SUSE bug 1226565SUSE bug 1226566SUSE bug 1226567SUSE bug 1226568SUSE bug 1226569SUSE bug 1226570SUSE bug 1226571SUSE bug 1226572SUSE bug 1226574SUSE bug 1226575SUSE bug 1226576SUSE bug 1226577SUSE bug 1226579SUSE bug 1226580SUSE bug 1226581SUSE bug 1226582SUSE bug 1226583SUSE bug 1226585SUSE bug 1226587SUSE bug 1226588SUSE bug 1226593SUSE bug 1226595SUSE bug 1226597SUSE bug 1226601SUSE bug 1226602SUSE bug 1226603SUSE bug 1226607SUSE bug 1226610SUSE bug 1226614SUSE bug 1226616SUSE bug 1226617SUSE bug 1226618SUSE bug 1226619SUSE bug 1226621SUSE bug 1226622SUSE bug 1226624SUSE bug 1226626SUSE bug 1226628SUSE bug 1226629SUSE bug 1226632SUSE bug 1226633SUSE bug 1226634SUSE bug 1226637SUSE bug 1226643SUSE bug 1226644SUSE bug 1226645SUSE bug 1226647SUSE bug 1226650SUSE bug 1226653SUSE bug 1226657SUSE bug 1226658SUSE bug 1226669SUSE bug 1226670SUSE bug 1226672SUSE bug 1226673SUSE bug 1226674SUSE bug 1226675SUSE bug 1226678SUSE bug 1226679SUSE bug 1226683SUSE bug 1226685SUSE bug 1226686SUSE bug 1226690SUSE bug 1226691SUSE bug 1226692SUSE bug 1226693SUSE bug 1226696SUSE bug 1226697SUSE bug 1226698SUSE bug 1226699SUSE bug 1226701SUSE bug 1226702SUSE bug 1226703SUSE bug 1226704SUSE bug 1226705SUSE bug 1226706SUSE bug 1226708SUSE bug 1226709SUSE bug 1226710SUSE bug 1226711SUSE bug 1226712SUSE bug 1226713SUSE bug 1226715SUSE bug 1226716SUSE bug 1226718SUSE bug 1226719SUSE bug 1226720SUSE bug 1226721SUSE bug 1226730SUSE bug 1226732SUSE bug 1226734SUSE bug 1226735SUSE bug 1226737SUSE bug 1226738SUSE bug 1226739SUSE bug 1226740SUSE bug 1226744SUSE bug 1226746SUSE bug 1226747SUSE bug 1226749SUSE bug 1226750SUSE bug 1226754SUSE bug 1226757SUSE bug 1226762SUSE bug 1226764SUSE bug 1226767SUSE bug 1226768SUSE bug 1226769SUSE bug 1226771SUSE bug 1226774SUSE bug 1226775SUSE bug 1226777SUSE bug 1226780SUSE bug 1226781SUSE bug 1226783SUSE bug 1226785SUSE bug 1226786SUSE bug 1226789SUSE bug 1226791SUSE bug 1226834SUSE bug 1226837SUSE bug 1226839SUSE bug 1226840SUSE bug 1226841SUSE bug 1226842SUSE bug 1226848SUSE bug 1226852SUSE bug 1226857SUSE bug 1226861SUSE bug 1226863SUSE bug 1226864SUSE bug 1226867SUSE bug 1226868SUSE bug 1226876SUSE bug 1226878SUSE bug 1226883SUSE bug 1226886SUSE bug 1226890SUSE bug 1226891SUSE bug 1226895SUSE bug 1226908SUSE bug 1226911SUSE bug 1226915SUSE bug 1226928SUSE bug 1226948SUSE bug 1226949SUSE bug 1226950SUSE bug 1226953SUSE bug 1226962SUSE bug 1226976SUSE bug 1226990SUSE bug 1226992SUSE bug 1226993SUSE bug 1226994SUSE bug 1226996SUSE bug 1227066SUSE bug 1227090SUSE bug 1227096SUSE bug 1227101SUSE bug 1227103SUSE bug 1227121SUSE bug 1227157SUSE bug 1227162SUSE bug 1227274SUSE bug 1227362SUSE bug 1227383SUSE bug 1227432SUSE bug 1227435SUSE bug 1227447SUSE bug 1227487SUSE bug 1227573SUSE bug 1227618SUSE bug 1227620SUSE bug 1227626SUSE bug 1227635SUSE bug 1227661SUSE bug 1227716SUSE bug 1227722SUSE bug 1227724SUSE bug 1227725SUSE bug 1227728SUSE bug 1227729SUSE bug 1227730SUSE bug 1227732SUSE bug 1227733SUSE bug 1227750SUSE bug 1227754SUSE bug 1227755SUSE bug 1227760SUSE bug 1227762SUSE bug 1227763SUSE bug 1227764SUSE bug 1227766SUSE bug 1227770SUSE bug 1227771SUSE bug 1227772SUSE bug 1227774SUSE bug 1227779SUSE bug 1227780SUSE bug 1227783SUSE bug 1227786SUSE bug 1227787SUSE bug 1227790SUSE bug 1227792SUSE bug 1227796SUSE bug 1227797SUSE bug 1227798SUSE bug 1227800SUSE bug 1227802SUSE bug 1227806SUSE bug 1227808SUSE bug 1227810SUSE bug 1227812SUSE bug 1227813SUSE bug 1227814SUSE bug 1227816SUSE bug 1227820SUSE bug 1227823SUSE bug 1227824SUSE bug 1227828SUSE bug 1227829SUSE bug 1227836SUSE bug 1227846SUSE bug 1227849SUSE bug 1227851SUSE bug 1227862SUSE bug 1227864SUSE bug 1227865SUSE bug 1227866SUSE bug 1227870SUSE bug 1227884SUSE bug 1227886SUSE bug 1227891SUSE bug 1227893SUSE bug 1227899SUSE bug 1227900SUSE bug 1227910SUSE bug 1227913SUSE bug 1227917SUSE bug 1227919SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227927SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227936SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227947SUSE bug 1227948SUSE bug 1227949SUSE bug 1227950SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227957SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227992SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228003SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228011SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228020SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228067SUSE bug 1228068SUSE bug 1228071SUSE bug 1228079SUSE bug 1228090SUSE bug 1228114SUSE bug 1228140SUSE bug 1228190SUSE bug 1228191SUSE bug 1228226SUSE bug 1228235SUSE bug 1228247SUSE bug 1228327SUSE bug 1228328SUSE bug 1228330SUSE bug 1228403SUSE bug 1228405SUSE bug 1228408SUSE bug 1228409SUSE bug 1228410SUSE bug 1228418SUSE bug 1228459SUSE bug 1228462SUSE bug 1228470SUSE bug 1228518SUSE bug 1228520SUSE bug 1228530SUSE bug 1228561SUSE bug 1228565SUSE bug 1228580SUSE bug 1228581SUSE bug 1228591SUSE bug 1228599SUSE bug 1228617SUSE bug 1228625SUSE bug 1228626SUSE bug 1228633SUSE bug 1228640SUSE bug 1228644SUSE bug 1228649SUSE bug 1228655SUSE bug 1228665SUSE bug 1228672SUSE bug 1228680SUSE bug 1228705SUSE bug 1228723SUSE bug 1228743SUSE bug 1228756SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857CVE-2021-4439 at SUSECVE-2021-4439 at NVDCVE-2021-47086 at SUSECVE-2021-47086 at NVDCVE-2021-47089 at SUSECVE-2021-47089 at NVDCVE-2021-47103 at SUSECVE-2021-47103 at NVDCVE-2021-47186 at SUSECVE-2021-47186 at NVDCVE-2021-47432 at SUSECVE-2021-47432 at NVDCVE-2021-47515 at SUSECVE-2021-47515 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47538 at SUSECVE-2021-47538 at NVDCVE-2021-47539 at SUSECVE-2021-47539 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2021-47547 at SUSECVE-2021-47547 at NVDCVE-2021-47555 at SUSECVE-2021-47555 at NVDCVE-2021-47566 at SUSECVE-2021-47566 at NVDCVE-2021-47571 at SUSECVE-2021-47571 at NVDCVE-2021-47572 at SUSECVE-2021-47572 at NVDCVE-2021-47576 at SUSECVE-2021-47576 at NVDCVE-2021-47577 at SUSECVE-2021-47577 at NVDCVE-2021-47578 at SUSECVE-2021-47578 at NVDCVE-2021-47580 at SUSECVE-2021-47580 at NVDCVE-2021-47582 at SUSECVE-2021-47582 at NVDCVE-2021-47583 at SUSECVE-2021-47583 at NVDCVE-2021-47584 at SUSECVE-2021-47584 at NVDCVE-2021-47585 at SUSECVE-2021-47585 at NVDCVE-2021-47586 at SUSECVE-2021-47586 at NVDCVE-2021-47587 at SUSECVE-2021-47587 at NVDCVE-2021-47588 at SUSECVE-2021-47588 at NVDCVE-2021-47589 at SUSECVE-2021-47589 at NVDCVE-2021-47590 at SUSECVE-2021-47590 at NVDCVE-2021-47591 at SUSECVE-2021-47591 at NVDCVE-2021-47592 at SUSECVE-2021-47592 at NVDCVE-2021-47593 at SUSECVE-2021-47593 at NVDCVE-2021-47595 at SUSECVE-2021-47595 at NVDCVE-2021-47596 at SUSECVE-2021-47596 at NVDCVE-2021-47597 at SUSECVE-2021-47597 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47599 at SUSECVE-2021-47599 at NVDCVE-2021-47600 at SUSECVE-2021-47600 at NVDCVE-2021-47601 at SUSECVE-2021-47601 at NVDCVE-2021-47602 at SUSECVE-2021-47602 at NVDCVE-2021-47603 at SUSECVE-2021-47603 at NVDCVE-2021-47604 at SUSECVE-2021-47604 at NVDCVE-2021-47605 at SUSECVE-2021-47605 at NVDCVE-2021-47606 at SUSECVE-2021-47606 at NVDCVE-2021-47607 at SUSECVE-2021-47607 at NVDCVE-2021-47608 at SUSECVE-2021-47608 at NVDCVE-2021-47609 at SUSECVE-2021-47609 at NVDCVE-2021-47610 at SUSECVE-2021-47610 at NVDCVE-2021-47611 at SUSECVE-2021-47611 at NVDCVE-2021-47612 at SUSECVE-2021-47612 at NVDCVE-2021-47614 at SUSECVE-2021-47614 at NVDCVE-2021-47615 at SUSECVE-2021-47615 at NVDCVE-2021-47616 at SUSECVE-2021-47616 at NVDCVE-2021-47617 at SUSECVE-2021-47617 at NVDCVE-2021-47618 at SUSECVE-2021-47618 at NVDCVE-2021-47619 at SUSECVE-2021-47619 at NVDCVE-2021-47620 at SUSECVE-2021-47620 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47623 at SUSECVE-2021-47623 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48711 at SUSECVE-2022-48711 at NVDCVE-2022-48712 at SUSECVE-2022-48712 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48714 at SUSECVE-2022-48714 at NVDCVE-2022-48715 at SUSECVE-2022-48715 at NVDCVE-2022-48716 at SUSECVE-2022-48716 at NVDCVE-2022-48717 at SUSECVE-2022-48717 at NVDCVE-2022-48718 at SUSECVE-2022-48718 at NVDCVE-2022-48720 at SUSECVE-2022-48720 at NVDCVE-2022-48721 at SUSECVE-2022-48721 at NVDCVE-2022-48722 at SUSECVE-2022-48722 at NVDCVE-2022-48723 at SUSECVE-2022-48723 at NVDCVE-2022-48724 at SUSECVE-2022-48724 at NVDCVE-2022-48725 at SUSECVE-2022-48725 at NVDCVE-2022-48726 at SUSECVE-2022-48726 at NVDCVE-2022-48727 at SUSECVE-2022-48727 at NVDCVE-2022-48728 at SUSECVE-2022-48728 at NVDCVE-2022-48729 at SUSECVE-2022-48729 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48733 at SUSECVE-2022-48733 at NVDCVE-2022-48734 at SUSECVE-2022-48734 at NVDCVE-2022-48735 at SUSECVE-2022-48735 at NVDCVE-2022-48736 at SUSECVE-2022-48736 at NVDCVE-2022-48737 at SUSECVE-2022-48737 at NVDCVE-2022-48738 at SUSECVE-2022-48738 at NVDCVE-2022-48739 at SUSECVE-2022-48739 at NVDCVE-2022-48740 at SUSECVE-2022-48740 at NVDCVE-2022-48743 at SUSECVE-2022-48743 at NVDCVE-2022-48744 at SUSECVE-2022-48744 at NVDCVE-2022-48745 at SUSECVE-2022-48745 at NVDCVE-2022-48746 at SUSECVE-2022-48746 at NVDCVE-2022-48747 at SUSECVE-2022-48747 at NVDCVE-2022-48748 at SUSECVE-2022-48748 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48751 at SUSECVE-2022-48751 at NVDCVE-2022-48752 at SUSECVE-2022-48752 at NVDCVE-2022-48753 at SUSECVE-2022-48753 at NVDCVE-2022-48754 at SUSECVE-2022-48754 at NVDCVE-2022-48755 at SUSECVE-2022-48755 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48758 at SUSECVE-2022-48758 at NVDCVE-2022-48759 at SUSECVE-2022-48759 at NVDCVE-2022-48760 at SUSECVE-2022-48760 at NVDCVE-2022-48761 at SUSECVE-2022-48761 at NVDCVE-2022-48763 at SUSECVE-2022-48763 at NVDCVE-2022-48765 at SUSECVE-2022-48765 at NVDCVE-2022-48766 at SUSECVE-2022-48766 at NVDCVE-2022-48767 at SUSECVE-2022-48767 at NVDCVE-2022-48768 at SUSECVE-2022-48768 at NVDCVE-2022-48769 at SUSECVE-2022-48769 at NVDCVE-2022-48770 at SUSECVE-2022-48770 at NVDCVE-2022-48771 at SUSECVE-2022-48771 at NVDCVE-2022-48772 at SUSECVE-2022-48772 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48785 at SUSECVE-2022-48785 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48809 at SUSECVE-2022-48809 at NVDCVE-2022-48810 at SUSECVE-2022-48810 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48844 at SUSECVE-2022-48844 at NVDCVE-2022-48846 at SUSECVE-2022-48846 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48850 at SUSECVE-2022-48850 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48852 at SUSECVE-2022-48852 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48855 at SUSECVE-2022-48855 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48864 at SUSECVE-2022-48864 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-24023 at SUSECVE-2023-24023 at NVDCVE-2023-52435 at SUSECVE-2023-52435 at NVDCVE-2023-52573 at SUSECVE-2023-52573 at NVDCVE-2023-52580 at SUSECVE-2023-52580 at NVDCVE-2023-52622 at SUSECVE-2023-52622 at NVDCVE-2023-52658 at SUSECVE-2023-52658 at NVDCVE-2023-52667 at SUSECVE-2023-52667 at NVDCVE-2023-52670 at SUSECVE-2023-52670 at NVDCVE-2023-52672 at SUSECVE-2023-52672 at NVDCVE-2023-52675 at SUSECVE-2023-52675 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52737 at SUSECVE-2023-52737 at NVDCVE-2023-52751 at SUSECVE-2023-52751 at NVDCVE-2023-52752 at SUSECVE-2023-52752 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52775 at SUSECVE-2023-52775 at NVDCVE-2023-52784 at SUSECVE-2023-52784 at NVDCVE-2023-52787 at SUSECVE-2023-52787 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52812 at SUSECVE-2023-52812 at NVDCVE-2023-52835 at SUSECVE-2023-52835 at NVDCVE-2023-52837 at SUSECVE-2023-52837 at NVDCVE-2023-52843 at SUSECVE-2023-52843 at NVDCVE-2023-52845 at SUSECVE-2023-52845 at NVDCVE-2023-52846 at SUSECVE-2023-52846 at NVDCVE-2023-52857 at SUSECVE-2023-52857 at NVDCVE-2023-52863 at SUSECVE-2023-52863 at NVDCVE-2023-52869 at SUSECVE-2023-52869 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52882 at SUSECVE-2023-52882 at NVDCVE-2023-52884 at SUSECVE-2023-52884 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-25741 at SUSECVE-2024-25741 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26615 at SUSECVE-2024-26615 at NVDCVE-2024-26625 at SUSECVE-2024-26625 at NVDCVE-2024-26633 at SUSECVE-2024-26633 at NVDCVE-2024-26635 at SUSECVE-2024-26635 at NVDCVE-2024-26636 at SUSECVE-2024-26636 at NVDCVE-2024-26641 at SUSECVE-2024-26641 at NVDCVE-2024-26644 at SUSECVE-2024-26644 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26663 at SUSECVE-2024-26663 at NVDCVE-2024-26665 at SUSECVE-2024-26665 at NVDCVE-2024-26720 at SUSECVE-2024-26720 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26802 at SUSECVE-2024-26802 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26842 at SUSECVE-2024-26842 at NVDCVE-2024-26845 at SUSECVE-2024-26845 at NVDCVE-2024-26863 at SUSECVE-2024-26863 at NVDCVE-2024-26923 at SUSECVE-2024-26923 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26961 at SUSECVE-2024-26961 at NVDCVE-2024-26973 at SUSECVE-2024-26973 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-27015 at SUSECVE-2024-27015 at NVDCVE-2024-27019 at SUSECVE-2024-27019 at NVDCVE-2024-27020 at SUSECVE-2024-27020 at NVDCVE-2024-27025 at SUSECVE-2024-27025 at NVDCVE-2024-27065 at SUSECVE-2024-27065 at NVDCVE-2024-27402 at SUSECVE-2024-27402 at NVDCVE-2024-27432 at SUSECVE-2024-27432 at NVDCVE-2024-27437 at SUSECVE-2024-27437 at NVDCVE-2024-33619 at SUSECVE-2024-33619 at NVDCVE-2024-35247 at SUSECVE-2024-35247 at NVDCVE-2024-35789 at SUSECVE-2024-35789 at NVDCVE-2024-35790 at SUSECVE-2024-35790 at NVDCVE-2024-35805 at SUSECVE-2024-35805 at NVDCVE-2024-35807 at SUSECVE-2024-35807 at NVDCVE-2024-35814 at SUSECVE-2024-35814 at NVDCVE-2024-35819 at SUSECVE-2024-35819 at NVDCVE-2024-35835 at SUSECVE-2024-35835 at NVDCVE-2024-35837 at SUSECVE-2024-35837 at NVDCVE-2024-35848 at SUSECVE-2024-35848 at NVDCVE-2024-35853 at SUSECVE-2024-35853 at NVDCVE-2024-35855 at SUSECVE-2024-35855 at NVDCVE-2024-35857 at SUSECVE-2024-35857 at NVDCVE-2024-35861 at SUSECVE-2024-35861 at NVDCVE-2024-35862 at SUSECVE-2024-35862 at NVDCVE-2024-35864 at SUSECVE-2024-35864 at NVDCVE-2024-35869 at SUSECVE-2024-35869 at NVDCVE-2024-35878 at SUSECVE-2024-35878 at NVDCVE-2024-35884 at SUSECVE-2024-35884 at NVDCVE-2024-35886 at SUSECVE-2024-35886 at NVDCVE-2024-35889 at SUSECVE-2024-35889 at NVDCVE-2024-35890 at SUSECVE-2024-35890 at NVDCVE-2024-35893 at SUSECVE-2024-35893 at NVDCVE-2024-35896 at SUSECVE-2024-35896 at NVDCVE-2024-35898 at SUSECVE-2024-35898 at NVDCVE-2024-35899 at SUSECVE-2024-35899 at NVDCVE-2024-35900 at SUSECVE-2024-35900 at NVDCVE-2024-35905 at SUSECVE-2024-35905 at NVDCVE-2024-35925 at SUSECVE-2024-35925 at NVDCVE-2024-35934 at SUSECVE-2024-35934 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-35950 at SUSECVE-2024-35950 at NVDCVE-2024-35956 at SUSECVE-2024-35956 at NVDCVE-2024-35958 at SUSECVE-2024-35958 at NVDCVE-2024-35960 at SUSECVE-2024-35960 at NVDCVE-2024-35961 at SUSECVE-2024-35961 at NVDCVE-2024-35962 at SUSECVE-2024-35962 at NVDCVE-2024-35979 at SUSECVE-2024-35979 at NVDCVE-2024-35995 at SUSECVE-2024-35995 at NVDCVE-2024-35997 at SUSECVE-2024-35997 at NVDCVE-2024-36000 at SUSECVE-2024-36000 at NVDCVE-2024-36004 at SUSECVE-2024-36004 at NVDCVE-2024-36005 at SUSECVE-2024-36005 at NVDCVE-2024-36008 at SUSECVE-2024-36008 at NVDCVE-2024-36017 at SUSECVE-2024-36017 at NVDCVE-2024-36020 at SUSECVE-2024-36020 at NVDCVE-2024-36021 at SUSECVE-2024-36021 at NVDCVE-2024-36025 at SUSECVE-2024-36025 at NVDCVE-2024-36288 at SUSECVE-2024-36288 at NVDCVE-2024-36477 at SUSECVE-2024-36477 at NVDCVE-2024-36478 at SUSECVE-2024-36478 at NVDCVE-2024-36479 at SUSECVE-2024-36479 at NVDCVE-2024-36889 at SUSECVE-2024-36889 at NVDCVE-2024-36890 at SUSECVE-2024-36890 at NVDCVE-2024-36894 at SUSECVE-2024-36894 at NVDCVE-2024-36899 at SUSECVE-2024-36899 at NVDCVE-2024-36900 at SUSECVE-2024-36900 at NVDCVE-2024-36901 at SUSECVE-2024-36901 at NVDCVE-2024-36902 at SUSECVE-2024-36902 at NVDCVE-2024-36904 at SUSECVE-2024-36904 at NVDCVE-2024-36909 at SUSECVE-2024-36909 at NVDCVE-2024-36910 at SUSECVE-2024-36910 at NVDCVE-2024-36911 at SUSECVE-2024-36911 at NVDCVE-2024-36912 at SUSECVE-2024-36912 at NVDCVE-2024-36913 at SUSECVE-2024-36913 at NVDCVE-2024-36914 at SUSECVE-2024-36914 at NVDCVE-2024-36915 at SUSECVE-2024-36915 at NVDCVE-2024-36916 at SUSECVE-2024-36916 at NVDCVE-2024-36917 at SUSECVE-2024-36917 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36923 at SUSECVE-2024-36923 at NVDCVE-2024-36934 at SUSECVE-2024-36934 at NVDCVE-2024-36937 at SUSECVE-2024-36937 at NVDCVE-2024-36939 at SUSECVE-2024-36939 at NVDCVE-2024-36940 at SUSECVE-2024-36940 at NVDCVE-2024-36945 at SUSECVE-2024-36945 at NVDCVE-2024-36946 at SUSECVE-2024-36946 at NVDCVE-2024-36949 at SUSECVE-2024-36949 at NVDCVE-2024-36960 at SUSECVE-2024-36960 at NVDCVE-2024-36964 at SUSECVE-2024-36964 at NVDCVE-2024-36965 at SUSECVE-2024-36965 at NVDCVE-2024-36967 at SUSECVE-2024-36967 at NVDCVE-2024-36969 at SUSECVE-2024-36969 at NVDCVE-2024-36971 at SUSECVE-2024-36971 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-36975 at SUSECVE-2024-36975 at NVDCVE-2024-36978 at SUSECVE-2024-36978 at NVDCVE-2024-37021 at SUSECVE-2024-37021 at NVDCVE-2024-37078 at SUSECVE-2024-37078 at NVDCVE-2024-37354 at SUSECVE-2024-37354 at NVDCVE-2024-38381 at SUSECVE-2024-38381 at NVDCVE-2024-38388 at SUSECVE-2024-38388 at NVDCVE-2024-38390 at SUSECVE-2024-38390 at NVDCVE-2024-38540 at SUSECVE-2024-38540 at NVDCVE-2024-38541 at SUSECVE-2024-38541 at NVDCVE-2024-38544 at SUSECVE-2024-38544 at NVDCVE-2024-38545 at SUSECVE-2024-38545 at NVDCVE-2024-38546 at SUSECVE-2024-38546 at NVDCVE-2024-38547 at SUSECVE-2024-38547 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38549 at SUSECVE-2024-38549 at NVDCVE-2024-38550 at SUSECVE-2024-38550 at NVDCVE-2024-38552 at SUSECVE-2024-38552 at NVDCVE-2024-38553 at SUSECVE-2024-38553 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38556 at SUSECVE-2024-38556 at NVDCVE-2024-38557 at SUSECVE-2024-38557 at NVDCVE-2024-38558 at SUSECVE-2024-38558 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38560 at SUSECVE-2024-38560 at NVDCVE-2024-38564 at SUSECVE-2024-38564 at NVDCVE-2024-38565 at SUSECVE-2024-38565 at NVDCVE-2024-38567 at SUSECVE-2024-38567 at NVDCVE-2024-38568 at SUSECVE-2024-38568 at NVDCVE-2024-38570 at SUSECVE-2024-38570 at NVDCVE-2024-38571 at SUSECVE-2024-38571 at NVDCVE-2024-38573 at SUSECVE-2024-38573 at NVDCVE-2024-38578 at SUSECVE-2024-38578 at NVDCVE-2024-38579 at SUSECVE-2024-38579 at NVDCVE-2024-38580 at SUSECVE-2024-38580 at NVDCVE-2024-38581 at SUSECVE-2024-38581 at NVDCVE-2024-38582 at SUSECVE-2024-38582 at NVDCVE-2024-38583 at SUSECVE-2024-38583 at NVDCVE-2024-38586 at SUSECVE-2024-38586 at NVDCVE-2024-38587 at SUSECVE-2024-38587 at NVDCVE-2024-38588 at SUSECVE-2024-38588 at NVDCVE-2024-38590 at SUSECVE-2024-38590 at NVDCVE-2024-38591 at SUSECVE-2024-38591 at NVDCVE-2024-38594 at SUSECVE-2024-38594 at NVDCVE-2024-38597 at SUSECVE-2024-38597 at NVDCVE-2024-38598 at SUSECVE-2024-38598 at NVDCVE-2024-38599 at SUSECVE-2024-38599 at NVDCVE-2024-38600 at SUSECVE-2024-38600 at NVDCVE-2024-38601 at SUSECVE-2024-38601 at NVDCVE-2024-38603 at SUSECVE-2024-38603 at NVDCVE-2024-38605 at SUSECVE-2024-38605 at NVDCVE-2024-38608 at SUSECVE-2024-38608 at NVDCVE-2024-38616 at SUSECVE-2024-38616 at NVDCVE-2024-38618 at SUSECVE-2024-38618 at NVDCVE-2024-38619 at SUSECVE-2024-38619 at NVDCVE-2024-38621 at SUSECVE-2024-38621 at NVDCVE-2024-38627 at SUSECVE-2024-38627 at NVDCVE-2024-38628 at SUSECVE-2024-38628 at NVDCVE-2024-38630 at SUSECVE-2024-38630 at NVDCVE-2024-38633 at SUSECVE-2024-38633 at NVDCVE-2024-38634 at SUSECVE-2024-38634 at NVDCVE-2024-38635 at SUSECVE-2024-38635 at NVDCVE-2024-38659 at SUSECVE-2024-38659 at NVDCVE-2024-38661 at SUSECVE-2024-38661 at NVDCVE-2024-38780 at SUSECVE-2024-38780 at NVDCVE-2024-39276 at SUSECVE-2024-39276 at NVDCVE-2024-39301 at SUSECVE-2024-39301 at NVDCVE-2024-39371 at SUSECVE-2024-39371 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39468 at SUSECVE-2024-39468 at NVDCVE-2024-39469 at SUSECVE-2024-39469 at NVDCVE-2024-39471 at SUSECVE-2024-39471 at NVDCVE-2024-39472 at SUSECVE-2024-39472 at NVDCVE-2024-39475 at SUSECVE-2024-39475 at NVDCVE-2024-39482 at SUSECVE-2024-39482 at NVDCVE-2024-39487 at SUSECVE-2024-39487 at NVDCVE-2024-39488 at SUSECVE-2024-39488 at NVDCVE-2024-39490 at SUSECVE-2024-39490 at NVDCVE-2024-39493 at SUSECVE-2024-39493 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-39497 at SUSECVE-2024-39497 at NVDCVE-2024-39499 at SUSECVE-2024-39499 at NVDCVE-2024-39500 at SUSECVE-2024-39500 at NVDCVE-2024-39501 at SUSECVE-2024-39501 at NVDCVE-2024-39502 at SUSECVE-2024-39502 at NVDCVE-2024-39505 at SUSECVE-2024-39505 at NVDCVE-2024-39506 at SUSECVE-2024-39506 at NVDCVE-2024-39507 at SUSECVE-2024-39507 at NVDCVE-2024-39508 at SUSECVE-2024-39508 at NVDCVE-2024-39509 at SUSECVE-2024-39509 at NVDCVE-2024-40900 at SUSECVE-2024-40900 at NVDCVE-2024-40901 at SUSECVE-2024-40901 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40903 at SUSECVE-2024-40903 at NVDCVE-2024-40904 at SUSECVE-2024-40904 at NVDCVE-2024-40906 at SUSECVE-2024-40906 at NVDCVE-2024-40908 at SUSECVE-2024-40908 at NVDCVE-2024-40909 at SUSECVE-2024-40909 at NVDCVE-2024-40911 at SUSECVE-2024-40911 at NVDCVE-2024-40912 at SUSECVE-2024-40912 at NVDCVE-2024-40916 at SUSECVE-2024-40916 at NVDCVE-2024-40919 at SUSECVE-2024-40919 at NVDCVE-2024-40923 at SUSECVE-2024-40923 at NVDCVE-2024-40924 at SUSECVE-2024-40924 at NVDCVE-2024-40927 at SUSECVE-2024-40927 at NVDCVE-2024-40929 at SUSECVE-2024-40929 at NVDCVE-2024-40931 at SUSECVE-2024-40931 at NVDCVE-2024-40932 at SUSECVE-2024-40932 at NVDCVE-2024-40934 at SUSECVE-2024-40934 at NVDCVE-2024-40935 at SUSECVE-2024-40935 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40940 at SUSECVE-2024-40940 at NVDCVE-2024-40941 at SUSECVE-2024-40941 at NVDCVE-2024-40942 at SUSECVE-2024-40942 at NVDCVE-2024-40943 at SUSECVE-2024-40943 at NVDCVE-2024-40945 at SUSECVE-2024-40945 at NVDCVE-2024-40953 at SUSECVE-2024-40953 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40958 at SUSECVE-2024-40958 at NVDCVE-2024-40959 at SUSECVE-2024-40959 at NVDCVE-2024-40960 at SUSECVE-2024-40960 at NVDCVE-2024-40961 at SUSECVE-2024-40961 at NVDCVE-2024-40966 at SUSECVE-2024-40966 at NVDCVE-2024-40967 at SUSECVE-2024-40967 at NVDCVE-2024-40970 at SUSECVE-2024-40970 at NVDCVE-2024-40972 at SUSECVE-2024-40972 at NVDCVE-2024-40976 at SUSECVE-2024-40976 at NVDCVE-2024-40977 at SUSECVE-2024-40977 at NVDCVE-2024-40981 at SUSECVE-2024-40981 at NVDCVE-2024-40982 at SUSECVE-2024-40982 at NVDCVE-2024-40984 at SUSECVE-2024-40984 at NVDCVE-2024-40987 at SUSECVE-2024-40987 at NVDCVE-2024-40988 at SUSECVE-2024-40988 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40990 at SUSECVE-2024-40990 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-40998 at SUSECVE-2024-40998 at NVDCVE-2024-40999 at SUSECVE-2024-40999 at NVDCVE-2024-41002 at SUSECVE-2024-41002 at NVDCVE-2024-41004 at SUSECVE-2024-41004 at NVDCVE-2024-41006 at SUSECVE-2024-41006 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41013 at SUSECVE-2024-41013 at NVDCVE-2024-41014 at SUSECVE-2024-41014 at NVDCVE-2024-41015 at SUSECVE-2024-41015 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41017 at SUSECVE-2024-41017 at NVDCVE-2024-41040 at SUSECVE-2024-41040 at NVDCVE-2024-41041 at SUSECVE-2024-41041 at NVDCVE-2024-41044 at SUSECVE-2024-41044 at NVDCVE-2024-41048 at SUSECVE-2024-41048 at NVDCVE-2024-41057 at SUSECVE-2024-41057 at NVDCVE-2024-41058 at SUSECVE-2024-41058 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41063 at SUSECVE-2024-41063 at NVDCVE-2024-41064 at SUSECVE-2024-41064 at NVDCVE-2024-41066 at SUSECVE-2024-41066 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41070 at SUSECVE-2024-41070 at NVDCVE-2024-41071 at SUSECVE-2024-41071 at NVDCVE-2024-41072 at SUSECVE-2024-41072 at NVDCVE-2024-41076 at SUSECVE-2024-41076 at NVDCVE-2024-41078 at SUSECVE-2024-41078 at NVDCVE-2024-41081 at SUSECVE-2024-41081 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-41091 at SUSECVE-2024-41091 at NVDCVE-2024-42070 at SUSECVE-2024-42070 at NVDCVE-2024-42079 at SUSECVE-2024-42079 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42096 at SUSECVE-2024-42096 at NVDCVE-2024-42105 at SUSECVE-2024-42105 at NVDCVE-2024-42122 at SUSECVE-2024-42122 at NVDCVE-2024-42124 at SUSECVE-2024-42124 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42161 at SUSECVE-2024-42161 at NVDCVE-2024-42224 at SUSECVE-2024-42224 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952).
- CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010).
- CVE-2021-47186: ipc: check for null after calling kmemdup (bsc#1222702).
- CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504).
- CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505).
- CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568).
- CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565).
- CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570).
- CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551).
- CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574).
- CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571)
- CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555).
- CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919).
- CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927)
- CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936).
- CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071)
- CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003).
- CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138).
- CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869)
- CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876).
- CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489).
- CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088).
- CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564).
- CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581).
- CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942).
- CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647).
- CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656).
- CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659).
- CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654).
- CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323)
- CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326).
- CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328).
- CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799).
- CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021).
- CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652).
- CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806).
- CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813)
- CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815)
- CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778)
- CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836).
- CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414).
- CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625).
- CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743).
- CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683).
- CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500).
- CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604).
- CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517).
- CVE-2024-35890: gro: fix ownership transfer (bsc#1224516).
- CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512)
- CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499)
- CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641)
- CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700)
- CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585).
- CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545)
- CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711)
- CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719).
- CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744).
- CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717).
- CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745).
- CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752).
- CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753).
- CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757).
- CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767).
- CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815).
- CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838).
- CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851).
- CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519).
- CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607).
- CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783).
- CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775).
- CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750).
- CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757).
- CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911).
- CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993).
- CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990).
- CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090).
- CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432).
- CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447).
- CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573)
- CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626).
- CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620).
- CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716).
- CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722)
- CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755).
- CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729).
- CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730).
- CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732).
- CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762).
- CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763).
- CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783).
- CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798).
- CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779).
- CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786).
- CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780).
- CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797).
- CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836).
- CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800).
- CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849).
- CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806).
- CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808)
- CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812).
- CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884).
- CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813).
- CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814).
- CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886).
- CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891).
- CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899).
- CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910).
- CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950).
- CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865).
- CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823).
- CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829).
- CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866).
- CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913).
- CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862).
- CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020).
- CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247).
- CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405).
- CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408).
- CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409).
- CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410).
- CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403).
- CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518)
- CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520)
- CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530).
- CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565)
- CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462).
- CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459).
- CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561).
- CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580)
- CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599).
- CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640).
- CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644).
- CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581).
- CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625).
- CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655).
- CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617)
- CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328).
- CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327).
- CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470)
- CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672).
- CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680).
- CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633).
- CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591)
- CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705)
- CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743)
- CVE-2024-42161: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756).
- CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723)
- CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
The following non-security bugs were fixed:
- ACPI: EC: Abort address space access upon error (stable-fixes).
- ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes).
- ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes).
- ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes).
- ACPI: x86: Force StorageD3Enable on more products (stable-fixes).
- ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes).
- ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes).
- ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes).
- ALSA: emux: improve patch ioctl data validation (stable-fixes).
- ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes).
- ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes).
- ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes).
- ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes).
- ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes).
- ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes).
- ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes).
- ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes).
- ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes).
- ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes).
- ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes).
- ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes).
- arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes)
- arm64: dts: hi3798cv200: fix the size of GICR (git-fixes)
- arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes)
- arm64: dts: microchip: sparx5: fix mdio reg (git-fixes)
- arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes)
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes)
- arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes)
- arm64/io: add constant-argument check (bsc#1226502 git-fixes)
- arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502)
- arm64: tegra: Correct Tegra132 I2C alias (git-fixes)
- ASoC: amd: Adjust error handling in case of absent codec device (git-fixes).
- ASoC: max98088: Check for clk_prepare_enable() error (git-fixes).
- ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes).
- ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes).
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes).
- blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573).
- block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162).
- block, loop: support partitions without scanning (bsc#1227162).
- Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes).
- Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes).
- Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes).
- Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes).
- Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes).
- Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes).
- bnxt_re: Fix imm_data endianness (git-fixes)
- bpf: aggressively forget precise markings during state checkpointing (bsc#1225903).
- bpf: allow precision tracking for programs with subprogs (bsc#1225903).
- bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903).
- bpf: clean up visit_insn()'s instruction processing (bsc#1225903).
- bpf: correct loop detection for iterators convergence (bsc#1225903).
- bpf: encapsulate precision backtracking bookkeeping (bsc#1225903).
- bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903).
- bpf: exact states comparison for iterator convergence checks (bsc#1225903).
- bpf: extract __check_reg_arg() utility function (bsc#1225903).
- bpf: extract same_callsites() as utility function (bsc#1225903).
- bpf: extract setup_func_entry() utility function (bsc#1225903).
- bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903).
- bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903).
- bpf: Fix memory leaks in __check_func_call (bsc#1225903).
- bpf: fix propagate_precision() logic for inner frames (bsc#1225903).
- bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903).
- bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903).
- bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903).
- bpf: improve precision backtrack logging (bsc#1225903).
- bpf: Improve verifier u32 scalar equality checking (bsc#1225903).
- bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903).
- bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903).
- bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903).
- bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903).
- bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903).
- bpf: print full verifier states on infinite loop detection (bsc#1225903).
- bpf: regsafe() must not skip check_ids() (bsc#1225903).
- bpf: reject non-exact register type matches in regsafe() (bsc#1225903).
- bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903).
- bpf: reorganize struct bpf_reg_state fields (bsc#1225903).
- bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903).
- bpf: states_equal() must build idmap for all function frames (bsc#1225903).
- bpf: stop setting precise in current state (bsc#1225903).
- bpf: support precision propagation in the presence of subprogs (bsc#1225903).
- bpf: take into account liveness when propagating precision (bsc#1225903).
- bpf: teach refsafe() to take into account ID remapping (bsc#1225903).
- bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903).
- bpf: use check_ids() for active_lock comparison (bsc#1225903).
- bpf: Use scalar ids in mark_chain_precision() (bsc#1225903).
- bpf: verify callbacks as if they are called unknown number of times (bsc#1225903).
- bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903).
- bpf: widening for callback iterators (bsc#1225903).
- btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162).
- btrfs: harden identification of a stale device (bsc#1227162).
- btrfs: match stale devices by dev_t (bsc#1227162).
- btrfs: remove the cross file system checks from remap (bsc#1227157).
- btrfs: use dev_t to match device in device_matched (bsc#1227162).
- btrfs: validate device maj:min during open (bsc#1227162).
- bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes).
- cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes).
- can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes).
- can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes).
- ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418).
- cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801).
- crypto: aead,cipher - zeroize key buffer after use (stable-fixes).
- crypto: ecdh - explicitly zeroize private_key (stable-fixes).
- crypto: ecdsa - Fix the public key format description (git-fixes).
- crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes).
- csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes).
- decompress_bunzip2: fix rare decompression failure (git-fixes).
- devres: Fix devm_krealloc() wasting memory (git-fixes).
- devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes).
- dma: fix call order in dmam_free_coherent (git-fixes).
- docs: crypto: async-tx-api: fix broken code example (git-fixes).
- docs: Fix formatting of literal sections in fanotify docs (stable-fixes).
- drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes).
- drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes).
- drm/amd/display: Check for NULL pointer (stable-fixes).
- drm/amd/display: Check index msg_id before read or write (stable-fixes).
- drm/amd/display: Check pipe offset before setting vblank (stable-fixes).
- drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes).
- drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes).
- drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid using null object of framebuffer (stable-fixes).
- drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes).
- drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes).
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes).
- drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warnings (stable-fixes).
- drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes).
- drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes).
- drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes).
- drm/amd/pm: remove logically dead code for renoir (git-fixes).
- drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes).
- drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes).
- drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes).
- drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes).
- drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes).
- drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes).
- drm/lima: fix shared irq handling on driver remove (stable-fixes).
- drm/lima: Mark simple_ondemand governor as softdep (git-fixes).
- drm/mediatek: Add OVL compatible name for MT8195 (git-fixes).
- drm/meson: fix canvas release in bind function (git-fixes).
- drm/mgag200: Bind I2C lifetime to DRM device (git-fixes).
- drm/mgag200: Set DDC timeout in milliseconds (git-fixes).
- drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes).
- drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes).
- drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes).
- drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes).
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes).
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes).
- drm/nouveau: prime: fix refcount underflow (git-fixes).
- drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes).
- drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes).
- drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes).
- drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes).
- drm/qxl: Add check for drm_cvt_mode (git-fixes).
- drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes).
- drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes).
- drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes).
- drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes).
- drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes).
- eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes).
- exfat: check if cluster num is valid (git-fixes).
- exfat: simplify is_valid_cluster() (git-fixes).
- filelock: add a new locks_inode_context accessor function (git-fixes).
- firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes).
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes).
- firmware: cs_dsp: Return error if block header overflows file (git-fixes).
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes).
- firmware: cs_dsp: Validate payload length before processing block (git-fixes).
- firmware: dmi: Stop decoding on broken entry (stable-fixes).
- firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes).
- firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes).
- firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes).
- fix build warning
- fs: allow cross-vfsmount reflink/dedupe (bsc#1227157).
- ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes).
- fuse: verify {g,u}id mount options correctly (bsc#1228191).
- gpio: mc33880: Convert comma to semicolon (git-fixes).
- hfsplus: fix to avoid false alarm of circular locking (git-fixes).
- hfsplus: fix uninit-value in copy_name (git-fixes).
- HID: Add quirk for Logitech Casa touchpad (stable-fixes).
- HID: wacom: Modify pen IDs (git-fixes).
- hpet: Support 32-bit userspace (git-fixes).
- hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes).
- hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes).
- hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes).
- i2c: mark HostNotify target address as used (git-fixes).
- i2c: rcar: bring hardware to known state when probing (git-fixes).
- i2c: tegra: Fix failure during probe deferral cleanup (git-fixes)
- i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661)
- i2c: testunit: avoid re-issued work after read message (git-fixes).
- i2c: testunit: correct Kconfig description (git-fixes).
- Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes).
- Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes).
- Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes).
- Input: qt1050 - handle CHIP_ID reading error (git-fixes).
- Input: silead - Always support 10 fingers (stable-fixes).
- intel_th: pci: Add Granite Rapids SOC support (stable-fixes).
- intel_th: pci: Add Granite Rapids support (stable-fixes).
- intel_th: pci: Add Lunar Lake support (stable-fixes).
- intel_th: pci: Add Meteor Lake-S support (stable-fixes).
- intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes).
- iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes).
- ionic: clean interrupt before enabling queue to avoid credit race (git-fixes).
- jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes).
- jfs: Fix array-index-out-of-bounds in diFree (git-fixes).
- jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383).
- kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903).
- kABI: bpf: callback fixes kABI workaround (bsc#1225903).
- kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903).
- kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903).
- kABI: rtas: Workaround false positive due to lost definition (bsc#1227487).
- kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783)
- kabi/severities: Ignore tpm_tis_core_init (bsc#1082555).
- kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users.
- kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502)
- kernel-binary: vdso: Own module_dir
- kernel/sched: Remove dl_boosted flag comment (git fixes (sched)).
- knfsd: LOOKUP can return an illegal error value (git-fixes).
- kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes).
- kprobes: Make arch_check_ftrace_location static (git-fixes).
- KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes).
- KVM: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869).
- KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869).
- KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869).
- KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869).
- KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869).
- KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869).
- KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes).
- KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes).
- KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes).
- KVM: x86: Add IBPB_BRTYPE support (bsc#1228079).
- KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes).
- KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes).
- KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes).
- KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes).
- KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes).
- KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes).
- KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes).
- KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes).
- KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes).
- KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes).
- KVM: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes).
- KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes).
- KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes).
- leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes).
- leds: triggers: Flush pending brightness before activating trigger (git-fixes).
- leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes).
- libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190).
- lib: objagg: Fix general protection fault (git-fixes).
- lib: objagg: Fix spelling (git-fixes).
- lib: test_objagg: Fix spelling (git-fixes).
- lockd: set missing fl_flags field when retrieving args (git-fixes).
- lockd: use locks_inode_context helper (git-fixes).
- Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582)
- media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes).
- media: dvbdev: Initialize sbuf (stable-fixes).
- media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes).
- media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes).
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes).
- media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes).
- media: dw2102: Do not translate i2c read into write (stable-fixes).
- media: dw2102: fix a potential buffer overflow (git-fixes).
- media: imon: Fix race getting ictx->lock (git-fixes).
- media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes).
- media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes).
- media: uvcvideo: Override default flags (git-fixes).
- media: venus: fix use after free in vdec_close (git-fixes).
- media: venus: flush all buffers in output plane streamoff (git-fixes).
- mei: demote client disconnect warning on suspend to debug (stable-fixes).
- mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes).
- mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes).
- net/dcb: check for detached device before executing callbacks (bsc#1215587).
- netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180).
- netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180).
- netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180).
- netfilter: conntrack: work around exceeded receive window (bsc#1223180).
- netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462).
- net: mana: Fix possible double free in error handling path (git-fixes).
- net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes).
- net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes).
- net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes).
- nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes).
- NFSD: Add an nfsd_file_fsync tracepoint (git-fixes).
- NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes).
- nfsd: Add errno mapping for EREMOTEIO (git-fixes).
- NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes).
- nfsd: add some comments to nfsd_file_do_acquire (git-fixes).
- nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes).
- nfsd: allow reaping files still under writeback (git-fixes).
- NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes).
- NFSD: Clean up nfsd3_proc_create() (git-fixes).
- nfsd: Clean up nfsd_file_put() (git-fixes).
- NFSD: Clean up nfsd_open_verified() (git-fixes).
- NFSD: Clean up unused code after rhashtable conversion (git-fixes).
- NFSD: Convert filecache to rhltable (git-fixes).
- NFSD: Convert the filecache to use rhashtable (git-fixes).
- NFSD: De-duplicate hash bucket indexing (git-fixes).
- nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes).
- nfsd: do not fsync nfsd_files on last close (git-fixes).
- nfsd: do not hand out delegation on setuid files being opened for write (git-fixes).
- nfsd: do not kill nfsd_files because of lease break error (git-fixes).
- nfsd: Do not leave work of closing files to a work queue (bsc#1228140).
- nfsd: do not take/put an extra reference when putting a file (git-fixes).
- NFSD enforce filehandle check for source file in COPY (git-fixes).
- NFSD: Ensure nf_inode is never dereferenced (git-fixes).
- nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes).
- NFSD: Fix licensing header in filecache.c (git-fixes).
- nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes).
- nfsd: fix nfsd_file_unhash_and_dispose (git-fixes).
- NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes).
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes).
- NFSD: Fix the filecache LRU shrinker (git-fixes).
- nfsd: fix up the filecache laundrette scheduling (git-fixes).
- nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes).
- NFSD: Flesh out a documenting comment for filecache.c (git-fixes).
- NFSD: handle errors better in write_ports_addfd() (git-fixes).
- NFSD: Instantiate a struct file when creating a regular NFSv4 file (git-fixes).
- NFSD: Leave open files out of the filecache LRU (git-fixes).
- nfsd: map EBADF (git-fixes).
- NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes).
- NFSD: nfsd_file_hash_remove can compute hashval (git-fixes).
- nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes).
- NFSD: nfsd_file_put() can sleep (git-fixes).
- NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes).
- NFSD: No longer record nf_hashval in the trace log (git-fixes).
- NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes).
- nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes).
- NFSD: Record number of flush calls (git-fixes).
- NFSD: Refactor nfsd_create_setattr() (git-fixes).
- NFSD: Refactor __nfsd_file_close_inode() (git-fixes).
- NFSD: Refactor nfsd_file_gc() (git-fixes).
- NFSD: Refactor nfsd_file_lru_scan() (git-fixes).
- NFSD: Refactor NFSv3 CREATE (git-fixes).
- NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes).
- NFSD: Remove do_nfsd_create() (git-fixes).
- NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes).
- NFSD: Remove nfsd_file::nf_hashval (git-fixes).
- nfsd: remove the pages_flushed statistic from filecache (git-fixes).
- nfsd: reorganize filecache.c (git-fixes).
- NFSD: Replace the 'init once' mechanism (git-fixes).
- NFSD: Report average age of filecache items (git-fixes).
- NFSD: Report count of calls to nfsd_file_acquire() (git-fixes).
- NFSD: Report count of freed filecache items (git-fixes).
- NFSD: Report filecache LRU size (git-fixes).
- NFSD: Report the number of items evicted by the LRU walk (git-fixes).
- nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes).
- nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes).
- nfsd: rework refcounting in filecache (git-fixes).
- NFSD: Separate tracepoints for acquire and create (git-fixes).
- NFSD: Set up an rhashtable for the filecache (git-fixes).
- nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes).
- NFSD: simplify per-net file cache management (git-fixes).
- nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes).
- nfsd: simplify the delayed disposal list code (git-fixes).
- NFSD: Trace filecache LRU activity (git-fixes).
- NFSD: Trace filecache opens (git-fixes).
- NFSD: verify the opened dentry after setting a delegation (git-fixes).
- NFSD: WARN when freeing an item still linked via nf_lru (git-fixes).
- NFSD: Write verifier might go backwards (git-fixes).
- NFSD: Zero counters when the filecache is re-initialized (git-fixes).
- NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes).
- nfs: fix undefined behavior in nfs_block_bits() (git-fixes).
- nfs: keep server info for remounts (git-fixes).
- nfs: Leave pages in the pagecache if readpage failed (git-fixes).
- NFSv4: Fixup smatch warning for ambiguous return (git-fixes).
- NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362)
- nilfs2: add missing check for inode numbers on directory entries (git-fixes).
- nilfs2: add missing check for inode numbers on directory entries (stable-fixes).
- nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes).
- nilfs2: convert persistent object allocator to use kmap_local (git-fixes).
- nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes).
- nilfs2: fix inode number range checks (git-fixes).
- nilfs2: fix inode number range checks (stable-fixes).
- nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes).
- nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes).
- nvme-auth: allow mixing of secret and hash lengths (git-fixes).
- nvme-auth: use transformed key size to create resp (git-fixes).
- nvme: avoid double free special payload (git-fixes).
- nvme: ensure reset state check ordering (bsc#1215492).
- nvme: fixup comment for nvme RDMA Provider Type (git-fixes).
- nvme-multipath: find NUMA path only for online numa-node (git-fixes).
- nvme-pci: add missing condition check for existence of mapped data (git-fixes).
- nvme-pci: Fix the instructions for disabling power management (git-fixes).
- nvmet: always initialize cqe.result (git-fixes).
- nvmet-auth: fix nvmet_auth hash error handling (git-fixes).
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes).
- nvme: use ctrl state accessor (bsc#1215492).
- ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834).
- ocfs2: remove redundant assignment to variable free_space (bsc#1228409).
- ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410).
- orangefs: fix out-of-bounds fsid access (git-fixes).
- PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes).
- PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes).
- PCI: Extend ACS configurability (bsc#1228090).
- PCI: Fix resource double counting on remove & rescan (git-fixes).
- PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (git-fixes).
- PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes).
- PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes).
- PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes).
- PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes).
- PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes).
- PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes).
- PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes).
- pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: freescale: mxs: Fix refcount of child (git-fixes).
- pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes).
- platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes).
- platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes).
- platform/x86: lg-laptop: Change ACPI device id (stable-fixes).
- platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes).
- platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes).
- platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes).
- powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129).
- powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869).
- powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869).
- powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869).
- powerpc/rtas: clean up includes (bsc#1227487).
- powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487).
- power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes).
- pwm: stm32: Always do lazy disabling (git-fixes).
- RDMA/cache: Release GID table even if leak is detected (git-fixes)
- RDMA/device: Return error earlier if port in not valid (git-fixes)
- RDMA/hns: Check atomic wr length (git-fixes)
- RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes)
- RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes)
- RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes)
- RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes)
- RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes)
- RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes)
- RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes)
- RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes)
- RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes).
- RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes)
- RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes)
- RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes)
- RDMA/restrack: Fix potential invalid address access (git-fixes)
- RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes)
- regmap-i2c: Subtract reg size from max_write (stable-fixes).
- Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783).
- Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783).
- Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes).
- Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes).
- rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes).
- rtc: cmos: Fix return value of nvmem callbacks (git-fixes).
- rtc: interface: Add RTC offset to alarm after fix-up (git-fixes).
- rtc: isl1208: Fix return value of nvmem callbacks (git-fixes).
- rtlwifi: rtl8192de: Style clean-ups (stable-fixes).
- s390: Implement __iowrite32_copy() (bsc#1226502)
- s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502)
- saa7134: Unchecked i2c_transfer function result fixed (git-fixes).
- sched/fair: Do not balance task to its current running CPU (git fixes (sched)).
- sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)).
- scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857).
- scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857).
- scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857).
- scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857).
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857).
- scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857).
- scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857).
- scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857).
- scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850).
- scsi: qla2xxx: Complete command early within lock (bsc#1228850).
- scsi: qla2xxx: Convert comma to semicolon (bsc#1228850).
- scsi: qla2xxx: Drop driver owner assignment (bsc#1228850).
- scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850).
- scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850).
- scsi: qla2xxx: Fix flash read failure (bsc#1228850).
- scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850).
- scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850).
- scsi: qla2xxx: Indent help text (bsc#1228850).
- scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850).
- scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850).
- scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850).
- scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850).
- scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850).
- scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850).
- scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850).
- selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903).
- selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903).
- selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903).
- selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903).
- selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903).
- selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903).
- selftests/bpf: fix __retval() being always ignored (bsc#1225903).
- selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903).
- selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903).
- selftests/bpf: make test_align selftest more robust (bsc#1225903).
- selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903).
- selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903).
- selftests/bpf: Report program name on parse_test_spec error (bsc#1225903).
- selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903).
- selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903).
- selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903).
- selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903).
- selftests/bpf: Tests execution support for test_loader.c (bsc#1225903).
- selftests/bpf: tests for iterating callbacks (bsc#1225903).
- selftests/bpf: test widening for iterating callbacks (bsc#1225903).
- selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903).
- selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903).
- selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903).
- selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903).
- selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903).
- selftests/sigaltstack: Fix ppc64 GCC build (git-fixes).
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes).
- spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes).
- spi: mux: set ctlr->bits_per_word_mask (stable-fixes).
- string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850).
- SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272).
- SUNRPC: Fix gss_free_in_token_pages() (git-fixes).
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes).
- sunrpc: fix NFSACL RPC retry on soft mount (git-fixes).
- SUNRPC: return proper error from gss_wrap_req_priv (git-fixes).
- supported.conf:
- tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555).
- tpm: Prevent hwrng from activating during resume (bsc#1082555).
- tpm_tis: Resend command to recover from data transfer errors (bsc#1082555).
- tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555).
- tpm, tpm: Implement usage counter for locality (bsc#1082555).
- tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555).
- tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555).
- tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555).
- tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555).
- tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555).
- tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555).
- tpm, tpm_tis: Only handle supported interrupts (bsc#1082555).
- tracing: Build event generation tests only as modules (git-fixes).
- tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes).
- tracing/osnoise: Add osnoise/options file (bsc#1228330)
- tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330)
- tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330)
- tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330)
- tracing/osnoise: Make osnoise_instances static (bsc#1228330)
- tracing/osnoise: Split workload start from the tracer start (bsc#1228330)
- tracing/osnoise: Support a list of trace_array *tr (bsc#1228330)
- tracing/osnoise: Use built-in RCU list checking (bsc#1228330)
- tracing/timerlat: Notify new max thread latency (bsc#1228330)
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes).
- usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes).
- usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes).
- usb: cdns3: fix iso transfer error when mult is not zero (git-fixes).
- usb: cdns3: improve handling of unaligned address case (git-fixes).
- usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes).
- usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes).
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes).
- usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes).
- usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes).
- usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes).
- usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes).
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes).
- usb: gadget: printer: SS+ support (stable-fixes).
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes).
- USB: serial: mos7840: fix crash on resume (git-fixes).
- USB: serial: option: add Fibocom FM350-GL (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes).
- USB: serial: option: add Rolling RW350-GL variants (stable-fixes).
- USB: serial: option: add support for Foxconn T99W651 (stable-fixes).
- USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes).
- USB: serial: option: add Telit generic core-dump composition (stable-fixes).
- usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes).
- usb: xhci-plat: Do not include xhci.h (git-fixes).
- USB: xhci-plat: fix legacy PHY double init (git-fixes).
- wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes).
- wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes).
- wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes).
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes).
- wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes).
- wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes).
- wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes).
- wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes).
- wifi: mac80211: disable softirqs for queued frame handling (git-fixes).
- wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes).
- wifi: mac80211: handle tasklet frames before stopping (stable-fixes).
- wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes).
- wifi: mt76: replace skb_put with skb_put_zero (stable-fixes).
- wifi: mwifiex: Fix interface type change (git-fixes).
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes).
- wifi: wilc1000: fix ies_len type in connect path (git-fixes).
- workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454).
- workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454).
- x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes).
- x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes).
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes).
- x86/bugs: Remove default case for fully switched enums (bsc#1227900).
- x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes).
- x86/ibt,ftrace: Search for __fentry__ location (git-fixes).
- x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes).
- x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes).
- x86/mm: Fix enc_status_change_finish_noop() (git-fixes).
- x86/purgatory: Switch to the position-independent small code model (git-fixes).
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900).
- x86/srso: Remove 'pred_cmd' label (bsc#1227900).
- x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502)
- x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes).
- xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226).
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes).
- xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes).
ImportantSUSE bug 1082555SUSE bug 1193454SUSE bug 1193554SUSE bug 1193787SUSE bug 1194324SUSE bug 1194869SUSE bug 1195357SUSE bug 1195668SUSE bug 1195927SUSE bug 1195957SUSE bug 1196018SUSE bug 1196823SUSE bug 1197146SUSE bug 1197246SUSE bug 1197762SUSE bug 1202346SUSE bug 1202686SUSE bug 1208783SUSE bug 1209636SUSE bug 1213123SUSE bug 1215492SUSE bug 1215587SUSE bug 1216834SUSE bug 1219832SUSE bug 1220138SUSE bug 1220185SUSE bug 1220186SUSE bug 1220187SUSE bug 1220869SUSE bug 1220876SUSE bug 1220942SUSE bug 1220952SUSE bug 1221010SUSE bug 1221044SUSE bug 1221647SUSE bug 1221654SUSE bug 1221656SUSE bug 1221659SUSE bug 1221777SUSE bug 1222011SUSE bug 1222323SUSE bug 1222326SUSE bug 1222328SUSE bug 1222625SUSE bug 1222702SUSE bug 1222728SUSE bug 1222799SUSE bug 1222809SUSE bug 1222810SUSE bug 1223021SUSE bug 1223180SUSE bug 1223635SUSE bug 1223652SUSE bug 1223675SUSE bug 1223778SUSE bug 1223806SUSE bug 1223813SUSE bug 1223815SUSE bug 1223836SUSE bug 1223863SUSE bug 1224414SUSE bug 1224499SUSE bug 1224500SUSE bug 1224512SUSE bug 1224516SUSE bug 1224517SUSE bug 1224545SUSE bug 1224548SUSE bug 1224557SUSE bug 1224572SUSE bug 1224573SUSE bug 1224585SUSE bug 1224604SUSE bug 1224636SUSE bug 1224641SUSE bug 1224683SUSE bug 1224694SUSE bug 1224700SUSE bug 1224743SUSE bug 1225088SUSE bug 1225272SUSE bug 1225301SUSE bug 1225475SUSE bug 1225489SUSE bug 1225504SUSE bug 1225505SUSE bug 1225564SUSE bug 1225573SUSE bug 1225581SUSE bug 1225586SUSE bug 1225711SUSE bug 1225717SUSE bug 1225719SUSE bug 1225744SUSE bug 1225745SUSE bug 1225746SUSE bug 1225752SUSE bug 1225753SUSE bug 1225757SUSE bug 1225767SUSE bug 1225810SUSE bug 1225815SUSE bug 1225820SUSE bug 1225829SUSE bug 1225835SUSE bug 1225838SUSE bug 1225839SUSE bug 1225843SUSE bug 1225847SUSE bug 1225851SUSE bug 1225856SUSE bug 1225895SUSE bug 1225898SUSE bug 1225903SUSE bug 1226202SUSE bug 1226502SUSE bug 1226519SUSE bug 1226551SUSE bug 1226555SUSE bug 1226565SUSE bug 1226568SUSE bug 1226570SUSE bug 1226571SUSE bug 1226574SUSE bug 1226588SUSE bug 1226607SUSE bug 1226650SUSE bug 1226698SUSE bug 1226713SUSE bug 1226716SUSE bug 1226750SUSE bug 1226757SUSE bug 1226758SUSE bug 1226775SUSE bug 1226783SUSE bug 1226785SUSE bug 1226834SUSE bug 1226837SUSE bug 1226911SUSE bug 1226990SUSE bug 1226993SUSE bug 1227090SUSE bug 1227121SUSE bug 1227157SUSE bug 1227162SUSE bug 1227362SUSE bug 1227383SUSE bug 1227432SUSE bug 1227435SUSE bug 1227447SUSE bug 1227487SUSE bug 1227549SUSE bug 1227573SUSE bug 1227618SUSE bug 1227620SUSE bug 1227626SUSE bug 1227635SUSE bug 1227661SUSE bug 1227716SUSE bug 1227722SUSE bug 1227724SUSE bug 1227725SUSE bug 1227728SUSE bug 1227729SUSE bug 1227730SUSE bug 1227732SUSE bug 1227733SUSE bug 1227750SUSE bug 1227754SUSE bug 1227755SUSE bug 1227760SUSE bug 1227762SUSE bug 1227763SUSE bug 1227764SUSE bug 1227766SUSE bug 1227770SUSE bug 1227771SUSE bug 1227772SUSE bug 1227774SUSE bug 1227779SUSE bug 1227780SUSE bug 1227783SUSE bug 1227786SUSE bug 1227787SUSE bug 1227790SUSE bug 1227792SUSE bug 1227796SUSE bug 1227797SUSE bug 1227798SUSE bug 1227800SUSE bug 1227802SUSE bug 1227806SUSE bug 1227808SUSE bug 1227810SUSE bug 1227812SUSE bug 1227813SUSE bug 1227814SUSE bug 1227816SUSE bug 1227820SUSE bug 1227823SUSE bug 1227824SUSE bug 1227828SUSE bug 1227829SUSE bug 1227836SUSE bug 1227846SUSE bug 1227849SUSE bug 1227851SUSE bug 1227862SUSE bug 1227864SUSE bug 1227865SUSE bug 1227866SUSE bug 1227870SUSE bug 1227884SUSE bug 1227886SUSE bug 1227891SUSE bug 1227893SUSE bug 1227899SUSE bug 1227900SUSE bug 1227910SUSE bug 1227913SUSE bug 1227917SUSE bug 1227919SUSE bug 1227920SUSE bug 1227921SUSE bug 1227922SUSE bug 1227923SUSE bug 1227924SUSE bug 1227925SUSE bug 1227927SUSE bug 1227928SUSE bug 1227931SUSE bug 1227932SUSE bug 1227933SUSE bug 1227935SUSE bug 1227936SUSE bug 1227938SUSE bug 1227941SUSE bug 1227942SUSE bug 1227944SUSE bug 1227945SUSE bug 1227947SUSE bug 1227948SUSE bug 1227949SUSE bug 1227950SUSE bug 1227952SUSE bug 1227953SUSE bug 1227954SUSE bug 1227956SUSE bug 1227957SUSE bug 1227963SUSE bug 1227964SUSE bug 1227965SUSE bug 1227968SUSE bug 1227969SUSE bug 1227970SUSE bug 1227971SUSE bug 1227972SUSE bug 1227975SUSE bug 1227976SUSE bug 1227981SUSE bug 1227982SUSE bug 1227985SUSE bug 1227986SUSE bug 1227987SUSE bug 1227988SUSE bug 1227989SUSE bug 1227990SUSE bug 1227991SUSE bug 1227992SUSE bug 1227993SUSE bug 1227995SUSE bug 1227996SUSE bug 1227997SUSE bug 1228000SUSE bug 1228002SUSE bug 1228003SUSE bug 1228004SUSE bug 1228005SUSE bug 1228006SUSE bug 1228007SUSE bug 1228008SUSE bug 1228009SUSE bug 1228010SUSE bug 1228011SUSE bug 1228013SUSE bug 1228014SUSE bug 1228015SUSE bug 1228019SUSE bug 1228020SUSE bug 1228025SUSE bug 1228028SUSE bug 1228035SUSE bug 1228037SUSE bug 1228038SUSE bug 1228039SUSE bug 1228040SUSE bug 1228045SUSE bug 1228054SUSE bug 1228055SUSE bug 1228056SUSE bug 1228060SUSE bug 1228061SUSE bug 1228062SUSE bug 1228063SUSE bug 1228064SUSE bug 1228066SUSE bug 1228067SUSE bug 1228068SUSE bug 1228071SUSE bug 1228079SUSE bug 1228090SUSE bug 1228114SUSE bug 1228140SUSE bug 1228190SUSE bug 1228191SUSE bug 1228195SUSE bug 1228202SUSE bug 1228226SUSE bug 1228235SUSE bug 1228237SUSE bug 1228247SUSE bug 1228327SUSE bug 1228328SUSE bug 1228330SUSE bug 1228403SUSE bug 1228405SUSE bug 1228408SUSE bug 1228409SUSE bug 1228410SUSE bug 1228418SUSE bug 1228440SUSE bug 1228459SUSE bug 1228462SUSE bug 1228470SUSE bug 1228518SUSE bug 1228520SUSE bug 1228530SUSE bug 1228561SUSE bug 1228565SUSE bug 1228580SUSE bug 1228581SUSE bug 1228591SUSE bug 1228599SUSE bug 1228617SUSE bug 1228625SUSE bug 1228626SUSE bug 1228633SUSE bug 1228640SUSE bug 1228644SUSE bug 1228649SUSE bug 1228655SUSE bug 1228665SUSE bug 1228672SUSE bug 1228680SUSE bug 1228705SUSE bug 1228723SUSE bug 1228743SUSE bug 1228756SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857CVE-2021-47086 at SUSECVE-2021-47086 at NVDCVE-2021-47103 at SUSECVE-2021-47103 at NVDCVE-2021-47186 at SUSECVE-2021-47186 at NVDCVE-2021-47402 at SUSECVE-2021-47402 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2021-47547 at SUSECVE-2021-47547 at NVDCVE-2021-47588 at SUSECVE-2021-47588 at NVDCVE-2021-47590 at SUSECVE-2021-47590 at NVDCVE-2021-47591 at SUSECVE-2021-47591 at NVDCVE-2021-47593 at SUSECVE-2021-47593 at NVDCVE-2021-47598 at SUSECVE-2021-47598 at NVDCVE-2021-47599 at SUSECVE-2021-47599 at NVDCVE-2021-47606 at SUSECVE-2021-47606 at NVDCVE-2021-47622 at SUSECVE-2021-47622 at NVDCVE-2021-47623 at SUSECVE-2021-47623 at NVDCVE-2021-47624 at SUSECVE-2021-47624 at NVDCVE-2022-48713 at SUSECVE-2022-48713 at NVDCVE-2022-48730 at SUSECVE-2022-48730 at NVDCVE-2022-48732 at SUSECVE-2022-48732 at NVDCVE-2022-48749 at SUSECVE-2022-48749 at NVDCVE-2022-48756 at SUSECVE-2022-48756 at NVDCVE-2022-48773 at SUSECVE-2022-48773 at NVDCVE-2022-48774 at SUSECVE-2022-48774 at NVDCVE-2022-48775 at SUSECVE-2022-48775 at NVDCVE-2022-48776 at SUSECVE-2022-48776 at NVDCVE-2022-48777 at SUSECVE-2022-48777 at NVDCVE-2022-48778 at SUSECVE-2022-48778 at NVDCVE-2022-48780 at SUSECVE-2022-48780 at NVDCVE-2022-48783 at SUSECVE-2022-48783 at NVDCVE-2022-48784 at SUSECVE-2022-48784 at NVDCVE-2022-48785 at SUSECVE-2022-48785 at NVDCVE-2022-48786 at SUSECVE-2022-48786 at NVDCVE-2022-48787 at SUSECVE-2022-48787 at NVDCVE-2022-48788 at SUSECVE-2022-48788 at NVDCVE-2022-48789 at SUSECVE-2022-48789 at NVDCVE-2022-48790 at SUSECVE-2022-48790 at NVDCVE-2022-48791 at SUSECVE-2022-48791 at NVDCVE-2022-48792 at SUSECVE-2022-48792 at NVDCVE-2022-48793 at SUSECVE-2022-48793 at NVDCVE-2022-48794 at SUSECVE-2022-48794 at NVDCVE-2022-48796 at SUSECVE-2022-48796 at NVDCVE-2022-48797 at SUSECVE-2022-48797 at NVDCVE-2022-48798 at SUSECVE-2022-48798 at NVDCVE-2022-48799 at SUSECVE-2022-48799 at NVDCVE-2022-48800 at SUSECVE-2022-48800 at NVDCVE-2022-48801 at SUSECVE-2022-48801 at NVDCVE-2022-48802 at SUSECVE-2022-48802 at NVDCVE-2022-48803 at SUSECVE-2022-48803 at NVDCVE-2022-48804 at SUSECVE-2022-48804 at NVDCVE-2022-48805 at SUSECVE-2022-48805 at NVDCVE-2022-48806 at SUSECVE-2022-48806 at NVDCVE-2022-48807 at SUSECVE-2022-48807 at NVDCVE-2022-48809 at SUSECVE-2022-48809 at NVDCVE-2022-48810 at SUSECVE-2022-48810 at NVDCVE-2022-48811 at SUSECVE-2022-48811 at NVDCVE-2022-48812 at SUSECVE-2022-48812 at NVDCVE-2022-48813 at SUSECVE-2022-48813 at NVDCVE-2022-48814 at SUSECVE-2022-48814 at NVDCVE-2022-48815 at SUSECVE-2022-48815 at NVDCVE-2022-48816 at SUSECVE-2022-48816 at NVDCVE-2022-48817 at SUSECVE-2022-48817 at NVDCVE-2022-48818 at SUSECVE-2022-48818 at NVDCVE-2022-48820 at SUSECVE-2022-48820 at NVDCVE-2022-48821 at SUSECVE-2022-48821 at NVDCVE-2022-48822 at SUSECVE-2022-48822 at NVDCVE-2022-48823 at SUSECVE-2022-48823 at NVDCVE-2022-48824 at SUSECVE-2022-48824 at NVDCVE-2022-48825 at SUSECVE-2022-48825 at NVDCVE-2022-48826 at SUSECVE-2022-48826 at NVDCVE-2022-48827 at SUSECVE-2022-48827 at NVDCVE-2022-48828 at SUSECVE-2022-48828 at NVDCVE-2022-48829 at SUSECVE-2022-48829 at NVDCVE-2022-48830 at SUSECVE-2022-48830 at NVDCVE-2022-48831 at SUSECVE-2022-48831 at NVDCVE-2022-48834 at SUSECVE-2022-48834 at NVDCVE-2022-48835 at SUSECVE-2022-48835 at NVDCVE-2022-48836 at SUSECVE-2022-48836 at NVDCVE-2022-48837 at SUSECVE-2022-48837 at NVDCVE-2022-48838 at SUSECVE-2022-48838 at NVDCVE-2022-48839 at SUSECVE-2022-48839 at NVDCVE-2022-48840 at SUSECVE-2022-48840 at NVDCVE-2022-48841 at SUSECVE-2022-48841 at NVDCVE-2022-48842 at SUSECVE-2022-48842 at NVDCVE-2022-48843 at SUSECVE-2022-48843 at NVDCVE-2022-48844 at SUSECVE-2022-48844 at NVDCVE-2022-48846 at SUSECVE-2022-48846 at NVDCVE-2022-48847 at SUSECVE-2022-48847 at NVDCVE-2022-48849 at SUSECVE-2022-48849 at NVDCVE-2022-48850 at SUSECVE-2022-48850 at NVDCVE-2022-48851 at SUSECVE-2022-48851 at NVDCVE-2022-48852 at SUSECVE-2022-48852 at NVDCVE-2022-48853 at SUSECVE-2022-48853 at NVDCVE-2022-48855 at SUSECVE-2022-48855 at NVDCVE-2022-48856 at SUSECVE-2022-48856 at NVDCVE-2022-48857 at SUSECVE-2022-48857 at NVDCVE-2022-48858 at SUSECVE-2022-48858 at NVDCVE-2022-48859 at SUSECVE-2022-48859 at NVDCVE-2022-48860 at SUSECVE-2022-48860 at NVDCVE-2022-48861 at SUSECVE-2022-48861 at NVDCVE-2022-48862 at SUSECVE-2022-48862 at NVDCVE-2022-48863 at SUSECVE-2022-48863 at NVDCVE-2022-48864 at SUSECVE-2022-48864 at NVDCVE-2022-48866 at SUSECVE-2022-48866 at NVDCVE-2023-1582 at SUSECVE-2023-1582 at NVDCVE-2023-37453 at SUSECVE-2023-37453 at NVDCVE-2023-52435 at SUSECVE-2023-52435 at NVDCVE-2023-52573 at SUSECVE-2023-52573 at NVDCVE-2023-52580 at SUSECVE-2023-52580 at NVDCVE-2023-52591 at SUSECVE-2023-52591 at NVDCVE-2023-52735 at SUSECVE-2023-52735 at NVDCVE-2023-52751 at SUSECVE-2023-52751 at NVDCVE-2023-52762 at SUSECVE-2023-52762 at NVDCVE-2023-52775 at SUSECVE-2023-52775 at NVDCVE-2023-52812 at SUSECVE-2023-52812 at NVDCVE-2023-52857 at SUSECVE-2023-52857 at NVDCVE-2023-52863 at SUSECVE-2023-52863 at NVDCVE-2023-52885 at SUSECVE-2023-52885 at NVDCVE-2023-52886 at SUSECVE-2023-52886 at NVDCVE-2024-25741 at SUSECVE-2024-25741 at NVDCVE-2024-26583 at SUSECVE-2024-26583 at NVDCVE-2024-26584 at SUSECVE-2024-26584 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26615 at SUSECVE-2024-26615 at NVDCVE-2024-26633 at SUSECVE-2024-26633 at NVDCVE-2024-26635 at SUSECVE-2024-26635 at NVDCVE-2024-26636 at SUSECVE-2024-26636 at NVDCVE-2024-26641 at SUSECVE-2024-26641 at NVDCVE-2024-26661 at SUSECVE-2024-26661 at NVDCVE-2024-26663 at SUSECVE-2024-26663 at NVDCVE-2024-26665 at SUSECVE-2024-26665 at NVDCVE-2024-26800 at SUSECVE-2024-26800 at NVDCVE-2024-26802 at SUSECVE-2024-26802 at NVDCVE-2024-26813 at SUSECVE-2024-26813 at NVDCVE-2024-26814 at SUSECVE-2024-26814 at NVDCVE-2024-26863 at SUSECVE-2024-26863 at NVDCVE-2024-26889 at SUSECVE-2024-26889 at NVDCVE-2024-26920 at SUSECVE-2024-26920 at NVDCVE-2024-26935 at SUSECVE-2024-26935 at NVDCVE-2024-26961 at SUSECVE-2024-26961 at NVDCVE-2024-26976 at SUSECVE-2024-26976 at NVDCVE-2024-27015 at SUSECVE-2024-27015 at NVDCVE-2024-27019 at SUSECVE-2024-27019 at NVDCVE-2024-27020 at SUSECVE-2024-27020 at NVDCVE-2024-27025 at SUSECVE-2024-27025 at NVDCVE-2024-27065 at SUSECVE-2024-27065 at NVDCVE-2024-27402 at SUSECVE-2024-27402 at NVDCVE-2024-27437 at SUSECVE-2024-27437 at NVDCVE-2024-35805 at SUSECVE-2024-35805 at NVDCVE-2024-35819 at SUSECVE-2024-35819 at NVDCVE-2024-35837 at SUSECVE-2024-35837 at NVDCVE-2024-35853 at SUSECVE-2024-35853 at NVDCVE-2024-35854 at SUSECVE-2024-35854 at NVDCVE-2024-35855 at SUSECVE-2024-35855 at NVDCVE-2024-35889 at SUSECVE-2024-35889 at NVDCVE-2024-35890 at SUSECVE-2024-35890 at NVDCVE-2024-35893 at SUSECVE-2024-35893 at NVDCVE-2024-35899 at SUSECVE-2024-35899 at NVDCVE-2024-35934 at SUSECVE-2024-35934 at NVDCVE-2024-35949 at SUSECVE-2024-35949 at NVDCVE-2024-35961 at SUSECVE-2024-35961 at NVDCVE-2024-35979 at SUSECVE-2024-35979 at NVDCVE-2024-35995 at SUSECVE-2024-35995 at NVDCVE-2024-36000 at SUSECVE-2024-36000 at NVDCVE-2024-36004 at SUSECVE-2024-36004 at NVDCVE-2024-36288 at SUSECVE-2024-36288 at NVDCVE-2024-36889 at SUSECVE-2024-36889 at NVDCVE-2024-36901 at SUSECVE-2024-36901 at NVDCVE-2024-36902 at SUSECVE-2024-36902 at NVDCVE-2024-36909 at SUSECVE-2024-36909 at NVDCVE-2024-36910 at SUSECVE-2024-36910 at NVDCVE-2024-36911 at SUSECVE-2024-36911 at NVDCVE-2024-36912 at SUSECVE-2024-36912 at NVDCVE-2024-36913 at SUSECVE-2024-36913 at NVDCVE-2024-36914 at SUSECVE-2024-36914 at NVDCVE-2024-36919 at SUSECVE-2024-36919 at NVDCVE-2024-36923 at SUSECVE-2024-36923 at NVDCVE-2024-36924 at SUSECVE-2024-36924 at NVDCVE-2024-36926 at SUSECVE-2024-36926 at NVDCVE-2024-36939 at SUSECVE-2024-36939 at NVDCVE-2024-36941 at SUSECVE-2024-36941 at NVDCVE-2024-36942 at SUSECVE-2024-36942 at NVDCVE-2024-36944 at SUSECVE-2024-36944 at NVDCVE-2024-36946 at SUSECVE-2024-36946 at NVDCVE-2024-36947 at SUSECVE-2024-36947 at NVDCVE-2024-36950 at SUSECVE-2024-36950 at NVDCVE-2024-36952 at SUSECVE-2024-36952 at NVDCVE-2024-36955 at SUSECVE-2024-36955 at NVDCVE-2024-36959 at SUSECVE-2024-36959 at NVDCVE-2024-36974 at SUSECVE-2024-36974 at NVDCVE-2024-38548 at SUSECVE-2024-38548 at NVDCVE-2024-38555 at SUSECVE-2024-38555 at NVDCVE-2024-38558 at SUSECVE-2024-38558 at NVDCVE-2024-38559 at SUSECVE-2024-38559 at NVDCVE-2024-38570 at SUSECVE-2024-38570 at NVDCVE-2024-38586 at SUSECVE-2024-38586 at NVDCVE-2024-38588 at SUSECVE-2024-38588 at NVDCVE-2024-38598 at SUSECVE-2024-38598 at NVDCVE-2024-38628 at SUSECVE-2024-38628 at NVDCVE-2024-39276 at SUSECVE-2024-39276 at NVDCVE-2024-39371 at SUSECVE-2024-39371 at NVDCVE-2024-39463 at SUSECVE-2024-39463 at NVDCVE-2024-39472 at SUSECVE-2024-39472 at NVDCVE-2024-39475 at SUSECVE-2024-39475 at NVDCVE-2024-39482 at SUSECVE-2024-39482 at NVDCVE-2024-39487 at SUSECVE-2024-39487 at NVDCVE-2024-39488 at SUSECVE-2024-39488 at NVDCVE-2024-39490 at SUSECVE-2024-39490 at NVDCVE-2024-39493 at SUSECVE-2024-39493 at NVDCVE-2024-39494 at SUSECVE-2024-39494 at NVDCVE-2024-39497 at SUSECVE-2024-39497 at NVDCVE-2024-39499 at SUSECVE-2024-39499 at NVDCVE-2024-39500 at SUSECVE-2024-39500 at NVDCVE-2024-39501 at SUSECVE-2024-39501 at NVDCVE-2024-39502 at SUSECVE-2024-39502 at NVDCVE-2024-39505 at SUSECVE-2024-39505 at NVDCVE-2024-39506 at SUSECVE-2024-39506 at NVDCVE-2024-39507 at SUSECVE-2024-39507 at NVDCVE-2024-39508 at SUSECVE-2024-39508 at NVDCVE-2024-39509 at SUSECVE-2024-39509 at NVDCVE-2024-40900 at SUSECVE-2024-40900 at NVDCVE-2024-40901 at SUSECVE-2024-40901 at NVDCVE-2024-40902 at SUSECVE-2024-40902 at NVDCVE-2024-40903 at SUSECVE-2024-40903 at NVDCVE-2024-40904 at SUSECVE-2024-40904 at NVDCVE-2024-40906 at SUSECVE-2024-40906 at NVDCVE-2024-40908 at SUSECVE-2024-40908 at NVDCVE-2024-40909 at SUSECVE-2024-40909 at NVDCVE-2024-40911 at SUSECVE-2024-40911 at NVDCVE-2024-40912 at SUSECVE-2024-40912 at NVDCVE-2024-40916 at SUSECVE-2024-40916 at NVDCVE-2024-40919 at SUSECVE-2024-40919 at NVDCVE-2024-40923 at SUSECVE-2024-40923 at NVDCVE-2024-40924 at SUSECVE-2024-40924 at NVDCVE-2024-40927 at SUSECVE-2024-40927 at NVDCVE-2024-40929 at SUSECVE-2024-40929 at NVDCVE-2024-40931 at SUSECVE-2024-40931 at NVDCVE-2024-40932 at SUSECVE-2024-40932 at NVDCVE-2024-40934 at SUSECVE-2024-40934 at NVDCVE-2024-40935 at SUSECVE-2024-40935 at NVDCVE-2024-40937 at SUSECVE-2024-40937 at NVDCVE-2024-40940 at SUSECVE-2024-40940 at NVDCVE-2024-40941 at SUSECVE-2024-40941 at NVDCVE-2024-40942 at SUSECVE-2024-40942 at NVDCVE-2024-40943 at SUSECVE-2024-40943 at NVDCVE-2024-40945 at SUSECVE-2024-40945 at NVDCVE-2024-40953 at SUSECVE-2024-40953 at NVDCVE-2024-40954 at SUSECVE-2024-40954 at NVDCVE-2024-40956 at SUSECVE-2024-40956 at NVDCVE-2024-40958 at SUSECVE-2024-40958 at NVDCVE-2024-40959 at SUSECVE-2024-40959 at NVDCVE-2024-40960 at SUSECVE-2024-40960 at NVDCVE-2024-40961 at SUSECVE-2024-40961 at NVDCVE-2024-40966 at SUSECVE-2024-40966 at NVDCVE-2024-40967 at SUSECVE-2024-40967 at NVDCVE-2024-40970 at SUSECVE-2024-40970 at NVDCVE-2024-40972 at SUSECVE-2024-40972 at NVDCVE-2024-40976 at SUSECVE-2024-40976 at NVDCVE-2024-40977 at SUSECVE-2024-40977 at NVDCVE-2024-40981 at SUSECVE-2024-40981 at NVDCVE-2024-40982 at SUSECVE-2024-40982 at NVDCVE-2024-40984 at SUSECVE-2024-40984 at NVDCVE-2024-40987 at SUSECVE-2024-40987 at NVDCVE-2024-40988 at SUSECVE-2024-40988 at NVDCVE-2024-40989 at SUSECVE-2024-40989 at NVDCVE-2024-40990 at SUSECVE-2024-40990 at NVDCVE-2024-40994 at SUSECVE-2024-40994 at NVDCVE-2024-40998 at SUSECVE-2024-40998 at NVDCVE-2024-40999 at SUSECVE-2024-40999 at NVDCVE-2024-41002 at SUSECVE-2024-41002 at NVDCVE-2024-41004 at SUSECVE-2024-41004 at NVDCVE-2024-41006 at SUSECVE-2024-41006 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41012 at SUSECVE-2024-41012 at NVDCVE-2024-41013 at SUSECVE-2024-41013 at NVDCVE-2024-41014 at SUSECVE-2024-41014 at NVDCVE-2024-41015 at SUSECVE-2024-41015 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41017 at SUSECVE-2024-41017 at NVDCVE-2024-41040 at SUSECVE-2024-41040 at NVDCVE-2024-41041 at SUSECVE-2024-41041 at NVDCVE-2024-41044 at SUSECVE-2024-41044 at NVDCVE-2024-41048 at SUSECVE-2024-41048 at NVDCVE-2024-41057 at SUSECVE-2024-41057 at NVDCVE-2024-41058 at SUSECVE-2024-41058 at NVDCVE-2024-41059 at SUSECVE-2024-41059 at NVDCVE-2024-41063 at SUSECVE-2024-41063 at NVDCVE-2024-41064 at SUSECVE-2024-41064 at NVDCVE-2024-41066 at SUSECVE-2024-41066 at NVDCVE-2024-41069 at SUSECVE-2024-41069 at NVDCVE-2024-41070 at SUSECVE-2024-41070 at NVDCVE-2024-41071 at SUSECVE-2024-41071 at NVDCVE-2024-41072 at SUSECVE-2024-41072 at NVDCVE-2024-41076 at SUSECVE-2024-41076 at NVDCVE-2024-41078 at SUSECVE-2024-41078 at NVDCVE-2024-41081 at SUSECVE-2024-41081 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41090 at SUSECVE-2024-41090 at NVDCVE-2024-41091 at SUSECVE-2024-41091 at NVDCVE-2024-42070 at SUSECVE-2024-42070 at NVDCVE-2024-42079 at SUSECVE-2024-42079 at NVDCVE-2024-42093 at SUSECVE-2024-42093 at NVDCVE-2024-42096 at SUSECVE-2024-42096 at NVDCVE-2024-42105 at SUSECVE-2024-42105 at NVDCVE-2024-42122 at SUSECVE-2024-42122 at NVDCVE-2024-42124 at SUSECVE-2024-42124 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42161 at SUSECVE-2024-42161 at NVDCVE-2024-42224 at SUSECVE-2024-42224 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDcpe:/o:opensuse:leap:15.5Security update for runc (Important)openSUSE Leap 15.5
This update for runc fixes the following issues:
Update to runc v1.1.11:
- CVE-2024-21626: Fixed container breakout. (bsc#1218894)
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:opensuse:leap:15.5Security update for osc (Moderate)openSUSE Leap 15.5
This update for osc fixes the following issues:
- 1.9.0
- Security:
- Fix possibility to overwrite special files in .osc (CVE-2024-22034 bsc#1225911)
Source files are now stored in the 'sources' subdirectory which prevents
name collisons. This requires changing version of '.osc' store to 2.0.
- Command-line:
- Introduce build --checks parameter
- Library:
- OscConfigParser: Remove automatic __name__ option
- 1.8.3
- Command-line:
- Change 'repairwc' command to always run all repair steps
- Library:
- Make most of the fields in KeyinfoPubkey and KeyinfoSslcert models optional
- Fix colorize() to avoid wrapping empty string into color escape sequences
- Provide default values for kwargs.get/pop in get_results() function
- 1.8.2
- Library:
- Change 'repairwc' command to fix missing .osc/_osclib_version
- Make error message in check_store_version() more generic to work for both projects and packages
- Fix check_store_version in project store
- 1.8.1
- Command-line:
- Fix 'linkpac' command crash when used with '--disable-build' or '--disable-publish' option
- 1.8.0
- Command-line:
- Improve 'submitrequest' command to inherit description from superseded request
- Fix 'mv' command when renaming a file multiple times
- Improve 'info' command to support projects
- Improve 'getbinaries' command by accepting '-M' / '--multibuild-package' option outside checkouts
- Add architecture filtering to 'release' command
- Change 'results' command so the normal and multibuild packages have the same output
- Change 'results' command to use csv writer instead of formatting csv as string
- Add couple mutually exclusive options errors to 'results' command
- Set a default value for 'results --format' only for the csv output
- Add support for 'results --format' for the default text mode
- Update help text for '--format' option in 'results' command
- Add 'results --fail-on-error/-F' flag
- Redirect venv warnings from stderr to debug output
- Configuration:
- Fix config parser to throw an exception on duplicate sections or options
- Modify conf.get_config() to print permissions warning to stderr rather than stdout
- Library:
- Run check_store_version() in obs_scm.Store and fix related code in Project and Package
- Forbid extracting files with absolute path from 'cpio' archives (bsc#1122683)
- Forbid extracting files with absolute path from 'ar' archives (bsc#1122683)
- Remove no longer valid warning from core.unpack_srcrpm()
- Make obs_api.KeyinfoSslcert keyid and fingerprint fields optional
- Fix return value in build build.create_build_descr_data()
- Fix core.get_package_results() to obey 'multibuild_packages' argument
- Tests:
- Fix tests so they don't modify fixtures
- 1.7.0
- Command-line:
- Add 'person search' command
- Add 'person register' command
- Add '-M/--multibuild-package' option to '[what]dependson' commands
- Update '-U/--user' option in 'maintainer' command to accept also an email address
- Fix 'branch' command to allow using '--new-package' option on packages that do not exist
- Fix 'buildinfo' command to include obs:cli_debug_packages by default
- Fix 'buildinfo' command to send complete local build environment as the 'build' command does
- Fix 'maintainer --devel-project' to raise an error if running outside a working copy without any arguments
- Fix handling arguments in 'service remoterun prj/pac'
- Fix 'rebuild' command so the '--all' option conflicts with the 'package' argument
- Fix crash when removing 'scmsync' element from dst package meta in 'linkpac' command
- Fix crash when reading dst package meta in 'linkpac' command
- Allow `osc rpmlint` to infer prj/pkg from CWD
- Propagate exit code from the run() and do_() commandline methods
- Give a hint where a scmsync git is hosted
- Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec
- Improve 'updatepacmetafromspec' command to expand rpm spec macros by calling rpmspec to query the data
- Improve 'build' and 'buildinfo' commands by uploading *.inc files to OBS for parsing BuildRequires (bsc#1221340)
- Improve 'service' command by printing names of running services
- Improve 'getbinaries' command by ignoring source and debuginfo filters when a binary name is specified
- Change 'build' command to pass '--jobs' option to 'build' tool only if 'build_jobs' > 0
- Clarify 'list' command's help that that listing binaries doesn't contain md5 checksums
- Improve 'log' command: produce proper CSV and XML outputs, add -p/--patch option for the text output
- Allow setlinkrev to set a specific vrev
- Document '--buildtool-opt=--noclean' example in 'build' command's help
- Fix handling the default package argument on the command-line
- Configuration:
- Document loading configuration from env variables
- Connection:
- Don't retry on error 400
- Remove now unused 'retry_on_400' http_request() option from XmlModel
- Revert 'Don't retry on 400 HTTP status code in core.server_diff()'
- Revert 'connection: Allow disabling retry on 400 HTTP status code'
- Authentication:
- Update SignatureAuthHandler to support specifying ssh key by its fingerprint
- Use ssh key from ssh agent that contains comment 'obs=<apiurl-hostname>'
- Use strings instead of bytes in SignatureAuthHandler
- Cache password from SecretService to avoid spamming user with an accept dialog
- Never ask for credentials when displaying help
- Remove unused SignatureAuthHandler.get_fingerprint()
- Library:
- Add rootless build support for 'qemu' VM type
- Support package linking of packages from scmsync projects
- Fix do_createrequest() function to return None instead of request id
- Replace invalid 'if' with 'elif' in BaseModel.dict()
- Fix crash when no prefered packages are defined
- Add XmlModel class that encapsulates manipulation with XML
- Add obs_api.Person.cmd_register() for registering new users
- Fix conf.get_config() to ignore file type bits when comparing oscrc perms
- Fix conf.get_config() to correctly handle overrides when env variables are set
- Fix output.tty.IS_INTERACTIVE when os.isatty() throws OSError
- Improve cmdln.HelpFormatter to obey newline characters
- Update list of color codes in 'output.tty' module
- Remove core.setDevelProject() in favor of core.set_devel_project()
- Move removing control characters to output.sanitize_text()
- Improve sanitize_text() to keep selected CSI escape sequences
- Add output.pipe_to_pager() that pipes lines to a pager without creating an intermediate temporary file
- Fix output.safe_write() in connection with NamedTemporaryFile
- Modernize output.run_pager()
- Extend output.print_msg() to accept 'error' and 'warning' values of 'to_print' argument
- Add XPathQuery class for translating keyword arguments to an xpath query
- Add obs_api.Keyinfo class
- Add obs_api.Package class
- Add Package.get_revision_list() for listing commit log
- Add obs_api.PackageSources class for handling OBS SCM sources
- Add obs_api.Person class
- Add obs_api.Project class
- Add obs_api.Request class
- Add obs_api.Token class
- Allow storing apiurl in the XmlModel instances
- Allow retrieving default field value from top-level model
- Fix BaseModel to convert dictionaries to objects on retrieving a model list
- Fix BaseModel to always deepcopy mutable defaults on first use
- Implement do_snapshot() and has_changed() methods to determine changes in BaseModel
- Implement total ordering on BaseModel
- Add comments with available attributes/elements to edited XML
- Refactoring:
- Migrate repo {list,add,remove} commands to obs_api.Project
- Migrate core.show_package_disabled_repos() to obs_api.Package
- Migrate core.Package.update_package_meta() to obs_api.Package
- Migrate core.get_repos_of_project() to obs_api.Project
- Migrate core.get_repositories_of_project() to obs_api.Project
- Migrate core.show_scmsync() to obs_api.{Package,Project}
- Migrate core.set_devel_project() to obs_api.Package
- Migrate core.show_devel_project() to obs_api.Package
- Migrate Fetcher.run() to obs_api.Keyinfo
- Migrate core.create_submit_request() to obs_api.Request
- Migrate 'token' command to obs_api.Token
- Migrate 'whois/user' command to obs_api.Person
- Migrate 'signkey' command to obs_api.Keyinfo
- Move print_msg() to the 'osc.output' module
- Move run_pager() and get_default_pager() from 'core' to 'output' module
- Move core.Package to obs_scm.Package
- Move core.Project to obs_scm.Project
- Move functions manipulating store from core to obs_scm.store
- Move store.Store to obs_scm.Store
- Move core.Linkinfo to obs_scm.Linkinfo
- Move core.Serviceinfo to obs_scm.Serviceinfo
- Move core.File to obs_scm.File
- Merge _private.project.ProjectMeta into obs_api.Project
- Spec:
- Remove dependency on /usr/bin/python3 using %python3_fix_shebang macro (bsc#1212476)
- 1.6.2
- Command-line:
- Fix 'branch' command to allow using '--new-package' option on packages that do not exist
- Fix 'buildinfo' command to include obs:cli_debug_packages by default
- Fix 'buildinfo' command to send complete local build environment as the 'build' command does
- Allow `osc rpmlint` to infer prj/pkg from CWD
- Propagate exit code from the run() and do_() commandline methods
- Give a hint where a scmsync git is hosted
- Fix crash in 'updatepacmetafromspec' command when working with an incomplete spec
- Authentication:
- Cache password from SecretService to avoid spamming user with an accept dialog
- Never ask for credentials when displaying help
- Library:
- Support package linking of packages from scmsync projects
- Fix do_createrequest() function to return None instead of request id
- Replace invalid 'if' with 'elif' in BaseModel.dict()
- Fix crash when no prefered packages are defined
- 1.6.1
- Command-line:
- Use busybox compatible commands for completion
- Change 'wipe' command to use the new get_user_input() function
- Fix error 500 in running 'meta attribute <prj>'
- Configuration:
- Fix resolving config symlink to the actual config file
- Honor XDG_CONFIG_HOME and XDG_CACHE_HOME env vars
- Warn about ignoring XDG_CONFIG_HOME and ~/.config/osc/oscrc if ~/.oscrc exists
- Library:
- Error out when branching a scmsync package
- New get_user_input() function for consistent handling of user input
- Move xml_indent, xml_quote and xml_unquote to osc.util.xml module
- Refactor makeurl(), deprecate query taking string or list arguments, drop osc_urlencode()
- Remove all path quoting, rely on makeurl()
- Always use dict query in makeurl()
- Fix core.slash_split() to strip both leading and trailing slashes
- 1.6.0
- Command-line:
- The 'token --trigger' command no longer sets '--operation=runservice' by default.
- Change 'token --create' command to require '--operation'
- Fix 'linkdiff' command error 400: prj/pac/md5 not in repository
- Update 'build' command to support building 'productcompose' build type with updateinfo.xml data
- Don't show meter in terminals that are not interactive
- Fix traceback when running osc from an arbitrary git repo that fails to map branch to a project (bsc#1218170)
- Configuration:
- Implement reading credentials from environmental variables
- Allow starting with an empty config if --configfile is either empty or points to /dev/null
- Implement 'quiet' conf option
- Password can be an empty string (commonly used with ssh auth)
- Connection:
- Allow -X HEAD on osc api requests as well
- Library:
- Fix credentials managers to consistently return Password
- Fix Password.encode() on python < 3.8
- Refactor 'meter' module, use config settings to pick the right class
- Convert to using f-strings
- Use Field.get_callback to handle quiet/verbose and http_debug/http_full_debug options
- Implement get_callback that allows modifying returned value to the Field class
- Add support for List[BaseModel] type to Field class
- Report class name when reporting an error during instantiating BaseModel object
- Fix exporting an empty model field in BaseModel.dict()
- Fix initializing a sub-model instance from a dictionary
- Implement 'Enum' support in models
- Fix Field.origin_type for Optional types
- Drop unused 'exclude_unset' argument from BaseModel.dict() method
- Store cached model defaults in self._defaults, avoid sharing references to mutable defaults
- Limit model attributes to predefined fields by forbidding creating new attributes on fly
- Store model values in self._values dict instead of private attributes
- Spec:
- Recommend openssh-clients for ssh-add that is required during ssh auth
- Add 0%{?amzn} macro that wasn't usptreamed
ModerateSUSE bug 1122683SUSE bug 1212476SUSE bug 1218170SUSE bug 1221340SUSE bug 1225911CVE-2024-22034 at SUSECVE-2024-22034 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
Security issue fixed:
- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)
Non-security issues fixed:
- Improve python reproducible builds (bsc#1227999)
- Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660)
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
ImportantSUSE bug 1225660SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780CVE-2024-6923 at SUSECVE-2024-6923 at NVDcpe:/o:opensuse:leap:15.5Security update for libcryptopp (Moderate)openSUSE Leap 15.5
This update for libcryptopp fixes the following issues:
- CVE-2023-50980: Fixed DoS via malformed DER public key file (bsc#1218219).
ModerateSUSE bug 1218219CVE-2023-50980 at SUSECVE-2023-50980 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648)
- CVE-2024-7518: Fullscreen notification dialog can be obscured by document
- CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
- CVE-2024-7520: Type confusion in WebAssembly
- CVE-2024-7521: Incomplete WebAssembly exception handing
- CVE-2024-7522: Out of bounds read in editor component
- CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims
- CVE-2024-7525: Missing permission check when creating a StreamFilter
- CVE-2024-7526: Uninitialized memory used by WebGL
- CVE-2024-7527: Use-after-free in JavaScript garbage collection
- CVE-2024-7528: Use-after-free in IndexedDB
- CVE-2024-7529: Document content could partially obscure security prompts
- CVE-2024-7531: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel
ImportantSUSE bug 1226316SUSE bug 1228648CVE-2024-6600 at SUSECVE-2024-6600 at NVDCVE-2024-6601 at SUSECVE-2024-6601 at NVDCVE-2024-6602 at SUSECVE-2024-6602 at NVDCVE-2024-6603 at SUSECVE-2024-6603 at NVDCVE-2024-6604 at SUSECVE-2024-6604 at NVDCVE-2024-6605 at SUSECVE-2024-6605 at NVDCVE-2024-6606 at SUSECVE-2024-6606 at NVDCVE-2024-6607 at SUSECVE-2024-6607 at NVDCVE-2024-6608 at SUSECVE-2024-6608 at NVDCVE-2024-6609 at SUSECVE-2024-6609 at NVDCVE-2024-6610 at SUSECVE-2024-6610 at NVDCVE-2024-6611 at SUSECVE-2024-6611 at NVDCVE-2024-6612 at SUSECVE-2024-6612 at NVDCVE-2024-6613 at SUSECVE-2024-6613 at NVDCVE-2024-6614 at SUSECVE-2024-6614 at NVDCVE-2024-6615 at SUSECVE-2024-6615 at NVDCVE-2024-7518 at SUSECVE-2024-7518 at NVDCVE-2024-7519 at SUSECVE-2024-7519 at NVDCVE-2024-7520 at SUSECVE-2024-7520 at NVDCVE-2024-7521 at SUSECVE-2024-7521 at NVDCVE-2024-7522 at SUSECVE-2024-7522 at NVDCVE-2024-7524 at SUSECVE-2024-7524 at NVDCVE-2024-7525 at SUSECVE-2024-7525 at NVDCVE-2024-7526 at SUSECVE-2024-7526 at NVDCVE-2024-7527 at SUSECVE-2024-7527 at NVDCVE-2024-7528 at SUSECVE-2024-7528 at NVDCVE-2024-7529 at SUSECVE-2024-7529 at NVDCVE-2024-7531 at SUSECVE-2024-7531 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138)
Other fixes:
- Build with no-afalgeng (bsc#1226463)
ModerateSUSE bug 1226463SUSE bug 1227138CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:opensuse:leap:15.5Security update for cpio (Moderate)openSUSE Leap 15.5
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
ModerateSUSE bug 1218571SUSE bug 1219238CVE-2023-7207 at SUSECVE-2023-7207 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-setuptools (Important)openSUSE Leap 15.5
This update for python3-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:opensuse:leap:15.5Security update for python-setuptools (Important)openSUSE Leap 15.5
This update for python-setuptools fixes the following issues:
- CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105)
ImportantSUSE bug 1228105CVE-2024-6345 at SUSECVE-2024-6345 at NVDcpe:/o:opensuse:leap:15.5Security update for unbound (Low)openSUSE Leap 15.5
This update for unbound fixes the following issues:
- CVE-2024-43167: Fix null pointer dereference issue in function ub_ctx_set_fwd (bsc#1229068)
LowSUSE bug 1229068CVE-2024-43167 at SUSECVE-2024-43167 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Important)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2024-31145: Fixed error handling in x86 IOMMU identity mapping (XSA-460, bsc#1228574)
- CVE-2024-31146: Fixed PCI device pass-through with shared resources (XSA-461, bsc#1228575)
Other fixes:
- Update to Xen 4.17.5 security bug fix release (bsc#1027519)
ImportantSUSE bug 1027519SUSE bug 1228574SUSE bug 1228575CVE-2024-31145 at SUSECVE-2024-31145 at NVDCVE-2024-31146 at SUSECVE-2024-31146 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Important)openSUSE Leap 15.5
This update for python39 fixes the following issues:
Security issues fixed:
- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)
- CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233)
Non-security issues fixed:
- Fixed executable bits for /usr/bin/idle* (bsc#1227378).
- Improve python reproducible builds (bsc#1227999)
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDcpe:/o:opensuse:leap:15.5Security update for qemu (Important)openSUSE Leap 15.5
This update for qemu fixes the following issues:
- CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322)
ImportantSUSE bug 1227322CVE-2024-4467 at SUSECVE-2024-4467 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qtquick3d (Important)openSUSE Leap 15.5
This update for libqt5-qtquick3d fixes the following issues:
- CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228199)
Other fixes:
- Fix progressive anti-aliasing, which doesn't work if any object in the scene used a PrincipledMaterial
- Skip processing unknown uniforms, such as those that are vendor specific:
ImportantSUSE bug 1228199CVE-2024-40724 at SUSECVE-2024-40724 at NVDcpe:/o:opensuse:leap:15.5Security update for libqt5-qt3d (Important)openSUSE Leap 15.5
This update for libqt5-qt3d fixes the following issues:
- CVE-2024-40724: Fixed heap-based buffer overflow in the PLY importer class in assimp (bsc#1228204)
Other fixes:
- Check for a nullptr returned from the shader manager
- Fill image with transparency by default to avoid having junk if it's not filled properly before the first paint call
- Fix QTextureAtlas parenting that could lead to crashes due to being used after free'd.
ImportantSUSE bug 1228204CVE-2024-40724 at SUSECVE-2024-40724 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)
ModerateSUSE bug 1228535CVE-2024-7264 at SUSECVE-2024-7264 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware (Important)openSUSE Leap 15.5
This update for kernel-firmware fixes the following issues:
- CVE-2023-31315: Fixed validation in a model specific register (MSR) that lead to modification of SMM configuration by malicious program with ring0 access (bsc#1229069)
ImportantSUSE bug 1229069CVE-2023-31315 at SUSECVE-2023-31315 at NVDcpe:/o:opensuse:leap:15.5Security update for 389-ds (Important)openSUSE Leap 15.5
This update for 389-ds fixes the following issues:
Security issues fixed:
- CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512)
- CVE-2024-5953: Fixed a denial of service caused by malformed userPassword hashes (bsc#1226277)
- CVE-2024-2199: Fixed a crash caused by malformed userPassword in do_modify() (bsc#1225507)
Non-security issues fixed:
- crash when user does change password using iso-8859-1 encoding (bsc#1228912)
- Update to version 2.2.10~git2.345056d3:
* Issue 2324 - Add a CI test (#6289)
* Issue 6284 - BUG - freelist ordering causes high wtime
- Update to version 2.2.10~git0.4d7218b7:
* Bump version to 2.2.10
* Issue 5327 - Fix test metadata
* Issue 5853 - Update Cargo.lock
* Issue 5962 - Rearrange includes for 32-bit support logic
* Issue 5973 - Fix fedora cop RawHide builds (#5974)
* Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console
* Issue 6254 - Enabling replication for a sub suffix crashes browser (#6255)
* Issue 6224 - d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes (#6225)
* Issue 6183 - Slow ldif2db import on a newly created BDB backend (#6208)
* Issue 6170 - audit log buffering doesn't handle large updates
* Issue 6193 - Test failure: test_tls_command_returns_error_text
* Issue 6189 - CI tests fail with `[Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'`
* Issue 6172 - RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) (#6173)
* Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093)
* Issue 6080 - ns-slapd crash in referint_get_config (#6081)
* Issue 6117 - Fix the UTC offset print (#6118)
* Issue 5305 - OpenLDAP version autodetection doesn't work
* Issue 6112 - RFE - add new operation note for MFA authentications
* Issue 5842 - Add log buffering to audit log
* Issue 6103 - New connection timeout error breaks errormap (#6104)
* Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079)
* Issue 6096 - Improve connection timeout error logging (#6097)
* Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088)
* Issue 5487 - Fix various isses with logconv.pl (#6085)
ImportantSUSE bug 1225507SUSE bug 1225512SUSE bug 1226277SUSE bug 1228912CVE-2024-2199 at SUSECVE-2024-2199 at NVDCVE-2024-3657 at SUSECVE-2024-3657 at NVDCVE-2024-5953 at SUSECVE-2024-5953 at NVDcpe:/o:opensuse:leap:15.5Security update for zziplib (Moderate)openSUSE Leap 15.5
This update for zziplib fixes the following issues:
- CVE-2024-39134: Fixed a stack buffer overflow via the __zzip_fetch_disk_trailer() (bsc#1227178)
ModerateSUSE bug 1227178CVE-2024-39134 at SUSECVE-2024-39134 at NVDcpe:/o:opensuse:leap:15.5Security update for glib2 (Low)openSUSE Leap 15.5
This update for glib2 fixes the following issues:
- Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044).
LowSUSE bug 1224044CVE-2024-34397 at SUSECVE-2024-34397 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21-openssl (Important)openSUSE Leap 15.5
This update for go1.21-openssl fixes the following issues:
- CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314)
- CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973)
- CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974)
- CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400)
- CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000)
- CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001)
- CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999)
- CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002)
- CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003)
Other fixes:
- Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320)
- Update to version 1.21.13 (bsc#1212475)
- Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962)
- Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988)
ImportantSUSE bug 1212475SUSE bug 1219988SUSE bug 1220999SUSE bug 1221000SUSE bug 1221001SUSE bug 1221002SUSE bug 1221003SUSE bug 1221400SUSE bug 1224017SUSE bug 1225973SUSE bug 1225974SUSE bug 1227314CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2023-45289 at SUSECVE-2023-45289 at NVDCVE-2023-45290 at SUSECVE-2023-45290 at NVDCVE-2024-24783 at SUSECVE-2024-24783 at NVDCVE-2024-24784 at SUSECVE-2024-24784 at NVDCVE-2024-24785 at SUSECVE-2024-24785 at NVDCVE-2024-24787 at SUSECVE-2024-24787 at NVDCVE-2024-24789 at SUSECVE-2024-24789 at NVDCVE-2024-24790 at SUSECVE-2024-24790 at NVDCVE-2024-24791 at SUSECVE-2024-24791 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.44.3 (bsc#1228696 bsc#1228697 bsc#1228698):
- Fix web process cache suspend/resume when sandbox is enabled.
- Fix accelerated images dissapearing after scrolling.
- Fix video flickering with DMA-BUF sink.
- Fix pointer lock on X11.
- Fix movement delta on mouse events in GTK3.
- Undeprecate console message API and make it available in 2022 API.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2024-40776, CVE-2024-40779, CVE-2024-40780,
CVE-2024-40782, CVE-2024-40785, CVE-2024-40789, CVE-2024-40794,
CVE-2024-4558.
ImportantSUSE bug 1228613SUSE bug 1228693SUSE bug 1228694SUSE bug 1228695SUSE bug 1228696SUSE bug 1228697SUSE bug 1228698CVE-2024-40776 at SUSECVE-2024-40776 at NVDCVE-2024-40779 at SUSECVE-2024-40779 at NVDCVE-2024-40780 at SUSECVE-2024-40780 at NVDCVE-2024-40782 at SUSECVE-2024-40782 at NVDCVE-2024-40785 at SUSECVE-2024-40785 at NVDCVE-2024-40789 at SUSECVE-2024-40789 at NVDCVE-2024-40794 at SUSECVE-2024-40794 at NVDCVE-2024-4558 at SUSECVE-2024-4558 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.26 (Important)openSUSE Leap 15.5
This update for kubernetes1.26 fixes the following issues:
Update kubernetes to version 1.26.15:
- CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869)
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869)
Other fixes:
- Fixed packages required by kubernetes1.26-client installation (bsc#1229008)
- Update go to version v1.22.5 (bsc#1229858)
- Add upstream patch for reproducible builds (bsc#1062303)
ImportantSUSE bug 1062303SUSE bug 1229008SUSE bug 1229858SUSE bug 1229867SUSE bug 1229869CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240813 release (bsc#1229129)
- CVE-2024-24853: Security updates for [INTEL-SA-01083](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01083.html)
- CVE-2024-25939: Security updates for [INTEL-SA-01118](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01118.html)
- CVE-2024-24980: Security updates for [INTEL-SA-01100](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01100.html)
- CVE-2023-42667: Security updates for [INTEL-SA-01038](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01038.html)
- CVE-2023-49141: Security updates for [INTEL-SA-01046](https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01046.html)
Other issues fixed:
- Update for functional issues. Refer to [Intel Core Ultra Processor](https://cdrdv2.intel.com/v1/dl/getContent/792254) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/637780) for details.
- Update for functional issues. Refer to [3rd Generation Intel Xeon Scalable Processors Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/634897) for details.
- Update for functional issues. Refer to [2nd Generation Intel Xeon Processor Scalable Family Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338848) for details
- Update for functional issues. Refer to [Intel Xeon D-2700 Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/714071) for details.
- Update for functional issues. Refer to [Intel Xeon E-2300 Processor Specification Update ](https://cdrdv2.intel.com/v1/dl/getContent/709192) for details.
- Update for functional issues. Refer to [13th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/740518) for details.
- Update for functional issues. Refer to [12th Generation Intel Core Processor Family](https://cdrdv2.intel.com/v1/dl/getContent/682436) for details.
- Update for functional issues. Refer to [11th Gen Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/631123) for details.
- Update for functional issues. Refer to [10th Gen Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/341079) for details.
- Update for functional issues. Refer to [10th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/615213) for details.
- Update for functional issues. Refer to [8th and 9th Generation Intel Core Processor Family Spec Update](https://cdrdv2.intel.com/v1/dl/getContent/337346) for details.
- Update for functional issues. Refer to [8th Generation Intel Core Processor Families Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/338025) for details.
- Update for functional issues. Refer to [7th and 8th Generation Intel Core Processor Specification Update](https://cdrdv2.intel.com/v1/dl/getContent/334663) for details.
- Update for functional issues. Refer to [Intel Processors and Intel Core i3 N-Series](https://cdrdv2.intel.com/v1/dl/getContent/764616) for details.
- Update for functional issues. Refer to [Intel Atom x6000E Series, and Intel Pentium and Celeron N and J Series Processors for Internet of Things (IoT) Applications](https://cdrdv2.intel.com/v1/dl/getContent/636674) for details.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| AML-Y22 | H0 | 06-8e-09/10 | 000000f4 | 000000f6 | Core Gen8 Mobile
| AML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CFL-H | R0 | 06-9e-0d/22 | 000000fc | 00000100 | Core Gen9 Mobile
| CFL-H/S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9
| CFL-H/S/E3 | U0 | 06-9e-0a/22 | 000000f6 | 000000f8 | Core Gen8 Desktop, Mobile, Xeon E
| CFL-S | B0 | 06-9e-0b/02 | 000000f4 | 000000f6 | Core Gen8
| CFL-S | P0 | 06-9e-0c/22 | 000000f6 | 000000f8 | Core Gen9 Desktop
| CFL-U43e | D0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| CLX-SP | B1 | 06-55-07/bf | 05003605 | 05003707 | Xeon Scalable Gen2
| CML-H | R1 | 06-a5-02/20 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-S102 | Q0 | 06-a5-05/22 | 000000fa | 000000fc | Core Gen10
| CML-S62 | G1 | 06-a5-03/22 | 000000fa | 000000fc | Core Gen10
| CML-U42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-U62 V1 | A0 | 06-a6-00/80 | 000000fa | 000000fe | Core Gen10 Mobile
| CML-U62 V2 | K1 | 06-a6-01/80 | 000000fa | 000000fc | Core Gen10 Mobile
| CML-Y42 | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen10 Mobile
| CPX-SP | A1 | 06-55-0b/bf | 07002802 | 07002904 | Xeon Scalable Gen3
| EHL | B1 | 06-96-01/01 | 00000019 | 0000001a | Pentium J6426/N6415, Celeron J6412/J6413/N6210/N6211, Atom x6000E
| ICL-D | B0 | 06-6c-01/10 | 01000290 | 010002b0 | Xeon D-17xx, D-27xx
| ICL-U/Y | D1 | 06-7e-05/80 | 000000c4 | 000000c6 | Core Gen10 Mobile
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003d1 | 0d0003e7 | Xeon Scalable Gen3
| KBL-R U | Y0 | 06-8e-0a/c0 | 000000f4 | 000000f6 | Core Gen8 Mobile
| KBL-U23e | J1 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| KBL-U/Y | H0 | 06-8e-09/c0 | 000000f4 | 000000f6 | Core Gen7 Mobile
| MTL | C-0 | 06-aa-04/e6 | 0000001c | 0000001e | Core Ultra Processor
| RKL-S | B0 | 06-a7-01/02 | 0000005e | 00000062 | Core Gen11
| TGL | B0/B1 | 06-8c-01/80 | 000000b6 | 000000b8 | Core Gen11 Mobile
| TGL-H | R0 | 06-8d-01/c2 | 00000050 | 00000052 | Core Gen11 Mobile
| TGL-R | C0 | 06-8c-02/c2 | 00000036 | 00000038 | Core Gen11 Mobile
| WHL-U | V0 | 06-8e-0c/94 | 000000fa | 000000fc | Core Gen8 Mobile
| WHL-U | W0 | 06-8e-0b/d0 | 000000f4 | 000000f6 | Core Gen8 Mobile
- update to 20240531:
* Update for functional issues. Refer to Intel Pentium Silver
and Intel Celeron Processor Specification Update
- Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| GLK | B0 | 06-7a-01/01 | 00000040 | 00000042 | Pentium Silver N/J5xxx, Celeron N/J4xxx
ImportantSUSE bug 1229129CVE-2023-42667 at SUSECVE-2023-42667 at NVDCVE-2023-49141 at SUSECVE-2023-49141 at NVDCVE-2024-24853 at SUSECVE-2024-24853 at NVDCVE-2024-24980 at SUSECVE-2024-24980 at NVDCVE-2024-25939 at SUSECVE-2024-25939 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.28 (Important)openSUSE Leap 15.5
This update for kubernetes1.28 fixes the following issues:
Update kubernetes to version 1.28.13:
- CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869)
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869)
Other fixes:
- Update go to version v1.22.5 (bsc#1229858)
ImportantSUSE bug 1229858SUSE bug 1229867SUSE bug 1229869CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.27 (Important)openSUSE Leap 15.5
This update for kubernetes1.27 fixes the following issues:
Update kubernetes to version 1.27.16
- CVE-2024-24786: Fixed infinite loop in protojson.Unmarshal in golang-protobuf (bsc#1229867)
- CVE-2023-39325: Fixed a flaw that can lead to a DoS due to a rapid stream resets causing excessive work. This is also known as CVE-2023-44487. (bsc#1229869)
- CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1229869)
- CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack in net/http (bsc#1229869)
Other fixes:
- Update go to version v1.22.5 (bsc#1229858)
ImportantSUSE bug 1229858SUSE bug 1229867SUSE bug 1229869CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDcpe:/o:opensuse:leap:15.5Security update for bubblewrap and flatpak (Important)openSUSE Leap 15.5
This update for bubblewrap and flatpak fixes the following issues:
- CVE-2024-42472: Fixed access to files outside sandbox for apps using persistent (bsc#1229157)
ImportantSUSE bug 1229157CVE-2024-42472 at SUSECVE-2024-42472 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465)
ModerateSUSE bug 1229465CVE-2024-6119 at SUSECVE-2024-6119 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
- CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgp_attr_encap (bsc#1229438)
ImportantSUSE bug 1229438CVE-2024-44070 at SUSECVE-2024-44070 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-42367: Fixed path traversal outside the root directory when requests involve compressed files as symbolic links (bsc#1229226)
ModerateSUSE bug 1229226CVE-2024-42367 at SUSECVE-2024-42367 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 115.14
* fixed: When using an external installation of GnuPG,
Thunderbird occassionally sent/received corrupted messages
* fixed: Users of external GnuPG were unable to decrypt
incorrectly encoded messages (bmo#1906903)
* fixed: Flatpak install of 128.0esr was incorrectly downgraded
to 115.13.0esr (bmo#1908299)
* fixed: Security fixes
MFSA 2024-38 (bsc#1228648)
* CVE-2024-7519: Out of bounds memory access in graphics shared memory handling
* CVE-2024-7521: Incomplete WebAssembly exception handing
* CVE-2024-7522: Out of bounds read in editor component
* CVE-2024-7525: Missing permission check when creating a StreamFilter
* CVE-2024-7526: Uninitialized memory used by WebGL
* CVE-2024-7527: Use-after-free in JavaScript garbage collection
* CVE-2024-7529: Document content could partially obscure security prompts
ImportantSUSE bug 1228648CVE-2024-7519 at SUSECVE-2024-7519 at NVDCVE-2024-7521 at SUSECVE-2024-7521 at NVDCVE-2024-7522 at SUSECVE-2024-7522 at NVDCVE-2024-7525 at SUSECVE-2024-7525 at NVDCVE-2024-7526 at SUSECVE-2024-7526 at NVDCVE-2024-7527 at SUSECVE-2024-7527 at NVDCVE-2024-7529 at SUSECVE-2024-7529 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg (Moderate)openSUSE Leap 15.5
This update for ffmpeg fixes the following issues:
- CVE-2020-22027: Fixed heap-based Buffer Overflow vulnerability exits in deflate16 at libavfilter/vf_neighbor.c (bsc#1186607)
- CVE-2021-38291: Fixed an assertion failure at src/libavutil/mathematics.c (bsc#1189428)
- CVE-2023-51798: Fixed floating point exception(FPE) via the interpolate function (bsc#1223304)
ModerateSUSE bug 1186607SUSE bug 1189428SUSE bug 1223304CVE-2020-22027 at SUSECVE-2020-22027 at NVDCVE-2021-38291 at SUSECVE-2021-38291 at NVDCVE-2023-51798 at SUSECVE-2023-51798 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Moderate)openSUSE Leap 15.5
This update for tiff fixes the following issues:
- CVE-2024-7006: Fixed null pointer dereference in tif_dirinfo.c (bsc#1228924)
ModerateSUSE bug 1228924CVE-2024-7006 at SUSECVE-2024-7006 at NVDcpe:/o:opensuse:leap:15.5Security update for python-WebOb (Moderate)openSUSE Leap 15.5
This update for python-WebOb fixes the following issues:
- CVE-2024-42353: Fixed open redirect via WebOb's Response object in Location header (bsc#1229221)
ModerateSUSE bug 1229221CVE-2024-42353 at SUSECVE-2024-42353 at NVDcpe:/o:opensuse:leap:15.5Security update for dovecot23 (Important)openSUSE Leap 15.5
This update for dovecot23 fixes the following issues:
- CVE-2024-23185: Fixed a denial of service with large headers (bsc#1229183)
- CVE-2024-23184: Fixed a denial of service parsing messages containing many address headers (bsc#1229184)
ImportantSUSE bug 1229183SUSE bug 1229184CVE-2024-23184 at SUSECVE-2024-23184 at NVDCVE-2024-23185 at SUSECVE-2024-23185 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Moderate)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138, bsc#1227227)
ModerateSUSE bug 1227138SUSE bug 1227227CVE-2024-5535 at SUSECVE-2024-5535 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah, docker (Critical)openSUSE Leap 15.5
This update for buildah, docker fixes the following issues:
Changes in docker:
- CVE-2024-23651: Fixed arbitrary files write due to race condition on mounts (bsc#1219267)
- CVE-2024-23652: Fixed insufficient validation of parent directory on mount (bsc#1219268)
- CVE-2024-23653: Fixed insufficient validation on entitlement on container creation via buildkit (bsc#1219438)
- CVE-2024-41110: A Authz zero length regression that could lead to authentication bypass was fixed (bsc#1228324)
Other fixes:
- Update to Docker 25.0.6-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/25.0/#2506>
- Update to Docker 25.0.5-ce (bsc#1223409)
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical
symlinks. (bsc#1221916)
- Write volume options atomically so sudden system crashes won't result in
future Docker starts failing due to empty files. (bsc#1214855)
Changes in buildah:
- Update to version 1.35.4:
* [release-1.35] Bump to Buildah v1.35.4
* [release-1.35] CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* [release-1.35] Bump go-jose CVE-2024-28180
* [release-1.35] Bump ocicrypt and go-jose CVE-2024-28180
- Update to version 1.35.3:
* [release-1.35] Bump to Buildah v1.35.3
* [release-1.35] correctly configure /etc/hosts and resolv.conf
* [release-1.35] buildah: refactor resolv/hosts setup.
* [release-1.35] rename the hostFile var to reflect
* [release-1.35] Bump c/common to v0.58.1
* [release-1.35] Bump Buildah to v1.35.2
* [release-1.35] CVE-2024-24786 protobuf to 1.33
* [release-1.35] Bump to v1.35.2-dev
- Update to version 1.35.1:
* [release-1.35] Bump to v1.35.1
* [release-1.35] CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
- Update to version 1.35.0:
* Bump v1.35.0
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* fix(deps): update module github.com/stretchr/testify to v1.9.0
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* fix(deps): update github.com/containers/storage digest to eadc620
* fix(deps): update github.com/containers/luksy digest to ceb12d4
* fix(deps): update github.com/containers/image/v5 digest to cdc6802
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* fix(deps): update module github.com/containerd/containerd to v1.7.13
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* fix(deps): update github.com/openshift/imagebuilder digest to b767bc3
* imagebuildah: fix crash with empty RUN
* fix(deps): update github.com/containers/luksy digest to b62d551
* fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security]
* fix(deps): update module github.com/moby/buildkit to v0.12.5 [security]
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* Run codespell on code
* Fix FreeBSD version parsing
* Fix a build break on FreeBSD
* Remove a bad FROM line
* fix(deps): update module github.com/onsi/gomega to v1.31.1
* fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc6
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* fix(deps): update module golang.org/x/crypto to v0.18.0
* Replace map[K]bool with map[K]struct{} where it makes sense
* fix(deps): update module golang.org/x/sync to v0.6.0
* fix(deps): update module golang.org/x/term to v0.16.0
* Bump CI VMs
* Replace strings.SplitN with strings.Cut
* fix(deps): update github.com/containers/storage digest to ef81e9b
* fix(deps): update github.com/containers/image/v5 digest to 1b221d4
* fix(deps): update module github.com/fsouza/go-dockerclient to v1.10.1
* Document use of containers-transports values in buildah
* fix(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency containers/automation_images to v20231208
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* chore(deps): update dependency containers/automation_images to v20230517
* [skip-ci] Update actions/stale action to v9
* fix(deps): update module github.com/containernetworking/plugins to v1.4.0
* fix(deps): update github.com/containers/image/v5 digest to 7a40fee
* Bump to v1.34.1-dev
* Ignore errors if label.Relabel returns ENOSUP
CriticalSUSE bug 1214855SUSE bug 1219267SUSE bug 1219268SUSE bug 1219438SUSE bug 1221243SUSE bug 1221677SUSE bug 1221916SUSE bug 1223409SUSE bug 1224117SUSE bug 1228324CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823)
- CVE-2024-45231: Fixed potential user email enumeration via response status on password reset. (bsc#1229824)
ImportantSUSE bug 1229823SUSE bug 1229824CVE-2024-45230 at SUSECVE-2024-45230 at NVDCVE-2024-45231 at SUSECVE-2024-45231 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openj9 (Important)openSUSE Leap 15.5
This update for java-1_8_0-openj9 fixes the following issues:
- Update to OpenJDK 8u422 build 05 with OpenJ9 0.46.0 virtual machine
- CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052)
- CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051)
- CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048)
- CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050)
- CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047)
- CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046)
ImportantSUSE bug 1228046SUSE bug 1228047SUSE bug 1228048SUSE bug 1228050SUSE bug 1228051SUSE bug 1228052CVE-2024-21131 at SUSECVE-2024-21131 at NVDCVE-2024-21138 at SUSECVE-2024-21138 at NVDCVE-2024-21140 at SUSECVE-2024-21140 at NVDCVE-2024-21144 at SUSECVE-2024-21144 at NVDCVE-2024-21145 at SUSECVE-2024-21145 at NVDCVE-2024-21147 at SUSECVE-2024-21147 at NVDcpe:/o:opensuse:leap:15.5Security update for systemd (Moderate)openSUSE Leap 15.5
This update for systemd fixes the following issues:
- CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297)
Other fixes:
- Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414)
- Don't mention any rpm macros inside comments, even if escaped (bsc#1228091)
- Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).
ModerateSUSE bug 1218297SUSE bug 1221479SUSE bug 1226414SUSE bug 1228091CVE-2023-7008 at SUSECVE-2023-7008 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah (Important)openSUSE Leap 15.5
This update for buildah fixes the following issues:
Update to version 1.35.4:
* Bump to Buildah v1.35.4
* CVE-2024-3727 updates (bsc#1224117)
* integration test: handle new labels in 'bud and test --unsetlabel'
* Bump go-jose CVE-2024-28180
* Bump ocicrypt and go-jose CVE-2024-28180
Update to version 1.35.3:
* correctly configure /etc/hosts and resolv.conf
* buildah: refactor resolv/hosts setup.
* CVE-2024-24786 protobuf to 1.33
Update to version 1.35.1:
* CVE-2024-1753 container escape fix (bsc#1221677)
- Buildah dropped cni support, require netavark instead (bsc#1221243)
- Remove obsolete requires libcontainers-image & libcontainers-storage
- Require passt for rootless networking (poo#156955)
Buildah moved to passt/pasta for rootless networking from slirp4netns
(https://github.com/containers/common/pull/1846)
Update to version 1.35.0:
* Bump c/common v0.58.0, c/image v5.30.0, c/storage v1.53.0
* conformance tests: don't break on trailing zeroes in layer blobs
* Add a conformance test for copying to a mounted prior stage
* cgroups: reuse version check from c/common
* Update vendor of containers/(common,image)
* manifest add: complain if we get artifact flags without --artifact
* Use retry logic from containers/common
* Vendor in containers/(storage,image,common)
* Update module golang.org/x/crypto to v0.20.0
* Add comment re: Total Success task name
* tests: skip_if_no_unshare(): check for --setuid
* Properly handle build --pull=false
* [skip-ci] Update tim-actions/get-pr-commits action to v1.3.1
* Update module go.etcd.io/bbolt to v1.3.9
* Revert 'Reduce official image size'
* Update module github.com/opencontainers/image-spec to v1.1.0
* Reduce official image size
* Build with CNI support on FreeBSD
* build --all-platforms: skip some base 'image' platforms
* Bump main to v1.35.0-dev
* Vendor in latest containers/(storage,image,common)
* Split up error messages for missing --sbom related flags
* `buildah manifest`: add artifact-related options
* cmd/buildah/manifest.go: lock lists before adding/annotating/pushing
* cmd/buildah/manifest.go: don't make struct declarations aliases
* Use golang.org/x/exp/slices.Contains
* Disable loong64 again
* Fix a couple of typos in one-line comments
* egrep is obsolescent; use grep -E
* Try Cirrus with a newer VM version
* Set CONTAINERS_CONF in the chroot-mount-flags integration test
* Update to match dependency API update
* Update github.com/openshift/imagebuilder and containers/common
* docs: correct default authfile path
* tests: retrofit test for heredoc summary
* build, heredoc: show heredoc summary in build output
* manifest, push: add support for --retry and --retry-delay
* imagebuildah: fix crash with empty RUN
* Make buildah match podman for handling of ulimits
* docs: move footnotes to where they're applicable
* Allow users to specify no-dereference
* docs: use reversed logo for dark theme in README
* build,commit: add --sbom to scan and produce SBOMs when committing
* commit: force omitHistory if the parent has layers but no history
* docs: fix a couple of typos
* internal/mkcw.Archive(): handle extra image content
* stage_executor,heredoc: honor interpreter in heredoc
* stage_executor,layers: burst cache if heredoc content is changed
* Replace map[K]bool with map[K]struct{} where it makes sense
* Replace strings.SplitN with strings.Cut
* Document use of containers-transports values in buildah
* manifest: addCompression use default from containers.conf
* commit: add a --add-file flag
* mkcw: populate the rootfs using an overlay
* Ignore errors if label.Relabel returns ENOSUP ImportantSUSE bug 1221243SUSE bug 1221677SUSE bug 1224117CVE-2024-1753 at SUSECVE-2024-1753 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDCVE-2024-28180 at SUSECVE-2024-28180 at NVDCVE-2024-3727 at SUSECVE-2024-3727 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
- Upgrade to 12.20 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)
ImportantSUSE bug 1229013CVE-2024-7348 at SUSECVE-2024-7348 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.26 (Important)openSUSE Leap 15.5
This update for kubernetes1.26 fixes the following issues:
- CVE-2023-45288: Close connections when receiving too many headers. (bsc#1229869)
ImportantSUSE bug 1229869CVE-2023-45288 at SUSECVE-2023-45288 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
- Update to Firefox Extended Support Release 128.2.0 ESR (bsc#1229821)
- CVE-2024-8381: Type confusion when looking up a property name in a 'with' block
- CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks ran
- CVE-2024-8383: Firefox did not ask before openings news: links in an external application
- CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions
- CVE-2024-8385: WASM type confusion involving ArrayTypes
- CVE-2024-8386: SelectElements could be shown over another site if popups are allowed
- CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2
ImportantSUSE bug 1229821CVE-2024-8381 at SUSECVE-2024-8381 at NVDCVE-2024-8382 at SUSECVE-2024-8382 at NVDCVE-2024-8383 at SUSECVE-2024-8383 at NVDCVE-2024-8384 at SUSECVE-2024-8384 at NVDCVE-2024-8385 at SUSECVE-2024-8385 at NVDCVE-2024-8386 at SUSECVE-2024-8386 at NVDCVE-2024-8387 at SUSECVE-2024-8387 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
- Update to Java 8.0 Service Refresh 8 Fix Pack 30 (bsc#1228346)
- CVE-2024-21147: Fixed an array index overflow in RangeCheckElimination. (bsc#1228052)
- CVE-2024-21145: Fixed an out-of-bounds access in 2D image handling. (bsc#1228051)
- CVE-2024-21140: Fixed a range check elimination pre-loop limit overflow. (bsc#1228048)
- CVE-2024-21144: Pack200 increase loading time due to improper header validation. (bsc#1228050)
- CVE-2024-21138: Fixed an issue where excessive symbol length can lead to infinite loop. (bsc#1228047)
- CVE-2024-21131: Fixed a potential UTF8 size overflow. (bsc#1228046)
- CVE-2024-27267: Fixed an Object Request Broker (ORB) remote denial of service. (bsc#1229224)
ImportantSUSE bug 1228046SUSE bug 1228047SUSE bug 1228048SUSE bug 1228050SUSE bug 1228051SUSE bug 1228052SUSE bug 1228346SUSE bug 1229224CVE-2024-21131 at SUSECVE-2024-21131 at NVDCVE-2024-21138 at SUSECVE-2024-21138 at NVDCVE-2024-21140 at SUSECVE-2024-21140 at NVDCVE-2024-21144 at SUSECVE-2024-21144 at NVDCVE-2024-21145 at SUSECVE-2024-21145 at NVDCVE-2024-21147 at SUSECVE-2024-21147 at NVDCVE-2024-27267 at SUSECVE-2024-27267 at NVDcpe:/o:opensuse:leap:15.5Security update for gradle (Moderate)openSUSE Leap 15.5
This update for gradle fixes the following issues:
- CVE-2023-35946: Fixed a dependency issue leading the cache to write files into an unintended location. (bsc#1212930)
ModerateSUSE bug 1212930CVE-2023-35946 at SUSECVE-2023-35946 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
- Upgrade to 15.8 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)
ImportantSUSE bug 1229013CVE-2024-7348 at SUSECVE-2024-7348 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
- Upgrade to 14.13 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)
ImportantSUSE bug 1229013CVE-2024-7348 at SUSECVE-2024-7348 at NVDcpe:/o:opensuse:leap:15.5Security update for openconnect (Moderate)openSUSE Leap 15.5
This update for openconnect fixes the following issues:
- Update to release 9.12:
* Explicitly reject overly long tun device names.
* Increase maximum input size from stdin (#579).
* Ignore 0.0.0.0 as NBNS address (!446, vpnc-scripts#58).
* Fix stray (null) in URL path after Pulse authentication (4023bd95).
* Fix config XML parsing mistake that left GlobalProtect ESP non-working in v9.10 (!475).
* Fix case sensitivity in GPST header matching (!474).
- Update to release 9.10:
* Fix external browser authentication with KDE plasma-nm < 5.26.
* Always redirect stdout to stderr when spawning external browser.
* Increase default queue length to 32 packets.
* Fix receiving multiple packets in one TLS frame, and single packets split across multiple TLS frames, for Array.
* Handle idiosyncratic variation in search domain separators for all protocols
* Support region selection field for Pulse authentication
* Support modified configuration packet from Pulse 9.1R16 servers
* Allow hidden form fields to be populated or converted to text fields on the command line
* Support yet another strange way of encoding challenge-based 2FA for GlobalProtect
* Add --sni option (and corresponding C and Java API functions) to allow domain-fronting connections in censored/filtered network environments
* Parrot a GlobalProtect server's software version, if present, as the client version (!333)
* Fix NULL pointer dereference that has left Android builds broken since v8.20 (!389).
* Fix Fortinet authentication bug where repeated SVPNCOOKIE causes segfaults (#514, !418).
* Support F5 VPNs which encode authentication forms only in JSON, not in HTML.
* Support simultaneous IPv6 and Legacy IP ('dual-stack') for Fortinet .
* Support 'FTM-push' token mode for Fortinet VPNs .
* Send IPv6-compatible version string in Pulse IF/T session establishment
* Add --no-external-auth option to not advertise external-browser authentication
* Many small improvements in server response parsing, and better logging messages and documentation.
- Update to release 9.01:
* Add support for AnyConnect 'Session Token Re-use Anchor Protocol' (STRAP)
* Add support for AnyConnect 'external browser' SSO mode
* Bugfix RSA SecurID token decryption and PIN entry forms, broken in v8.20
* Support Cisco's multiple-certificate authentication
* Revert GlobalProtect default route handling change from v8.20
* Suppo split-exclude routes for Fortinet
* Add webview callback and SAML/SSO support for AnyConnect, GlobalProtect
- Update to release 8.20:
* Support non-AEAD ciphersuites in DTLSv1.2 with AnyConnect.
* Emulated a newer version of GlobalProtect official clients,
5.1.5-8; was 4.0.2-19
* Support Juniper login forms containing both password and 2FA
token
* Explicitly disable 3DES and RC4, unless enabled with
--allow-insecure-crypto
* Allow protocols to delay tunnel setup and shutdown (!117)
* Support for GlobalProtect IPv6
* SIGUSR1now causes OpenConnect to log detailed connection
information and statistics
* Allow --servercert to be specified multiple times in order to
accept server certificates matching more than one possible
fingerprint
* Demangle default routes sent as split routes by GlobalProtect
* Support more Juniper login forms, including some SSO forms
* Restore compatibility with newer Cisco servers, by no longer
sending them the X-AnyConnect-Platform header
* Add support for PPP-based protocols, currently over TLS only.
* Add support for two PPP-based protocols, F5 with
--protocol=f5 and Fortinet with --protocol=fortinet.
* Add support for Array Networks SSL VPN.
* Support TLSv1.3 with TPMv2 EC and RSA keys, add test cases
for swtpm and hardware TPM.
- Import the latest version of the vpnc-script (bsc#1140772)
* This brings a lot of improvements for non-trivial network setups, IPv6 etc
- Build with --without-gnutls-version-check
- Update to version 8.10:
* Install bash completion script to
${datadir}/bash-completion/completions/openconnect.
* Improve compatibility of csd-post.sh trojan.
* Fix potential buffer overflow with GnuTLS describing local
certs (CVE-2020-12823, bsc#1171862,
gl#openconnect/openconnect!108).
- Introduce subpackage for bash-completion
- Update to 8.09:
* Add bash completion support.
* Give more helpful error in case of Pulse servers asking for
TNCC.
* Sanitize non-canonical Legacy IP network addresses.
* Fix OpenSSL validation for trusted but invalid certificates
(CVE-2020-12105 bsc#1170452).
* Convert tncc-wrapper.py to Python 3, and include modernized
tncc-emulate.py as well. (!91)
* Disable Nagle's algorithm for TLS sockets, to improve
interactivity when tunnel runs over TCP rather than UDP.
* GlobalProtect: more resilient handling of periodic HIP check
and login arguments, and predictable naming of challenge forms.
* Work around PKCS#11 tokens which forget to set
CKF_LOGIN_REQUIRED.
- Update to 8.0.8:
* Fix check of pin-sha256: public key hashes to be case sensitive
* Don't give non-functioning stderr to CSD trojan scripts.
* Fix crash with uninitialised OIDC token.
- Update to 8.0.7:
* Don't abort Pulse connection when server-provided certificate
MD5 doesn't match.
* Fix off-by-one in check for bad GnuTLS versions, and add build
and run time checks.
* Don't abort connection if CSD wrapper script returns non-zero
(for now).
* Make --passtos work for protocols that use ESP, in addition
to DTLS.
* Convert tncc-wrapper.py to Python 3, and include modernized
tncc-emulate.py as well.
- Remove tncc-wrapper.py script as it is python2 only bsc#1157446
- No need to ship hipreport-android.sh as it is intented for
android systems only
- Update to 8.0.5:
* Minor fixes to build on specific platforms
* Includes fix for a buffer overflow with chunked HTTP handling
(CVE-2019-16239, bsc#1151178)
- Use python3 to generate the web data as now it is supported
by upstream
- Update to 8.0.3:
* Fix Cisco DTLSv1.2 support for AES256-GCM-SHA384.
* Fix recognition of OTP password fields.
- Update to 8.02:
* Fix GNU/Hurd build.
* Discover vpnc-script in default packaged location on FreeBSD/OpenBSD.
* Support split-exclude routes for GlobalProtect.
* Fix GnuTLS builds without libtasn1.
* Fix DTLS support with OpenSSL 1.1.1+.
* Add Cisco-compatible DTLSv1.2 support.
* Invoke script with reason=attempt-reconnect before doing so.
- Update to 8.01:
* Clear form submissions (which may include passwords) before
freeing (CVE-2018-20319, bsc#1215669).
* Allow form responses to be provided on command line.
* Add support for SSL keys stored in TPM2.
* Fix ESP rekey when replay protection is disabled.
* Drop support for GnuTLS older than 3.2.10.
* Fix --passwd-on-stdin for Windows to not forcibly open console.
* Fix portability of shell scripts in test suite.
* Add Google Authenticator TOTP support for Juniper.
* Add RFC7469 key PIN support for cert hashes.
* Add protocol method to securely log out the Juniper session.
* Relax requirements for Juniper hostname packet response to support old gateways.
* Add API functions to query the supported protocols.
* Verify ESP sequence numbers and warn even if replay protection is disabled.
* Add support for PAN GlobalProtect VPN protocol (--protocol=gp).
* Reorganize listing of command-line options, and include information on supported protocols.
* SIGTERM cleans up the session similarly to SIGINT.
* Fix memset_s() arguments.
* Fix OpenBSD build.
- Explicitely enable all the features as needed to stop build if
something is missing
ModerateSUSE bug 1140772SUSE bug 1157446SUSE bug 1170452SUSE bug 1171862SUSE bug 1215669CVE-2018-20319 at SUSECVE-2018-20319 at NVDCVE-2020-12105 at SUSECVE-2020-12105 at NVDCVE-2020-12823 at SUSECVE-2020-12823 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
- Upgrade to 16.4 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)
ImportantSUSE bug 1229013CVE-2024-7348 at SUSECVE-2024-7348 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
- Upgrade to 13.16 (bsc#1229013)
- CVE-2024-7348: PostgreSQL relation replacement during pg_dump executes arbitrary SQL. (bsc#1229013)
ImportantSUSE bug 1229013CVE-2024-7348 at SUSECVE-2024-7348 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2024-38474: Fixed substitution encoding issue in mod_rewrite (bsc#1227278)
- CVE-2024-38473: Fixed encoding problem in mod_proxy (bsc#1227276)
- CVE-2024-39884: Fixed source code disclosure with handlers configured via AddType (bsc#1227353)
ImportantSUSE bug 1227276SUSE bug 1227278SUSE bug 1227353CVE-2024-38473 at SUSECVE-2024-38473 at NVDCVE-2024-38474 at SUSECVE-2024-38474 at NVDCVE-2024-39884 at SUSECVE-2024-39884 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
There is an issue with the previous fix for CVE-2024-45230. Please consider the following vulnerability fixed only after the installation of this update.
- CVE-2024-45230: Fixed potential denial-of-service vulnerability in django.utils.html.urlize(). (bsc#1229823)
ImportantSUSE bug 1229823CVE-2024-45230 at SUSECVE-2024-45230 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-26677: Blacklist e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes).
- ACPI: bus: Rework system-level device notification handling (git-fixes).
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes).
- afs: Do not cross .backup mountpoint from backup volume (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: errata: Add workaround for Arm errata 3194386 and 3312417 (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- ceph: issue a cap release immediately if no cap exists (bsc#1225162).
- ceph: periodically flush the cap releases (bsc#1225162).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: Fix && vs || typos (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: Validate hw_points_num before using it (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- exfat: fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- exfat: redefine DIR_DELETED as the bad cluster number (git-fixes).
- exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229453).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq: Do not return error on missing optional irq_request_resources() (git-fixes).
- genirq: Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy (git-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix potential TX stall after interface reopen (git-fixes).
- net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- powerpc: Mark .opd section read-only (bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- RDMA/rxe: Handle zero length rdma (git-fixes)
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203329SUSE bug 1203330SUSE bug 1203360SUSE bug 1205462SUSE bug 1206006SUSE bug 1206258SUSE bug 1206843SUSE bug 1207158SUSE bug 1208783SUSE bug 1210644SUSE bug 1213580SUSE bug 1213632SUSE bug 1214285SUSE bug 1216834SUSE bug 1220428SUSE bug 1220877SUSE bug 1220962SUSE bug 1221269SUSE bug 1221326SUSE bug 1221630SUSE bug 1221645SUSE bug 1222335SUSE bug 1222350SUSE bug 1222372SUSE bug 1222387SUSE bug 1222634SUSE bug 1222808SUSE bug 1222967SUSE bug 1223074SUSE bug 1223191SUSE bug 1223508SUSE bug 1223720SUSE bug 1223742SUSE bug 1223777SUSE bug 1223803SUSE bug 1223807SUSE bug 1224105SUSE bug 1224415SUSE bug 1224496SUSE bug 1224510SUSE bug 1224542SUSE bug 1224578SUSE bug 1224639SUSE bug 1225162SUSE bug 1225352SUSE bug 1225428SUSE bug 1225524SUSE bug 1225578SUSE bug 1225582SUSE bug 1225773SUSE bug 1225814SUSE bug 1225827SUSE bug 1225832SUSE bug 1225903SUSE bug 1226168SUSE bug 1226530SUSE bug 1226613SUSE bug 1226742SUSE bug 1226765SUSE bug 1226798SUSE bug 1226801SUSE bug 1226874SUSE bug 1226885SUSE bug 1227079SUSE bug 1227623SUSE bug 1227761SUSE bug 1227830SUSE bug 1227863SUSE bug 1227867SUSE bug 1227929SUSE bug 1227937SUSE bug 1227958SUSE bug 1228020SUSE bug 1228065SUSE bug 1228114SUSE bug 1228410SUSE bug 1228426SUSE bug 1228427SUSE bug 1228429SUSE bug 1228446SUSE bug 1228447SUSE bug 1228449SUSE bug 1228450SUSE bug 1228452SUSE bug 1228456SUSE bug 1228463SUSE bug 1228466SUSE bug 1228467SUSE bug 1228469SUSE bug 1228480SUSE bug 1228481SUSE bug 1228482SUSE bug 1228483SUSE bug 1228484SUSE bug 1228485SUSE bug 1228487SUSE bug 1228489SUSE bug 1228491SUSE bug 1228493SUSE bug 1228494SUSE bug 1228495SUSE bug 1228496SUSE bug 1228501SUSE bug 1228503SUSE bug 1228509SUSE bug 1228513SUSE bug 1228515SUSE bug 1228516SUSE bug 1228526SUSE bug 1228531SUSE bug 1228563SUSE bug 1228564SUSE bug 1228567SUSE bug 1228576SUSE bug 1228579SUSE bug 1228584SUSE bug 1228588SUSE bug 1228590SUSE bug 1228615SUSE bug 1228616SUSE bug 1228635SUSE bug 1228636SUSE bug 1228654SUSE bug 1228656SUSE bug 1228658SUSE bug 1228660SUSE bug 1228662SUSE bug 1228667SUSE bug 1228673SUSE bug 1228677SUSE bug 1228687SUSE bug 1228706SUSE bug 1228708SUSE bug 1228710SUSE bug 1228718SUSE bug 1228720SUSE bug 1228721SUSE bug 1228722SUSE bug 1228724SUSE bug 1228726SUSE bug 1228727SUSE bug 1228733SUSE bug 1228748SUSE bug 1228766SUSE bug 1228779SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857SUSE bug 1228959SUSE bug 1228964SUSE bug 1228966SUSE bug 1228967SUSE bug 1228979SUSE bug 1228988SUSE bug 1228989SUSE bug 1228991SUSE bug 1228992SUSE bug 1229042SUSE bug 1229054SUSE bug 1229086SUSE bug 1229136SUSE bug 1229154SUSE bug 1229187SUSE bug 1229188SUSE bug 1229190SUSE bug 1229287SUSE bug 1229290SUSE bug 1229292SUSE bug 1229296SUSE bug 1229297SUSE bug 1229301SUSE bug 1229303SUSE bug 1229304SUSE bug 1229305SUSE bug 1229307SUSE bug 1229309SUSE bug 1229312SUSE bug 1229314SUSE bug 1229315SUSE bug 1229317SUSE bug 1229318SUSE bug 1229319SUSE bug 1229327SUSE bug 1229341SUSE bug 1229345SUSE bug 1229346SUSE bug 1229347SUSE bug 1229349SUSE bug 1229350SUSE bug 1229351SUSE bug 1229354SUSE bug 1229356SUSE bug 1229357SUSE bug 1229358SUSE bug 1229359SUSE bug 1229360SUSE bug 1229366SUSE bug 1229370SUSE bug 1229373SUSE bug 1229374SUSE bug 1229381SUSE bug 1229382SUSE bug 1229383SUSE bug 1229386SUSE bug 1229388SUSE bug 1229391SUSE bug 1229392SUSE bug 1229395SUSE bug 1229398SUSE bug 1229399SUSE bug 1229400SUSE bug 1229407SUSE bug 1229409SUSE bug 1229410SUSE bug 1229411SUSE bug 1229413SUSE bug 1229414SUSE bug 1229417SUSE bug 1229418SUSE bug 1229444SUSE bug 1229453SUSE bug 1229454SUSE bug 1229481SUSE bug 1229482SUSE bug 1229488SUSE bug 1229489SUSE bug 1229490SUSE bug 1229493SUSE bug 1229495SUSE bug 1229497SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229521SUSE bug 1229522SUSE bug 1229523SUSE bug 1229524SUSE bug 1229525SUSE bug 1229526SUSE bug 1229527SUSE bug 1229528SUSE bug 1229529SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229545SUSE bug 1229546SUSE bug 1229547SUSE bug 1229548SUSE bug 1229554SUSE bug 1229557SUSE bug 1229558SUSE bug 1229559SUSE bug 1229560SUSE bug 1229562SUSE bug 1229564SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229569SUSE bug 1229572SUSE bug 1229573SUSE bug 1229576SUSE bug 1229581SUSE bug 1229588SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229605SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229615SUSE bug 1229616SUSE bug 1229617SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229632SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229658SUSE bug 1229662SUSE bug 1229664SUSE bug 1229707SUSE bug 1229739SUSE bug 1229743SUSE bug 1229746SUSE bug 1229754SUSE bug 1229755SUSE bug 1229756SUSE bug 1229759SUSE bug 1229761SUSE bug 1229767SUSE bug 1229768SUSE bug 1229781SUSE bug 1229784SUSE bug 1229787SUSE bug 1229788SUSE bug 1229789SUSE bug 1229792SUSE bug 1229820CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2021-47106 at SUSECVE-2021-47106 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2022-48645 at SUSECVE-2022-48645 at NVDCVE-2022-48706 at SUSECVE-2022-48706 at NVDCVE-2022-48808 at SUSECVE-2022-48808 at NVDCVE-2022-48865 at SUSECVE-2022-48865 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48881 at SUSECVE-2022-48881 at NVDCVE-2022-48882 at SUSECVE-2022-48882 at NVDCVE-2022-48883 at SUSECVE-2022-48883 at NVDCVE-2022-48884 at SUSECVE-2022-48884 at NVDCVE-2022-48885 at SUSECVE-2022-48885 at NVDCVE-2022-48886 at SUSECVE-2022-48886 at NVDCVE-2022-48887 at SUSECVE-2022-48887 at NVDCVE-2022-48888 at SUSECVE-2022-48888 at NVDCVE-2022-48889 at SUSECVE-2022-48889 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48893 at SUSECVE-2022-48893 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48906 at SUSECVE-2022-48906 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48910 at SUSECVE-2022-48910 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48920 at SUSECVE-2022-48920 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48939 at SUSECVE-2022-48939 at NVDCVE-2022-48940 at SUSECVE-2022-48940 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-52458 at SUSECVE-2023-52458 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52498 at SUSECVE-2023-52498 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52859 at SUSECVE-2023-52859 at NVDCVE-2023-52887 at SUSECVE-2023-52887 at NVDCVE-2023-52889 at SUSECVE-2023-52889 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52899 at SUSECVE-2023-52899 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52904 at SUSECVE-2023-52904 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52906 at SUSECVE-2023-52906 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52908 at SUSECVE-2023-52908 at NVDCVE-2023-52909 at SUSECVE-2023-52909 at NVDCVE-2023-52910 at SUSECVE-2023-52910 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2023-52912 at SUSECVE-2023-52912 at NVDCVE-2023-52913 at SUSECVE-2023-52913 at NVDCVE-2024-26631 at SUSECVE-2024-26631 at NVDCVE-2024-26668 at SUSECVE-2024-26668 at NVDCVE-2024-26669 at SUSECVE-2024-26669 at NVDCVE-2024-26677 at SUSECVE-2024-26677 at NVDCVE-2024-26735 at SUSECVE-2024-26735 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26812 at SUSECVE-2024-26812 at NVDCVE-2024-26835 at SUSECVE-2024-26835 at NVDCVE-2024-26851 at SUSECVE-2024-26851 at NVDCVE-2024-27010 at SUSECVE-2024-27010 at NVDCVE-2024-27011 at SUSECVE-2024-27011 at NVDCVE-2024-27016 at SUSECVE-2024-27016 at NVDCVE-2024-27024 at SUSECVE-2024-27024 at NVDCVE-2024-27079 at SUSECVE-2024-27079 at NVDCVE-2024-27403 at SUSECVE-2024-27403 at NVDCVE-2024-31076 at SUSECVE-2024-31076 at NVDCVE-2024-35897 at SUSECVE-2024-35897 at NVDCVE-2024-35902 at SUSECVE-2024-35902 at NVDCVE-2024-35945 at SUSECVE-2024-35945 at NVDCVE-2024-35971 at SUSECVE-2024-35971 at NVDCVE-2024-36009 at SUSECVE-2024-36009 at NVDCVE-2024-36013 at SUSECVE-2024-36013 at NVDCVE-2024-36270 at SUSECVE-2024-36270 at NVDCVE-2024-36286 at SUSECVE-2024-36286 at NVDCVE-2024-36489 at SUSECVE-2024-36489 at NVDCVE-2024-36929 at SUSECVE-2024-36929 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-36936 at SUSECVE-2024-36936 at NVDCVE-2024-36962 at SUSECVE-2024-36962 at NVDCVE-2024-38554 at SUSECVE-2024-38554 at NVDCVE-2024-38602 at SUSECVE-2024-38602 at NVDCVE-2024-38662 at SUSECVE-2024-38662 at NVDCVE-2024-39489 at SUSECVE-2024-39489 at NVDCVE-2024-40905 at SUSECVE-2024-40905 at NVDCVE-2024-40978 at SUSECVE-2024-40978 at NVDCVE-2024-40980 at SUSECVE-2024-40980 at NVDCVE-2024-40995 at SUSECVE-2024-40995 at NVDCVE-2024-41000 at SUSECVE-2024-41000 at NVDCVE-2024-41007 at SUSECVE-2024-41007 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41020 at SUSECVE-2024-41020 at NVDCVE-2024-41022 at SUSECVE-2024-41022 at NVDCVE-2024-41035 at SUSECVE-2024-41035 at NVDCVE-2024-41036 at SUSECVE-2024-41036 at NVDCVE-2024-41038 at SUSECVE-2024-41038 at NVDCVE-2024-41039 at SUSECVE-2024-41039 at NVDCVE-2024-41042 at SUSECVE-2024-41042 at NVDCVE-2024-41045 at SUSECVE-2024-41045 at NVDCVE-2024-41056 at SUSECVE-2024-41056 at NVDCVE-2024-41060 at SUSECVE-2024-41060 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41065 at SUSECVE-2024-41065 at NVDCVE-2024-41068 at SUSECVE-2024-41068 at NVDCVE-2024-41073 at SUSECVE-2024-41073 at NVDCVE-2024-41079 at SUSECVE-2024-41079 at NVDCVE-2024-41080 at SUSECVE-2024-41080 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41088 at SUSECVE-2024-41088 at NVDCVE-2024-41089 at SUSECVE-2024-41089 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-41093 at SUSECVE-2024-41093 at NVDCVE-2024-41095 at SUSECVE-2024-41095 at NVDCVE-2024-41097 at SUSECVE-2024-41097 at NVDCVE-2024-41098 at SUSECVE-2024-41098 at NVDCVE-2024-42069 at SUSECVE-2024-42069 at NVDCVE-2024-42074 at SUSECVE-2024-42074 at NVDCVE-2024-42076 at SUSECVE-2024-42076 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42080 at SUSECVE-2024-42080 at NVDCVE-2024-42082 at SUSECVE-2024-42082 at NVDCVE-2024-42085 at SUSECVE-2024-42085 at NVDCVE-2024-42086 at SUSECVE-2024-42086 at NVDCVE-2024-42087 at SUSECVE-2024-42087 at NVDCVE-2024-42089 at SUSECVE-2024-42089 at NVDCVE-2024-42090 at SUSECVE-2024-42090 at NVDCVE-2024-42092 at SUSECVE-2024-42092 at NVDCVE-2024-42095 at SUSECVE-2024-42095 at NVDCVE-2024-42097 at SUSECVE-2024-42097 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42101 at SUSECVE-2024-42101 at NVDCVE-2024-42104 at SUSECVE-2024-42104 at NVDCVE-2024-42106 at SUSECVE-2024-42106 at NVDCVE-2024-42107 at SUSECVE-2024-42107 at NVDCVE-2024-42110 at SUSECVE-2024-42110 at NVDCVE-2024-42114 at SUSECVE-2024-42114 at NVDCVE-2024-42115 at SUSECVE-2024-42115 at NVDCVE-2024-42119 at SUSECVE-2024-42119 at NVDCVE-2024-42120 at SUSECVE-2024-42120 at NVDCVE-2024-42121 at SUSECVE-2024-42121 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42127 at SUSECVE-2024-42127 at NVDCVE-2024-42130 at SUSECVE-2024-42130 at NVDCVE-2024-42137 at SUSECVE-2024-42137 at NVDCVE-2024-42139 at SUSECVE-2024-42139 at NVDCVE-2024-42142 at SUSECVE-2024-42142 at NVDCVE-2024-42143 at SUSECVE-2024-42143 at NVDCVE-2024-42148 at SUSECVE-2024-42148 at NVDCVE-2024-42152 at SUSECVE-2024-42152 at NVDCVE-2024-42155 at SUSECVE-2024-42155 at NVDCVE-2024-42156 at SUSECVE-2024-42156 at NVDCVE-2024-42157 at SUSECVE-2024-42157 at NVDCVE-2024-42158 at SUSECVE-2024-42158 at NVDCVE-2024-42162 at SUSECVE-2024-42162 at NVDCVE-2024-42223 at SUSECVE-2024-42223 at NVDCVE-2024-42225 at SUSECVE-2024-42225 at NVDCVE-2024-42228 at SUSECVE-2024-42228 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42236 at SUSECVE-2024-42236 at NVDCVE-2024-42237 at SUSECVE-2024-42237 at NVDCVE-2024-42238 at SUSECVE-2024-42238 at NVDCVE-2024-42239 at SUSECVE-2024-42239 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-42244 at SUSECVE-2024-42244 at NVDCVE-2024-42246 at SUSECVE-2024-42246 at NVDCVE-2024-42247 at SUSECVE-2024-42247 at NVDCVE-2024-42268 at SUSECVE-2024-42268 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-42274 at SUSECVE-2024-42274 at NVDCVE-2024-42276 at SUSECVE-2024-42276 at NVDCVE-2024-42277 at SUSECVE-2024-42277 at NVDCVE-2024-42280 at SUSECVE-2024-42280 at NVDCVE-2024-42281 at SUSECVE-2024-42281 at NVDCVE-2024-42283 at SUSECVE-2024-42283 at NVDCVE-2024-42284 at SUSECVE-2024-42284 at NVDCVE-2024-42285 at SUSECVE-2024-42285 at NVDCVE-2024-42286 at SUSECVE-2024-42286 at NVDCVE-2024-42287 at SUSECVE-2024-42287 at NVDCVE-2024-42288 at SUSECVE-2024-42288 at NVDCVE-2024-42289 at SUSECVE-2024-42289 at NVDCVE-2024-42291 at SUSECVE-2024-42291 at NVDCVE-2024-42292 at SUSECVE-2024-42292 at NVDCVE-2024-42295 at SUSECVE-2024-42295 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-42302 at SUSECVE-2024-42302 at NVDCVE-2024-42308 at SUSECVE-2024-42308 at NVDCVE-2024-42309 at SUSECVE-2024-42309 at NVDCVE-2024-42310 at SUSECVE-2024-42310 at NVDCVE-2024-42311 at SUSECVE-2024-42311 at NVDCVE-2024-42312 at SUSECVE-2024-42312 at NVDCVE-2024-42313 at SUSECVE-2024-42313 at NVDCVE-2024-42315 at SUSECVE-2024-42315 at NVDCVE-2024-42318 at SUSECVE-2024-42318 at NVDCVE-2024-42319 at SUSECVE-2024-42319 at NVDCVE-2024-42320 at SUSECVE-2024-42320 at NVDCVE-2024-42322 at SUSECVE-2024-42322 at NVDCVE-2024-43816 at SUSECVE-2024-43816 at NVDCVE-2024-43818 at SUSECVE-2024-43818 at NVDCVE-2024-43819 at SUSECVE-2024-43819 at NVDCVE-2024-43821 at SUSECVE-2024-43821 at NVDCVE-2024-43823 at SUSECVE-2024-43823 at NVDCVE-2024-43829 at SUSECVE-2024-43829 at NVDCVE-2024-43830 at SUSECVE-2024-43830 at NVDCVE-2024-43831 at SUSECVE-2024-43831 at NVDCVE-2024-43834 at SUSECVE-2024-43834 at NVDCVE-2024-43837 at SUSECVE-2024-43837 at NVDCVE-2024-43839 at SUSECVE-2024-43839 at NVDCVE-2024-43841 at SUSECVE-2024-43841 at NVDCVE-2024-43842 at SUSECVE-2024-43842 at NVDCVE-2024-43846 at SUSECVE-2024-43846 at NVDCVE-2024-43849 at SUSECVE-2024-43849 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-43856 at SUSECVE-2024-43856 at NVDCVE-2024-43858 at SUSECVE-2024-43858 at NVDCVE-2024-43860 at SUSECVE-2024-43860 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43863 at SUSECVE-2024-43863 at NVDCVE-2024-43866 at SUSECVE-2024-43866 at NVDCVE-2024-43867 at SUSECVE-2024-43867 at NVDCVE-2024-43871 at SUSECVE-2024-43871 at NVDCVE-2024-43872 at SUSECVE-2024-43872 at NVDCVE-2024-43873 at SUSECVE-2024-43873 at NVDCVE-2024-43879 at SUSECVE-2024-43879 at NVDCVE-2024-43880 at SUSECVE-2024-43880 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-43884 at SUSECVE-2024-43884 at NVDCVE-2024-43889 at SUSECVE-2024-43889 at NVDCVE-2024-43892 at SUSECVE-2024-43892 at NVDCVE-2024-43893 at SUSECVE-2024-43893 at NVDCVE-2024-43894 at SUSECVE-2024-43894 at NVDCVE-2024-43895 at SUSECVE-2024-43895 at NVDCVE-2024-43899 at SUSECVE-2024-43899 at NVDCVE-2024-43900 at SUSECVE-2024-43900 at NVDCVE-2024-43902 at SUSECVE-2024-43902 at NVDCVE-2024-43903 at SUSECVE-2024-43903 at NVDCVE-2024-43904 at SUSECVE-2024-43904 at NVDCVE-2024-43905 at SUSECVE-2024-43905 at NVDCVE-2024-43907 at SUSECVE-2024-43907 at NVDCVE-2024-43908 at SUSECVE-2024-43908 at NVDCVE-2024-43909 at SUSECVE-2024-43909 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44939 at SUSECVE-2024-44939 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:opensuse:leap:15.5Security update for xerces-c (Important)openSUSE Leap 15.5
This update for xerces-c fixes the following issues:
- CVE-2018-1311: fixed use-after-free triggered during the scanning of external DTDs potentially leading to DOS. (bsc#1159552)
ImportantSUSE bug 1159552CVE-2018-1311 at SUSECVE-2018-1311 at NVDcpe:/o:opensuse:leap:15.5Security update for python311 (Important)openSUSE Leap 15.5
This update for python311 fixes the following issues:
- CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780)
Other fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999)
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378)
- Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660)
ImportantSUSE bug 1225660SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780CVE-2024-6923 at SUSECVE-2024-6923 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes).
- ACPI: bus: Rework system-level device notification handling (git-fixes).
- ACPI: thermal: Drop nocrt parameter (git-fixes).
- ACPI: x86: s2idle: Post-increment variables when getting constraints (git-fixes).
- afs: Do not cross .backup mountpoint from backup volume (git-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: timer: Relax start tick time check for slave timer elements (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes).
- ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: barrier: Restore spec_bar() macro (git-fixes)
- arm64: cpufeature: Add missing .field_width for GIC system registers (git-fixes)
- arm64: cpufeature: Fix the visibility of compat hwcaps (git-fixes)
- arm64: cpufeature: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: cputype: Add Cortex-A720 definitions (git-fixes)
- arm64: cputype: Add Cortex-A725 definitions (git-fixes)
- arm64: cputype: Add Cortex-X1C definitions (git-fixes)
- arm64: cputype: Add Cortex-X3 definitions (git-fixes)
- arm64: cputype: Add Cortex-X4 definitions (git-fixes)
- arm64: cputype: Add Cortex-X925 definitions (git-fixes)
- arm64: cputype: Add Neoverse-V3 definitions (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: errata: Expand speculative SSBS workaround (git-fixes)
- arm64: errata: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- async: Introduce async_schedule_dev_nocall() (bsc#1221269).
- async: Split async_schedule_node_domain() (bsc#1221269).
- Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes).
- Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes).
- Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes).
- btrfs: fix leak of qgroup extent records after transaction abort (git-fixes).
- btrfs: make btrfs_destroy_delayed_refs() return void (git-fixes).
- btrfs: remove unnecessary prototype declarations at disk-io.c (git-fixes).
- btrfs: sysfs: update fs features directory asynchronously (bsc#1226168).
- cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- ceph: issue a cap release immediately if no cap exists (bsc#1225162).
- ceph: periodically flush the cap releases (bsc#1225162).
- cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, ACPI: Evaluate LPI arch_flags for broadcast timer (git-fixes).
- docs: KVM: Fix register ID of SPSR_FIQ (git-fixes).
- drm: add missing MODULE_DESCRIPTION() macros (stable-fixes).
- drm: panel-orientation-quirks: Add labels for both Valve Steam Deck revisions (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for Nanote UMPC-01 (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- drm/amd/display: avoid using null object of framebuffer (git-fixes).
- drm/amd/display: Fix && vs || typos (git-fixes).
- drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- drm/amd/display: Validate hw_points_num before using it (stable-fixes).
- drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- drm/amdgpu: Actually check flags for all context ops (stable-fixes).
- drm/amdgpu: Add lock around VF RLCG interface (stable-fixes).
- drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes).
- drm/amdgpu: Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes).
- drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes).
- drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes).
- drm/bridge: tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes).
- drm/lima: set gp bus_stop bit before hard reset (stable-fixes).
- drm/msm/dp: reset the link phy params before link training (git-fixes).
- drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes).
- drm/msm/dpu: do not play tricks with debug macros (git-fixes).
- drm/tegra: Zero-initialize iosys_map (stable-fixes).
- exfat: fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- exfat: redefine DIR_DELETED as the bad cluster number (git-fixes).
- exfat: support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229453).
- fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- genirq: Add might_sleep() to disable_irq() (git-fixes).
- genirq: Always limit the affinity to online CPUs (git-fixes).
- genirq: Do not return error on missing optional irq_request_resources() (git-fixes).
- genirq: Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- genirq/ipi: Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- genirq/irqdesc: Do not try to remove non-existing sysfs files (git-fixes).
- genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- genirq/msi: Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2c: smbus: Improve handling of stuck alerts (git-fixes).
- i2c: smbus: Send alert notifications to all devices if source not found (git-fixes).
- iommu/amd: Convert comma to semicolon (git-fixes).
- ip6_tunnel: Fix broken GRO (bsc#1229444).
- ipv6: sr: fix incorrect unregister order (git-fixes).
- irqdomain: Drop bogus fwspec-mapping error handling (git-fixes).
- irqdomain: Fix association race (git-fixes).
- irqdomain: Fix disassociation race (git-fixes).
- irqdomain: Fix domain registration race (git-fixes).
- irqdomain: Fix mapping-creation race (git-fixes).
- irqdomain: Fixed unbalanced fwnode get and put (git-fixes).
- irqdomain: Look for existing mapping only once (git-fixes).
- irqdomain: Refactor __irq_domain_alloc_irqs() (git-fixes).
- irqdomain: Report irq number for NOMAP domains (git-fixes).
- kprobes: Fix to check symbol prefixes correctly (git-fixes).
- lockd: move from strlcpy with unused retval to strscpy (git-fixes).
- memcg: protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes).
- mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes).
- mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes).
- net: ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- net: ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- net: ks8851: Fix potential TX stall after interface reopen (git-fixes).
- net: ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- net: remove two BUG() from skb_checksum_help() (bsc#1229312).
- net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes).
- net/rds: fix possible cp null dereference (git-fixes).
- net/sched: initialize noop_qdisc owner (git-fixes).
- nfc: pn533: Add poll mod list filling check (git-fixes).
- nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- nfs: make the rpc_stat per net namespace (git-fixes).
- NFSD: add posix ACLs to struct nfsd_attrs (git-fixes).
- NFSD: add security label to struct nfsd_attrs (git-fixes).
- NFSD: fix regression with setting ACLs (git-fixes).
- NFSD: Fix strncpy() fortify warning (git-fixes).
- NFSD: Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- NFSD: introduce struct nfsd_attrs (git-fixes).
- NFSD: move from strlcpy with unused retval to strscpy (git-fixes).
- NFSD: Optimize DRC bucket pruning (git-fixes).
- nfsd: return error if nfs4_setacl fails (git-fixes).
- NFSD: set attributes when creating symlinks (git-fixes).
- nfsd: use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_core: scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779).
- platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779).
- platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779).
- platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779).
- platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779).
- power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes).
- power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes).
- powerpc: Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- powerpc: Mark .opd section read-only (bsc#1194869).
- powerpc: use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869).
- powerpc/kexec: make the update_cpus_node() function public (bsc#1194869).
- powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869).
- powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes).
- RDMA/rxe: Fix incomplete state save in rxe_requester (git-fixes)
- RDMA/rxe: Fix rxe_modify_srq (git-fixes)
- RDMA/rxe: Handle zero length rdma (git-fixes)
- RDMA/rxe: Move work queue code to subroutines (git-fixes)
- s390/cpacf: get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes).
- sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes).
- SUNRPC: Fix a race to wake a sync task (git-fixes).
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes).
- wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes).
- wifi: mwifiex: duplicate static structs used in driver instances (git-fixes).
- x86/APM: drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes).
- x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes).
- x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes).
- xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203329SUSE bug 1203330SUSE bug 1203360SUSE bug 1205462SUSE bug 1206006SUSE bug 1206258SUSE bug 1206843SUSE bug 1207158SUSE bug 1208783SUSE bug 1210644SUSE bug 1213580SUSE bug 1213632SUSE bug 1214285SUSE bug 1216834SUSE bug 1220428SUSE bug 1220877SUSE bug 1220962SUSE bug 1221269SUSE bug 1221326SUSE bug 1221630SUSE bug 1221645SUSE bug 1222335SUSE bug 1222350SUSE bug 1222372SUSE bug 1222387SUSE bug 1222634SUSE bug 1222808SUSE bug 1222967SUSE bug 1223074SUSE bug 1223191SUSE bug 1223508SUSE bug 1223720SUSE bug 1223742SUSE bug 1223777SUSE bug 1223803SUSE bug 1223807SUSE bug 1224105SUSE bug 1224415SUSE bug 1224496SUSE bug 1224510SUSE bug 1224542SUSE bug 1224578SUSE bug 1224639SUSE bug 1225162SUSE bug 1225352SUSE bug 1225428SUSE bug 1225524SUSE bug 1225578SUSE bug 1225582SUSE bug 1225773SUSE bug 1225814SUSE bug 1225827SUSE bug 1225832SUSE bug 1225903SUSE bug 1226168SUSE bug 1226530SUSE bug 1226613SUSE bug 1226742SUSE bug 1226765SUSE bug 1226798SUSE bug 1226801SUSE bug 1226874SUSE bug 1226885SUSE bug 1227079SUSE bug 1227623SUSE bug 1227761SUSE bug 1227830SUSE bug 1227863SUSE bug 1227867SUSE bug 1227929SUSE bug 1227937SUSE bug 1227958SUSE bug 1228020SUSE bug 1228065SUSE bug 1228114SUSE bug 1228410SUSE bug 1228426SUSE bug 1228427SUSE bug 1228429SUSE bug 1228446SUSE bug 1228447SUSE bug 1228449SUSE bug 1228450SUSE bug 1228452SUSE bug 1228456SUSE bug 1228463SUSE bug 1228466SUSE bug 1228467SUSE bug 1228469SUSE bug 1228480SUSE bug 1228481SUSE bug 1228482SUSE bug 1228483SUSE bug 1228484SUSE bug 1228485SUSE bug 1228487SUSE bug 1228489SUSE bug 1228491SUSE bug 1228493SUSE bug 1228494SUSE bug 1228495SUSE bug 1228496SUSE bug 1228501SUSE bug 1228503SUSE bug 1228509SUSE bug 1228513SUSE bug 1228515SUSE bug 1228516SUSE bug 1228526SUSE bug 1228531SUSE bug 1228563SUSE bug 1228564SUSE bug 1228567SUSE bug 1228576SUSE bug 1228579SUSE bug 1228584SUSE bug 1228588SUSE bug 1228590SUSE bug 1228615SUSE bug 1228616SUSE bug 1228635SUSE bug 1228636SUSE bug 1228654SUSE bug 1228656SUSE bug 1228658SUSE bug 1228660SUSE bug 1228662SUSE bug 1228667SUSE bug 1228673SUSE bug 1228677SUSE bug 1228687SUSE bug 1228706SUSE bug 1228708SUSE bug 1228710SUSE bug 1228718SUSE bug 1228720SUSE bug 1228721SUSE bug 1228722SUSE bug 1228724SUSE bug 1228726SUSE bug 1228727SUSE bug 1228733SUSE bug 1228748SUSE bug 1228766SUSE bug 1228779SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857SUSE bug 1228959SUSE bug 1228964SUSE bug 1228966SUSE bug 1228967SUSE bug 1228979SUSE bug 1228988SUSE bug 1228989SUSE bug 1228991SUSE bug 1228992SUSE bug 1229042SUSE bug 1229054SUSE bug 1229086SUSE bug 1229136SUSE bug 1229154SUSE bug 1229187SUSE bug 1229188SUSE bug 1229190SUSE bug 1229287SUSE bug 1229290SUSE bug 1229292SUSE bug 1229296SUSE bug 1229297SUSE bug 1229301SUSE bug 1229303SUSE bug 1229304SUSE bug 1229305SUSE bug 1229307SUSE bug 1229309SUSE bug 1229312SUSE bug 1229314SUSE bug 1229315SUSE bug 1229317SUSE bug 1229318SUSE bug 1229319SUSE bug 1229327SUSE bug 1229341SUSE bug 1229345SUSE bug 1229346SUSE bug 1229347SUSE bug 1229349SUSE bug 1229350SUSE bug 1229351SUSE bug 1229354SUSE bug 1229356SUSE bug 1229357SUSE bug 1229358SUSE bug 1229359SUSE bug 1229360SUSE bug 1229366SUSE bug 1229370SUSE bug 1229373SUSE bug 1229374SUSE bug 1229381SUSE bug 1229382SUSE bug 1229383SUSE bug 1229386SUSE bug 1229388SUSE bug 1229391SUSE bug 1229392SUSE bug 1229395SUSE bug 1229398SUSE bug 1229399SUSE bug 1229400SUSE bug 1229407SUSE bug 1229409SUSE bug 1229410SUSE bug 1229411SUSE bug 1229413SUSE bug 1229414SUSE bug 1229417SUSE bug 1229418SUSE bug 1229444SUSE bug 1229453SUSE bug 1229454SUSE bug 1229481SUSE bug 1229482SUSE bug 1229488SUSE bug 1229489SUSE bug 1229490SUSE bug 1229493SUSE bug 1229495SUSE bug 1229497SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229521SUSE bug 1229522SUSE bug 1229523SUSE bug 1229524SUSE bug 1229525SUSE bug 1229526SUSE bug 1229527SUSE bug 1229528SUSE bug 1229529SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229545SUSE bug 1229546SUSE bug 1229547SUSE bug 1229548SUSE bug 1229554SUSE bug 1229557SUSE bug 1229558SUSE bug 1229559SUSE bug 1229560SUSE bug 1229562SUSE bug 1229564SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229569SUSE bug 1229572SUSE bug 1229573SUSE bug 1229576SUSE bug 1229581SUSE bug 1229588SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229605SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229615SUSE bug 1229616SUSE bug 1229617SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229632SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229658SUSE bug 1229662SUSE bug 1229664SUSE bug 1229707SUSE bug 1229739SUSE bug 1229743SUSE bug 1229746SUSE bug 1229754SUSE bug 1229755SUSE bug 1229756SUSE bug 1229759SUSE bug 1229761SUSE bug 1229767SUSE bug 1229768SUSE bug 1229781SUSE bug 1229784SUSE bug 1229787SUSE bug 1229788SUSE bug 1229789SUSE bug 1229792SUSE bug 1229820CVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2021-47106 at SUSECVE-2021-47106 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2022-48645 at SUSECVE-2022-48645 at NVDCVE-2022-48706 at SUSECVE-2022-48706 at NVDCVE-2022-48808 at SUSECVE-2022-48808 at NVDCVE-2022-48865 at SUSECVE-2022-48865 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48881 at SUSECVE-2022-48881 at NVDCVE-2022-48882 at SUSECVE-2022-48882 at NVDCVE-2022-48883 at SUSECVE-2022-48883 at NVDCVE-2022-48884 at SUSECVE-2022-48884 at NVDCVE-2022-48885 at SUSECVE-2022-48885 at NVDCVE-2022-48886 at SUSECVE-2022-48886 at NVDCVE-2022-48887 at SUSECVE-2022-48887 at NVDCVE-2022-48888 at SUSECVE-2022-48888 at NVDCVE-2022-48889 at SUSECVE-2022-48889 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48893 at SUSECVE-2022-48893 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48906 at SUSECVE-2022-48906 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48910 at SUSECVE-2022-48910 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48920 at SUSECVE-2022-48920 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48939 at SUSECVE-2022-48939 at NVDCVE-2022-48940 at SUSECVE-2022-48940 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-52458 at SUSECVE-2023-52458 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52498 at SUSECVE-2023-52498 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52859 at SUSECVE-2023-52859 at NVDCVE-2023-52887 at SUSECVE-2023-52887 at NVDCVE-2023-52889 at SUSECVE-2023-52889 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52899 at SUSECVE-2023-52899 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52904 at SUSECVE-2023-52904 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52906 at SUSECVE-2023-52906 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52908 at SUSECVE-2023-52908 at NVDCVE-2023-52909 at SUSECVE-2023-52909 at NVDCVE-2023-52910 at SUSECVE-2023-52910 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2023-52912 at SUSECVE-2023-52912 at NVDCVE-2023-52913 at SUSECVE-2023-52913 at NVDCVE-2024-26631 at SUSECVE-2024-26631 at NVDCVE-2024-26668 at SUSECVE-2024-26668 at NVDCVE-2024-26669 at SUSECVE-2024-26669 at NVDCVE-2024-26677 at SUSECVE-2024-26677 at NVDCVE-2024-26735 at SUSECVE-2024-26735 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26812 at SUSECVE-2024-26812 at NVDCVE-2024-26835 at SUSECVE-2024-26835 at NVDCVE-2024-26851 at SUSECVE-2024-26851 at NVDCVE-2024-27010 at SUSECVE-2024-27010 at NVDCVE-2024-27011 at SUSECVE-2024-27011 at NVDCVE-2024-27016 at SUSECVE-2024-27016 at NVDCVE-2024-27024 at SUSECVE-2024-27024 at NVDCVE-2024-27079 at SUSECVE-2024-27079 at NVDCVE-2024-27403 at SUSECVE-2024-27403 at NVDCVE-2024-31076 at SUSECVE-2024-31076 at NVDCVE-2024-35897 at SUSECVE-2024-35897 at NVDCVE-2024-35902 at SUSECVE-2024-35902 at NVDCVE-2024-35945 at SUSECVE-2024-35945 at NVDCVE-2024-35971 at SUSECVE-2024-35971 at NVDCVE-2024-36009 at SUSECVE-2024-36009 at NVDCVE-2024-36013 at SUSECVE-2024-36013 at NVDCVE-2024-36270 at SUSECVE-2024-36270 at NVDCVE-2024-36286 at SUSECVE-2024-36286 at NVDCVE-2024-36489 at SUSECVE-2024-36489 at NVDCVE-2024-36929 at SUSECVE-2024-36929 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-36936 at SUSECVE-2024-36936 at NVDCVE-2024-36962 at SUSECVE-2024-36962 at NVDCVE-2024-38554 at SUSECVE-2024-38554 at NVDCVE-2024-38602 at SUSECVE-2024-38602 at NVDCVE-2024-38662 at SUSECVE-2024-38662 at NVDCVE-2024-39489 at SUSECVE-2024-39489 at NVDCVE-2024-40905 at SUSECVE-2024-40905 at NVDCVE-2024-40978 at SUSECVE-2024-40978 at NVDCVE-2024-40980 at SUSECVE-2024-40980 at NVDCVE-2024-40995 at SUSECVE-2024-40995 at NVDCVE-2024-41000 at SUSECVE-2024-41000 at NVDCVE-2024-41007 at SUSECVE-2024-41007 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41020 at SUSECVE-2024-41020 at NVDCVE-2024-41022 at SUSECVE-2024-41022 at NVDCVE-2024-41035 at SUSECVE-2024-41035 at NVDCVE-2024-41036 at SUSECVE-2024-41036 at NVDCVE-2024-41038 at SUSECVE-2024-41038 at NVDCVE-2024-41039 at SUSECVE-2024-41039 at NVDCVE-2024-41042 at SUSECVE-2024-41042 at NVDCVE-2024-41045 at SUSECVE-2024-41045 at NVDCVE-2024-41056 at SUSECVE-2024-41056 at NVDCVE-2024-41060 at SUSECVE-2024-41060 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41065 at SUSECVE-2024-41065 at NVDCVE-2024-41068 at SUSECVE-2024-41068 at NVDCVE-2024-41073 at SUSECVE-2024-41073 at NVDCVE-2024-41079 at SUSECVE-2024-41079 at NVDCVE-2024-41080 at SUSECVE-2024-41080 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41088 at SUSECVE-2024-41088 at NVDCVE-2024-41089 at SUSECVE-2024-41089 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-41093 at SUSECVE-2024-41093 at NVDCVE-2024-41095 at SUSECVE-2024-41095 at NVDCVE-2024-41097 at SUSECVE-2024-41097 at NVDCVE-2024-41098 at SUSECVE-2024-41098 at NVDCVE-2024-42069 at SUSECVE-2024-42069 at NVDCVE-2024-42074 at SUSECVE-2024-42074 at NVDCVE-2024-42076 at SUSECVE-2024-42076 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42080 at SUSECVE-2024-42080 at NVDCVE-2024-42082 at SUSECVE-2024-42082 at NVDCVE-2024-42085 at SUSECVE-2024-42085 at NVDCVE-2024-42086 at SUSECVE-2024-42086 at NVDCVE-2024-42087 at SUSECVE-2024-42087 at NVDCVE-2024-42089 at SUSECVE-2024-42089 at NVDCVE-2024-42090 at SUSECVE-2024-42090 at NVDCVE-2024-42092 at SUSECVE-2024-42092 at NVDCVE-2024-42095 at SUSECVE-2024-42095 at NVDCVE-2024-42097 at SUSECVE-2024-42097 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42101 at SUSECVE-2024-42101 at NVDCVE-2024-42104 at SUSECVE-2024-42104 at NVDCVE-2024-42106 at SUSECVE-2024-42106 at NVDCVE-2024-42107 at SUSECVE-2024-42107 at NVDCVE-2024-42110 at SUSECVE-2024-42110 at NVDCVE-2024-42114 at SUSECVE-2024-42114 at NVDCVE-2024-42115 at SUSECVE-2024-42115 at NVDCVE-2024-42119 at SUSECVE-2024-42119 at NVDCVE-2024-42120 at SUSECVE-2024-42120 at NVDCVE-2024-42121 at SUSECVE-2024-42121 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42127 at SUSECVE-2024-42127 at NVDCVE-2024-42130 at SUSECVE-2024-42130 at NVDCVE-2024-42137 at SUSECVE-2024-42137 at NVDCVE-2024-42139 at SUSECVE-2024-42139 at NVDCVE-2024-42142 at SUSECVE-2024-42142 at NVDCVE-2024-42143 at SUSECVE-2024-42143 at NVDCVE-2024-42148 at SUSECVE-2024-42148 at NVDCVE-2024-42152 at SUSECVE-2024-42152 at NVDCVE-2024-42155 at SUSECVE-2024-42155 at NVDCVE-2024-42156 at SUSECVE-2024-42156 at NVDCVE-2024-42157 at SUSECVE-2024-42157 at NVDCVE-2024-42158 at SUSECVE-2024-42158 at NVDCVE-2024-42162 at SUSECVE-2024-42162 at NVDCVE-2024-42223 at SUSECVE-2024-42223 at NVDCVE-2024-42225 at SUSECVE-2024-42225 at NVDCVE-2024-42228 at SUSECVE-2024-42228 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42236 at SUSECVE-2024-42236 at NVDCVE-2024-42237 at SUSECVE-2024-42237 at NVDCVE-2024-42238 at SUSECVE-2024-42238 at NVDCVE-2024-42239 at SUSECVE-2024-42239 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-42244 at SUSECVE-2024-42244 at NVDCVE-2024-42246 at SUSECVE-2024-42246 at NVDCVE-2024-42247 at SUSECVE-2024-42247 at NVDCVE-2024-42268 at SUSECVE-2024-42268 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-42274 at SUSECVE-2024-42274 at NVDCVE-2024-42276 at SUSECVE-2024-42276 at NVDCVE-2024-42277 at SUSECVE-2024-42277 at NVDCVE-2024-42280 at SUSECVE-2024-42280 at NVDCVE-2024-42281 at SUSECVE-2024-42281 at NVDCVE-2024-42283 at SUSECVE-2024-42283 at NVDCVE-2024-42284 at SUSECVE-2024-42284 at NVDCVE-2024-42285 at SUSECVE-2024-42285 at NVDCVE-2024-42286 at SUSECVE-2024-42286 at NVDCVE-2024-42287 at SUSECVE-2024-42287 at NVDCVE-2024-42288 at SUSECVE-2024-42288 at NVDCVE-2024-42289 at SUSECVE-2024-42289 at NVDCVE-2024-42291 at SUSECVE-2024-42291 at NVDCVE-2024-42292 at SUSECVE-2024-42292 at NVDCVE-2024-42295 at SUSECVE-2024-42295 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-42302 at SUSECVE-2024-42302 at NVDCVE-2024-42308 at SUSECVE-2024-42308 at NVDCVE-2024-42309 at SUSECVE-2024-42309 at NVDCVE-2024-42310 at SUSECVE-2024-42310 at NVDCVE-2024-42311 at SUSECVE-2024-42311 at NVDCVE-2024-42312 at SUSECVE-2024-42312 at NVDCVE-2024-42313 at SUSECVE-2024-42313 at NVDCVE-2024-42315 at SUSECVE-2024-42315 at NVDCVE-2024-42318 at SUSECVE-2024-42318 at NVDCVE-2024-42319 at SUSECVE-2024-42319 at NVDCVE-2024-42320 at SUSECVE-2024-42320 at NVDCVE-2024-42322 at SUSECVE-2024-42322 at NVDCVE-2024-43816 at SUSECVE-2024-43816 at NVDCVE-2024-43818 at SUSECVE-2024-43818 at NVDCVE-2024-43819 at SUSECVE-2024-43819 at NVDCVE-2024-43821 at SUSECVE-2024-43821 at NVDCVE-2024-43823 at SUSECVE-2024-43823 at NVDCVE-2024-43829 at SUSECVE-2024-43829 at NVDCVE-2024-43830 at SUSECVE-2024-43830 at NVDCVE-2024-43831 at SUSECVE-2024-43831 at NVDCVE-2024-43834 at SUSECVE-2024-43834 at NVDCVE-2024-43837 at SUSECVE-2024-43837 at NVDCVE-2024-43839 at SUSECVE-2024-43839 at NVDCVE-2024-43841 at SUSECVE-2024-43841 at NVDCVE-2024-43842 at SUSECVE-2024-43842 at NVDCVE-2024-43846 at SUSECVE-2024-43846 at NVDCVE-2024-43849 at SUSECVE-2024-43849 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-43856 at SUSECVE-2024-43856 at NVDCVE-2024-43858 at SUSECVE-2024-43858 at NVDCVE-2024-43860 at SUSECVE-2024-43860 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43863 at SUSECVE-2024-43863 at NVDCVE-2024-43866 at SUSECVE-2024-43866 at NVDCVE-2024-43867 at SUSECVE-2024-43867 at NVDCVE-2024-43871 at SUSECVE-2024-43871 at NVDCVE-2024-43872 at SUSECVE-2024-43872 at NVDCVE-2024-43873 at SUSECVE-2024-43873 at NVDCVE-2024-43879 at SUSECVE-2024-43879 at NVDCVE-2024-43880 at SUSECVE-2024-43880 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-43884 at SUSECVE-2024-43884 at NVDCVE-2024-43889 at SUSECVE-2024-43889 at NVDCVE-2024-43892 at SUSECVE-2024-43892 at NVDCVE-2024-43893 at SUSECVE-2024-43893 at NVDCVE-2024-43894 at SUSECVE-2024-43894 at NVDCVE-2024-43895 at SUSECVE-2024-43895 at NVDCVE-2024-43899 at SUSECVE-2024-43899 at NVDCVE-2024-43900 at SUSECVE-2024-43900 at NVDCVE-2024-43902 at SUSECVE-2024-43902 at NVDCVE-2024-43903 at SUSECVE-2024-43903 at NVDCVE-2024-43904 at SUSECVE-2024-43904 at NVDCVE-2024-43905 at SUSECVE-2024-43905 at NVDCVE-2024-43907 at SUSECVE-2024-43907 at NVDCVE-2024-43908 at SUSECVE-2024-43908 at NVDCVE-2024-43909 at SUSECVE-2024-43909 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44939 at SUSECVE-2024-44939 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:opensuse:leap:15.5Security update for java-11-openjdk (Important)openSUSE Leap 15.5
This update for java-11-openjdk fixes the following issues:
Updated to version 11.0.22 (January 2024 CPU):
- CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
due to a missing bounds check (bsc#1218907).
- CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
file verifier (bsc#1218903).
- CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
that could lead to corruption of JVM memory (bsc#1218905).
- CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).
- CVE-2024-20945: Fixed a potential private key leak through debug
logs (bsc#1218909).
- CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
attack against TLS (bsc#1218911).
Find the full release notes at:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029215.html
ImportantSUSE bug 1218903SUSE bug 1218905SUSE bug 1218906SUSE bug 1218907SUSE bug 1218909SUSE bug 1218911CVE-2024-20918 at SUSECVE-2024-20918 at NVDCVE-2024-20919 at SUSECVE-2024-20919 at NVDCVE-2024-20921 at SUSECVE-2024-20921 at NVDCVE-2024-20926 at SUSECVE-2024-20926 at NVDCVE-2024-20945 at SUSECVE-2024-20945 at NVDCVE-2024-20952 at SUSECVE-2024-20952 at NVDcpe:/o:opensuse:leap:15.5Security update for libpcap (Moderate)openSUSE Leap 15.5
This update for libpcap fixes the following issues:
- CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034)
- CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020)
ModerateSUSE bug 1230020SUSE bug 1230034CVE-2023-7256 at SUSECVE-2023-7256 at NVDCVE-2024-8006 at SUSECVE-2024-8006 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
ModerateSUSE bug 1230093CVE-2024-8096 at SUSECVE-2024-8096 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22 (Moderate)openSUSE Leap 15.5
This update for go1.22 fixes the following issues:
- Update go v1.22.7
- CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252)
- CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)
- CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)
ModerateSUSE bug 1218424SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.23 (Moderate)openSUSE Leap 15.5
This update for go1.23 fixes the following issues:
- Update go v1.23.1
- CVE-2024-34155: Fixed stack exhaustion in all Parse* functions. (bsc#1230252)
- CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode. (bsc#1230253)
- CVE-2024-34158: Fixed stack exhaustion in Parse. (bsc#1230254)
ModerateSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for expat (Moderate)openSUSE Leap 15.5
This update for expat fixes the following issues:
- CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932)
- CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931)
- CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930)
ModerateSUSE bug 1229930SUSE bug 1229931SUSE bug 1229932CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:opensuse:leap:15.5Security update for containerd (Important)openSUSE Leap 15.5
This update for containerd fixes the following issues:
- Update to containerd v1.7.21
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070)
- CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553)
ImportantSUSE bug 1200528SUSE bug 1217070SUSE bug 1228553CVE-2022-1996 at SUSECVE-2022-1996 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDcpe:/o:opensuse:leap:15.5Security update for runc (Low)openSUSE Leap 15.5
This update for runc fixes the following issues:
- Update to runc v1.1.14
- CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092)
LowSUSE bug 1230092CVE-2024-45310 at SUSECVE-2024-45310 at NVDcpe:/o:opensuse:leap:15.5Security update for python-uamqp (Critical)openSUSE Leap 15.5
This update for python-uamqp fixes the following issues:
- CVE-2024-21646: Fix integer overflow which may cause remote code execution (bsc#1219409).
CriticalSUSE bug 1219409CVE-2024-21646 at SUSECVE-2024-21646 at NVDcpe:/o:opensuse:leap:15.5Security update for java-17-openjdk (Important)openSUSE Leap 15.5
This update for java-17-openjdk fixes the following issues:
Updated to version 17.0.10 (January 2024 CPU):
- CVE-2024-20918: Fixed an out of bounds access in the Hotspot JVM
due to a missing bounds check (bsc#1218907).
- CVE-2024-20919: Fixed a sandbox bypass in the Hotspot JVM class
file verifier (bsc#1218903).
- CVE-2024-20921: Fixed an incorrect optimization in the Hotspot JVM
that could lead to corruption of JVM memory (bsc#1218905).
- CVE-2024-20932: Fixed an incorrect handling of ZIP files with
duplicate entries (bsc#1218908).
- CVE-2024-20945: Fixed a potential private key leak through debug
logs (bsc#1218909).
- CVE-2024-20952: Fixed an RSA padding issue and timing side-channel
attack against TLS (bsc#1218911).
Find the full release notes at:
https://mail.openjdk.org/pipermail/jdk-updates-dev/2024-January/029089.html
ImportantSUSE bug 1218903SUSE bug 1218905SUSE bug 1218907SUSE bug 1218908SUSE bug 1218909SUSE bug 1218911CVE-2024-20918 at SUSECVE-2024-20918 at NVDCVE-2024-20919 at SUSECVE-2024-20919 at NVDCVE-2024-20921 at SUSECVE-2024-20921 at NVDCVE-2024-20932 at SUSECVE-2024-20932 at NVDCVE-2024-20945 at SUSECVE-2024-20945 at NVDCVE-2024-20952 at SUSECVE-2024-20952 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Important)openSUSE Leap 15.5
This update fixes the following issues:
golang-github-prometheus-prometheus:
- Security issues fixed:
* CVE-2024-6104: Update go-retryablehttp to version 0.7.7 (bsc#1227038)
* CVE-2023-45142: Updated otelhttp to version 0.46.1 (bsc#1228556)
- Require Go > 1.20 for building
- Migrate from `disabled` to `manual` service mode
- Update to 2.45.6 (jsc#PED-3577):
* Security fixes in dependencies
- Update to 2.45.5:
* [BUGFIX] tsdb/agent: ensure that new series get written to WAL
on rollback.
* [BUGFIX] Remote write: Avoid a race condition when applying
configuration.
- Update to 2.45.4:
* [BUGFIX] Remote read: Release querier resources before encoding
the results.
- Update to 2.45.3:
* [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
- Update to 2.45.2:
* [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
series.
- Update to 2.45.1:
* [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used
by Hetzner in September.
* [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid
overflows on 386 architecture.
* [BUGFIX] TSDB: Handle TOC parsing failures.
rhnlib:
- Version 5.0.4-0
* Add the old TLS code for very old traditional clients still on
python 2.7 (bsc#1228198)
spacecmd:
- Version 5.0.9-0
* Update translation strings
uyuni-tools:
- Version 0.1.21-0
* mgrpxy: Fix typo on Systemd template
- Version 0.1.20-0
* Update the push tag to 5.0.1
* mgrpxy: expose port on IPv6 network (bsc#1227951)
- Version 0.1.19-0
* Skip updating Tomcat remote debug if conf file is not present
- Version 0.1.18-0
* Setup Confidential Computing container during migration
(bsc#1227588)
* Add the /etc/uyuni/uyuni-tools.yaml path to the config help
* Split systemd config files to not loose configuration at upgrade
(bsc#1227718)
* Use the same logic for image computation in mgradm and mgrpxy
(bsc#1228026)
* Allow building with different Helm and container default
registry paths (bsc#1226191)
* Fix recursion in mgradm upgrade podman list --help
* Setup hub xmlrpc API service in migration to Podman (bsc#1227588)
* Setup disabled hub xmlrpc API service in all cases (bsc#1227584)
* Clean the inspection code to make it faster
* Properly detect IPv6 enabled on Podman network (bsc#1224349)
* Fix the log file path generation
* Write scripts output to uyuni-tools.log file
* Add uyuni-hubxml-rpc to the list of values in
mgradm scale --help
* Use path in mgradm support sql file input (bsc#1227505)
* On Ubuntu build with go1.21 instead of go1.20
* Enforce Cobbler setup (bsc#1226847)
* Expose port on IPv6 network (bsc#1227951)
* show output of podman image search --list-tags command
* Implement mgrpxy support config command
* During migration, ignore /etc/sysconfig/tomcat and
/etc/tomcat/tomcat.conf (bsc#1228183)
* During migration, remove java.annotation,com.sun.xml.bind and
UseConcMarkSweepGC settings
* Disable node exporter port for Kubernetes
* Fix start, stop and restart in Kubernetes
* Increase start timeout in Kubernetes
* Fix traefik query
* Fix password entry usability (bsc#1226437)
* Add --prepare option to migrate command
* Fix random error during installation of CA certificate
(bsc#1227245)
* Clarify and fix distro name guessing when not provided
(bsc#1226284)
* Replace not working Fatal error by plain error return
(bsc#1220136)
* Allow server installation with preexisting storage volumes
* Do not report error when purging mounted volume (bsc#1225349)
* Preserve PAGER settings from the host for interactive sql
usage (bsc#1226914)
* Add mgrpxy command to clear the Squid cache
* Use local images for Confidential Computing and
Hub containers (bsc#1227586)
- Version 0.1.17-0
* Allow GPG files to be loaded from the local file (bsc#1227195)
- Version 0.1.16-0
* Prefer local images in all migration steps (bsc#1227244)
- Version 0.1.15-0
* Define --registry flag behaviour (bsc#1226793)
- Version 0.1.14-0
* Do not rely on hardcoded registry, remove any FQDN
- Version 0.1.13-0
* Fix mgradm support config tarball creation (bsc#1226759)
- Version 0.1.12-0
* Detection of k8s on Proxy was wrongly influenced by Server
setting
ImportantSUSE bug 1220136SUSE bug 1224349SUSE bug 1225349SUSE bug 1226191SUSE bug 1226284SUSE bug 1226437SUSE bug 1226759SUSE bug 1226793SUSE bug 1226847SUSE bug 1226914SUSE bug 1227038SUSE bug 1227195SUSE bug 1227244SUSE bug 1227245SUSE bug 1227505SUSE bug 1227584SUSE bug 1227586SUSE bug 1227588SUSE bug 1227718SUSE bug 1227951SUSE bug 1228026SUSE bug 1228183SUSE bug 1228198SUSE bug 1228556CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:opensuse:leap:15.5Security update for bouncycastle, jsch (Important)openSUSE Leap 15.5
This update for bouncycastle, jsch fixes the following issues:
- Updated jsch to version 0.2.15:
- CVE-2023-48795: Fixed a prefix truncation issue that could lead to
disclosure of sensitive information (bsc#1218134).
- Updated bouncycastle to version 1.77.
ImportantSUSE bug 1218134CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for golang-github-prometheus-prometheus (Important)openSUSE Leap 15.5
This update for golang-github-prometheus-prometheus fixes the following issues:
- Require Go > 1.20 for building
- Bump go-retryablehttp to version 0.7.7
(CVE-2024-6104, bsc#1227038)
- Migrate from `disabled` to `manual` service mode
- Add0003-Bump-go-retryablehttp.patch
- Update to 2.45.6 (jsc#PED-3577):
* Security fixes in dependencies
- Update to 2.45.5:
* [BUGFIX] tsdb/agent: ensure that new series get written to WAL
on rollback.
* [BUGFIX] Remote write: Avoid a race condition when applying
configuration.
- Update to 2.45.4:
* [BUGFIX] Remote read: Release querier resources before encoding
the results.
- Update to 2.45.3:
* Security fixes in dependencies
* [BUGFIX] TSDB: Remove double memory snapshot on shutdown.
- Update to 2.45.2:
* Security fixes in dependencies
* [SECURITY] Updated otelhttp to version 0.46.1
(CVE-2023-45142, bsc#1228556)
* [BUGFIX] TSDB: Fix PostingsForMatchers race with creating new
series.
- Update to 2.45.1:
* [ENHANCEMENT] Hetzner SD: Support larger ID's that will be used
by Hetzner in September.
* [BUGFIX] Linode SD: Cast InstanceSpec values to int64 to avoid
overflows on 386 architecture.
* [BUGFIX] TSDB: Handle TOC parsing failures.
- update to 2.45.0 (jsc#PED-5406):
* [FEATURE] API: New limit parameter to limit the number of items
returned by `/api/v1/status/tsdb` endpoint.
* [FEATURE] Config: Add limits to global config.
* [FEATURE] Consul SD: Added support for `path_prefix`.
* [FEATURE] Native histograms: Add option to scrape both classic
and native histograms.
* [FEATURE] Native histograms: Added support for two more
arithmetic operators `avg_over_time` and `sum_over_time`.
* [FEATURE] Promtool: When providing the block id, only one block
will be loaded and analyzed.
* [FEATURE] Remote-write: New Azure ad configuration to support
remote writing directly to Azure Monitor workspace.
* [FEATURE] TSDB: Samples per chunk are now configurable with
flag `storage.tsdb.samples-per-chunk`. By default set to its
former value 120.
* [ENHANCEMENT] Native histograms: bucket size can now be limited
to avoid scrape fails.
* [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL
sooner.
* [BUGFIX] Native histograms: ChunkSeries iterator now checks if
a new sample can be appended to the open chunk.
* [BUGFIX] Native histograms: Fix Histogram Appender
`Appendable()` segfault.
* [BUGFIX] Native histograms: Fix setting reset header to gauge
histograms in seriesToChunkEncoder.
* [BUGFIX] TSDB: Tombstone intervals are not modified after Get()
call.
* [BUGFIX] TSDB: Use path/filepath to set the WAL directory.
- update to 2.44.0:
* [FEATURE] Remote-read: Handle native histograms.
* [FEATURE] Promtool: Health and readiness check of prometheus
server in CLI.
* [FEATURE] PromQL: Add `query_samples_total` metric, the total
number of samples loaded by all queries.
* [ENHANCEMENT] Storage: Optimise buffer used to iterate through
samples.
* [ENHANCEMENT] Scrape: Reduce memory allocations on target
labels.
* [ENHANCEMENT] PromQL: Use faster heap method for `topk()` /
`bottomk()`.
* [ENHANCEMENT] Rules API: Allow filtering by rule name.
* [ENHANCEMENT] Native Histograms: Various fixes and
improvements.
* [ENHANCEMENT] UI: Search of scraping pools is now
case-insensitive.
* [ENHANCEMENT] TSDB: Add an affirmative log message for
successful WAL repair.
* [BUGFIX] TSDB: Block compaction failed when shutting down.
* [BUGFIX] TSDB: Out-of-order chunks could be ignored if the
write-behind log was deleted.
- rebase patch 0001-Do-not-force-the-pure-Go-name-resolver.patch
onto v2.44.0
- update to 2.43.1
* [BUGFIX] Labels: Set() after Del() would be ignored, which
broke some relabeling rules.
- update to 2.43.0:
* [FEATURE] Promtool: Add HTTP client configuration to query
commands.
* [FEATURE] Scrape: Add `include_scrape_configs` to include
scrape configs from different files.
* [FEATURE] HTTP client: Add `no_proxy` to exclude URLs from
proxied requests.
* [FEATURE] HTTP client: Add `proxy_from_enviroment` to read
proxies from env variables.
* [ENHANCEMENT] API: Add support for setting lookback delta per
query via the API.
* [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499
if a request is canceled.
* [ENHANCEMENT] Scrape: Allow exemplars for all metric types.
* [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders
size.
* [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot
with index that is ahead of WAL.
* [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to
be more comprehensible.
* [ENHANCEMENT] UI: Scope `group by` labels to metric in
autocompletion.
* [BUGFIX] Scrape: Fix
`prometheus_target_scrape_pool_target_limit` metric not set
before reloading.
* [BUGFIX] TSDB: Correctly update
`prometheus_tsdb_head_chunks_removed_total` and
`prometheus_tsdb_head_chunks` metrics when reading WAL.
* [BUGFIX] TSDB: Use the correct unit (seconds) when recording
out-of-order append deltas in the
`prometheus_tsdb_sample_ooo_delta` metric.
- update to 2.42.0:
This release comes with a bunch of feature coverage for native
histograms and breaking changes.
If you are trying native histograms already, we recommend you
remove the `wal` directory when upgrading.
Because the old WAL record for native histograms is not
backward compatible in v2.42.0, this will lead to some data
loss for the latest data.
Additionally, if you scrape 'float histograms' or use recording
rules on native histograms in v2.42.0 (which writes float
histograms), it is a one-way street since older versions do not
support float histograms.
* [CHANGE] **breaking** TSDB: Changed WAL record format for the
experimental native histograms.
* [FEATURE] Add 'keep_firing_for' field to alerting rules.
* [FEATURE] Promtool: Add support of selecting timeseries for
TSDB dump.
* [ENHANCEMENT] Agent: Native histogram support.
* [ENHANCEMENT] Rules: Support native histograms in recording
rules.
* [ENHANCEMENT] SD: Add container ID as a meta label for pod
targets for Kubernetes.
* [ENHANCEMENT] SD: Add VM size label to azure service
discovery.
* [ENHANCEMENT] Support native histograms in federation.
* [ENHANCEMENT] TSDB: Add gauge histogram support.
* [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that
represents buckets as float64 values.
* [ENHANCEMENT] UI: Show individual scrape pools on /targets
page.
- update to 2.41.0:
* [FEATURE] Relabeling: Add keepequal and dropequal relabel
actions.
* [FEATURE] Add support for HTTP proxy headers.
* [ENHANCEMENT] Reload private certificates when changed on disk.
* [ENHANCEMENT] Add max_version to specify maximum TLS version in
tls_config.
* [ENHANCEMENT] Add goos and goarch labels to
prometheus_build_info.
* [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.
* [ENHANCEMENT] SD: Add new metric
prometheus_sd_file_watcher_errors_total.
* [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.
* [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in
iterators.
* [ENHANCEMENT] TSDB: Optimize postings offset table reading.
* [BUGFIX] Scrape: Validate the metric name, label names, and
label values after relabeling.
* [BUGFIX] Remote Write receiver and rule manager: Fix error
handling.
- update to 2.40.7:
* [BUGFIX] TSDB: Fix queries involving negative buckets of native
histograms.
- update to 2.40.5:
* [BUGFIX] TSDB: Fix queries involving native histograms due to
improper reset of iterators.
- update to 2.40.3:
* [BUGFIX] TSDB: Fix compaction after a deletion is called.
- update to 2.40.2:
* [BUGFIX] UI: Fix black-on-black metric name color in dark mode.
- update to 2.40.1:
* [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit
architecture.
* [BUGFIX] Scrape: Fix accept headers.
- update to 2.40.0:
* [FEATURE] Add experimental support for native histograms.
Enable with the flag --enable-feature=native-histograms.
* [FEATURE] SD: Add service discovery for OVHcloud.
* [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.
* [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved
sorting speed.
* [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds
__meta_consul_partition label. Adds partition config in
consul_sd_config.
* [BUGFIX] API: Fix API error codes for /api/v1/labels and
/api/v1/series.
- update to 2.39.1:
* [BUGFIX] Rules: Fix notifier relabel changing the labels on
active alerts.
- update to 2.39.0:
* [FEATURE] experimental TSDB: Add support for ingesting
out-of-order samples. This is configured via
out_of_order_time_window field in the config file; check config
file docs for more info.
* [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also
respond to a HEAD request on top of existing GET support.
* [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.
* [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.
* [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region
label.
* [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.
* [ENHANCEMENT] TSDB: Improve WAL replay timings.
* [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary
data in the memory.
* [ENHANCEMENT] TSDB: Allow overlapping blocks by default.
--storage.tsdb.allow-overlapping-blocks now has no effect.
* [ENHANCEMENT] UI: Click to copy label-value pair from query
result to clipboard.
* [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a
memory leak.
* [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus
startup.
* [BUGFIX] PromQL: Properly close file descriptor when logging
unfinished queries.
* [BUGFIX] Agent: Fix validation of flag options and prevent WAL
from growing more than desired.
- update to 2.38.0:
* [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint
that allows pretty-formatting PromQL expressions.
* [FEATURE]: UI: Add support for formatting PromQL expressions in
the UI.
* [FEATURE]: DNS SD: Support MX records for discovering targets.
* [FEATURE]: Templates: Add toTime() template function that
allows converting sample timestamps to Go time.Time values.
* [ENHANCEMENT]: Kubernetes SD: Add
__meta_kubernetes_service_port_number meta label indicating the
service port number.
* [ENHANCEMENT]: Kubernetes SD: Add
__meta_kubernetes_pod_container_image meta label indicating the
container image.
* [ENHANCEMENT]: PromQL: When a query panics, also log the query
itself alongside the panic message.
* [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve
the contrast ratio.
* [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding
locks and using atomic types instead.
* [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature
flag, which omits or removes any default HTTP (:80) or HTTPS
(:443) ports in the target's scrape address.
* [BUGFIX]: TSDB: In the WAL watcher metrics, expose the
type='exemplar' label instead of type='unknown' for exemplar
records.
* [BUGFIX]: TSDB: Fix race condition around allocating series IDs
during chunk snapshot loading.
- Remove npm_licenses.tar.bz2 during 'make clean'
- Remove web-ui archives during 'make clean'.
* [SECURITY] CVE-2022-41715: Limit memory used by parsing regexps
(bsc#1204023).
- Fix uncontrolled resource consumption by updating Go to version
1.20.1 (CVE-2022-41723, bsc#1208298) ImportantSUSE bug 1204023SUSE bug 1208298SUSE bug 1227038SUSE bug 1228556CVE-2022-41715 at SUSECVE-2022-41715 at NVDCVE-2022-41723 at SUSECVE-2022-41723 at NVDCVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2024-6104 at SUSECVE-2024-6104 at NVDcpe:/o:opensuse:leap:15.5Security update for gstreamer-plugins-bad, libvpl (Important)openSUSE Leap 15.5
This update for gstreamer-plugins-bad, libvpl fixes the following issues:
- Dropped support for libmfx to fix the following CVEs:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
The libmfx dependency is replaced by libvpl.
ImportantSUSE bug 1218534SUSE bug 1219494SUSE bug 1223263SUSE bug 1226892SUSE bug 1226897SUSE bug 1226898SUSE bug 1226899SUSE bug 1226900SUSE bug 1226901CVE-2023-22656 at SUSECVE-2023-22656 at NVDCVE-2023-45221 at SUSECVE-2023-45221 at NVDCVE-2023-47169 at SUSECVE-2023-47169 at NVDCVE-2023-47282 at SUSECVE-2023-47282 at NVDCVE-2023-48368 at SUSECVE-2023-48368 at NVDCVE-2023-50186 at SUSECVE-2023-50186 at NVDcpe:/o:opensuse:leap:15.5Security update for python (Moderate)openSUSE Leap 15.5
This update for python fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:opensuse:leap:15.5Security update for python-dnspython (Moderate)openSUSE Leap 15.5
This update for python-dnspython fixes the following issue:
- Fix CVE-2023-29483 (bsc#1230353).
ModerateSUSE bug 1230353CVE-2023-29483 at SUSECVE-2023-29483 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2023-49081: fixed an HTTP header injection via a crafted
version (bsc#1217684).
ModerateSUSE bug 1217684CVE-2023-49081 at SUSECVE-2023-49081 at NVDcpe:/o:opensuse:leap:15.5Security update for clamav (Important)openSUSE Leap 15.5
This update for clamav fixes the following issues:
- Update to version 0.103.12
- CVE-2024-20506: Disable symlinks following to prevent an attacker to corrupt system files. (bsc#1230162)
- CVE-2024-20505: Fixed possible out-of-bounds read bug in the PDF file parser. (bsc#1230161)
ImportantSUSE bug 1230161SUSE bug 1230162CVE-2024-20505 at SUSECVE-2024-20505 at NVDCVE-2024-20506 at SUSECVE-2024-20506 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Moderate)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20240910 release (bsc#1230400)
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
ModerateSUSE bug 1230400CVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Moderate)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
- Upgraded Wireshark to version 3.6.24.
- CVE-2024-8250: Fixed NTLMSSP dissector crash (bsc#1229907).
ModerateSUSE bug 1229907CVE-2024-8250 at SUSECVE-2024-8250 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following non-security bugs were fixed:
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
ImportantSUSE bug 1230413cpe:/o:opensuse:leap:15.5Security update for libmfx (Moderate)openSUSE Leap 15.5
This update for libmfx fixes the following issues:
- CVE-2023-48368: Fixed an improper input validation. (bsc#1226897)
- CVE-2023-45221: Fixed an improper buffer restrictions. (bsc#1226898)
- CVE-2023-22656: Fixed an out-of-bounds read. (bsc#1226899)
- CVE-2023-47282: Fixed an out-of-bounds write. (bsc#1226900)
- CVE-2023-47169: Fixed an improper buffer restrictions. (bsc#1226901)
ModerateSUSE bug 1219494SUSE bug 1226892SUSE bug 1226897SUSE bug 1226898SUSE bug 1226899SUSE bug 1226900SUSE bug 1226901CVE-2023-22656 at SUSECVE-2023-22656 at NVDCVE-2023-45221 at SUSECVE-2023-45221 at NVDCVE-2023-47169 at SUSECVE-2023-47169 at NVDCVE-2023-47282 at SUSECVE-2023-47282 at NVDCVE-2023-48368 at SUSECVE-2023-48368 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.24 (Important)openSUSE Leap 15.5
This update for kubernetes1.24 fixes the following issues:
- CVE-2023-39325: go1.20: excessive resource consumption when dealing with rapid stream resets. (bsc#1229869)
- CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869)
- CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869)
- CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867)
Bug fixes:
- Update go to version 1.22.5 in build requirements. (bsc#1229858)
ImportantSUSE bug 1216109SUSE bug 1216123SUSE bug 1221400SUSE bug 1226136SUSE bug 1229858SUSE bug 1229867SUSE bug 1229869SUSE bug 1230323CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.25 (Important)openSUSE Leap 15.5
This update for kubernetes1.25 fixes the following issues:
- CVE-2023-45288: golang.org/x/net: excessive CPU consumption when processing unlimited sets of headers. (bsc#1229869)
- CVE-2023-44487: google.golang.org/grpc, kube-apiserver: HTTP/2 rapid reset vulnerability. (bsc#1229869)
- CVE-2024-24786: github.com/golang/protobuf: infinite loop when unmarshaling invalid JSON. (bsc#1229867)
Bug fixes:
- Update go to version 1.22.5 in build requirements. (bsc#1229858)
ImportantSUSE bug 1216109SUSE bug 1216123SUSE bug 1221400SUSE bug 1226136SUSE bug 1229858SUSE bug 1229867SUSE bug 1229869SUSE bug 1230323CVE-2023-39325 at SUSECVE-2023-39325 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2024-24786 at SUSECVE-2024-24786 at NVDcpe:/o:opensuse:leap:15.5Security update for python-azure-identity (Moderate)openSUSE Leap 15.5
This update for python-azure-identity fixes the following issues:
- CVE-2024-35255: Fixed an Azure identity libraries elevation of privilege vulnerability. (bsc#1230100)
ModerateSUSE bug 1230100CVE-2024-35255 at SUSECVE-2024-35255 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- Update to version 3.10.15
- CVE-2024-8088: Fixed denial of service in zipfile. (bsc#1229704)
- CVE-2024-7592: Fixed uncontrolled CPU resource consumption when in http.cookies module. (bsc#1229596)
- CVE-2024-6232: Fixed ReDos via excessive backtracking while parsing header values. (bsc#1230227)
ImportantSUSE bug 1229596SUSE bug 1229704SUSE bug 1230227CVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDCVE-2024-8088 at SUSECVE-2024-8088 at NVDcpe:/o:opensuse:leap:15.5Security update for ffmpeg-4 (Important)openSUSE Leap 15.5
This update for ffmpeg-4 fixes the following issues:
- Dropped support for libmfx to fix the following CVEs:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
- CVE-2024-7055: heap-based buffer overflow in pnmdec.c from the libavcodec library. (bsc#1229026)
ImportantSUSE bug 1226892SUSE bug 1226897SUSE bug 1226898SUSE bug 1226899SUSE bug 1226900SUSE bug 1226901SUSE bug 1229026CVE-2023-22656 at SUSECVE-2023-22656 at NVDCVE-2023-45221 at SUSECVE-2023-45221 at NVDCVE-2023-47169 at SUSECVE-2023-47169 at NVDCVE-2023-47282 at SUSECVE-2023-47282 at NVDCVE-2023-48368 at SUSECVE-2023-48368 at NVDCVE-2024-7055 at SUSECVE-2024-7055 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2023-49081: fixed an HTTP header injection via a crafted
version (bsc#1217684).
ModerateSUSE bug 1217684CVE-2023-49081 at SUSECVE-2023-49081 at NVDcpe:/o:opensuse:leap:15.5Security update for rage-encryption (Moderate)openSUSE Leap 15.5
This update for rage-encryption fixes the following issues:
- Update to version 0.10.0
- CVE-2024-43806: Fixed rustix::fs::Dir iterator with the linux_raw backend that can cause memory exhaustion. (bsc#1229959)
ModerateSUSE bug 1229959CVE-2024-43806 at SUSECVE-2024-43806 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Important)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- Update to 3.9.20:
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
- CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596)
- CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704)
ImportantSUSE bug 1229596SUSE bug 1229704SUSE bug 1230227CVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDCVE-2024-8088 at SUSECVE-2024-8088 at NVDcpe:/o:opensuse:leap:15.5Security update for python311 (Important)openSUSE Leap 15.5
This update for python311 fixes the following issues:
- Update python311 to version 3.11.10.
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
- CVE-2024-7592: quadratic algorithm used when parsing cookies leads to excessive resource consumption. (bsc#1229596)
- CVE-2024-8088: lack of name validation when extracting a zip archive leads to infinite loops. (bsc#1229704)
ImportantSUSE bug 1229596SUSE bug 1229704SUSE bug 1230227CVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDCVE-2024-8088 at SUSECVE-2024-8088 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366)
ModerateSUSE bug 1230366CVE-2024-45817 at SUSECVE-2024-45817 at NVDcpe:/o:opensuse:leap:15.5Security update for apr (Moderate)openSUSE Leap 15.5
This update for apr fixes the following issues:
- CVE-2023-49582: Fixed an unexpected lax shared memory permissions. (bsc#1229783)
ModerateSUSE bug 1229783CVE-2023-49582 at SUSECVE-2023-49582 at NVDcpe:/o:opensuse:leap:15.5Security update for opensc (Low)openSUSE Leap 15.5
This update for opensc fixes the following issues:
- CVE-2024-45620: Incorrect handling of the length of buffers or files in pkcs15init. (bsc#1230076)
- CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. (bsc#1230075)
- CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. (bsc#1230074)
- CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. (bsc#1230073)
- CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. (bsc#1230072)
- CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. (bsc#1230071)
- CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. (bsc#1230364)
LowSUSE bug 1217722SUSE bug 1230071SUSE bug 1230072SUSE bug 1230073SUSE bug 1230074SUSE bug 1230075SUSE bug 1230076SUSE bug 1230364CVE-2024-45615 at SUSECVE-2024-45615 at NVDCVE-2024-45616 at SUSECVE-2024-45616 at NVDCVE-2024-45617 at SUSECVE-2024-45617 at NVDCVE-2024-45618 at SUSECVE-2024-45618 at NVDCVE-2024-45619 at SUSECVE-2024-45619 at NVDCVE-2024-45620 at SUSECVE-2024-45620 at NVDCVE-2024-8443 at SUSECVE-2024-8443 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.24 (Important)openSUSE Leap 15.5
This update of kubernetes1.24 fixes the following issues:
- rebuild the package with the current go 1.23 security release (bsc#1229122).
ImportantSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.28 (Important)openSUSE Leap 15.5
This update of kubernetes1.28 fixes the following issues:
- rebuild the package with the current go 1.23 security release (bsc#1229122).
ImportantSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.27 (Important)openSUSE Leap 15.5
This update of kubernetes1.27 fixes the following issues:
- rebuild the package with the current go 1.23 security release (bsc#1229122).
ImportantSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.26 (Important)openSUSE Leap 15.5
This update of kubernetes1.26 fixes the following issues:
- rebuild the package with the current go 1.23 security release (bsc#1229122).
ImportantSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for kubernetes1.25 (Important)openSUSE Leap 15.5
This update of kubernetes1.25 fixes the following issues:
- rebuild the package with the current go 1.23 security release (bsc#1229122).
ImportantSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Important)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780).
- CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233).
- CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596).
- CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227)
Bug fixes:
- %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999).
- Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378).
- Remove %suse_update_desktop_file macro as it is not useful any more.
ImportantSUSE bug 1227233SUSE bug 1227378SUSE bug 1227999SUSE bug 1228780SUSE bug 1229596SUSE bug 1230227CVE-2024-5642 at SUSECVE-2024-5642 at NVDCVE-2024-6232 at SUSECVE-2024-6232 at NVDCVE-2024-6923 at SUSECVE-2024-6923 at NVDCVE-2024-7592 at SUSECVE-2024-7592 at NVDcpe:/o:opensuse:leap:15.5Security update for quagga (Important)openSUSE Leap 15.5
This update for quagga fixes the following issues:
- CVE-2017-15865: sensitive information disclosed when malformed BGP UPDATE packets are processed. (bsc#1230866)
- CVE-2024-44070: crash when parsing Tunnel Encap attribute due to no length check. (bsc#1229438)
- CVE-2022-37032: out-of-bounds read when parsing a BGP capability message due to incorrect size check. (bsc#1202023)
ImportantSUSE bug 1202023SUSE bug 1229438SUSE bug 1230866CVE-2017-15865 at SUSECVE-2017-15865 at NVDCVE-2022-37032 at SUSECVE-2022-37032 at NVDCVE-2024-44070 at SUSECVE-2024-44070 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773).
- CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524).
- CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500).
- CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798)
- CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326).
- CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759).
- CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315).
- CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756).
- CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792).
- CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820).
- CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466).
- CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409).
- CVE-2024-43902: Add null checker before passing variables (bsc#1229767).
- CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768)
- CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481).
- CVE-2024-43884: Add error handling to pair_device() (bsc#1229739)
- CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754).
- CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658).
- CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527).
- CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503)
- CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495).
- CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808).
- CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641)
- CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720).
- CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605)
- CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733).
- CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722).
- CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569).
- CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720).
- CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630).
- CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488)
- CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761)
- CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623)
- CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962)
- CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428).
- CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874)
- CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427).
- CVE-2024-27079: Fix NULL domain on device release (bsc#1223742).
- CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510).
- CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415).
- CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803).
- CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes).
- CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335).
- CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967).
- CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634).
- CVE-2024-27016: Validate pppoe header (bsc#1223807).
- CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639).
- CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877).
- CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578).
- CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297).
- CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374).
- CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391).
- CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314)
- CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801)
- CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074)
- CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes).
- CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387)
- CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542)
- CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582).
- CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388)
- CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382)
- CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383)
- CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357)
- CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345)
- CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347)
- CVE-2024-42308: Update DRM patch reference (bsc#1229411)
- CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407).
- CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351).
- CVE-2024-26669: Fix chain template offload (bsc#1222350).
- CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,).
- CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508).
- CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863).
- CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832).
- CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370).
- CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350).
- CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319).
- CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309).
- CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307).
- CVE-2024-43841: Do not use strlen() in const context (bsc#1229304).
- CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301).
- CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469).
- CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386).
- CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400)
- CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616).
- CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989).
- CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959)
- CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372).
- CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493).
- CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885).
- CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501).
- CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988).
- CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065).
- CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269).
- CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579).
- CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958).
- CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446).
- CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929).
- CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494).
- CVE-2024-42139: Fix improper extts handling (bsc#1228503).
- CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487).
- CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491).
- CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706).
- CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580).
- CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
- CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830).
- CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613).
- CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742).
- CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814).
- CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020).
- CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777).
The following non-security bugs were fixed:
- Indicate support for IRQ ResourceSource thru _OSC (git-fixes).
- Indicate support for the Generic Event Device thru _OSC (git-fixes).
- Rework system-level device notification handling (git-fixes).
- Drop nocrt parameter (git-fixes).
- x86: s2 Post-increment variables when getting constraints (git-fixes).
- Do not cross .backup mountpoint from backup volume (git-fixes).
- Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes).
- line6: Fix racy access to midibuf (stable-fixes).
- Relax start tick time check for slave timer elements (git-fixes).
- Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes).
- Re-add ScratchAmp quirk entries (git-fixes).
- Support Yamaha P-125 quirk entry (stable-fixes).
- Fix UBSAN warning in parse_audio_unit() (stable-fixes).
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: initialize all values of acpi_early_node_map to (git-fixes)
- arm64: Add Neoverse-V2 part (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes)
- arm64: Restore spec_bar() macro (git-fixes)
- arm64: Add missing .field_width for GIC system registers (git-fixes)
- arm64: Fix the visibility of compat hwcaps (git-fixes)
- arm64: Force HWCAP to be based on the sysreg visible to (git-fixes)
- arm64: Add Cortex-A720 definitions (git-fixes)
- arm64: Add Cortex-A725 definitions (git-fixes)
- arm64: Add Cortex-X1C definitions (git-fixes)
- arm64: Add Cortex-X3 definitions (git-fixes)
- arm64: Add Cortex-X4 definitions (git-fixes)
- arm64: Add Cortex-X925 definitions (git-fixes)
- arm64: Add Neoverse-V3 definitions (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Increase VOP clk rate on RK3328 (git-fixes)
- arm64: Expand speculative SSBS workaround (again) (git-fixes)
- arm64: Expand speculative SSBS workaround (git-fixes)
- arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration.
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- arm64: Fix KASAN random tag seed initialization (git-fixes)
- wcd938 Correct Soundwire ports mask (git-fixes).
- wsa881 Correct Soundwire ports mask (git-fixes).
- fix irq scheduling issue with PREEMPT_RT (git-fixes).
- Introduce async_schedule_dev_nocall() (bsc#1221269).
- Split async_schedule_node_domain() (bsc#1221269).
- Fix usage of __hci_cmd_sync_status (git-fixes).
- hci_ Fix not handling hibernation actions (git-fixes).
- l2 always unlock channel in l2cap_conless_channel() (git-fixes).
- L2 Fix deadlock (git-fixes).
- Fix a kernel verifier crash in stacksafe() (bsc#1225903).
- remove unused declaring of bpf_kprobe_override (git-fixes).
- fix leak of qgroup extent records after transaction abort (git-fixes).
- make btrfs_destroy_delayed_refs() return void (git-fixes).
- remove unnecessary prototype declarations at disk-io.c (git-fixes).
- update fs features directory asynchronously (bsc#1226168).
- propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418).
- issue a cap release immediately if no cap exists (bsc#1225162).
- periodically flush the cap releases (bsc#1225162).
- Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes).
- Fix register ID of SPSR_FIQ (git-fixes).
- add missing MODULE_DESCRIPTION() macros (stable-fixes).
- Add labels for both Valve Steam Deck revisions (stable-fixes).
- Add quirk for Aya Neo KUN (stable-fixes).
- Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes).
- Add quirk for Nanote UMPC-01 (stable-fixes).
- Add quirk for OrangePi Neo (stable-fixes).
- drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes).
- Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes).
- avoid using null object of framebuffer (git-fixes).
- Fix && vs || typos (git-fixes).
- Skip Recompute DSC Params if no Stream on Link (stable-fixes).
- Validate hw_points_num before using it (stable-fixes).
- Fix the null pointer dereference for vega10_hwmgr (stable-fixes).
- Actually check flags for all context ops (stable-fixes).
- Add lock around VF RLCG interface (stable-fixes).
- fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes).
- Fix the null pointer dereference to ras_manager (stable-fixes).
- Validate TA binary size (stable-fixes).
- drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes).
- Fix the null pointer dereference for smu7 (stable-fixes).
- Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes).
- Fix the param type of set_power_profile_mode (stable-fixes).
- analogix_ properly handle zero sized AUX transactions (stable-fixes).
- tc358768: Attempt to fix DSI horizontal timings (stable-fixes).
- fix null pointer dereference in drm_client_modeset_probe (git-fixes).
- drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes).
- set gp bus_stop bit before hard reset (stable-fixes).
- reset the link phy params before link training (git-fixes).
- cleanup FB if dpu_format_populate_layout fails (git-fixes).
- do not play tricks with debug macros (git-fixes).
- Zero-initialize iosys_map (stable-fixes).
- fix inode->i_blocks for non-512 byte sector size device (git-fixes).
- fix potential deadlock on __exfat_get_dentry_set (git-fixes).
- redefine DIR_DELETED as the bad cluster number (git-fixes).
- support dynamic allocate bh for exfat_entry_set_cache (git-fixes).
- fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453).
- Initialize beyond-EOF page contents before setting uptodate (bsc#1229454).
- Add might_sleep() to disable_irq() (git-fixes).
- Always limit the affinity to online CPUs (git-fixes).
- Do not return error on missing optional irq_request_resources() (git-fixes).
- Take the proposed affinity at face value if force==true (git-fixes).
- genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes).
- genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes).
- Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes).
- Do not try to remove non-existing sysfs files (git-fixes).
- Exclude managed interrupts in irq_matrix_allocated() (git-fixes).
- Shutdown managed interrupts with unsatifiable affinities (git-fixes).
- gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes).
- fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes).
- i2 Improve handling of stuck alerts (git-fixes).
- i2 Send alert notifications to all devices if source not found (git-fixes).
- Convert comma to semicolon (git-fixes).
- ip6_ Fix broken GRO (bsc#1229444).
- ipv6: fix incorrect unregister order (git-fixes).
- Drop bogus fwspec-mapping error handling (git-fixes).
- Fix association race (git-fixes).
- Fix disassociation race (git-fixes).
- Fix domain registration race (git-fixes).
- Fix mapping-creation race (git-fixes).
- Fixed unbalanced fwnode get and put (git-fixes).
- Look for existing mapping only once (git-fixes).
- Refactor __irq_domain_alloc_irqs() (git-fixes).
- Report irq number for NOMAP domains (git-fixes).
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413).
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413).
- kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes).
- Fix to check symbol prefixes correctly (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- protect concurrent access to mem_cgroup_idr (git-fixes).
- mm, fix infinite recursion due to RCU critical section (git-fixes).
- prevent derefencing NULL ptr in pfn_section_valid() (git-fixes).
- dw_ allow biu and ciu clocks to defer (git-fixes).
- mmc_ Fix NULL dereference on allocation failure (git-fixes).
- ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes).
- ks8851: Fix deadlock with the SPI chip variant (git-fixes).
- ks8851: Fix potential TX stall after interface reopen (git-fixes).
- ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes).
- Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530).
- Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154).
- Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes).
- Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086).
- remove two BUG() from skb_checksum_help() (bsc#1229312).
- qmi_ fix memory leak for not ip packets (git-fixes).
- fix possible cp null dereference (git-fixes).
- initialize noop_qdisc owner (git-fixes).
- pn533: Add poll mod list filling check (git-fixes).
- expose /proc/net/sunrpc/nfs in net namespaces (git-fixes).
- make the rpc_stat per net namespace (git-fixes).
- add posix ACLs to struct nfsd_attrs (git-fixes).
- add security label to struct nfsd_attrs (git-fixes).
- fix regression with setting ACLs (git-fixes).
- Fix strncpy() fortify warning (git-fixes).
- Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes).
- introduce struct nfsd_attrs (git-fixes).
- move from strlcpy with unused retval to strscpy (git-fixes).
- Optimize DRC bucket pruning (git-fixes).
- return error if nfs4_setacl fails (git-fixes).
- set attributes when creating symlinks (git-fixes).
- use locks_inode_context helper (git-fixes).
- nilfs2: Remove check for PageError (git-fixes).
- nvme_ scan namespaces asynchronously (bsc#1224105).
- ocfs2: use coarse time for new created files (git-fixes).
- Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes).
- perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes).
- platform/x86 Add support for ACPI based probing (jsc#PED-8779).
- platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779).
- platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779).
- platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779).
- platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779).
- platform/x86 Create static func to handle platdev (jsc#PED-8779).
- platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779).
- platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779).
- platform/x86 Move hsmp_test to probe (jsc#PED-8779).
- platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779).
- platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779).
- platform/x86 Restructure sysfs group creation (jsc#PED-8779).
- platform/x86 switch to use device_add_groups() (jsc#PED-8779).
- axp288_ Fix constant_charge_voltage writes (git-fixes).
- axp288_ Round constant_charge_voltage writes down (git-fixes).
- Fail build if using recordmcount with binutils v2.37 (bsc#1194869).
- Mark .opd section read-only (bsc#1194869).
- use generic version of arch_is_kernel_initmem_freed() (bsc#1194869).
- xor_ Add '-mhard-float' to CFLAGS (bsc#1194869).
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869).
- Avoid clang null pointer arithmetic warnings (bsc#1194869).
- powerpc/kexec_ fix cpus node update to FDT (bsc#1194869).
- make the update_cpus_node() function public (bsc#1194869).
- split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869).
- Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869).
- Whitelist dtl slub object for copying to userspace (bsc#1194869).
- Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869).
- Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes).
- Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869).
- RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes).
- Fix incomplete state save in rxe_requester (git-fixes)
- Fix rxe_modify_srq (git-fixes)
- Handle zero length rdma (git-fixes)
- Move work queue code to subroutines (git-fixes)
- s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187).
- s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079).
- s390 Split and rework cpacf query functions (git-fixes bsc#1229187).
- s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190).
- s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573).
- s390 Prevent release of buffer in I/O (git-fixes bsc#1229572).
- s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188).
- Fix scldiv calculation (git-fixes).
- add a struct rpc_stats arg to rpc_create_args (git-fixes).
- Fix a race to wake a sync task (git-fixes).
- fix swiotlb_bounce() to do partial sync's correctly (git-fixes).
- fix compat_sys_io_pgetevents_time64 usage (git-fixes).
- Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes).
- add check for crypto_shash_tfm_digest (git-fixes).
- dbg_orphan_ Fix missed key type checking (git-fixes).
- Fix adding orphan entry twice for the same inode (git-fixes).
- Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- fix potential memory leak in vfio_intx_enable() (git-fixes).
- fix wgds rev 3 exact size (git-fixes).
- duplicate static structs used in driver instances (git-fixes).
- x86 drop the duplicate APM_MINOR_DEV macro (git-fixes).
- x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes).
- x86 Fix pti_clone_entry_text() for i386 (git-fixes).
- x86 Check if fixed MTRRs exist before saving them (git-fixes).
- x86 Work around false positive kmemleak report in msr_build_context() (git-fixes).
- Fix missing interval for missing_owner in xfs fsmap (git-fixes).
- Fix the owner setting issue for rmap query in xfs fsmap (git-fixes).
- use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes).
- Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes).
- Fix rpcrdma_reqs_reset() (git-fixes).
ImportantSUSE bug 1193629SUSE bug 1194111SUSE bug 1194765SUSE bug 1194869SUSE bug 1196261SUSE bug 1196516SUSE bug 1196894SUSE bug 1198017SUSE bug 1203329SUSE bug 1203330SUSE bug 1203360SUSE bug 1205462SUSE bug 1206006SUSE bug 1206258SUSE bug 1206843SUSE bug 1207158SUSE bug 1208783SUSE bug 1210644SUSE bug 1213580SUSE bug 1213632SUSE bug 1214285SUSE bug 1216834SUSE bug 1220428SUSE bug 1220877SUSE bug 1220962SUSE bug 1221269SUSE bug 1221326SUSE bug 1221630SUSE bug 1221645SUSE bug 1222335SUSE bug 1222350SUSE bug 1222372SUSE bug 1222387SUSE bug 1222634SUSE bug 1222808SUSE bug 1222967SUSE bug 1223074SUSE bug 1223191SUSE bug 1223508SUSE bug 1223720SUSE bug 1223742SUSE bug 1223777SUSE bug 1223803SUSE bug 1223807SUSE bug 1224105SUSE bug 1224415SUSE bug 1224496SUSE bug 1224510SUSE bug 1224542SUSE bug 1224578SUSE bug 1224639SUSE bug 1225162SUSE bug 1225352SUSE bug 1225428SUSE bug 1225524SUSE bug 1225578SUSE bug 1225582SUSE bug 1225773SUSE bug 1225814SUSE bug 1225827SUSE bug 1225832SUSE bug 1225903SUSE bug 1226168SUSE bug 1226530SUSE bug 1226613SUSE bug 1226742SUSE bug 1226765SUSE bug 1226798SUSE bug 1226801SUSE bug 1226874SUSE bug 1226885SUSE bug 1227079SUSE bug 1227623SUSE bug 1227761SUSE bug 1227830SUSE bug 1227863SUSE bug 1227867SUSE bug 1227929SUSE bug 1227937SUSE bug 1227958SUSE bug 1228020SUSE bug 1228065SUSE bug 1228114SUSE bug 1228410SUSE bug 1228426SUSE bug 1228427SUSE bug 1228429SUSE bug 1228446SUSE bug 1228447SUSE bug 1228449SUSE bug 1228450SUSE bug 1228452SUSE bug 1228456SUSE bug 1228463SUSE bug 1228466SUSE bug 1228467SUSE bug 1228469SUSE bug 1228480SUSE bug 1228481SUSE bug 1228482SUSE bug 1228483SUSE bug 1228484SUSE bug 1228485SUSE bug 1228487SUSE bug 1228489SUSE bug 1228491SUSE bug 1228493SUSE bug 1228494SUSE bug 1228495SUSE bug 1228496SUSE bug 1228501SUSE bug 1228503SUSE bug 1228509SUSE bug 1228513SUSE bug 1228515SUSE bug 1228516SUSE bug 1228526SUSE bug 1228531SUSE bug 1228563SUSE bug 1228564SUSE bug 1228567SUSE bug 1228576SUSE bug 1228579SUSE bug 1228584SUSE bug 1228588SUSE bug 1228590SUSE bug 1228615SUSE bug 1228616SUSE bug 1228635SUSE bug 1228636SUSE bug 1228654SUSE bug 1228656SUSE bug 1228658SUSE bug 1228660SUSE bug 1228662SUSE bug 1228667SUSE bug 1228673SUSE bug 1228677SUSE bug 1228687SUSE bug 1228706SUSE bug 1228708SUSE bug 1228710SUSE bug 1228718SUSE bug 1228720SUSE bug 1228721SUSE bug 1228722SUSE bug 1228724SUSE bug 1228726SUSE bug 1228727SUSE bug 1228733SUSE bug 1228748SUSE bug 1228766SUSE bug 1228779SUSE bug 1228801SUSE bug 1228850SUSE bug 1228857SUSE bug 1228959SUSE bug 1228964SUSE bug 1228966SUSE bug 1228967SUSE bug 1228979SUSE bug 1228988SUSE bug 1228989SUSE bug 1228991SUSE bug 1228992SUSE bug 1229042SUSE bug 1229054SUSE bug 1229086SUSE bug 1229136SUSE bug 1229154SUSE bug 1229187SUSE bug 1229188SUSE bug 1229190SUSE bug 1229287SUSE bug 1229290SUSE bug 1229292SUSE bug 1229296SUSE bug 1229297SUSE bug 1229301SUSE bug 1229303SUSE bug 1229304SUSE bug 1229305SUSE bug 1229307SUSE bug 1229309SUSE bug 1229312SUSE bug 1229314SUSE bug 1229315SUSE bug 1229317SUSE bug 1229318SUSE bug 1229319SUSE bug 1229327SUSE bug 1229341SUSE bug 1229345SUSE bug 1229346SUSE bug 1229347SUSE bug 1229349SUSE bug 1229350SUSE bug 1229351SUSE bug 1229354SUSE bug 1229356SUSE bug 1229357SUSE bug 1229358SUSE bug 1229359SUSE bug 1229360SUSE bug 1229366SUSE bug 1229370SUSE bug 1229373SUSE bug 1229374SUSE bug 1229381SUSE bug 1229382SUSE bug 1229383SUSE bug 1229386SUSE bug 1229388SUSE bug 1229391SUSE bug 1229392SUSE bug 1229395SUSE bug 1229398SUSE bug 1229399SUSE bug 1229400SUSE bug 1229407SUSE bug 1229409SUSE bug 1229410SUSE bug 1229411SUSE bug 1229413SUSE bug 1229414SUSE bug 1229417SUSE bug 1229418SUSE bug 1229444SUSE bug 1229453SUSE bug 1229454SUSE bug 1229481SUSE bug 1229482SUSE bug 1229488SUSE bug 1229489SUSE bug 1229490SUSE bug 1229493SUSE bug 1229495SUSE bug 1229497SUSE bug 1229500SUSE bug 1229503SUSE bug 1229506SUSE bug 1229507SUSE bug 1229508SUSE bug 1229509SUSE bug 1229510SUSE bug 1229512SUSE bug 1229516SUSE bug 1229521SUSE bug 1229522SUSE bug 1229523SUSE bug 1229524SUSE bug 1229525SUSE bug 1229526SUSE bug 1229527SUSE bug 1229528SUSE bug 1229529SUSE bug 1229531SUSE bug 1229533SUSE bug 1229535SUSE bug 1229536SUSE bug 1229537SUSE bug 1229540SUSE bug 1229544SUSE bug 1229545SUSE bug 1229546SUSE bug 1229547SUSE bug 1229548SUSE bug 1229554SUSE bug 1229557SUSE bug 1229558SUSE bug 1229559SUSE bug 1229560SUSE bug 1229562SUSE bug 1229564SUSE bug 1229565SUSE bug 1229566SUSE bug 1229568SUSE bug 1229569SUSE bug 1229572SUSE bug 1229573SUSE bug 1229576SUSE bug 1229581SUSE bug 1229588SUSE bug 1229598SUSE bug 1229603SUSE bug 1229604SUSE bug 1229605SUSE bug 1229608SUSE bug 1229611SUSE bug 1229612SUSE bug 1229613SUSE bug 1229614SUSE bug 1229615SUSE bug 1229616SUSE bug 1229617SUSE bug 1229620SUSE bug 1229622SUSE bug 1229623SUSE bug 1229624SUSE bug 1229625SUSE bug 1229626SUSE bug 1229628SUSE bug 1229629SUSE bug 1229630SUSE bug 1229631SUSE bug 1229632SUSE bug 1229635SUSE bug 1229636SUSE bug 1229637SUSE bug 1229638SUSE bug 1229639SUSE bug 1229641SUSE bug 1229642SUSE bug 1229643SUSE bug 1229645SUSE bug 1229657SUSE bug 1229658SUSE bug 1229662SUSE bug 1229664SUSE bug 1229707SUSE bug 1229739SUSE bug 1229743SUSE bug 1229746SUSE bug 1229754SUSE bug 1229755SUSE bug 1229756SUSE bug 1229759SUSE bug 1229761SUSE bug 1229767SUSE bug 1229768SUSE bug 1229781SUSE bug 1229784SUSE bug 1229787SUSE bug 1229788SUSE bug 1229789SUSE bug 1229792SUSE bug 1229820SUSE bug 1230413CVE-2021-4204 at SUSECVE-2021-4204 at NVDCVE-2021-4441 at SUSECVE-2021-4441 at NVDCVE-2021-47106 at SUSECVE-2021-47106 at NVDCVE-2021-47517 at SUSECVE-2021-47517 at NVDCVE-2021-47546 at SUSECVE-2021-47546 at NVDCVE-2022-0500 at SUSECVE-2022-0500 at NVDCVE-2022-23222 at SUSECVE-2022-23222 at NVDCVE-2022-38457 at SUSECVE-2022-38457 at NVDCVE-2022-40133 at SUSECVE-2022-40133 at NVDCVE-2022-4382 at SUSECVE-2022-4382 at NVDCVE-2022-48645 at SUSECVE-2022-48645 at NVDCVE-2022-48706 at SUSECVE-2022-48706 at NVDCVE-2022-48808 at SUSECVE-2022-48808 at NVDCVE-2022-48865 at SUSECVE-2022-48865 at NVDCVE-2022-48868 at SUSECVE-2022-48868 at NVDCVE-2022-48869 at SUSECVE-2022-48869 at NVDCVE-2022-48870 at SUSECVE-2022-48870 at NVDCVE-2022-48871 at SUSECVE-2022-48871 at NVDCVE-2022-48872 at SUSECVE-2022-48872 at NVDCVE-2022-48873 at SUSECVE-2022-48873 at NVDCVE-2022-48875 at SUSECVE-2022-48875 at NVDCVE-2022-48878 at SUSECVE-2022-48878 at NVDCVE-2022-48880 at SUSECVE-2022-48880 at NVDCVE-2022-48881 at SUSECVE-2022-48881 at NVDCVE-2022-48882 at SUSECVE-2022-48882 at NVDCVE-2022-48883 at SUSECVE-2022-48883 at NVDCVE-2022-48884 at SUSECVE-2022-48884 at NVDCVE-2022-48885 at SUSECVE-2022-48885 at NVDCVE-2022-48886 at SUSECVE-2022-48886 at NVDCVE-2022-48887 at SUSECVE-2022-48887 at NVDCVE-2022-48888 at SUSECVE-2022-48888 at NVDCVE-2022-48889 at SUSECVE-2022-48889 at NVDCVE-2022-48890 at SUSECVE-2022-48890 at NVDCVE-2022-48891 at SUSECVE-2022-48891 at NVDCVE-2022-48893 at SUSECVE-2022-48893 at NVDCVE-2022-48896 at SUSECVE-2022-48896 at NVDCVE-2022-48898 at SUSECVE-2022-48898 at NVDCVE-2022-48899 at SUSECVE-2022-48899 at NVDCVE-2022-48903 at SUSECVE-2022-48903 at NVDCVE-2022-48904 at SUSECVE-2022-48904 at NVDCVE-2022-48905 at SUSECVE-2022-48905 at NVDCVE-2022-48906 at SUSECVE-2022-48906 at NVDCVE-2022-48907 at SUSECVE-2022-48907 at NVDCVE-2022-48909 at SUSECVE-2022-48909 at NVDCVE-2022-48910 at SUSECVE-2022-48910 at NVDCVE-2022-48912 at SUSECVE-2022-48912 at NVDCVE-2022-48913 at SUSECVE-2022-48913 at NVDCVE-2022-48914 at SUSECVE-2022-48914 at NVDCVE-2022-48915 at SUSECVE-2022-48915 at NVDCVE-2022-48916 at SUSECVE-2022-48916 at NVDCVE-2022-48917 at SUSECVE-2022-48917 at NVDCVE-2022-48918 at SUSECVE-2022-48918 at NVDCVE-2022-48919 at SUSECVE-2022-48919 at NVDCVE-2022-48920 at SUSECVE-2022-48920 at NVDCVE-2022-48921 at SUSECVE-2022-48921 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48924 at SUSECVE-2022-48924 at NVDCVE-2022-48925 at SUSECVE-2022-48925 at NVDCVE-2022-48926 at SUSECVE-2022-48926 at NVDCVE-2022-48927 at SUSECVE-2022-48927 at NVDCVE-2022-48928 at SUSECVE-2022-48928 at NVDCVE-2022-48929 at SUSECVE-2022-48929 at NVDCVE-2022-48930 at SUSECVE-2022-48930 at NVDCVE-2022-48931 at SUSECVE-2022-48931 at NVDCVE-2022-48932 at SUSECVE-2022-48932 at NVDCVE-2022-48934 at SUSECVE-2022-48934 at NVDCVE-2022-48937 at SUSECVE-2022-48937 at NVDCVE-2022-48938 at SUSECVE-2022-48938 at NVDCVE-2022-48939 at SUSECVE-2022-48939 at NVDCVE-2022-48940 at SUSECVE-2022-48940 at NVDCVE-2022-48941 at SUSECVE-2022-48941 at NVDCVE-2022-48942 at SUSECVE-2022-48942 at NVDCVE-2022-48943 at SUSECVE-2022-48943 at NVDCVE-2023-3610 at SUSECVE-2023-3610 at NVDCVE-2023-52458 at SUSECVE-2023-52458 at NVDCVE-2023-52489 at SUSECVE-2023-52489 at NVDCVE-2023-52498 at SUSECVE-2023-52498 at NVDCVE-2023-52581 at SUSECVE-2023-52581 at NVDCVE-2023-52859 at SUSECVE-2023-52859 at NVDCVE-2023-52887 at SUSECVE-2023-52887 at NVDCVE-2023-52889 at SUSECVE-2023-52889 at NVDCVE-2023-52893 at SUSECVE-2023-52893 at NVDCVE-2023-52894 at SUSECVE-2023-52894 at NVDCVE-2023-52896 at SUSECVE-2023-52896 at NVDCVE-2023-52898 at SUSECVE-2023-52898 at NVDCVE-2023-52899 at SUSECVE-2023-52899 at NVDCVE-2023-52900 at SUSECVE-2023-52900 at NVDCVE-2023-52901 at SUSECVE-2023-52901 at NVDCVE-2023-52904 at SUSECVE-2023-52904 at NVDCVE-2023-52905 at SUSECVE-2023-52905 at NVDCVE-2023-52906 at SUSECVE-2023-52906 at NVDCVE-2023-52907 at SUSECVE-2023-52907 at NVDCVE-2023-52908 at SUSECVE-2023-52908 at NVDCVE-2023-52909 at SUSECVE-2023-52909 at NVDCVE-2023-52910 at SUSECVE-2023-52910 at NVDCVE-2023-52911 at SUSECVE-2023-52911 at NVDCVE-2023-52912 at SUSECVE-2023-52912 at NVDCVE-2023-52913 at SUSECVE-2023-52913 at NVDCVE-2024-26631 at SUSECVE-2024-26631 at NVDCVE-2024-26668 at SUSECVE-2024-26668 at NVDCVE-2024-26669 at SUSECVE-2024-26669 at NVDCVE-2024-26677 at SUSECVE-2024-26677 at NVDCVE-2024-26735 at SUSECVE-2024-26735 at NVDCVE-2024-26808 at SUSECVE-2024-26808 at NVDCVE-2024-26812 at SUSECVE-2024-26812 at NVDCVE-2024-26835 at SUSECVE-2024-26835 at NVDCVE-2024-26851 at SUSECVE-2024-26851 at NVDCVE-2024-27010 at SUSECVE-2024-27010 at NVDCVE-2024-27011 at SUSECVE-2024-27011 at NVDCVE-2024-27016 at SUSECVE-2024-27016 at NVDCVE-2024-27024 at SUSECVE-2024-27024 at NVDCVE-2024-27079 at SUSECVE-2024-27079 at NVDCVE-2024-27403 at SUSECVE-2024-27403 at NVDCVE-2024-31076 at SUSECVE-2024-31076 at NVDCVE-2024-35897 at SUSECVE-2024-35897 at NVDCVE-2024-35902 at SUSECVE-2024-35902 at NVDCVE-2024-35945 at SUSECVE-2024-35945 at NVDCVE-2024-35971 at SUSECVE-2024-35971 at NVDCVE-2024-36009 at SUSECVE-2024-36009 at NVDCVE-2024-36013 at SUSECVE-2024-36013 at NVDCVE-2024-36270 at SUSECVE-2024-36270 at NVDCVE-2024-36286 at SUSECVE-2024-36286 at NVDCVE-2024-36489 at SUSECVE-2024-36489 at NVDCVE-2024-36929 at SUSECVE-2024-36929 at NVDCVE-2024-36933 at SUSECVE-2024-36933 at NVDCVE-2024-36936 at SUSECVE-2024-36936 at NVDCVE-2024-36962 at SUSECVE-2024-36962 at NVDCVE-2024-38554 at SUSECVE-2024-38554 at NVDCVE-2024-38602 at SUSECVE-2024-38602 at NVDCVE-2024-38662 at SUSECVE-2024-38662 at NVDCVE-2024-39489 at SUSECVE-2024-39489 at NVDCVE-2024-40905 at SUSECVE-2024-40905 at NVDCVE-2024-40978 at SUSECVE-2024-40978 at NVDCVE-2024-40980 at SUSECVE-2024-40980 at NVDCVE-2024-40995 at SUSECVE-2024-40995 at NVDCVE-2024-41000 at SUSECVE-2024-41000 at NVDCVE-2024-41007 at SUSECVE-2024-41007 at NVDCVE-2024-41009 at SUSECVE-2024-41009 at NVDCVE-2024-41011 at SUSECVE-2024-41011 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41020 at SUSECVE-2024-41020 at NVDCVE-2024-41022 at SUSECVE-2024-41022 at NVDCVE-2024-41035 at SUSECVE-2024-41035 at NVDCVE-2024-41036 at SUSECVE-2024-41036 at NVDCVE-2024-41038 at SUSECVE-2024-41038 at NVDCVE-2024-41039 at SUSECVE-2024-41039 at NVDCVE-2024-41042 at SUSECVE-2024-41042 at NVDCVE-2024-41045 at SUSECVE-2024-41045 at NVDCVE-2024-41056 at SUSECVE-2024-41056 at NVDCVE-2024-41060 at SUSECVE-2024-41060 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41065 at SUSECVE-2024-41065 at NVDCVE-2024-41068 at SUSECVE-2024-41068 at NVDCVE-2024-41073 at SUSECVE-2024-41073 at NVDCVE-2024-41079 at SUSECVE-2024-41079 at NVDCVE-2024-41080 at SUSECVE-2024-41080 at NVDCVE-2024-41087 at SUSECVE-2024-41087 at NVDCVE-2024-41088 at SUSECVE-2024-41088 at NVDCVE-2024-41089 at SUSECVE-2024-41089 at NVDCVE-2024-41092 at SUSECVE-2024-41092 at NVDCVE-2024-41093 at SUSECVE-2024-41093 at NVDCVE-2024-41095 at SUSECVE-2024-41095 at NVDCVE-2024-41097 at SUSECVE-2024-41097 at NVDCVE-2024-41098 at SUSECVE-2024-41098 at NVDCVE-2024-42069 at SUSECVE-2024-42069 at NVDCVE-2024-42074 at SUSECVE-2024-42074 at NVDCVE-2024-42076 at SUSECVE-2024-42076 at NVDCVE-2024-42077 at SUSECVE-2024-42077 at NVDCVE-2024-42080 at SUSECVE-2024-42080 at NVDCVE-2024-42082 at SUSECVE-2024-42082 at NVDCVE-2024-42085 at SUSECVE-2024-42085 at NVDCVE-2024-42086 at SUSECVE-2024-42086 at NVDCVE-2024-42087 at SUSECVE-2024-42087 at NVDCVE-2024-42089 at SUSECVE-2024-42089 at NVDCVE-2024-42090 at SUSECVE-2024-42090 at NVDCVE-2024-42092 at SUSECVE-2024-42092 at NVDCVE-2024-42095 at SUSECVE-2024-42095 at NVDCVE-2024-42097 at SUSECVE-2024-42097 at NVDCVE-2024-42098 at SUSECVE-2024-42098 at NVDCVE-2024-42101 at SUSECVE-2024-42101 at NVDCVE-2024-42104 at SUSECVE-2024-42104 at NVDCVE-2024-42106 at SUSECVE-2024-42106 at NVDCVE-2024-42107 at SUSECVE-2024-42107 at NVDCVE-2024-42110 at SUSECVE-2024-42110 at NVDCVE-2024-42114 at SUSECVE-2024-42114 at NVDCVE-2024-42115 at SUSECVE-2024-42115 at NVDCVE-2024-42119 at SUSECVE-2024-42119 at NVDCVE-2024-42120 at SUSECVE-2024-42120 at NVDCVE-2024-42121 at SUSECVE-2024-42121 at NVDCVE-2024-42126 at SUSECVE-2024-42126 at NVDCVE-2024-42127 at SUSECVE-2024-42127 at NVDCVE-2024-42130 at SUSECVE-2024-42130 at NVDCVE-2024-42137 at SUSECVE-2024-42137 at NVDCVE-2024-42139 at SUSECVE-2024-42139 at NVDCVE-2024-42142 at SUSECVE-2024-42142 at NVDCVE-2024-42143 at SUSECVE-2024-42143 at NVDCVE-2024-42148 at SUSECVE-2024-42148 at NVDCVE-2024-42152 at SUSECVE-2024-42152 at NVDCVE-2024-42155 at SUSECVE-2024-42155 at NVDCVE-2024-42156 at SUSECVE-2024-42156 at NVDCVE-2024-42157 at SUSECVE-2024-42157 at NVDCVE-2024-42158 at SUSECVE-2024-42158 at NVDCVE-2024-42162 at SUSECVE-2024-42162 at NVDCVE-2024-42223 at SUSECVE-2024-42223 at NVDCVE-2024-42225 at SUSECVE-2024-42225 at NVDCVE-2024-42228 at SUSECVE-2024-42228 at NVDCVE-2024-42229 at SUSECVE-2024-42229 at NVDCVE-2024-42230 at SUSECVE-2024-42230 at NVDCVE-2024-42232 at SUSECVE-2024-42232 at NVDCVE-2024-42236 at SUSECVE-2024-42236 at NVDCVE-2024-42237 at SUSECVE-2024-42237 at NVDCVE-2024-42238 at SUSECVE-2024-42238 at NVDCVE-2024-42239 at SUSECVE-2024-42239 at NVDCVE-2024-42240 at SUSECVE-2024-42240 at NVDCVE-2024-42244 at SUSECVE-2024-42244 at NVDCVE-2024-42246 at SUSECVE-2024-42246 at NVDCVE-2024-42247 at SUSECVE-2024-42247 at NVDCVE-2024-42268 at SUSECVE-2024-42268 at NVDCVE-2024-42271 at SUSECVE-2024-42271 at NVDCVE-2024-42274 at SUSECVE-2024-42274 at NVDCVE-2024-42276 at SUSECVE-2024-42276 at NVDCVE-2024-42277 at SUSECVE-2024-42277 at NVDCVE-2024-42280 at SUSECVE-2024-42280 at NVDCVE-2024-42281 at SUSECVE-2024-42281 at NVDCVE-2024-42283 at SUSECVE-2024-42283 at NVDCVE-2024-42284 at SUSECVE-2024-42284 at NVDCVE-2024-42285 at SUSECVE-2024-42285 at NVDCVE-2024-42286 at SUSECVE-2024-42286 at NVDCVE-2024-42287 at SUSECVE-2024-42287 at NVDCVE-2024-42288 at SUSECVE-2024-42288 at NVDCVE-2024-42289 at SUSECVE-2024-42289 at NVDCVE-2024-42291 at SUSECVE-2024-42291 at NVDCVE-2024-42292 at SUSECVE-2024-42292 at NVDCVE-2024-42295 at SUSECVE-2024-42295 at NVDCVE-2024-42301 at SUSECVE-2024-42301 at NVDCVE-2024-42302 at SUSECVE-2024-42302 at NVDCVE-2024-42308 at SUSECVE-2024-42308 at NVDCVE-2024-42309 at SUSECVE-2024-42309 at NVDCVE-2024-42310 at SUSECVE-2024-42310 at NVDCVE-2024-42311 at SUSECVE-2024-42311 at NVDCVE-2024-42312 at SUSECVE-2024-42312 at NVDCVE-2024-42313 at SUSECVE-2024-42313 at NVDCVE-2024-42315 at SUSECVE-2024-42315 at NVDCVE-2024-42318 at SUSECVE-2024-42318 at NVDCVE-2024-42319 at SUSECVE-2024-42319 at NVDCVE-2024-42320 at SUSECVE-2024-42320 at NVDCVE-2024-42322 at SUSECVE-2024-42322 at NVDCVE-2024-43816 at SUSECVE-2024-43816 at NVDCVE-2024-43818 at SUSECVE-2024-43818 at NVDCVE-2024-43819 at SUSECVE-2024-43819 at NVDCVE-2024-43821 at SUSECVE-2024-43821 at NVDCVE-2024-43823 at SUSECVE-2024-43823 at NVDCVE-2024-43829 at SUSECVE-2024-43829 at NVDCVE-2024-43830 at SUSECVE-2024-43830 at NVDCVE-2024-43831 at SUSECVE-2024-43831 at NVDCVE-2024-43834 at SUSECVE-2024-43834 at NVDCVE-2024-43837 at SUSECVE-2024-43837 at NVDCVE-2024-43839 at SUSECVE-2024-43839 at NVDCVE-2024-43841 at SUSECVE-2024-43841 at NVDCVE-2024-43842 at SUSECVE-2024-43842 at NVDCVE-2024-43846 at SUSECVE-2024-43846 at NVDCVE-2024-43849 at SUSECVE-2024-43849 at NVDCVE-2024-43853 at SUSECVE-2024-43853 at NVDCVE-2024-43854 at SUSECVE-2024-43854 at NVDCVE-2024-43856 at SUSECVE-2024-43856 at NVDCVE-2024-43858 at SUSECVE-2024-43858 at NVDCVE-2024-43860 at SUSECVE-2024-43860 at NVDCVE-2024-43861 at SUSECVE-2024-43861 at NVDCVE-2024-43863 at SUSECVE-2024-43863 at NVDCVE-2024-43866 at SUSECVE-2024-43866 at NVDCVE-2024-43867 at SUSECVE-2024-43867 at NVDCVE-2024-43871 at SUSECVE-2024-43871 at NVDCVE-2024-43872 at SUSECVE-2024-43872 at NVDCVE-2024-43873 at SUSECVE-2024-43873 at NVDCVE-2024-43879 at SUSECVE-2024-43879 at NVDCVE-2024-43880 at SUSECVE-2024-43880 at NVDCVE-2024-43882 at SUSECVE-2024-43882 at NVDCVE-2024-43883 at SUSECVE-2024-43883 at NVDCVE-2024-43884 at SUSECVE-2024-43884 at NVDCVE-2024-43889 at SUSECVE-2024-43889 at NVDCVE-2024-43892 at SUSECVE-2024-43892 at NVDCVE-2024-43893 at SUSECVE-2024-43893 at NVDCVE-2024-43894 at SUSECVE-2024-43894 at NVDCVE-2024-43895 at SUSECVE-2024-43895 at NVDCVE-2024-43899 at SUSECVE-2024-43899 at NVDCVE-2024-43900 at SUSECVE-2024-43900 at NVDCVE-2024-43902 at SUSECVE-2024-43902 at NVDCVE-2024-43903 at SUSECVE-2024-43903 at NVDCVE-2024-43904 at SUSECVE-2024-43904 at NVDCVE-2024-43905 at SUSECVE-2024-43905 at NVDCVE-2024-43907 at SUSECVE-2024-43907 at NVDCVE-2024-43908 at SUSECVE-2024-43908 at NVDCVE-2024-43909 at SUSECVE-2024-43909 at NVDCVE-2024-44938 at SUSECVE-2024-44938 at NVDCVE-2024-44939 at SUSECVE-2024-44939 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDcpe:/o:opensuse:leap:15.5Security update for python-paramiko (Important)openSUSE Leap 15.5
This update for python-paramiko fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#bsc#1218168).
- Update to 3.4.0.
ImportantSUSE bug 1218168CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Important)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698)
ImportantSUSE bug 1230698CVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 128.2.3
MFSA 2024-43 (bsc#1229821)
* CVE-2024-8394: Crash when aborting verification of OTR chat.
* CVE-2024-8385: WASM type confusion involving ArrayTypes.
* CVE-2024-8381: Type confusion when looking up a property name in a 'with' block.
* CVE-2024-8382: Internal event interfaces were exposed to web content when browser EventHandler listener callbacks
ran.
* CVE-2024-8384: Garbage collection could mis-color cross-compartment objects in OOM conditions.
* CVE-2024-8386: SelectElements could be shown over another site if popups are allowed.
* CVE-2024-8387: Memory safety bugs fixed in Firefox 130, Firefox ESR 128.2, and Thunderbird 128.2.
MFSA 2024-37 (bsc#1228648)
* CVE-2024-7518: Fullscreen notification dialog can be obscured by document content.
* CVE-2024-7519: Out of bounds memory access in graphics shared memory handling.
* CVE-2024-7520: Type confusion in WebAssembly.
* CVE-2024-7521: Incomplete WebAssembly exception handing.
* CVE-2024-7522: Out of bounds read in editor component.
* CVE-2024-7525: Missing permission check when creating a StreamFilter.
* CVE-2024-7526: Uninitialized memory used by WebGL.
* CVE-2024-7527: Use-after-free in JavaScript garbage collection.
* CVE-2024-7528: Use-after-free in IndexedDB.
* CVE-2024-7529: Document content could partially obscure security prompts.
MFSA 2024-32 (bsc#1226316)
* CVE-2024-6606: Out-of-bounds read in clipboard component.
* CVE-2024-6607: Leaving pointerlock by pressing the escape key could be prevented.
* CVE-2024-6608: Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609: Memory corruption in NSS.
* CVE-2024-6610: Form validation popups could block exiting full-screen mode.
* CVE-2024-6600: Memory corruption in WebGL API.
* CVE-2024-6601: Race condition in permission assignment.
* CVE-2024-6602: Memory corruption in NSS.
* CVE-2024-6603: Memory corruption in thread creation.
* CVE-2024-6611: Incorrect handling of SameSite cookies.
* CVE-2024-6612: CSP violation leakage when using devtools.
* CVE-2024-6613: Incorrect listing of stack frames.
* CVE-2024-6614: Incorrect listing of stack frames.
* CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, Thunderbird 128, and Thunderbird
115.13.
* CVE-2024-6615: Memory safety bugs fixed in Firefox 128 and Thunderbird 128.
Bug fixes:
- Recommend libfido2-udev in order to try to get security keys (e.g. Yubikeys) working out of the box. (bsc#1184272)
ImportantSUSE bug 1184272SUSE bug 1226316SUSE bug 1228648SUSE bug 1229821CVE-2024-6600 at SUSECVE-2024-6600 at NVDCVE-2024-6601 at SUSECVE-2024-6601 at NVDCVE-2024-6602 at SUSECVE-2024-6602 at NVDCVE-2024-6603 at SUSECVE-2024-6603 at NVDCVE-2024-6604 at SUSECVE-2024-6604 at NVDCVE-2024-6606 at SUSECVE-2024-6606 at NVDCVE-2024-6607 at SUSECVE-2024-6607 at NVDCVE-2024-6608 at SUSECVE-2024-6608 at NVDCVE-2024-6609 at SUSECVE-2024-6609 at NVDCVE-2024-6610 at SUSECVE-2024-6610 at NVDCVE-2024-6611 at SUSECVE-2024-6611 at NVDCVE-2024-6612 at SUSECVE-2024-6612 at NVDCVE-2024-6613 at SUSECVE-2024-6613 at NVDCVE-2024-6614 at SUSECVE-2024-6614 at NVDCVE-2024-6615 at SUSECVE-2024-6615 at NVDCVE-2024-7518 at SUSECVE-2024-7518 at NVDCVE-2024-7519 at SUSECVE-2024-7519 at NVDCVE-2024-7520 at SUSECVE-2024-7520 at NVDCVE-2024-7521 at SUSECVE-2024-7521 at NVDCVE-2024-7522 at SUSECVE-2024-7522 at NVDCVE-2024-7525 at SUSECVE-2024-7525 at NVDCVE-2024-7526 at SUSECVE-2024-7526 at NVDCVE-2024-7527 at SUSECVE-2024-7527 at NVDCVE-2024-7528 at SUSECVE-2024-7528 at NVDCVE-2024-7529 at SUSECVE-2024-7529 at NVDCVE-2024-8381 at SUSECVE-2024-8381 at NVDCVE-2024-8382 at SUSECVE-2024-8382 at NVDCVE-2024-8384 at SUSECVE-2024-8384 at NVDCVE-2024-8385 at SUSECVE-2024-8385 at NVDCVE-2024-8386 at SUSECVE-2024-8386 at NVDCVE-2024-8387 at SUSECVE-2024-8387 at NVDCVE-2024-8394 at SUSECVE-2024-8394 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 128.3.0 ESR (MFSA-2024-47, bsc#1230979):
- CVE-2024-8900: Clipboard write permission bypass
- CVE-2024-9392: Compromised content process can bypass site isolation
- CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
- CVE-2024-9394: Cross-origin access to JSON contents through multipart responses
- CVE-2024-9396: Potential memory corruption may occur when cloning certain objects
- CVE-2024-9397: Potential directory upload bypass via clickjacking
- CVE-2024-9398: External protocol handlers could be enumerated via popups
- CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service
- CVE-2024-9400: Potential memory corruption during JIT compilation
- CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
- CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
ImportantSUSE bug 1230979CVE-2024-8900 at SUSECVE-2024-8900 at NVDCVE-2024-9392 at SUSECVE-2024-9392 at NVDCVE-2024-9393 at SUSECVE-2024-9393 at NVDCVE-2024-9394 at SUSECVE-2024-9394 at NVDCVE-2024-9396 at SUSECVE-2024-9396 at NVDCVE-2024-9397 at SUSECVE-2024-9397 at NVDCVE-2024-9398 at SUSECVE-2024-9398 at NVDCVE-2024-9399 at SUSECVE-2024-9399 at NVDCVE-2024-9400 at SUSECVE-2024-9400 at NVDCVE-2024-9401 at SUSECVE-2024-9401 at NVDCVE-2024-9402 at SUSECVE-2024-9402 at NVDcpe:/o:opensuse:leap:15.5Security update for cups-filters (Critical)openSUSE Leap 15.5
This update for cups-filters fixes the following issues:
- cups-browsed would bind on UDP INADDR_ANY:631 and trust any packet
from any source to trigger a Get-Printer-Attributes IPP request
to an attacker controlled URL. This patch removes support for the
legacy CUPS and LDAP protocols(bsc#1230939, CVE-2024-47176)
CriticalSUSE bug 1230939CVE-2024-47176 at SUSECVE-2024-47176 at NVDcpe:/o:opensuse:leap:15.5Security update for json-lib (Moderate)openSUSE Leap 15.5
This update for json-lib fixes the following issues:
- CVE-2024-47855: Fixed mishandled unbalanced comment string (bsc#1231295)
ModerateSUSE bug 1231295CVE-2024-47855 at SUSECVE-2024-47855 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah (Moderate)openSUSE Leap 15.5
This update for buildah fixes the following issues:
- CVE-2024-9407: Fixed Improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208).
- CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library in cri-o (nsc#1231230).
ModerateSUSE bug 1231208SUSE bug 1231230CVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDcpe:/o:opensuse:leap:15.5Security update for podman (Moderate)openSUSE Leap 15.5
This update for podman fixes the following issues:
- CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230)
ModerateSUSE bug 1231230CVE-2024-6104 at SUSECVE-2024-6104 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDcpe:/o:opensuse:leap:15.5Security update for Mesa (Moderate)openSUSE Leap 15.5
This update for Mesa fixes the following issues:
- CVE-2023-45913: Fixed NULL pointer dereference via dri2GetGlxDrawableFromXDrawableId() (bsc#1222040)
- CVE-2023-45919: Fixed buffer over-read in glXQueryServerString() (bsc#1222041)
- CVE-2023-45922: Fixed segmentation violation in __glXGetDrawableAttribute() (bsc#1222042)
ModerateSUSE bug 1222040SUSE bug 1222041SUSE bug 1222042CVE-2023-45913 at SUSECVE-2023-45913 at NVDCVE-2023-45919 at SUSECVE-2023-45919 at NVDCVE-2023-45922 at SUSECVE-2023-45922 at NVDcpe:/o:opensuse:leap:15.5Security update for redis7 (Important)openSUSE Leap 15.5
This update for redis7 fixes the following issues:
- CVE-2024-31227: Fixed parsing issue leading to denail of service (bsc#1231266)
- CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265)
- CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264)
ImportantSUSE bug 1231264SUSE bug 1231265SUSE bug 1231266CVE-2024-31227 at SUSECVE-2024-31227 at NVDCVE-2024-31228 at SUSECVE-2024-31228 at NVDCVE-2024-31449 at SUSECVE-2024-31449 at NVDcpe:/o:opensuse:leap:15.5Security update for podofo (Moderate)openSUSE Leap 15.5
This update for podofo fixes the following issues:
- CVE-2015-8981: Fixed heap overflow in the function ReadXRefSubsection (bsc#1023190)
- CVE-2017-6840: Fixed invalid memory read in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027787)
- CVE-2017-6841: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement (graphicsstack.h) (bsc#1027786)
- CVE-2017-6842: Fixed NULL pointer dereference in ColorChanger::GetColorFromStack (colorchanger.cpp) (bsc#1027785)
- CVE-2017-6845: Fixed NULL pointer dereference in GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace (graphicsstack.h) (bsc#1027779)
- CVE-2017-6849: Fixed NULL pointer dereference in PoDoFo::PdfColorGray::~PdfColorGray (PdfColor.cpp) (bsc#1027776)
- CVE-2017-8378: Fixed denial of service (application crash) vectors related to m_offsets.size (PdfParser::ReadObjects func in base/PdfParser.cpp) (bsc#1037000)
- Fixed NULL pointer dereference in PdfInfo::GuessFormat (pdfinfo.cpp) (bsc#1023072)
ModerateSUSE bug 1023072SUSE bug 1023190SUSE bug 1027776SUSE bug 1027779SUSE bug 1027785SUSE bug 1027786SUSE bug 1027787SUSE bug 1037000SUSE bug 1075322SUSE bug 1084894CVE-2015-8981 at SUSECVE-2015-8981 at NVDCVE-2017-6840 at SUSECVE-2017-6840 at NVDCVE-2017-6841 at SUSECVE-2017-6841 at NVDCVE-2017-6842 at SUSECVE-2017-6842 at NVDCVE-2017-6845 at SUSECVE-2017-6845 at NVDCVE-2017-6849 at SUSECVE-2017-6849 at NVDCVE-2017-8378 at SUSECVE-2017-8378 at NVDCVE-2018-5309 at SUSECVE-2018-5309 at NVDCVE-2018-8001 at SUSECVE-2018-8001 at NVDcpe:/o:opensuse:leap:15.5Security update for pgadmin4 (Moderate)openSUSE Leap 15.5
This update for pgadmin4 fixes the following issues:
- CVE-2024-4216: Fixed XSS in /settings/store endpoint (bsc#1223868)
ModerateSUSE bug 1223868CVE-2024-4216 at SUSECVE-2024-4216 at NVDcpe:/o:opensuse:leap:15.5Security update for mozjs78 (Moderate)openSUSE Leap 15.5
This update for mozjs78 fixes the following issues:
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)
- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)
ModerateSUSE bug 1230036SUSE bug 1230037SUSE bug 1230038CVE-2024-45490 at SUSECVE-2024-45490 at NVDCVE-2024-45491 at SUSECVE-2024-45491 at NVDCVE-2024-45492 at SUSECVE-2024-45492 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
- CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
- CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
- CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
- CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
- CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
- CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
- CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
- CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
- CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
- CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
- CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
- CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
- CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
- CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786).
- CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116).
The following non-security bugs were fixed:
- ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: topology: Properly initialize soc_enum values (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: add number of queue calc helper (bsc#1229034).
- blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes).
- Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
- cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181).
- cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- devres: Initialize an uninitialized struct member (stable-fixes).
- driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
- driver core: Add missing parameter description to __fwnode_link_add() (git-fixes).
- driver core: Create __fwnode_link_del() helper function (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
- driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
- driver core: Set deferred probe reason when deferred by driver core (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes).
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation (stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes).
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes).
- drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu: fix overflowed array index read warning (stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes).
- drm/amd/pm: check negtive return for table entries (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes).
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/msm/a5xx: disable preemption in submits by default (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
- drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224085).
- firmware_loader: Block path traversal (git-fixes).
- fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592).
- fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
- genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- HID: amd_sfh: free driver_data after destroying hid device (stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
- Input: ilitek_ts_i2c - add report id message validation (git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
- ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
- media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes).
- media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
- media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
- mtd: slram: insert break after errors in parsing the map (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
- net: missing check virtio (git-fixes).
- net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes).
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes).
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes).
- nilfs2: Constify struct kobj_type (git-fixes).
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes).
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes).
- nilfs2: fix state management in error path of log writing function (git-fixes).
- nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
- nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
- nilfs2: use default_groups in kobj_type (git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes).
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- PCI: Wait for Link before restoring Downstream Buses (git-fixes).
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- pcmcia: Use resource_size function on resource object (stable-fixes).
- pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
- power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
- Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848).
- scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
- Squashfs: sanity check symbolic link size (git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
- tools/virtio: fix build (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
- udp: fix receiving fraglist GSO packets (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usbip: Do not submit special requests twice (stable-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
- usbnet: modern method to get random MAC (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
- usb: uas: set host status byte on data completion error (git-fixes).
- usb: uas: set host status byte on data completion error (stable-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- virtiofs: forbid newlines in tags (bsc#1230591).
- virtio_net: checksum offloading handling fix (git-fixes).
- virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio/vsock: fix logic which reduces credit update messages (git-fixes).
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes).
- vsock/virtio: add support for device suspend/resume (git-fixes).
- vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
- vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes).
- vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
- watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes).
- x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- x86/xen: Convert comma to semicolon (git-fixes).
- xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
- xen: allow mapping ACPI data using a different physical address (bsc#1226003).
- xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
- xen: move checks for e820 conflicts further up (bsc#1226003).
- xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003).
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- xen/swiotlb: fix allocated size (git-fixes).
- xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
- xen: use correct end address of kernel for conflict checking (bsc#1226003).
- xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
ImportantSUSE bug 1199769SUSE bug 1216223SUSE bug 1220382SUSE bug 1221610SUSE bug 1221650SUSE bug 1222629SUSE bug 1222973SUSE bug 1223600SUSE bug 1223848SUSE bug 1224085SUSE bug 1225903SUSE bug 1226003SUSE bug 1226606SUSE bug 1226662SUSE bug 1226666SUSE bug 1226846SUSE bug 1226860SUSE bug 1226875SUSE bug 1226915SUSE bug 1227487SUSE bug 1227726SUSE bug 1227819SUSE bug 1227832SUSE bug 1227890SUSE bug 1228507SUSE bug 1228576SUSE bug 1228620SUSE bug 1228771SUSE bug 1229031SUSE bug 1229034SUSE bug 1229086SUSE bug 1229156SUSE bug 1229289SUSE bug 1229334SUSE bug 1229362SUSE bug 1229363SUSE bug 1229364SUSE bug 1229394SUSE bug 1229429SUSE bug 1229453SUSE bug 1229572SUSE bug 1229573SUSE bug 1229585SUSE bug 1229607SUSE bug 1229619SUSE bug 1229633SUSE bug 1229662SUSE bug 1229753SUSE bug 1229764SUSE bug 1229790SUSE bug 1229810SUSE bug 1229830SUSE bug 1229899SUSE bug 1229928SUSE bug 1229947SUSE bug 1230015SUSE bug 1230129SUSE bug 1230130SUSE bug 1230170SUSE bug 1230171SUSE bug 1230174SUSE bug 1230175SUSE bug 1230176SUSE bug 1230178SUSE bug 1230180SUSE bug 1230185SUSE bug 1230192SUSE bug 1230193SUSE bug 1230194SUSE bug 1230200SUSE bug 1230204SUSE bug 1230209SUSE bug 1230211SUSE bug 1230212SUSE bug 1230217SUSE bug 1230224SUSE bug 1230230SUSE bug 1230233SUSE bug 1230244SUSE bug 1230245SUSE bug 1230247SUSE bug 1230248SUSE bug 1230269SUSE bug 1230339SUSE bug 1230340SUSE bug 1230392SUSE bug 1230398SUSE bug 1230431SUSE bug 1230433SUSE bug 1230434SUSE bug 1230440SUSE bug 1230442SUSE bug 1230444SUSE bug 1230450SUSE bug 1230451SUSE bug 1230454SUSE bug 1230506SUSE bug 1230507SUSE bug 1230511SUSE bug 1230515SUSE bug 1230517SUSE bug 1230524SUSE bug 1230533SUSE bug 1230535SUSE bug 1230549SUSE bug 1230556SUSE bug 1230582SUSE bug 1230589SUSE bug 1230591SUSE bug 1230592SUSE bug 1230699SUSE bug 1230700SUSE bug 1230701SUSE bug 1230702SUSE bug 1230703SUSE bug 1230705SUSE bug 1230706SUSE bug 1230707SUSE bug 1230709SUSE bug 1230710SUSE bug 1230711SUSE bug 1230712SUSE bug 1230719SUSE bug 1230724SUSE bug 1230725SUSE bug 1230730SUSE bug 1230731SUSE bug 1230732SUSE bug 1230733SUSE bug 1230747SUSE bug 1230748SUSE bug 1230751SUSE bug 1230752SUSE bug 1230756SUSE bug 1230761SUSE bug 1230766SUSE bug 1230767SUSE bug 1230768SUSE bug 1230771SUSE bug 1230772SUSE bug 1230776SUSE bug 1230783SUSE bug 1230786SUSE bug 1230791SUSE bug 1230794SUSE bug 1230796SUSE bug 1230802SUSE bug 1230806SUSE bug 1230808SUSE bug 1230810SUSE bug 1230812SUSE bug 1230813SUSE bug 1230814SUSE bug 1230815SUSE bug 1230821SUSE bug 1230825SUSE bug 1230830SUSE bug 1231013SUSE bug 1231017SUSE bug 1231116SUSE bug 1231120SUSE bug 1231146SUSE bug 1231180SUSE bug 1231181CVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2023-52610 at SUSECVE-2023-52610 at NVDCVE-2023-52916 at SUSECVE-2023-52916 at NVDCVE-2024-26640 at SUSECVE-2024-26640 at NVDCVE-2024-26759 at SUSECVE-2024-26759 at NVDCVE-2024-26767 at SUSECVE-2024-26767 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-26837 at SUSECVE-2024-26837 at NVDCVE-2024-37353 at SUSECVE-2024-37353 at NVDCVE-2024-38538 at SUSECVE-2024-38538 at NVDCVE-2024-38596 at SUSECVE-2024-38596 at NVDCVE-2024-38632 at SUSECVE-2024-38632 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-40973 at SUSECVE-2024-40973 at NVDCVE-2024-40983 at SUSECVE-2024-40983 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41082 at SUSECVE-2024-41082 at NVDCVE-2024-42154 at SUSECVE-2024-42154 at NVDCVE-2024-42259 at SUSECVE-2024-42259 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-42304 at SUSECVE-2024-42304 at NVDCVE-2024-42305 at SUSECVE-2024-42305 at NVDCVE-2024-42306 at SUSECVE-2024-42306 at NVDCVE-2024-43828 at SUSECVE-2024-43828 at NVDCVE-2024-43835 at SUSECVE-2024-43835 at NVDCVE-2024-43890 at SUSECVE-2024-43890 at NVDCVE-2024-43898 at SUSECVE-2024-43898 at NVDCVE-2024-43912 at SUSECVE-2024-43912 at NVDCVE-2024-43914 at SUSECVE-2024-43914 at NVDCVE-2024-44935 at SUSECVE-2024-44935 at NVDCVE-2024-44944 at SUSECVE-2024-44944 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-44948 at SUSECVE-2024-44948 at NVDCVE-2024-44950 at SUSECVE-2024-44950 at NVDCVE-2024-44952 at SUSECVE-2024-44952 at NVDCVE-2024-44954 at SUSECVE-2024-44954 at NVDCVE-2024-44967 at SUSECVE-2024-44967 at NVDCVE-2024-44969 at SUSECVE-2024-44969 at NVDCVE-2024-44970 at SUSECVE-2024-44970 at NVDCVE-2024-44971 at SUSECVE-2024-44971 at NVDCVE-2024-44972 at SUSECVE-2024-44972 at NVDCVE-2024-44977 at SUSECVE-2024-44977 at NVDCVE-2024-44982 at SUSECVE-2024-44982 at NVDCVE-2024-44986 at SUSECVE-2024-44986 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-44988 at SUSECVE-2024-44988 at NVDCVE-2024-44989 at SUSECVE-2024-44989 at NVDCVE-2024-44990 at SUSECVE-2024-44990 at NVDCVE-2024-44998 at SUSECVE-2024-44998 at NVDCVE-2024-44999 at SUSECVE-2024-44999 at NVDCVE-2024-45000 at SUSECVE-2024-45000 at NVDCVE-2024-45001 at SUSECVE-2024-45001 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45006 at SUSECVE-2024-45006 at NVDCVE-2024-45007 at SUSECVE-2024-45007 at NVDCVE-2024-45008 at SUSECVE-2024-45008 at NVDCVE-2024-45011 at SUSECVE-2024-45011 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45015 at SUSECVE-2024-45015 at NVDCVE-2024-45018 at SUSECVE-2024-45018 at NVDCVE-2024-45020 at SUSECVE-2024-45020 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-45028 at SUSECVE-2024-45028 at NVDCVE-2024-45029 at SUSECVE-2024-45029 at NVDCVE-2024-46673 at SUSECVE-2024-46673 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46675 at SUSECVE-2024-46675 at NVDCVE-2024-46676 at SUSECVE-2024-46676 at NVDCVE-2024-46677 at SUSECVE-2024-46677 at NVDCVE-2024-46679 at SUSECVE-2024-46679 at NVDCVE-2024-46685 at SUSECVE-2024-46685 at NVDCVE-2024-46686 at SUSECVE-2024-46686 at NVDCVE-2024-46689 at SUSECVE-2024-46689 at NVDCVE-2024-46694 at SUSECVE-2024-46694 at NVDCVE-2024-46702 at SUSECVE-2024-46702 at NVDCVE-2024-46707 at SUSECVE-2024-46707 at NVDCVE-2024-46714 at SUSECVE-2024-46714 at NVDCVE-2024-46715 at SUSECVE-2024-46715 at NVDCVE-2024-46717 at SUSECVE-2024-46717 at NVDCVE-2024-46720 at SUSECVE-2024-46720 at NVDCVE-2024-46721 at SUSECVE-2024-46721 at NVDCVE-2024-46722 at SUSECVE-2024-46722 at NVDCVE-2024-46723 at SUSECVE-2024-46723 at NVDCVE-2024-46724 at SUSECVE-2024-46724 at NVDCVE-2024-46725 at SUSECVE-2024-46725 at NVDCVE-2024-46726 at SUSECVE-2024-46726 at NVDCVE-2024-46727 at SUSECVE-2024-46727 at NVDCVE-2024-46728 at SUSECVE-2024-46728 at NVDCVE-2024-46730 at SUSECVE-2024-46730 at NVDCVE-2024-46731 at SUSECVE-2024-46731 at NVDCVE-2024-46732 at SUSECVE-2024-46732 at NVDCVE-2024-46737 at SUSECVE-2024-46737 at NVDCVE-2024-46738 at SUSECVE-2024-46738 at NVDCVE-2024-46739 at SUSECVE-2024-46739 at NVDCVE-2024-46743 at SUSECVE-2024-46743 at NVDCVE-2024-46744 at SUSECVE-2024-46744 at NVDCVE-2024-46745 at SUSECVE-2024-46745 at NVDCVE-2024-46746 at SUSECVE-2024-46746 at NVDCVE-2024-46747 at SUSECVE-2024-46747 at NVDCVE-2024-46750 at SUSECVE-2024-46750 at NVDCVE-2024-46751 at SUSECVE-2024-46751 at NVDCVE-2024-46752 at SUSECVE-2024-46752 at NVDCVE-2024-46753 at SUSECVE-2024-46753 at NVDCVE-2024-46755 at SUSECVE-2024-46755 at NVDCVE-2024-46756 at SUSECVE-2024-46756 at NVDCVE-2024-46758 at SUSECVE-2024-46758 at NVDCVE-2024-46759 at SUSECVE-2024-46759 at NVDCVE-2024-46761 at SUSECVE-2024-46761 at NVDCVE-2024-46771 at SUSECVE-2024-46771 at NVDCVE-2024-46772 at SUSECVE-2024-46772 at NVDCVE-2024-46773 at SUSECVE-2024-46773 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDCVE-2024-46778 at SUSECVE-2024-46778 at NVDCVE-2024-46780 at SUSECVE-2024-46780 at NVDCVE-2024-46781 at SUSECVE-2024-46781 at NVDCVE-2024-46783 at SUSECVE-2024-46783 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2024-46786 at SUSECVE-2024-46786 at NVDCVE-2024-46787 at SUSECVE-2024-46787 at NVDCVE-2024-46791 at SUSECVE-2024-46791 at NVDCVE-2024-46794 at SUSECVE-2024-46794 at NVDCVE-2024-46798 at SUSECVE-2024-46798 at NVDCVE-2024-46822 at SUSECVE-2024-46822 at NVDCVE-2024-46830 at SUSECVE-2024-46830 at NVDcpe:/o:opensuse:leap:15.5Security update for redis (Important)openSUSE Leap 15.5
This update for redis fixes the following issues:
- CVE-2024-31228: Fixed unbounded recursive pattern matching (bsc#1231265)
- CVE-2024-31449: Fixed integer overflow bug in Lua bit_tohex (bsc#1231264)
ImportantSUSE bug 1231264SUSE bug 1231265CVE-2024-31228 at SUSECVE-2024-31228 at NVDCVE-2024-31449 at SUSECVE-2024-31449 at NVDcpe:/o:opensuse:leap:15.5Security update for libreoffice (Important)openSUSE Leap 15.5
This update for libreofficefixes the following issues:
libreoffice was updated to version 24.8.1.2 (jsc#PED-10362):
- Release notes:
* https://wiki.documentfoundation.org/Releases/24.8.0/RC1 and
* https://wiki.documentfoundation.org/Releases/24.8.0/RC2 and
* https://wiki.documentfoundation.org/Releases/24.8.0/RC3
- Security issues fixed:
* CVE-2024-526: Fixed TLS certificates are not properly verified when utilizing LibreOfficeKit (bsc#1226975)
- Other bugs fixed:
* Use system curl instead of the bundled one on systems greater than or equal to SLE15 (bsc#1229589)
* Use the new clucene function, which makes index files reproducible (bsc#1047218)
* Support firebird database with new package `libreoffice-base-drivers-firebird` in Package Hub and
openSUSE Leap (bsc#1225597)
- Update bundled dependencies:
* Java-Websocket updated from 1.5.4 to 1.5.6
* boost updated from 1.82.0 to 1.85.0
* curl updated from 8.7.1 to 8.9.1
* fontconfig updated from 2.14.2 to 2.15.0
* freetype updated from 2.13.0 to 2.13.2
* harfbuzz updated from 8.2.2 to 8.5.0
* icu4c-data updated from 73.2 to 74.2
* icu4c-src updated from 73.2 to 74.2
* libassuan updated from 2.5.7 to 3.0.1
* libcmis updated from 0.6.1 to 0.6.2
* libgpg-error updated from 1.48 to 1.50
* pdfium updated from 6179 to 6425
* poppler updated from 23.09.0 to 24.08.0
* tiff updated from 4.6.0 to 4.6.0t
ImportantSUSE bug 1047218SUSE bug 1225597SUSE bug 1226975SUSE bug 1229589CVE-2024-5261 at SUSECVE-2024-5261 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
- CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
- CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
- CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
- CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
- CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
- CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
- CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
- CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
- CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
- CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
- CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
- CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
- CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
- CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786).
- CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
The following non-security bugs were fixed:
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
- ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
- ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
- ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: topology: Properly initialize soc_enum values (stable-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes).
- Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
- HID: amd_sfh: free driver_data after destroying hid device (stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes).
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- Input: ilitek_ts_i2c - add report id message validation (git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes).
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes).
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- PCI: Wait for Link before restoring Downstream Buses (git-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
- PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes).
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
- Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section'.
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage'.
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()'.
- Squashfs: sanity check symbolic link size (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: add number of queue calc helper (bsc#1229034).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
- cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
- cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- devres: Initialize an uninitialized struct member (stable-fixes).
- driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
- driver core: Add missing parameter description to __fwnode_link_add() (git-fixes).
- driver core: Create __fwnode_link_del() helper function (git-fixes).
- driver core: Set deferred probe reason when deferred by driver core (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
- driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation (stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes).
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes).
- drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: check negtive return for table entries (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
- drm/amdgpu: fix overflowed array index read warning (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes).
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/msm/a5xx: disable preemption in submits by default (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
- drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes).
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224085).
- firmware_loader: Block path traversal (git-fixes).
- fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592).
- fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
- genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
- ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes).
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes).
- media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
- media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
- mtd: slram: insert break after errors in parsing the map (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: missing check virtio (git-fixes).
- net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes).
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769).
- nilfs2: Constify struct kobj_type (git-fixes).
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes).
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes).
- nilfs2: fix state management in error path of log writing function (git-fixes).
- nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
- nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
- nilfs2: use default_groups in kobj_type (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
- pcmcia: Use resource_size function on resource object (stable-fixes).
- pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
- power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848).
- scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
- tools/virtio: fix build (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
- udp: fix receiving fraglist GSO packets (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
- usb: uas: set host status byte on data completion error (git-fixes).
- usb: uas: set host status byte on data completion error (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usbip: Do not submit special requests twice (stable-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
- usbnet: modern method to get random MAC (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
- virtio/vsock: fix logic which reduces credit update messages (git-fixes).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
- virtio_net: checksum offloading handling fix (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtiofs: forbid newlines in tags (bsc#1230591).
- vsock/virtio: add support for device suspend/resume (git-fixes).
- vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
- vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes).
- vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
- watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- x86/xen: Convert comma to semicolon (git-fixes).
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- xen/swiotlb: fix allocated size (git-fixes).
- xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
- xen: allow mapping ACPI data using a different physical address (bsc#1226003).
- xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
- xen: move checks for e820 conflicts further up (bsc#1226003).
- xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003).
- xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
- xen: use correct end address of kernel for conflict checking (bsc#1226003).
- xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
ImportantSUSE bug 1054914SUSE bug 1065729SUSE bug 1194869SUSE bug 1199769SUSE bug 1216223SUSE bug 1220382SUSE bug 1221610SUSE bug 1221650SUSE bug 1222629SUSE bug 1222973SUSE bug 1223600SUSE bug 1223848SUSE bug 1224085SUSE bug 1225903SUSE bug 1226003SUSE bug 1226606SUSE bug 1226631SUSE bug 1226662SUSE bug 1226666SUSE bug 1226846SUSE bug 1226860SUSE bug 1226875SUSE bug 1226915SUSE bug 1227487SUSE bug 1227726SUSE bug 1227819SUSE bug 1227832SUSE bug 1227890SUSE bug 1228507SUSE bug 1228576SUSE bug 1228620SUSE bug 1228747SUSE bug 1228771SUSE bug 1229031SUSE bug 1229034SUSE bug 1229086SUSE bug 1229156SUSE bug 1229334SUSE bug 1229362SUSE bug 1229363SUSE bug 1229364SUSE bug 1229394SUSE bug 1229429SUSE bug 1229453SUSE bug 1229572SUSE bug 1229573SUSE bug 1229585SUSE bug 1229607SUSE bug 1229619SUSE bug 1229633SUSE bug 1229662SUSE bug 1229753SUSE bug 1229764SUSE bug 1229790SUSE bug 1229810SUSE bug 1229830SUSE bug 1229891SUSE bug 1229899SUSE bug 1229928SUSE bug 1229947SUSE bug 1230015SUSE bug 1230055SUSE bug 1230129SUSE bug 1230130SUSE bug 1230170SUSE bug 1230171SUSE bug 1230174SUSE bug 1230175SUSE bug 1230176SUSE bug 1230178SUSE bug 1230180SUSE bug 1230185SUSE bug 1230192SUSE bug 1230193SUSE bug 1230194SUSE bug 1230200SUSE bug 1230204SUSE bug 1230209SUSE bug 1230211SUSE bug 1230217SUSE bug 1230224SUSE bug 1230230SUSE bug 1230233SUSE bug 1230244SUSE bug 1230245SUSE bug 1230247SUSE bug 1230248SUSE bug 1230269SUSE bug 1230289SUSE bug 1230339SUSE bug 1230340SUSE bug 1230392SUSE bug 1230398SUSE bug 1230431SUSE bug 1230433SUSE bug 1230434SUSE bug 1230440SUSE bug 1230442SUSE bug 1230444SUSE bug 1230450SUSE bug 1230451SUSE bug 1230454SUSE bug 1230506SUSE bug 1230507SUSE bug 1230511SUSE bug 1230515SUSE bug 1230517SUSE bug 1230524SUSE bug 1230533SUSE bug 1230535SUSE bug 1230549SUSE bug 1230550SUSE bug 1230556SUSE bug 1230582SUSE bug 1230589SUSE bug 1230591SUSE bug 1230592SUSE bug 1230699SUSE bug 1230700SUSE bug 1230701SUSE bug 1230702SUSE bug 1230703SUSE bug 1230705SUSE bug 1230706SUSE bug 1230709SUSE bug 1230710SUSE bug 1230711SUSE bug 1230712SUSE bug 1230719SUSE bug 1230724SUSE bug 1230725SUSE bug 1230730SUSE bug 1230731SUSE bug 1230732SUSE bug 1230733SUSE bug 1230747SUSE bug 1230748SUSE bug 1230751SUSE bug 1230752SUSE bug 1230756SUSE bug 1230761SUSE bug 1230763SUSE bug 1230766SUSE bug 1230767SUSE bug 1230768SUSE bug 1230771SUSE bug 1230774SUSE bug 1230783SUSE bug 1230786SUSE bug 1230791SUSE bug 1230794SUSE bug 1230796SUSE bug 1230802SUSE bug 1230806SUSE bug 1230808SUSE bug 1230810SUSE bug 1230812SUSE bug 1230813SUSE bug 1230814SUSE bug 1230815SUSE bug 1230821SUSE bug 1230825SUSE bug 1230830SUSE bug 1231013SUSE bug 1231017SUSE bug 1231084SUSE bug 1231085SUSE bug 1231087SUSE bug 1231115SUSE bug 1231116SUSE bug 1231120SUSE bug 1231146SUSE bug 1231180SUSE bug 1231181SUSE bug 1231277SUSE bug 1231327CVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2023-52610 at SUSECVE-2023-52610 at NVDCVE-2023-52916 at SUSECVE-2023-52916 at NVDCVE-2024-26640 at SUSECVE-2024-26640 at NVDCVE-2024-26759 at SUSECVE-2024-26759 at NVDCVE-2024-26767 at SUSECVE-2024-26767 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-26837 at SUSECVE-2024-26837 at NVDCVE-2024-37353 at SUSECVE-2024-37353 at NVDCVE-2024-38538 at SUSECVE-2024-38538 at NVDCVE-2024-38596 at SUSECVE-2024-38596 at NVDCVE-2024-38632 at SUSECVE-2024-38632 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-40973 at SUSECVE-2024-40973 at NVDCVE-2024-40983 at SUSECVE-2024-40983 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41082 at SUSECVE-2024-41082 at NVDCVE-2024-42154 at SUSECVE-2024-42154 at NVDCVE-2024-42259 at SUSECVE-2024-42259 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-42304 at SUSECVE-2024-42304 at NVDCVE-2024-42305 at SUSECVE-2024-42305 at NVDCVE-2024-42306 at SUSECVE-2024-42306 at NVDCVE-2024-43828 at SUSECVE-2024-43828 at NVDCVE-2024-43890 at SUSECVE-2024-43890 at NVDCVE-2024-43898 at SUSECVE-2024-43898 at NVDCVE-2024-43912 at SUSECVE-2024-43912 at NVDCVE-2024-43914 at SUSECVE-2024-43914 at NVDCVE-2024-44935 at SUSECVE-2024-44935 at NVDCVE-2024-44944 at SUSECVE-2024-44944 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-44948 at SUSECVE-2024-44948 at NVDCVE-2024-44950 at SUSECVE-2024-44950 at NVDCVE-2024-44952 at SUSECVE-2024-44952 at NVDCVE-2024-44954 at SUSECVE-2024-44954 at NVDCVE-2024-44967 at SUSECVE-2024-44967 at NVDCVE-2024-44969 at SUSECVE-2024-44969 at NVDCVE-2024-44970 at SUSECVE-2024-44970 at NVDCVE-2024-44971 at SUSECVE-2024-44971 at NVDCVE-2024-44977 at SUSECVE-2024-44977 at NVDCVE-2024-44982 at SUSECVE-2024-44982 at NVDCVE-2024-44986 at SUSECVE-2024-44986 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-44988 at SUSECVE-2024-44988 at NVDCVE-2024-44989 at SUSECVE-2024-44989 at NVDCVE-2024-44990 at SUSECVE-2024-44990 at NVDCVE-2024-44998 at SUSECVE-2024-44998 at NVDCVE-2024-44999 at SUSECVE-2024-44999 at NVDCVE-2024-45000 at SUSECVE-2024-45000 at NVDCVE-2024-45001 at SUSECVE-2024-45001 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45006 at SUSECVE-2024-45006 at NVDCVE-2024-45007 at SUSECVE-2024-45007 at NVDCVE-2024-45008 at SUSECVE-2024-45008 at NVDCVE-2024-45011 at SUSECVE-2024-45011 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45015 at SUSECVE-2024-45015 at NVDCVE-2024-45018 at SUSECVE-2024-45018 at NVDCVE-2024-45020 at SUSECVE-2024-45020 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-45028 at SUSECVE-2024-45028 at NVDCVE-2024-45029 at SUSECVE-2024-45029 at NVDCVE-2024-46673 at SUSECVE-2024-46673 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46675 at SUSECVE-2024-46675 at NVDCVE-2024-46676 at SUSECVE-2024-46676 at NVDCVE-2024-46677 at SUSECVE-2024-46677 at NVDCVE-2024-46678 at SUSECVE-2024-46678 at NVDCVE-2024-46679 at SUSECVE-2024-46679 at NVDCVE-2024-46685 at SUSECVE-2024-46685 at NVDCVE-2024-46686 at SUSECVE-2024-46686 at NVDCVE-2024-46689 at SUSECVE-2024-46689 at NVDCVE-2024-46694 at SUSECVE-2024-46694 at NVDCVE-2024-46702 at SUSECVE-2024-46702 at NVDCVE-2024-46707 at SUSECVE-2024-46707 at NVDCVE-2024-46714 at SUSECVE-2024-46714 at NVDCVE-2024-46715 at SUSECVE-2024-46715 at NVDCVE-2024-46717 at SUSECVE-2024-46717 at NVDCVE-2024-46720 at SUSECVE-2024-46720 at NVDCVE-2024-46721 at SUSECVE-2024-46721 at NVDCVE-2024-46722 at SUSECVE-2024-46722 at NVDCVE-2024-46723 at SUSECVE-2024-46723 at NVDCVE-2024-46724 at SUSECVE-2024-46724 at NVDCVE-2024-46725 at SUSECVE-2024-46725 at NVDCVE-2024-46726 at SUSECVE-2024-46726 at NVDCVE-2024-46728 at SUSECVE-2024-46728 at NVDCVE-2024-46730 at SUSECVE-2024-46730 at NVDCVE-2024-46731 at SUSECVE-2024-46731 at NVDCVE-2024-46732 at SUSECVE-2024-46732 at NVDCVE-2024-46737 at SUSECVE-2024-46737 at NVDCVE-2024-46738 at SUSECVE-2024-46738 at NVDCVE-2024-46739 at SUSECVE-2024-46739 at NVDCVE-2024-46743 at SUSECVE-2024-46743 at NVDCVE-2024-46744 at SUSECVE-2024-46744 at NVDCVE-2024-46745 at SUSECVE-2024-46745 at NVDCVE-2024-46746 at SUSECVE-2024-46746 at NVDCVE-2024-46747 at SUSECVE-2024-46747 at NVDCVE-2024-46750 at SUSECVE-2024-46750 at NVDCVE-2024-46751 at SUSECVE-2024-46751 at NVDCVE-2024-46752 at SUSECVE-2024-46752 at NVDCVE-2024-46753 at SUSECVE-2024-46753 at NVDCVE-2024-46755 at SUSECVE-2024-46755 at NVDCVE-2024-46756 at SUSECVE-2024-46756 at NVDCVE-2024-46758 at SUSECVE-2024-46758 at NVDCVE-2024-46759 at SUSECVE-2024-46759 at NVDCVE-2024-46761 at SUSECVE-2024-46761 at NVDCVE-2024-46770 at SUSECVE-2024-46770 at NVDCVE-2024-46771 at SUSECVE-2024-46771 at NVDCVE-2024-46773 at SUSECVE-2024-46773 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDCVE-2024-46775 at SUSECVE-2024-46775 at NVDCVE-2024-46780 at SUSECVE-2024-46780 at NVDCVE-2024-46781 at SUSECVE-2024-46781 at NVDCVE-2024-46783 at SUSECVE-2024-46783 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2024-46786 at SUSECVE-2024-46786 at NVDCVE-2024-46787 at SUSECVE-2024-46787 at NVDCVE-2024-46791 at SUSECVE-2024-46791 at NVDCVE-2024-46794 at SUSECVE-2024-46794 at NVDCVE-2024-46798 at SUSECVE-2024-46798 at NVDCVE-2024-46822 at SUSECVE-2024-46822 at NVDCVE-2024-46826 at SUSECVE-2024-46826 at NVDCVE-2024-46830 at SUSECVE-2024-46830 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-46855 at SUSECVE-2024-46855 at NVDCVE-2024-46857 at SUSECVE-2024-46857 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607).
- CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633).
- CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662)
- CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619)
- CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610).
- CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269).
- CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650).
- CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340).
- CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339).
- CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629).
- CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973).
- CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875).
- CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606).
- CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846).
- CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832).
- CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890).
- CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819).
- CVE-2024-41062: Sync sock recv cb and release (bsc#1228576).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082).
- CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507).
- CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156)
- CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334).
- CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364).
- CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363).
- CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362).
- CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394).
- CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764).
- CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753).
- CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830)
- CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790).
- CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810).
- CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899).
- CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015).
- CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180).
- CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178).
- CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176).
- CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209).
- CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211).
- CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230)
- CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185).
- CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192).
- CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193).
- CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194).
- CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171).
- CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233).
- CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245).
- CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175).
- CVE-2024-45008: Input: MT - limit max slots (bsc#1230248).
- CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442).
- CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444)
- CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431).
- CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434).
- CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451).
- CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506).
- CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507).
- CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549).
- CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556).
- CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515)
- CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517).
- CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524)
- CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589)
- CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582).
- CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700).
- CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703)
- CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701)
- CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756).
- CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783).
- CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786).
- CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794).
- CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796).
- CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772).
- CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810).
- CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815).
- CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825).
- CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120).
- CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116).
The following non-security bugs were fixed:
- ACPI: battery: create alarm sysfs attribute atomically (git-fixes).
- ACPI: CPPC: Fix MASK_VAL() usage (git-fixes).
- ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes).
- ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes).
- ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes).
- ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes).
- ACPI: sysfs: validate return type of _STR method (git-fixes).
- af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846).
- af_unix: Fix data races around sk->sk_shutdown (bsc#1226846).
- af_unix: Fix data-races around sk->sk_shutdown (git-fixes).
- ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes).
- ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes).
- ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes).
- ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes).
- ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes).
- apparmor: fix possible NULL pointer dereference (stable-fixes).
- arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes).
- arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes).
- arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes).
- arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes).
- arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585)
- arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585)
- arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585)
- arm64: tlb: Fix TLBI RANGE operand (bsc#1229585)
- arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585)
- ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes).
- ASoC: meson: axg-card: fix 'use-after-free' (git-fixes).
- ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes).
- ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes).
- ASoC: tegra: Fix CBB error during probe() (git-fixes).
- ASoC: topology: Properly initialize soc_enum values (stable-fixes).
- ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes).
- ata: pata_macio: Use WARN instead of BUG (stable-fixes).
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600).
- blk-mq: add number of queue calc helper (bsc#1229034).
- blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031).
- blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600).
- blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034).
- blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034).
- blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034).
- Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes).
- Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes).
- Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes).
- Bluetooth: L2CAP: Fix deadlock (git-fixes).
- Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes).
- cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181).
- cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013).
- can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes).
- can: bcm: Remove proc entry when dev is unregistered (git-fixes).
- can: j1939: use correct function name in comment (git-fixes).
- can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes).
- cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes).
- ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180).
- char: xillybus: Check USB endpoints when probing device (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes).
- clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes).
- clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes).
- cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes).
- crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes).
- crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- crypto: virtio - Wait for tasklet to complete on device remove (git-fixes).
- crypto: xor - fix template benchmarking (git-fixes).
- devres: Initialize an uninitialized struct member (stable-fixes).
- driver core: Add debug logs when fwnode links are added/deleted (git-fixes).
- driver core: Add missing parameter description to __fwnode_link_add() (git-fixes).
- driver core: Create __fwnode_link_del() helper function (git-fixes).
- driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes).
- driver core: fw_devlink: Consolidate device link flag computation (git-fixes).
- driver core: Set deferred probe reason when deferred by driver core (git-fixes).
- drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes).
- Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes).
- Drivers: hv: vmbus: Fix the misplaced function description (git-fixes).
- drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes).
- drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes).
- drm/amd/amdgpu: Check tbo resource pointer (stable-fixes).
- drm/amd/amdgpu: Properly tune the size of struct (git-fixes).
- drm/amd/display: Add array index check for hdcp ddc access (stable-fixes).
- drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes).
- drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes).
- drm/amd/display: Check denominator pbn_div before used (stable-fixes).
- drm/amd/display: Check gpio_id before used as array index (stable-fixes).
- drm/amd/display: Check HDCP returned status (stable-fixes).
- drm/amd/display: Check msg_id before processing transcation (stable-fixes).
- drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes).
- drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes).
- drm/amd/display: Ensure index calculation will not overflow (stable-fixes).
- drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes).
- drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes).
- drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes).
- drm/amd/display: Spinlock before reading event (stable-fixes).
- drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes).
- drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes).
- drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes).
- drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes).
- drm/amdgpu: fix a possible null pointer dereference (git-fixes).
- drm/amdgpu: fix dereference after null check (stable-fixes).
- drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes).
- drm/amdgpu: Fix out-of-bounds write warning (stable-fixes).
- drm/amdgpu: fix overflowed array index read warning (stable-fixes).
- drm/amdgpu: Fix smatch static checker warning (stable-fixes).
- drm/amdgpu: fix the waring dereferencing hive (stable-fixes).
- drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes).
- drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes).
- drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes).
- drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes).
- drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes).
- drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes).
- drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes).
- drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes).
- drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes).
- drm/amd/pm: check negtive return for table entries (stable-fixes).
- drm/amd/pm: check specific index for aldebaran (stable-fixes).
- drm/amd/pm: Fix negative array index read (stable-fixes).
- drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes).
- drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes).
- drm/amd/pm: fix uninitialized variable warning (stable-fixes).
- drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes).
- drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes).
- drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes).
- drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes).
- drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes).
- drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes).
- drm/meson: plane: Add error handling (stable-fixes).
- drm/msm/a5xx: disable preemption in submits by default (git-fixes).
- drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes).
- drm/msm/a5xx: properly clear preemption records on resume (git-fixes).
- drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes).
- drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes).
- drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444)
- drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes).
- drm/msm: fix %s null argument error (git-fixes).
- drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes).
- drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes).
- drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes).
- drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes).
- drm/rockchip: vop: Allow 4096px width scaling (git-fixes).
- drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes).
- exfat: fix memory leak in exfat_load_bitmap() (git-fixes).
- fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224085).
- firmware_loader: Block path traversal (git-fixes).
- fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592).
- fuse: update stats for pages in dropped aux writeback list (bsc#1230130).
- fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129).
- genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031).
- genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031).
- genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031).
- genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031).
- genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031).
- gfs2: setattr_chown: Add missing initialization (git-fixes).
- HID: amd_sfh: free driver_data after destroying hid device (stable-fixes).
- HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes).
- hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes).
- hwmon: (max16065) Fix overflows seen when writing limits (git-fixes).
- hwmon: (ntc_thermistor) fix module autoloading (git-fixes).
- hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes).
- hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes).
- hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes).
- hwrng: mtk - Use devm_pm_runtime_enable (git-fixes).
- i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes).
- i2c: Fix conditional for substituting empty ACPI functions (stable-fixes).
- i2c: isch: Add missed 'else' (git-fixes).
- i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes).
- i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes).
- i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes).
- IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes)
- IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes)
- iio: adc: ad7124: fix chip ID mismatch (git-fixes).
- iio: adc: ad7124: fix config comparison (git-fixes).
- iio: adc: ad7606: fix oversampling gpio array (git-fixes).
- iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes).
- iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes).
- iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes).
- iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes).
- iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes).
- Input: ilitek_ts_i2c - add report id message validation (git-fixes).
- Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes).
- Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Input: uinput - reject requests with unreasonable number of slots (stable-fixes).
- ipmi: docs: do not advertise deprecated sysfs entries (git-fixes).
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- ipmi:ssif: Improve detecting during probing (bsc#1228771)
- jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes).
- kabi: add __nf_queue_get_refs() for kabi compliance.
- kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes).
- kthread: Fix task state in kthread worker if being frozen (bsc#1231146).
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031).
- lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034).
- lib/group_cpus: Export group_cpus_evenly() (bsc#1229031).
- lirc: rc_dev_get_from_fd(): fix file leak (git-fixes).
- mailbox: bcm2835: Fix timeout during suspend mode (git-fixes).
- mailbox: rockchip: fix a typo in module autoloading (git-fixes).
- media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269)
- media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes).
- media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes).
- media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes).
- media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes).
- media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes).
- media: uvcvideo: Enforce alignment of frame and interval (stable-fixes).
- media: venus: fix use after free bug in venus_remove due to race condition (git-fixes).
- media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes).
- media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes).
- media: vivid: fix wrong sizeimage value for mplane (stable-fixes).
- mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes).
- mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes).
- mmc: sdhci-of-aspeed: fix module autoloading (git-fixes).
- mtd: powernv: Add check devm_kasprintf() returned value (git-fixes).
- mtd: slram: insert break after errors in parsing the map (git-fixes).
- net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes).
- net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes).
- net: missing check virtio (git-fixes).
- net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes).
- nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769).
- NFSD: Fix frame size warning in svc_export_parse() (git-fixes).
- NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662).
- NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes).
- NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726).
- NFS: Reduce use of uncached readdir (bsc#1226662).
- NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes).
- nilfs2: Constify struct kobj_type (git-fixes).
- nilfs2: determine empty node blocks as corrupted (git-fixes).
- nilfs2: fix missing cleanup on rollforward recovery error (git-fixes).
- nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes).
- nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes).
- nilfs2: fix state management in error path of log writing function (git-fixes).
- nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes).
- nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes).
- nilfs2: use default_groups in kobj_type (git-fixes).
- nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes).
- nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes).
- nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes).
- nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034).
- nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes).
- nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes).
- nvmet-tcp: do not continue for invalid icreq (git-fixes).
- nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes).
- nvmet-trace: avoid dereferencing pointer too early (git-fixes).
- ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes).
- ocfs2: fix null-ptr-deref when journal load failed (git-fixes).
- ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes).
- ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes).
- PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes).
- PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes).
- PCI/ASPM: Move pci_function_0() upward (bsc#1226915)
- PCI/ASPM: Remove struct aspm_latency (bsc#1226915)
- PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915)
- PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915)
- PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes).
- PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes).
- PCI: dwc: Restore MSI Receiver mask during resume (git-fixes).
- pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes).
- PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes).
- PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes).
- PCI: Support BAR sizes up to 8TB (bsc#1231017)
- PCI: Wait for Link before restoring Downstream Buses (git-fixes).
- PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes).
- PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes).
- PCI: xilinx-nwl: Fix register misspelling (git-fixes).
- pcmcia: Use resource_size function on resource object (stable-fixes).
- pinctrl: single: fix missing error code in pcs_probe() (git-fixes).
- pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes).
- PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666).
- platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes).
- platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes).
- platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes).
- power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes).
- power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes).
- power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes).
- power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes).
- RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes)
- RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes)
- RDMA/efa: Properly handle unexpected AQ completions (git-fixes)
- RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes)
- RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes)
- RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes)
- RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes)
- RDMA/hns: Optimize hem allocation performance (git-fixes)
- RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes)
- RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes)
- RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes)
- RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes)
- RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes)
- Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes).
- Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes).
- Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes).
- rtc: at91sam9: fix OF node leak in probe() error path (git-fixes).
- scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223).
- scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429).
- scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429).
- scsi: lpfc: Fix overflow build issue (bsc#1229429).
- scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429).
- scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429).
- scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429).
- scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429).
- scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429).
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429).
- scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034).
- scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848).
- scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes).
- Squashfs: sanity check symbolic link size (git-fixes).
- staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes).
- thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes).
- tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes).
- tools/virtio: fix build (git-fixes).
- tpm: Clean up TPM space after command failure (git-fixes).
- tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes).
- tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes).
- udp: fix receiving fraglist GSO packets (git-fixes).
- uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes).
- usb: cdnsp: Fix incorrect usb_request status (git-fixes).
- USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes).
- usb: dwc2: drd: fix clock gating on USB role switch (git-fixes).
- usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes).
- usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes).
- usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes).
- usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes).
- usb: dwc3: omap: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: add missing depopulate in probe error path (git-fixes).
- usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes).
- usbip: Do not submit special requests twice (stable-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- usbnet: ipheth: race between ipheth_close and error handling (git-fixes).
- usbnet: modern method to get random MAC (git-fixes).
- USB: serial: kobil_sct: restore initial terminal settings (git-fixes).
- USB: serial: option: add MeiG Smart SRM825L (git-fixes).
- usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes).
- usb: uas: set host status byte on data completion error (git-fixes).
- usb: uas: set host status byte on data completion error (stable-fixes).
- USB: usbtmc: prevent kernel-usb-infoleak (git-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes).
- vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes).
- virito: add APIs for retrieving vq affinity (bsc#1229034).
- virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes).
- virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034).
- virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034).
- virtiofs: forbid newlines in tags (bsc#1230591).
- virtio_net: checksum offloading handling fix (git-fixes).
- virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes).
- virtio_net: use u64_stats_t infra to avoid data-races (git-fixes).
- virtio: reenable config if freezing device failed (git-fixes).
- virtio/vsock: fix logic which reduces credit update messages (git-fixes).
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes).
- vsock/virtio: add support for device suspend/resume (git-fixes).
- vsock/virtio: factor our the code to initialize and delete VQs (git-fixes).
- vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes).
- vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes).
- watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes).
- wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes).
- wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes).
- wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes).
- wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes).
- wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes).
- wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes).
- wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes).
- wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes).
- wifi: rtw88: 8822c: Fix reported RX band width (git-fixes).
- wifi: rtw88: always wait for both firmware loading attempts (git-fixes).
- wifi: rtw88: remove CPT execution branch never used (git-fixes).
- wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes).
- x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes).
- x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382).
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382).
- x86/xen: Convert comma to semicolon (git-fixes).
- xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003).
- xen: allow mapping ACPI data using a different physical address (bsc#1226003).
- xen: introduce generic helper checking for memory map conflicts (bsc#1226003).
- xen: move checks for e820 conflicts further up (bsc#1226003).
- xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003).
- xen/swiotlb: add alignment check for dma buffers (bsc#1229928).
- xen/swiotlb: fix allocated size (git-fixes).
- xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003).
- xen: use correct end address of kernel for conflict checking (bsc#1226003).
- xfs: do not include bnobt blocks when reserving free block pool (git-fixes).
- xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes).
- xz: cleanup CRC32 edits from 2018 (git-fixes).
ImportantSUSE bug 1199769SUSE bug 1216223SUSE bug 1220382SUSE bug 1221610SUSE bug 1221650SUSE bug 1222629SUSE bug 1222973SUSE bug 1223600SUSE bug 1223848SUSE bug 1224085SUSE bug 1225903SUSE bug 1226003SUSE bug 1226606SUSE bug 1226662SUSE bug 1226666SUSE bug 1226846SUSE bug 1226860SUSE bug 1226875SUSE bug 1226915SUSE bug 1227487SUSE bug 1227726SUSE bug 1227819SUSE bug 1227832SUSE bug 1227890SUSE bug 1228507SUSE bug 1228576SUSE bug 1228620SUSE bug 1228771SUSE bug 1229031SUSE bug 1229034SUSE bug 1229086SUSE bug 1229156SUSE bug 1229289SUSE bug 1229334SUSE bug 1229362SUSE bug 1229363SUSE bug 1229364SUSE bug 1229394SUSE bug 1229429SUSE bug 1229453SUSE bug 1229572SUSE bug 1229573SUSE bug 1229585SUSE bug 1229607SUSE bug 1229619SUSE bug 1229633SUSE bug 1229662SUSE bug 1229753SUSE bug 1229764SUSE bug 1229790SUSE bug 1229810SUSE bug 1229830SUSE bug 1229899SUSE bug 1229928SUSE bug 1229947SUSE bug 1230015SUSE bug 1230129SUSE bug 1230130SUSE bug 1230170SUSE bug 1230171SUSE bug 1230174SUSE bug 1230175SUSE bug 1230176SUSE bug 1230178SUSE bug 1230180SUSE bug 1230185SUSE bug 1230192SUSE bug 1230193SUSE bug 1230194SUSE bug 1230200SUSE bug 1230204SUSE bug 1230209SUSE bug 1230211SUSE bug 1230212SUSE bug 1230217SUSE bug 1230224SUSE bug 1230230SUSE bug 1230233SUSE bug 1230244SUSE bug 1230245SUSE bug 1230247SUSE bug 1230248SUSE bug 1230269SUSE bug 1230339SUSE bug 1230340SUSE bug 1230392SUSE bug 1230398SUSE bug 1230431SUSE bug 1230433SUSE bug 1230434SUSE bug 1230440SUSE bug 1230442SUSE bug 1230444SUSE bug 1230450SUSE bug 1230451SUSE bug 1230454SUSE bug 1230506SUSE bug 1230507SUSE bug 1230511SUSE bug 1230515SUSE bug 1230517SUSE bug 1230524SUSE bug 1230533SUSE bug 1230535SUSE bug 1230549SUSE bug 1230556SUSE bug 1230582SUSE bug 1230589SUSE bug 1230591SUSE bug 1230592SUSE bug 1230699SUSE bug 1230700SUSE bug 1230701SUSE bug 1230702SUSE bug 1230703SUSE bug 1230705SUSE bug 1230706SUSE bug 1230707SUSE bug 1230709SUSE bug 1230710SUSE bug 1230711SUSE bug 1230712SUSE bug 1230719SUSE bug 1230724SUSE bug 1230725SUSE bug 1230730SUSE bug 1230731SUSE bug 1230732SUSE bug 1230733SUSE bug 1230747SUSE bug 1230748SUSE bug 1230751SUSE bug 1230752SUSE bug 1230756SUSE bug 1230761SUSE bug 1230766SUSE bug 1230767SUSE bug 1230768SUSE bug 1230771SUSE bug 1230772SUSE bug 1230776SUSE bug 1230783SUSE bug 1230786SUSE bug 1230791SUSE bug 1230794SUSE bug 1230796SUSE bug 1230802SUSE bug 1230806SUSE bug 1230808SUSE bug 1230810SUSE bug 1230812SUSE bug 1230813SUSE bug 1230814SUSE bug 1230815SUSE bug 1230821SUSE bug 1230825SUSE bug 1230830SUSE bug 1231013SUSE bug 1231017SUSE bug 1231116SUSE bug 1231120SUSE bug 1231146SUSE bug 1231180SUSE bug 1231181CVE-2022-48901 at SUSECVE-2022-48901 at NVDCVE-2022-48911 at SUSECVE-2022-48911 at NVDCVE-2022-48923 at SUSECVE-2022-48923 at NVDCVE-2022-48935 at SUSECVE-2022-48935 at NVDCVE-2022-48944 at SUSECVE-2022-48944 at NVDCVE-2022-48945 at SUSECVE-2022-48945 at NVDCVE-2023-52610 at SUSECVE-2023-52610 at NVDCVE-2023-52916 at SUSECVE-2023-52916 at NVDCVE-2024-26640 at SUSECVE-2024-26640 at NVDCVE-2024-26759 at SUSECVE-2024-26759 at NVDCVE-2024-26767 at SUSECVE-2024-26767 at NVDCVE-2024-26804 at SUSECVE-2024-26804 at NVDCVE-2024-26837 at SUSECVE-2024-26837 at NVDCVE-2024-37353 at SUSECVE-2024-37353 at NVDCVE-2024-38538 at SUSECVE-2024-38538 at NVDCVE-2024-38596 at SUSECVE-2024-38596 at NVDCVE-2024-38632 at SUSECVE-2024-38632 at NVDCVE-2024-40910 at SUSECVE-2024-40910 at NVDCVE-2024-40973 at SUSECVE-2024-40973 at NVDCVE-2024-40983 at SUSECVE-2024-40983 at NVDCVE-2024-41062 at SUSECVE-2024-41062 at NVDCVE-2024-41082 at SUSECVE-2024-41082 at NVDCVE-2024-42154 at SUSECVE-2024-42154 at NVDCVE-2024-42259 at SUSECVE-2024-42259 at NVDCVE-2024-42265 at SUSECVE-2024-42265 at NVDCVE-2024-42304 at SUSECVE-2024-42304 at NVDCVE-2024-42305 at SUSECVE-2024-42305 at NVDCVE-2024-42306 at SUSECVE-2024-42306 at NVDCVE-2024-43828 at SUSECVE-2024-43828 at NVDCVE-2024-43835 at SUSECVE-2024-43835 at NVDCVE-2024-43890 at SUSECVE-2024-43890 at NVDCVE-2024-43898 at SUSECVE-2024-43898 at NVDCVE-2024-43912 at SUSECVE-2024-43912 at NVDCVE-2024-43914 at SUSECVE-2024-43914 at NVDCVE-2024-44935 at SUSECVE-2024-44935 at NVDCVE-2024-44944 at SUSECVE-2024-44944 at NVDCVE-2024-44946 at SUSECVE-2024-44946 at NVDCVE-2024-44948 at SUSECVE-2024-44948 at NVDCVE-2024-44950 at SUSECVE-2024-44950 at NVDCVE-2024-44952 at SUSECVE-2024-44952 at NVDCVE-2024-44954 at SUSECVE-2024-44954 at NVDCVE-2024-44967 at SUSECVE-2024-44967 at NVDCVE-2024-44969 at SUSECVE-2024-44969 at NVDCVE-2024-44970 at SUSECVE-2024-44970 at NVDCVE-2024-44971 at SUSECVE-2024-44971 at NVDCVE-2024-44972 at SUSECVE-2024-44972 at NVDCVE-2024-44977 at SUSECVE-2024-44977 at NVDCVE-2024-44982 at SUSECVE-2024-44982 at NVDCVE-2024-44986 at SUSECVE-2024-44986 at NVDCVE-2024-44987 at SUSECVE-2024-44987 at NVDCVE-2024-44988 at SUSECVE-2024-44988 at NVDCVE-2024-44989 at SUSECVE-2024-44989 at NVDCVE-2024-44990 at SUSECVE-2024-44990 at NVDCVE-2024-44998 at SUSECVE-2024-44998 at NVDCVE-2024-44999 at SUSECVE-2024-44999 at NVDCVE-2024-45000 at SUSECVE-2024-45000 at NVDCVE-2024-45001 at SUSECVE-2024-45001 at NVDCVE-2024-45003 at SUSECVE-2024-45003 at NVDCVE-2024-45006 at SUSECVE-2024-45006 at NVDCVE-2024-45007 at SUSECVE-2024-45007 at NVDCVE-2024-45008 at SUSECVE-2024-45008 at NVDCVE-2024-45011 at SUSECVE-2024-45011 at NVDCVE-2024-45013 at SUSECVE-2024-45013 at NVDCVE-2024-45015 at SUSECVE-2024-45015 at NVDCVE-2024-45018 at SUSECVE-2024-45018 at NVDCVE-2024-45020 at SUSECVE-2024-45020 at NVDCVE-2024-45021 at SUSECVE-2024-45021 at NVDCVE-2024-45026 at SUSECVE-2024-45026 at NVDCVE-2024-45028 at SUSECVE-2024-45028 at NVDCVE-2024-45029 at SUSECVE-2024-45029 at NVDCVE-2024-46673 at SUSECVE-2024-46673 at NVDCVE-2024-46674 at SUSECVE-2024-46674 at NVDCVE-2024-46675 at SUSECVE-2024-46675 at NVDCVE-2024-46676 at SUSECVE-2024-46676 at NVDCVE-2024-46677 at SUSECVE-2024-46677 at NVDCVE-2024-46679 at SUSECVE-2024-46679 at NVDCVE-2024-46685 at SUSECVE-2024-46685 at NVDCVE-2024-46686 at SUSECVE-2024-46686 at NVDCVE-2024-46689 at SUSECVE-2024-46689 at NVDCVE-2024-46694 at SUSECVE-2024-46694 at NVDCVE-2024-46702 at SUSECVE-2024-46702 at NVDCVE-2024-46707 at SUSECVE-2024-46707 at NVDCVE-2024-46714 at SUSECVE-2024-46714 at NVDCVE-2024-46715 at SUSECVE-2024-46715 at NVDCVE-2024-46717 at SUSECVE-2024-46717 at NVDCVE-2024-46720 at SUSECVE-2024-46720 at NVDCVE-2024-46721 at SUSECVE-2024-46721 at NVDCVE-2024-46722 at SUSECVE-2024-46722 at NVDCVE-2024-46723 at SUSECVE-2024-46723 at NVDCVE-2024-46724 at SUSECVE-2024-46724 at NVDCVE-2024-46725 at SUSECVE-2024-46725 at NVDCVE-2024-46726 at SUSECVE-2024-46726 at NVDCVE-2024-46727 at SUSECVE-2024-46727 at NVDCVE-2024-46728 at SUSECVE-2024-46728 at NVDCVE-2024-46730 at SUSECVE-2024-46730 at NVDCVE-2024-46731 at SUSECVE-2024-46731 at NVDCVE-2024-46732 at SUSECVE-2024-46732 at NVDCVE-2024-46737 at SUSECVE-2024-46737 at NVDCVE-2024-46738 at SUSECVE-2024-46738 at NVDCVE-2024-46739 at SUSECVE-2024-46739 at NVDCVE-2024-46743 at SUSECVE-2024-46743 at NVDCVE-2024-46744 at SUSECVE-2024-46744 at NVDCVE-2024-46745 at SUSECVE-2024-46745 at NVDCVE-2024-46746 at SUSECVE-2024-46746 at NVDCVE-2024-46747 at SUSECVE-2024-46747 at NVDCVE-2024-46750 at SUSECVE-2024-46750 at NVDCVE-2024-46751 at SUSECVE-2024-46751 at NVDCVE-2024-46752 at SUSECVE-2024-46752 at NVDCVE-2024-46753 at SUSECVE-2024-46753 at NVDCVE-2024-46755 at SUSECVE-2024-46755 at NVDCVE-2024-46756 at SUSECVE-2024-46756 at NVDCVE-2024-46758 at SUSECVE-2024-46758 at NVDCVE-2024-46759 at SUSECVE-2024-46759 at NVDCVE-2024-46761 at SUSECVE-2024-46761 at NVDCVE-2024-46771 at SUSECVE-2024-46771 at NVDCVE-2024-46772 at SUSECVE-2024-46772 at NVDCVE-2024-46773 at SUSECVE-2024-46773 at NVDCVE-2024-46774 at SUSECVE-2024-46774 at NVDCVE-2024-46778 at SUSECVE-2024-46778 at NVDCVE-2024-46780 at SUSECVE-2024-46780 at NVDCVE-2024-46781 at SUSECVE-2024-46781 at NVDCVE-2024-46783 at SUSECVE-2024-46783 at NVDCVE-2024-46784 at SUSECVE-2024-46784 at NVDCVE-2024-46786 at SUSECVE-2024-46786 at NVDCVE-2024-46787 at SUSECVE-2024-46787 at NVDCVE-2024-46791 at SUSECVE-2024-46791 at NVDCVE-2024-46794 at SUSECVE-2024-46794 at NVDCVE-2024-46798 at SUSECVE-2024-46798 at NVDCVE-2024-46822 at SUSECVE-2024-46822 at NVDCVE-2024-46830 at SUSECVE-2024-46830 at NVDcpe:/o:opensuse:leap:15.5Recommended update for python-requests (Moderate)openSUSE Leap 15.5
This update for python-requests fixes the following issue:
- Update CVE-2024-35195.patch to allow the usage of 'verify' parameter
as a directory (bsc#1225912)
ModerateSUSE bug 1225912CVE-2024-35195 at SUSECVE-2024-35195 at NVDcpe:/o:opensuse:leap:15.5Security update for OpenIPMI (Moderate)openSUSE Leap 15.5
This update for OpenIPMI fixes the following issues:
- CVE-2024-42934: Fixed missing check on the authorization type on incoming LAN messages in IPMI simulator (bsc#1229910)
ModerateSUSE bug 1229910CVE-2024-42934 at SUSECVE-2024-42934 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Critical)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413)
- CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344)
Also includes the following CVEs from MFSA 2024-47 (bsc#1230979)
- CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843)
- CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301)
- CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874)
- CVE-2024-8900: Clipboard write permission bypass (bmo#1872841)
- CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471)
- CVE-2024-9397: Potential directory upload bypass via clickjacking (bmo#1916659)
- CVE-2024-9398: External protocol handlers could be enumerated via popups (bmo#1881037)
- CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service (bmo#1907726)
- CVE-2024-9400: Potential memory corruption during JIT compilation (bmo#1915249)
- CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1916476)
- CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3i (bmo#1872744, bmo#1897792, bmo#1911317, bmo#1913445, bmo#1914106, bmo#1914475, bmo#1914963, bmo#1915008, bmo#1916476)
CriticalSUSE bug 1230979SUSE bug 1231413CVE-2024-8900 at SUSECVE-2024-8900 at NVDCVE-2024-9392 at SUSECVE-2024-9392 at NVDCVE-2024-9393 at SUSECVE-2024-9393 at NVDCVE-2024-9394 at SUSECVE-2024-9394 at NVDCVE-2024-9396 at SUSECVE-2024-9396 at NVDCVE-2024-9397 at SUSECVE-2024-9397 at NVDCVE-2024-9398 at SUSECVE-2024-9398 at NVDCVE-2024-9399 at SUSECVE-2024-9399 at NVDCVE-2024-9400 at SUSECVE-2024-9400 at NVDCVE-2024-9401 at SUSECVE-2024-9401 at NVDCVE-2024-9402 at SUSECVE-2024-9402 at NVDCVE-2024-9680 at SUSECVE-2024-9680 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-51, bsc#1231413):
- CVE-2024-9680: Use-after-free in Animation timeline
Update to Mozilla Thunderbird 128.3 (MFSA 2024-49, bsc#1230979):
- CVE-2024-9392: Compromised content process can bypass site isolation
- CVE-2024-9393: Cross-origin access to PDF contents through multipart responses
- CVE-2024-9394: Cross-origin access to JSON contents through multipart responses
- CVE-2024-8900: Clipboard write permission bypass
- CVE-2024-9396: Potential memory corruption may occur when cloning certain objects
- CVE-2024-9397: Potential directory upload bypass via clickjacking
- CVE-2024-9398: External protocol handlers could be enumerated via popups
- CVE-2024-9399: Specially crafted WebTransport requests could lead to denial of service
- CVE-2024-9400: Potential memory corruption during JIT compilation
- CVE-2024-9401: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
- CVE-2024-9402: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3
Other fixes:
- fixed: Opening an EML file with a 'mailto:' link did not work
- fixed: Collapsed POP3 account folder was expanded after emptying trash on exit
- fixed: 'Mark Folder Read' on a cross-folder search marked all underlying folders read
- fixed: Unable to open/view attached OpenPGP encrypted messages
- fixed: Unable to 'Decrypt and Open' an attached OpenPGP key file
- fixed: Subject could disappear when replying to a message saved in an EML file
- fixed: OAuth2 authentication method was not available when adding SMTP server
- fixed: Unable to subscribe to .ics calendars in some situations
- fixed: Visual and UX improvements
ImportantSUSE bug 1230979SUSE bug 1231413CVE-2024-8900 at SUSECVE-2024-8900 at NVDCVE-2024-9392 at SUSECVE-2024-9392 at NVDCVE-2024-9393 at SUSECVE-2024-9393 at NVDCVE-2024-9394 at SUSECVE-2024-9394 at NVDCVE-2024-9396 at SUSECVE-2024-9396 at NVDCVE-2024-9397 at SUSECVE-2024-9397 at NVDCVE-2024-9398 at SUSECVE-2024-9398 at NVDCVE-2024-9399 at SUSECVE-2024-9399 at NVDCVE-2024-9400 at SUSECVE-2024-9400 at NVDCVE-2024-9401 at SUSECVE-2024-9401 at NVDCVE-2024-9402 at SUSECVE-2024-9402 at NVDCVE-2024-9680 at SUSECVE-2024-9680 at NVDcpe:/o:opensuse:leap:15.5Security update for keepalived (Moderate)openSUSE Leap 15.5
This update for keepalived fixes the following issues:
- CVE-2024-41184: Fixed integer overflow in vrrp_ipsets_handler (bsc#1228123)
ModerateSUSE bug 1228123CVE-2024-41184 at SUSECVE-2024-41184 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-puma (Moderate)openSUSE Leap 15.5
This update for rubygem-puma fixes the following issues:
- CVE-2024-45614: Prevent underscores from clobbering hyphen headers (bsc#1230848).
- CVE-2024-21647: Fixed DoS when parsing chunked Transfer-Encoding bodies (bsc#1218638).
ModerateSUSE bug 1218638SUSE bug 1230848CVE-2024-21647 at SUSECVE-2024-21647 at NVDCVE-2024-45614 at SUSECVE-2024-45614 at NVDcpe:/o:opensuse:leap:15.5Security update for unbound (Moderate)openSUSE Leap 15.5
This update for unbound fixes the following issues:
- CVE-2024-8508: Fixed unbounded name compression that could lead to denial of service (bsc#1231284)
ModerateSUSE bug 1231284CVE-2024-8508 at SUSECVE-2024-8508 at NVDcpe:/o:opensuse:leap:15.5Security update for etcd (Moderate)openSUSE Leap 15.5
This update for etcd fixes the following issues:
Update to version 3.5.12:
Security fixes:
- CVE-2018-16873: Fixed remote command execution in cmd/go (bsc#1118897)
- CVE-2018-16874: Fixed directory traversal in cmd/go (bsc#1118898)
- CVE-2018-16875: Fixed CPU denial of service in crypto/x509 (bsc#1118899)
- CVE-2018-16886: Fixed improper authentication issue when RBAC and client-cert-auth is enabled (bsc#1121850)
- CVE-2020-15106: Fixed panic in decodeRecord method (bsc#1174951)
- CVE-2020-15112: Fixed improper checks in entry index (bsc#1174951)
- CVE-2021-28235: Fixed information discosure via debug function (bsc#1210138)
- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding in net/http (bsc#1208270, bsc#1208297)
- CVE-2023-29406: Fixed insufficient sanitization of Host header in go net/http (bsc#1213229)
- CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (bsc#1217070)
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (aka Terrapin Attack) in crypto/ssh (bsc#1217950, bsc#1218150)
Other changes:
- Added hardening to systemd service(s) (bsc#1181400)
- Fixed static /tmp file issue (bsc#1199031)
- Fixed systemd service not starting (bsc#1183703)
Full changelog:
https://github.com/etcd-io/etcd/compare/v3.3.1...v3.5.12
ModerateSUSE bug 1095184SUSE bug 1118897SUSE bug 1118898SUSE bug 1118899SUSE bug 1121850SUSE bug 1174951SUSE bug 1181400SUSE bug 1183703SUSE bug 1199031SUSE bug 1208270SUSE bug 1208297SUSE bug 1210138SUSE bug 1213229SUSE bug 1217070SUSE bug 1217950SUSE bug 1218150CVE-2018-16873 at SUSECVE-2018-16873 at NVDCVE-2018-16874 at SUSECVE-2018-16874 at NVDCVE-2018-16875 at SUSECVE-2018-16875 at NVDCVE-2018-16886 at SUSECVE-2018-16886 at NVDCVE-2020-15106 at SUSECVE-2020-15106 at NVDCVE-2020-15112 at SUSECVE-2020-15112 at NVDCVE-2021-28235 at SUSECVE-2021-28235 at NVDCVE-2022-41723 at SUSECVE-2022-41723 at NVDCVE-2023-29406 at SUSECVE-2023-29406 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for php8 (Moderate)openSUSE Leap 15.5
This update for php8 fixes the following issues:
- CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360)
- CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358)
- CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382)
ModerateSUSE bug 1231358SUSE bug 1231360SUSE bug 1231382CVE-2024-8925 at SUSECVE-2024-8925 at NVDCVE-2024-8927 at SUSECVE-2024-8927 at NVDCVE-2024-9026 at SUSECVE-2024-9026 at NVDcpe:/o:opensuse:leap:15.5Security update for jetty-minimal (Moderate)openSUSE Leap 15.5
This update for jetty-minimal fixes the following issues:
- CVE-2024-8184: Fixed remote denial-of-service in ThreadLimitHandler.getRemote() (bsc#1231651).
ModerateSUSE bug 1231651CVE-2024-8184 at SUSECVE-2024-8184 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah (Moderate)openSUSE Leap 15.5
This update for buildah fixes the following issues:
- CVE-2024-9675: Fixed arbitrary cache directory mount (bsc#1231499)
ModerateSUSE bug 1231499CVE-2024-9675 at SUSECVE-2024-9675 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Update to Mozilla Thunderbird 128.3.1 (MFSA 2024-52, bsc#1231413):
- CVE-2024-9680: Fixed use-after-free in Animation timeline (bmo#1923344)
ImportantSUSE bug 1231413CVE-2024-9680 at SUSECVE-2024-9680 at NVDcpe:/o:opensuse:leap:15.5Security update for php7 (Moderate)openSUSE Leap 15.5
This update for php7 fixes the following issues:
- CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360)
- CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358)
- CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382)
ModerateSUSE bug 1231358SUSE bug 1231360SUSE bug 1231382CVE-2024-8925 at SUSECVE-2024-8925 at NVDCVE-2024-8927 at SUSECVE-2024-8927 at NVDCVE-2024-9026 at SUSECVE-2024-9026 at NVDcpe:/o:opensuse:leap:15.5Security update for podman (Moderate)openSUSE Leap 15.5
This update for podman fixes the following issues:
- CVE-2024-9675: Fixed cache arbitrary directory mount (bsc#1231499).
- CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208).
The following non-security bug was fixed:
- rootless ipv6 containers can't be started (bsc#1214612).
ModerateSUSE bug 1214612SUSE bug 1231208SUSE bug 1231499CVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDcpe:/o:opensuse:leap:15.5Security update for protobuf (Important)openSUSE Leap 15.5
This update for protobuf fixes the following issues:
- CVE-2024-7254: Fixed stack overflow vulnerability in Protocol Buffer (bsc#1230778)
ImportantSUSE bug 1230778CVE-2024-7254 at SUSECVE-2024-7254 at NVDcpe:/o:opensuse:leap:15.5Security update for podman (Moderate)openSUSE Leap 15.5
This update for podman fixes the following issues:
- CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698)
ModerateSUSE bug 1231698CVE-2024-9676 at SUSECVE-2024-9676 at NVDcpe:/o:opensuse:leap:15.5Security update for buildah (Moderate)openSUSE Leap 15.5
This update for buildah fixes the following issues:
- CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698)
ModerateSUSE bug 1231698CVE-2024-9676 at SUSECVE-2024-9676 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Moderate)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
ModerateSUSE bug 1220262CVE-2023-50782 at SUSECVE-2023-50782 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Important)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
- CVE-2024-41996: Avoid expensive public key validation for known safe-prime groups (DHEATATTACK) (bsc#1230698)
ImportantSUSE bug 1220262SUSE bug 1230698CVE-2023-50782 at SUSECVE-2023-50782 at NVDCVE-2024-41996 at SUSECVE-2024-41996 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22-openssl (Important)openSUSE Leap 15.5
This update for go1.22-openssl fixes the following issues:
This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320)
- Update to version 1.22.7.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.7-1-openssl-fips.
* Update to Go 1.22.7 (#229)
- go1.22.7 (released 2024-09-05) includes security fixes to the
encoding/gob, go/build/constraint, and go/parser packages, as
well as bug fixes to the fix command and the runtime.
CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:
- go#69142 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155)
- go#69144 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156)
- go#69148 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158)
- go#68811 os: TestChtimes failures
- go#68825 cmd/fix: fails to run on modules whose go directive value is in '1.n.m' format introduced in Go 1.21.0
- go#68972 cmd/cgo: aix c-archive corrupting stack
- go1.22.6 (released 2024-08-06) includes fixes to the go command,
the compiler, the linker, the trace command, the covdata command,
and the bytes, go/types, and os/exec packages.
* go#68594 cmd/compile: internal compiler error with zero-size types
* go#68546 cmd/trace/v2: pprof profiles always empty
* go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop
* go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
* go#68370 go/types: assertion failure in recent range statement checking logic
* go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows
* go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race
* go#68222 cmd/go: list with -export and -covermode=atomic fails to build
* go#68198 cmd/link: issues with Xcode 16 beta
- Update to version 1.22.5.3 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-3-openssl-fips.
* Only load openssl if fips == '1'
Avoid loading openssl whenever GOLANG_FIPS is not 1.
Previously only an unset variable would cause the library load
to be skipped, but users may also expect to be able to set eg.
GOLANG_FIPS=0 in environments without openssl.
- Update to version 1.22.5.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-2-openssl-fips.
* Only load OpenSSL when in FIPS mode
- Update to version 1.22.5.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-1-openssl-fips.
* Update to go1.22.5
- go1.22.5 (released 2024-07-02) includes security fixes to the
net/http package, as well as bug fixes to the compiler, cgo, the
go command, the linker, the runtime, and the crypto/tls,
go/types, net, net/http, and os/exec packages.
CVE-2024-24791:
* go#68200 go#67555 bsc#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways
* go#65983 cmd/compile: hash of unhashable type
* go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault()
* go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without '.exe' no longer implicitly adds '.exe' in Go 1.22
* go#67298 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21, stale bounds
* go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders
* go#67798 cmd/compile: internal compiler error: unexpected type: <nil> (<nil>) in for-range
* go#67820 cmd/compile: package-level variable initialization with constant dependencies doesn't match order specified in Go spec
* go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0
* go#67934 net: go DNS resolver fails to connect to local DNS server
* go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure
* go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N)
* go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT))
- Update to version 1.22.4.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.4-1-openssl-fips.
* Update to go1.22.4
- go1.22.4 (released 2024-06-04) includes security fixes to the
archive/zip and net/netip packages, as well as bug fixes to the
compiler, the go command, the linker, the runtime, and the os
package.
CVE-2024-24789 CVE-2024-24790:
* go#67554 go#66869 bsc#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations
* go#67682 go#67680 bsc#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
* go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes
* go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64
* go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21'
* go#67258 runtime: unexpected fault address 0
* go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally
* go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID
* go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections
* go#67460 cmd/compile: internal compiler error: panic with range over integer value
* go#67527 cmd/link: panic: machorelocsect: size mismatch
* go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start
* go#67696 os: RemoveAll susceptible to symlink race
- Update to version 1.22.3.3 cut from the go1.22-fips-release
branch at the revision tagged go1.22.3-3-openssl-fips.
* config: update openssl backend (#201)
- Update to version 1.22.3.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.3-2-openssl-fips.
* patches: restore signature of HashSign/HashVerify (#199)
- Update to version 1.22.3.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.3-1-openssl-fips.
* Update to go1.22.3
* fix: rename patch file
* Backport change https://go-review.googlesource.com/c/go/+/554615 to Go1.22 (#193)
runtime: crash asap and extend total sleep time for slow machine in test
Running with few threads usually does not need 500ms to crash, so let it
crash as soon as possible. While the test may caused more time on slow
machine, try to expand the sleep time in test.
* cmd/go: re-enable CGO for Go toolchain commands (#190)
* crypto/ecdsa: Restore HashSign and HashVerify (#189)
- go1.22.3 (released 2024-05-07) includes security fixes to the go
command and the net package, as well as bug fixes to the
compiler, the runtime, and the net/http package.
CVE-2024-24787 CVE-2024-24788:
* go#67122 go#67119 bsc#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin
* go#67040 go#66754 bsc#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode
* go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
* go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE
* go#66886 runtime: deterministic fallback hashes across process boundary
* go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net@v0.23.0
- Update to version 1.22.2.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.2-1-openssl-fips.
* Update to go1.22.2
- go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the go
command, the linker, and the encoding/gob, go/types, net/http,
and runtime/trace packages.
CVE-2023-45288:
* go#66298 go#65051 bsc#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers
* go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1
* go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation
* go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64
* go#66134 cmd/compile: go test . results in CLOSURE ... <unknown line number>: internal compiler error: assertion failed
* go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument
* go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is *ir.ConvExpr, not *ir.IndexExpr
* go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows
* go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock
* go#66256 cmd/go: git shallow fetches broken at CL 556358
* go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22
* go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le
- Update to version 1.22.1.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.1-2-openssl-fips.
* config: Update openssl v2 module (#178)
- Remove subpackage go1.x-openssl-libstd for compiled shared object
libstd.so.
* Continue to build experimental libstd only on go1.x Tumbleweed.
* Removal fixes build errors on go1.x-openssl Factory and ALP.
* Use of libstd.so is experimental and not recommended for
general use, Go currently has no ABI.
* Feature go build -buildmode=shared is deprecated by upstream,
but not yet removed.
- Initial package go1.22-openssl version 1.22.1.1 cut from the
go1.22-fips-release branch at the revision tagged
go1.22.1-1-openssl-fips.
* Go upstream merged branch dev.boringcrypto in go1.19+.
* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.
* In go1.x-openssl enable FIPS mode (or boring mode as the
package is named) either via an environment variable
GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.
* When the operating system is operating in FIPS mode, Go
applications which import crypto/tls/fipsonly limit operations
to the FIPS ciphersuite.
* go1.x-openssl is delivered as two large patches to go1.x
applying necessary modifications from the golang-fips/go GitHub
project for the Go crypto library to use OpenSSL as the
external cryptographic library in a FIPS compliant way.
* go1.x-openssl modifies the crypto/* packages to use OpenSSL for
cryptographic operations.
* go1.x-openssl uses dlopen() to call into OpenSSL.
* SUSE RPM packaging introduces a fourth version digit go1.x.y.z
corresponding to the golang-fips/go patchset tagged revision.
* Patchset improvements can be updated independently of upstream
Go maintenance releases.
- go1.22.1 (released 2024-03-05) includes security fixes to the
crypto/x509, html/template, net/http, net/http/cookiejar, and
net/mail packages, as well as bug fixes to the compiler, the go
command, the runtime, the trace command, and the go/types and
net/http packages.
CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785:
* go#65831 go#65390 bsc#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
* go#65849 go#65083 bsc#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
* go#65850 go#65383 bsc#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
* go#65859 go#65065 bsc#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* go#65969 go#65697 bsc#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
* go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
* go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
* go#65474 internal/testenv: support LUCI mobile builders in testenv tests
* go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
* go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
* go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
* go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
* go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
* go#65728 go/types: nil pointer dereference in Alias.Underlying()
* go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
* go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
* go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
* go#65852 cmd/go: 'missing ziphash' error with go.work
* go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms
* bsc#1219988 ensure VERSION file is present in GOROOT
as required by go tool dist and go tool distpack
- go1.22 (released 2024-02-06) is a major release of Go.
go1.22.x minor releases will be provided through February 2024.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.22 arrives six months after go1.21. Most of its changes are
in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of
compatibility. We expect almost all Go programs to continue to
compile and run as before.
* Language change: go1.22 makes two changes to for loops.
Previously, the variables declared by a for loop were created
once and updated by each iteration. In go1.22, each iteration
of the loop creates new variables, to avoid accidental sharing
bugs. The transition support tooling described in the proposal
continues to work in the same way it did in Go 1.21.
* Language change: For loops may now range over integers
* Language change: go1.22 includes a preview of a language change
we are considering for a future version of Go:
range-over-function iterators. Building with
GOEXPERIMENT=rangefunc enables this feature.
* go command: Commands in workspaces can now use a vendor
directory containing the dependencies of the workspace. The
directory is created by go work vendor, and used by build
commands when the -mod flag is set to vendor, which is the
default when a workspace vendor directory is present. Note
that the vendor directory's contents for a workspace are
different from those of a single module: if the directory at
the root of a workspace also contains one of the modules in the
workspace, its vendor directory can contain the dependencies of
either the workspace or of the module, but not both.
* go get is no longer supported outside of a module in the legacy
GOPATH mode (that is, with GO111MODULE=off). Other build
commands, such as go build and go test, will continue to work
indefinitely for legacy GOPATH programs.
* go mod init no longer attempts to import module requirements
from configuration files for other vendoring tools (such as
Gopkg.lock).
* go test -cover now prints coverage summaries for covered
packages that do not have their own test files. Prior to Go
1.22 a go test -cover run for such a package would report: ?
mymod/mypack [no test files] and now with go1.22, functions in
the package are treated as uncovered: mymod/mypack coverage:
0.0% of statements Note that if a package contains no
executable code at all, we can't report a meaningful coverage
percentage; for such packages the go tool will continue to
report that there are no test files.
* trace: The trace tool's web UI has been gently refreshed as
part of the work to support the new tracer, resolving several
issues and improving the readability of various sub-pages. The
web UI now supports exploring traces in a thread-oriented
view. The trace viewer also now displays the full duration of
all system calls. These improvements only apply for viewing
traces produced by programs built with go1.22 or newer. A
future release will bring some of these improvements to traces
produced by older version of Go.
* vet: References to loop variables The behavior of the vet tool
has changed to match the new semantics (see above) of loop
variables in go1.22. When analyzing a file that requires go1.22
or newer (due to its go.mod file or a per-file build
constraint), vetcode> no longer reports references to loop
variables from within a function literal that might outlive the
iteration of the loop. In Go 1.22, loop variables are created
anew for each iteration, so such references are no longer at
risk of using a variable after it has been updated by the loop.
* vet: New warnings for missing values after append The vet tool
now reports calls to append that pass no values to be appended
to the slice, such as slice = append(slice). Such a statement
has no effect, and experience has shown that is nearly always a
mistake.
* vet: New warnings for deferring time.Since The vet tool now
reports a non-deferred call to time.Since(t) within a defer
statement. This is equivalent to calling time.Now().Sub(t)
before the defer statement, not when the deferred function is
called. In nearly all cases, the correct code requires
deferring the time.Since call.
* vet: New warnings for mismatched key-value pairs in log/slog
calls The vet tool now reports invalid arguments in calls to
functions and methods in the structured logging package,
log/slog, that accept alternating key/value pairs. It reports
calls where an argument in a key position is neither a string
nor a slog.Attr, and where a final key is missing its value.
* runtime: The runtime now keeps type-based garbage collection
metadata nearer to each heap object, improving the CPU
performance (latency or throughput) of Go programs by
1-3%. This change also reduces the memory overhead of the
majority Go programs by approximately 1% by deduplicating
redundant metadata. Some programs may see a smaller improvement
because this change adjusts the size class boundaries of the
memory allocator, so some objects may be moved up a size class.
A consequence of this change is that some objects' addresses
that were previously always aligned to a 16 byte (or higher)
boundary will now only be aligned to an 8 byte boundary. Some
programs that use assembly instructions that require memory
addresses to be more than 8-byte aligned and rely on the memory
allocator's previous alignment behavior may break, but we
expect such programs to be rare. Such programs may be built
with GOEXPERIMENT=noallocheaders to revert to the old metadata
layout and restore the previous alignment behavior, but package
owners should update their assembly code to avoid the alignment
assumption, as this workaround will be removed in a future
release.
* runtime: On the windows/amd64 port, programs linking or loading
Go libraries built with -buildmode=c-archive or
-buildmode=c-shared can now use the SetUnhandledExceptionFilter
Win32 function to catch exceptions not handled by the Go
runtime. Note that this was already supported on the
windows/386 port.
* compiler: Profile-guided Optimization (PGO) builds can now
devirtualize a higher proportion of calls than previously
possible. Most programs from a representative set of Go
programs now see between 2 and 14% improvement from enabling
PGO.
* compiler: The compiler now interleaves devirtualization and
inlining, so interface method calls are better optimized.
* compiler: go1.22 also includes a preview of an enhanced
implementation of the compiler's inlining phase that uses
heuristics to boost inlinability at call sites deemed
'important' (for example, in loops) and discourage inlining at
call sites deemed 'unimportant' (for example, on panic
paths). Building with GOEXPERIMENT=newinliner enables the new
call-site heuristics; see issue #61502 for more info and to
provide feedback.
* linker: The linker's -s and -w flags are now behave more
consistently across all platforms. The -w flag suppresses DWARF
debug information generation. The -s flag suppresses symbol
table generation. The -s flag also implies the -w flag, which
can be negated with -w=0. That is, -s -w=0 will generate a
binary with DWARF debug information generation but without the
symbol table.
* linker: On ELF platforms, the -B linker flag now accepts a
special form: with -B gobuildid, the linker will generate a GNU
build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go
build ID.
* linker: On Windows, when building with -linkmode=internal, the
linker now preserves SEH information from C object files by
copying the .pdata and .xdata sections into the final
binary. This helps with debugging and profiling binaries using
native tools, such as WinDbg. Note that until now, C functions'
SEH exception handlers were not being honored, so this change
may cause some programs to behave differently.
-linkmode=external is not affected by this change, as external
linkers already preserve SEH information.
* bootstrap: As mentioned in the Go 1.20 release notes, go1.22
now requires the final point release of Go 1.20 or later for
bootstrap. We expect that Go 1.24 will require the final point
release of go1.22 or later for bootstrap.
* core library: New math/rand/v2 package: go1.22 includes the
first “v2” package in the standard library, math/rand/v2. The
changes compared to math/rand are detailed in proposal
go#61716. The most important changes are:
- The Read method, deprecated in math/rand, was not carried
forward for math/rand/v2. (It remains available in
math/rand.) The vast majority of calls to Read should use
crypto/rand’s Read instead. Otherwise a custom Read can be
constructed using the Uint64 method.
- The global generator accessed by top-level functions is
unconditionally randomly seeded. Because the API guarantees
no fixed sequence of results, optimizations like per-thread
random generator states are now possible.
- The Source interface now has a single Uint64 method; there is
no Source64 interface.
- Many methods now use faster algorithms that were not possible
to adopt in math/rand because they changed the output
streams.
- The Intn, Int31, Int31n, Int63, and Int64n top-level
functions and methods from math/rand are spelled more
idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64,
and Int64N. There are also new top-level functions and
methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN.
- The new generic function N is like Int64N or Uint64N but
works for any integer type. For example a random duration
from 0 up to 5 minutes is rand.N(5*time.Minute).
- The Mitchell & Reeds LFSR generator provided by math/rand’s
Source has been replaced by two more modern pseudo-random
generator sources: ChaCha8 PCG. ChaCha8 is a new,
cryptographically strong random number generator roughly
similar to PCG in efficiency. ChaCha8 is the algorithm used
for the top-level functions in math/rand/v2. As of go1.22,
math/rand's top-level functions (when not explicitly seeded)
and the Go runtime also use ChaCha8 for randomness.
- We plan to include an API migration tool in a future release,
likely Go 1.23.
* core library: New go/version package: The new go/version
package implements functions for validating and comparing Go
version strings.
* core library: Enhanced routing patterns: HTTP routing in the
standard library is now more expressive. The patterns used by
net/http.ServeMux have been enhanced to accept methods and
wildcards. This change breaks backwards compatibility in small
ways, some obvious—patterns with '{' and '}' behave
differently— and some less so—treatment of escaped paths has
been improved. The change is controlled by a GODEBUG field
named httpmuxgo121. Set httpmuxgo121=1 to restore the old
behavior.
* Minor changes to the library As always, there are various minor
changes and updates to the library, made with the Go 1 promise
of compatibility in mind. There are also various performance
improvements, not enumerated here.
* archive/tar: The new method Writer.AddFS adds all of the files
from an fs.FS to the archive.
* archive/zip: The new method Writer.AddFS adds all of the files
from an fs.FS to the archive.
* bufio: When a SplitFunc returns ErrFinalToken with a nil token,
Scanner will now stop immediately. Previously, it would report
a final empty token before stopping, which was usually not
desired. Callers that do want to report a final empty token can
do so by returning []byte{} rather than nil.
* cmp: The new function Or returns the first in a sequence of
values that is not the zero value.
* crypto/tls: ConnectionState.ExportKeyingMaterial will now
return an error unless TLS 1.3 is in use, or the
extended_master_secret extension is supported by both the
server and client. crypto/tls has supported this extension
since Go 1.20. This can be disabled with the tlsunsafeekm=1
GODEBUG setting.
* crypto/tls: By default, the minimum version offered by
crypto/tls servers is now TLS 1.2 if not specified with
config.MinimumVersion, matching the behavior of crypto/tls
clients. This change can be reverted with the tls10server=1
GODEBUG setting.
* crypto/tls: By default, cipher suites without ECDHE support are
no longer offered by either clients or servers during pre-TLS
1.3 handshakes. This change can be reverted with the
tlsrsakex=1 GODEBUG setting.
* crypto/x509: The new CertPool.AddCertWithConstraint method can
be used to add customized constraints to root certificates to
be applied during chain building.
* crypto/x509: On Android, root certificates will now be loaded
from /data/misc/keychain/certs-added as well as
/system/etc/security/cacerts.
* crypto/x509: A new type, OID, supports ASN.1 Object Identifiers
with individual components larger than 31 bits. A new field
which uses this type, Policies, is added to the Certificate
struct, and is now populated during parsing. Any OIDs which
cannot be represented using a asn1.ObjectIdentifier will appear
in Policies, but not in the old PolicyIdentifiers field. When
calling CreateCertificate, the Policies field is ignored, and
policies are taken from the PolicyIdentifiers field. Using the
x509usepolicies=1 GODEBUG setting inverts this, populating
certificate policies from the Policies field, and ignoring the
PolicyIdentifiers field. We may change the default value of
x509usepolicies in Go 1.23, making Policies the default field
for marshaling.
* database/sql: The new Null[T] type provide a way to scan
nullable columns for any column types.
* debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64
systems. Additional R_LARCH_* constants are defined for use
with LoongArch systems.
* encoding: The new methods AppendEncode and AppendDecode added
to each of the Encoding types in the packages encoding/base32,
encoding/base64, and encoding/hex simplify encoding and
decoding from and to byte slices by taking care of byte slice
buffer management.
* encoding: The methods base32.Encoding.WithPadding and
base64.Encoding.WithPadding now panic if the padding argument
is a negative value other than NoPadding.
* encoding/json: Marshaling and encoding functionality now
escapes '\b' and '\f' characters as \b and \f instead of \u0008
and \u000c.
* go/ast: The following declarations related to syntactic
identifier resolution are now deprecated: Ident.Obj, Object,
Scope, File.Scope, File.Unresolved, Importer, Package,
NewPackage. In general, identifiers cannot be accurately
resolved without type information. Consider, for example, the
identifier K in T{K: ''}: it could be the name of a local
variable if T is a map type, or the name of a field if T is a
struct type. New programs should use the go/types package to
resolve identifiers; see Object, Info.Uses, and Info.Defs for
details.
* go/ast: The new ast.Unparen function removes any enclosing
parentheses from an expression.
* go/types: The new Alias type represents type
aliases. Previously, type aliases were not represented
explicitly, so a reference to a type alias was equivalent to
spelling out the aliased type, and the name of the alias was
lost. The new representation retains the intermediate
Alias. This enables improved error reporting (the name of a
type alias can be reported), and allows for better handling of
cyclic type declarations involving type aliases. In a future
release, Alias types will also carry type parameter
information. The new function Unalias returns the actual type
denoted by an Alias type (or any other Type for that matter).
* go/types: Because Alias types may break existing type switches
that do not know to check for them, this functionality is
controlled by a GODEBUG field named gotypesalias. With
gotypesalias=0, everything behaves as before, and Alias types
are never created. With gotypesalias=1, Alias types are created
and clients must expect them. The default is gotypesalias=0. In
a future release, the default will be changed to
gotypesalias=1. Clients of go/types are urged to adjust their
code as soon as possible to work with gotypesalias=1 to
eliminate problems early.
* go/types: The Info struct now exports the FileVersions map
which provides per-file Go version information.
* go/types: The new helper method PkgNameOf returns the local
package name for the given import declaration.
* go/types: The implementation of SizesFor has been adjusted to
compute the same type sizes as the compiler when the compiler
argument for SizesFor is 'gc'. The default Sizes implementation
used by the type checker is now types.SizesFor('gc', 'amd64').
* go/types: The start position (Pos) of the lexical environment
block (Scope) that represents a function body has changed: it
used to start at the opening curly brace of the function body,
but now starts at the function's func token.
* html/template: Javascript template literals may now contain Go
template actions, and parsing a template containing one will no
longer return ErrJSTemplate. Similarly the GODEBUG setting
jstmpllitinterp no longer has any effect.
* io: The new SectionReader.Outer method returns the ReaderAt,
offset, and size passed to NewSectionReader.
* log/slog: The new SetLogLoggerLevel function controls the level
for the bridge between the `slog` and `log` packages. It sets
the minimum level for calls to the top-level `slog` logging
functions, and it sets the level for calls to `log.Logger` that
go through `slog`.
* math/big: The new method Rat.FloatPrec computes the number of
fractional decimal digits required to represent a rational
number accurately as a floating-point number, and whether
accurate decimal representation is possible in the first place.
* net: When io.Copy copies from a TCPConn to a UnixConn, it will
now use Linux's splice(2) system call if possible, using the
new method TCPConn.WriteTo.
* net: The Go DNS Resolver, used when building with
'-tags=netgo', now searches for a matching name in the Windows
hosts file, located at %SystemRoot%\System32\drivers\etc\hosts,
before making a DNS query.
* net/http: The new functions ServeFileFS, FileServerFS, and
NewFileTransportFS are versions of the existing ServeFile,
FileServer, and NewFileTransport, operating on an fs.FS.
* net/http: The HTTP server and client now reject requests and
responses containing an invalid empty Content-Length
header. The previous behavior may be restored by setting
GODEBUG field httplaxcontentlength=1.
* net/http: The new method Request.PathValue returns path
wildcard values from a request and the new method
Request.SetPathValue sets path wildcard values on a request.
* net/http/cgi: When executing a CGI process, the PATH_INFO
variable is now always set to the empty string or a value
starting with a / character, as required by RFC 3875. It was
previously possible for some combinations of Handler.Root and
request URL to violate this requirement.
* net/netip: The new AddrPort.Compare method compares two
AddrPorts.
* os: On Windows, the Stat function now follows all reparse
points that link to another named entity in the system. It was
previously only following IO_REPARSE_TAG_SYMLINK and
IO_REPARSE_TAG_MOUNT_POINT reparse points.
* os: On Windows, passing O_SYNC to OpenFile now causes write
operations to go directly to disk, equivalent to O_SYNC on Unix
platforms.
* os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and
File.Readdirnames functions now read directory entries in
batches to reduce the number of system calls, improving
performance up to 30%.
* os: When io.Copy copies from a File to a net.UnixConn, it will
now use Linux's sendfile(2) system call if possible, using the
new method File.WriteTo.
* os/exec: On Windows, LookPath now ignores empty entries
in %PATH%, and returns ErrNotFound (instead of ErrNotExist)
if no executable file extension is found to resolve an
otherwise-unambiguous name.
* os/exec: On Windows, Command and Cmd.Start no longer call
LookPath if the path to the executable is already absolute and
has an executable file extension. In addition, Cmd.Start no
longer writes the resolved extension back to the Path field, so
it is now safe to call the String method concurrently with a
call to Start.
* reflect: The Value.IsZero method will now return true for a
floating-point or complex negative zero, and will return true
for a struct value if a blank field (a field named _) somehow
has a non-zero value. These changes make IsZero consistent with
comparing a value to zero using the language == operator.
* reflect: The PtrTo function is deprecated, in favor of
PointerTo.
* reflect: The new function TypeFor returns the Type that
represents the type argument T. Previously, to get the
reflect.Type value for a type, one had to use
reflect.TypeOf((*T)(nil)).Elem(). This may now be written as
reflect.TypeFor[T]().
* runtime/metrics: Four new histogram metrics
/sched/pauses/stopping/gc:seconds,
/sched/pauses/stopping/other:seconds,
/sched/pauses/total/gc:seconds, and
/sched/pauses/total/other:seconds provide additional details
about stop-the-world pauses. The 'stopping' metrics report the
time taken from deciding to stop the world until all goroutines
are stopped. The 'total' metrics report the time taken from
deciding to stop the world until it is started again.
* runtime/metrics: The /gc/pauses:seconds metric is deprecated,
as it is equivalent to the new /sched/pauses/total/gc:seconds
metric.
* runtime/metrics: /sync/mutex/wait/total:seconds now includes
contention on runtime-internal locks in addition to sync.Mutex
and sync.RWMutex.
* runtime/pprof: Mutex profiles now scale contention by the
number of goroutines blocked on the mutex. This provides a more
accurate representation of the degree to which a mutex is a
bottleneck in a Go program. For instance, if 100 goroutines are
blocked on a mutex for 10 milliseconds, a mutex profile will
now record 1 second of delay instead of 10 milliseconds of
delay.
* runtime/pprof: Mutex profiles also now include contention on
runtime-internal locks in addition to sync.Mutex and
sync.RWMutex. Contention on runtime-internal locks is always
reported at runtime._LostContendedRuntimeLock. A future release
will add complete stack traces in these cases.
* runtime/pprof: CPU profiles on Darwin platforms now contain the
process's memory map, enabling the disassembly view in the
pprof tool.
* runtime/trace: The execution tracer has been completely
overhauled in this release, resolving several long-standing
issues and paving the way for new use-cases for execution
traces.
* runtime/trace: Execution traces now use the operating system's
clock on most platforms (Windows excluded) so it is possible to
correlate them with traces produced by lower-level
components. Execution traces no longer depend on the
reliability of the platform's clock to produce a correct
trace. Execution traces are now partitioned regularly
on-the-fly and as a result may be processed in a streamable
way. Execution traces now contain complete durations for all
system calls. Execution traces now contain information about
the operating system threads that goroutines executed on. The
latency impact of starting and stopping execution traces has
been dramatically reduced. Execution traces may now begin or
end during the garbage collection mark phase.
* runtime/trace: To allow Go developers to take advantage of
these improvements, an experimental trace reading package is
available at golang.org/x/exp/trace. Note that this package
only works on traces produced by programs built with go1.22 at
the moment. Please try out the package and provide feedback on
the corresponding proposal issue.
* runtime/trace: If you experience any issues with the new
execution tracer implementation, you may switch back to the old
implementation by building your Go program with
GOEXPERIMENT=noexectracer2. If you do, please file an issue,
otherwise this option will be removed in a future release.
* slices: The new function Concat concatenates multiple slices.
* slices: Functions that shrink the size of a slice (Delete,
DeleteFunc, Compact, CompactFunc, and Replace) now zero the
elements between the new length and the old length.
* slices: Insert now always panics if the argument i is out of
range. Previously it did not panic in this situation if there
were no elements to be inserted.
* syscall: The syscall package has been frozen since Go 1.4 and
was marked as deprecated in Go 1.11, causing many editors to
warn about any use of the package. However, some non-deprecated
functionality requires use of the syscall package, such as the
os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints
on such code, the syscall package is no longer marked as
deprecated. The package remains frozen to most new
functionality, and new code remains encouraged to use
golang.org/x/sys/unix or golang.org/x/sys/windows where
possible.
* syscall: On Linux, the new SysProcAttr.PidFD field allows
obtaining a PID FD when starting a child process via
StartProcess or os/exec.
* syscall: On Windows, passing O_SYNC to Open now causes write
operations to go directly to disk, equivalent to O_SYNC on Unix
platforms.
* testing/slogtest: The new Run function uses sub-tests to run
test cases, providing finer-grained control.
* Ports: Darwin: On macOS on 64-bit x86 architecture (the
darwin/amd64 port), the Go toolchain now generates
position-independent executables (PIE) by default. Non-PIE
binaries can be generated by specifying the -buildmode=exe
build flag. On 64-bit ARM-based macOS (the darwin/arm64 port),
the Go toolchain already generates PIE by default. go1.22 is
the last release that will run on macOS 10.15 Catalina. Go 1.23
will require macOS 11 Big Sur or later.
* Ports: Arm: The GOARM environment variable now allows you to
select whether to use software or hardware floating
point. Previously, valid GOARM values were 5, 6, or 7. Now
those same values can be optionally followed by ,softfloat or
,hardfloat to select the floating-point implementation. This
new option defaults to softfloat for version 5 and hardfloat
for versions 6 and 7.
* Ports: Loong64: The loong64 port now supports passing function
arguments and results using registers. The linux/loong64 port
now supports the address sanitizer, memory sanitizer, new-style
linker relocations, and the plugin build mode.
* OpenBSD go1.22 adds an experimental port to OpenBSD on
big-endian 64-bit PowerPC (openbsd/ppc64).
ImportantSUSE bug 1218424SUSE bug 1219988SUSE bug 1220999SUSE bug 1221000SUSE bug 1221001SUSE bug 1221002SUSE bug 1221003SUSE bug 1221400SUSE bug 1224017SUSE bug 1224018SUSE bug 1225973SUSE bug 1225974SUSE bug 1227314SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2023-45288 at SUSECVE-2023-45288 at NVDCVE-2023-45289 at SUSECVE-2023-45289 at NVDCVE-2023-45290 at SUSECVE-2023-45290 at NVDCVE-2024-24783 at SUSECVE-2024-24783 at NVDCVE-2024-24784 at SUSECVE-2024-24784 at NVDCVE-2024-24785 at SUSECVE-2024-24785 at NVDCVE-2024-24787 at SUSECVE-2024-24787 at NVDCVE-2024-24788 at SUSECVE-2024-24788 at NVDCVE-2024-24789 at SUSECVE-2024-24789 at NVDCVE-2024-24790 at SUSECVE-2024-24790 at NVDCVE-2024-24791 at SUSECVE-2024-24791 at NVDCVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.23-openssl (Important)openSUSE Leap 15.5
This update for go1.23-openssl fixes the following issues:
This update ships go1.23-openssl version 1.23.2.2. (jsc#SLE-18320)
- go1.23.2 (released 2024-10-01) includes fixes to the compiler,
cgo, the runtime, and the maps, os, os/exec, time, and unique
packages.
* go#69119 os: double close pidfd if caller uses pidfd updated by os.StartProcess
* go#69156 maps: segmentation violation in maps.Clone
* go#69219 cmd/cgo: alignment issue with int128 inside of a struct
* go#69240 unique: fatal error: found pointer to free object
* go#69333 runtime,time: timer.Stop returns false even when no value is read from the channel
* go#69383 unique: large string still referenced, after interning only a small substring
* go#69402 os/exec: resource leak on exec failure
* go#69511 cmd/compile: mysterious crashes and non-determinism with range over func
- Update to version 1.23.1.1 cut from the go1.23-fips-release
branch at the revision tagged go1.23.1-1-openssl-fips.
* Update to Go 1.23.1 (#238)
- go1.23.1 (released 2024-09-05) includes security fixes to the
encoding/gob, go/build/constraint, and go/parser packages, as
well as bug fixes to the compiler, the go command, the runtime,
and the database/sql, go/types, os, runtime/trace, and unique
packages.
CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:
- go#69143 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions
- go#69145 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode
- go#69149 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse
- go#68812 os: TestChtimes failures
- go#68894 go/types: 'under' panics on Alias type
- go#68905 cmd/compile: error in Go 1.23.0 with generics, type aliases and indexing
- go#68907 os: CopyFS overwrites existing file in destination.
- go#68973 cmd/cgo: aix c-archive corrupting stack
- go#68992 unique: panic when calling unique.Make with string casted as any
- go#68994 cmd/go: any invocation creates read-only telemetry configuration file under GOMODCACHE
- go#68995 cmd/go: multi-arch build via qemu fails to exec go binary
- go#69041 database/sql: panic in database/sql.(*connRequestSet).deleteIndex
- go#69087 runtime/trace: crash during traceAdvance when collecting call stack for cgo-calling goroutine
- go#69094 cmd/go: breaking change in 1.23rc2 with version constraints in GOPATH mode
- go1.23 (released 2024-08-13) is a major release of Go.
go1.23.x minor releases will be provided through August 2025.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.23 arrives six months after go1.22. Most of its changes are
in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of
compatibility. We expect almost all Go programs to continue to
compile and run as before.
* Language change: Go 1.23 makes the (Go 1.22) 'range-over-func'
experiment a part of the language. The 'range' clause in a
'for-range' loop now accepts iterator functions of the
following types:
func(func() bool)
func(func(K) bool)
func(func(K, V) bool)
as range expressions. Calls of the iterator argument function
produce the iteration values for the 'for-range' loop. For
details see the iter package documentation and the language
spec. For motivation see the 2022 'range-over-func' discussion.
* Language change: Go 1.23 includes preview support for generic
type aliases. Building the toolchain with
GOEXPERIMENT=aliastypeparams enables this feature within a
package. (Using generic alias types across package boundaries
is not yet supported.)
* Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can
collect usage and breakage statistics that help the Go team
understand how the Go toolchain is used and how well it is
working. We refer to these statistics as Go telemetry.
Go telemetry is an opt-in system, controlled by the go
telemetry command. By default, the toolchain programs collect
statistics in counter files that can be inspected locally but
are otherwise unused (go telemetry local).
To help us keep Go working well and understand Go usage, please
consider opting in to Go telemetry by running go telemetry
on. In that mode, anonymous counter reports are uploaded to
telemetry.go.dev weekly, where they are aggregated into graphs
and also made available for download by any Go contributors or
users wanting to analyze the data. See 'Go Telemetry' for more
details about the Go Telemetry system.
* go command: Setting the GOROOT_FINAL environment variable no
longer has an effect (#62047). Distributions that install the
go command to a location other than $GOROOT/bin/go should
install a symlink instead of relocating or copying the go
binary.
* go command: The new go env -changed flag causes the command to
print only those settings whose effective value differs from
the default value that would be obtained in an empty
environment with no prior uses of the -w flag.
* go command: The new go mod tidy -diff flag causes the command
not to modify the files but instead print the necessary changes
as a unified diff. It exits with a non-zero code if updates are
needed.
* go command: The go list -m -json command now includes new Sum
and GoModSum fields. This is similar to the existing behavior
of the go mod download -json command.
* go command: The new godebug directive in go.mod and go.work
declares a GODEBUG setting to apply for the work module or
workspace in use.
* go vet: The go vet subcommand now includes the stdversion
analyzer, which flags references to symbols that are too new
for the version of Go in effect in the referring file. (The
effective version is determined by the go directive in the
file's enclosing go.mod file, and by any //go:build constraints
in the file.)
For example, it will report a diagnostic for a reference to the
reflect.TypeFor function (introduced in go1.22) from a file in
a module whose go.mod file specifies go 1.21.
* cgo: cmd/cgo supports the new -ldflags flag for passing flags
to the C linker. The go command uses it automatically, avoiding
'argument list too long' errors with a very large CGO_LDFLAGS.
* go trace: The trace tool now better tolerates partially broken
traces by attempting to recover what trace data it can. This
functionality is particularly helpful when viewing a trace that
was collected during a program crash, since the trace data
leading up to the crash will now be recoverable under most
circumstances.
* Runtime: The traceback printed by the runtime after an
unhandled panic or other fatal error now indents the second and
subsequent lines of the error message (for example, the
argument to panic) by a single tab, so that it can be
unambiguously distinguished from the stack trace of the first
goroutine. See go#64590 for discussion.
* Compiler: The build time overhead to building with Profile
Guided Optimization has been reduced significantly. Previously,
large builds could see 100%+ build time increase from enabling
PGO. In Go 1.23, overhead should be in the single digit
percentages.
* Compiler: The compiler in Go 1.23 can now overlap the stack
frame slots of local variables accessed in disjoint regions of
a function, which reduces stack usage for Go applications.
* Compiler: For 386 and amd64, the compiler will use information
from PGO to align certain hot blocks in loops. This improves
performance an additional 1-1.5% at a cost of an additional
0.1% text and binary size. This is currently only implemented
on 386 and amd64 because it has not shown an improvement on
other platforms. Hot block alignment can be disabled with
-gcflags=[<packages>=]-d=alignhot=0.
* Linker: The linker now disallows using a //go:linkname
directive to refer to internal symbols in the standard library
(including the runtime) that are not marked with //go:linkname
on their definitions. Similarly, the linker disallows
references to such symbols from assembly code. For backward
compatibility, existing usages of //go:linkname found in a
large open-source code corpus remain supported. Any new
references to standard library internal symbols will be
disallowed.
* Linker: A linker command line flag -checklinkname=0 can be used
to disable this check, for debugging and experimenting
purposes.
* Linker: When building a dynamically linked ELF binary
(including PIE binary), the new -bindnow flag enables immediate
function binding.
* Standard library changes:
* timer: 1.23 makes two significant changes to the implementation
of time.Timer and time.Ticker.
First, Timers and Tickers that are no longer referred to by the
program become eligible for garbage collection immediately,
even if their Stop methods have not been called. Earlier
versions of Go did not collect unstopped Timers until after
they had fired and never collected unstopped Tickers.
Second, the timer channel associated with a Timer or Ticker is
now unbuffered, with capacity 0. The main effect of this change
is that Go now guarantees that for any call to a Reset or Stop
method, no stale values prepared before that call will be sent
or received after the call. Earlier versions of Go used
channels with a one-element buffer, making it difficult to use
Reset and Stop correctly. A visible effect of this change is
that len and cap of timer channels now returns 0 instead of 1,
which may affect programs that poll the length to decide
whether a receive on the timer channel will succeed. Such code
should use a non-blocking receive instead.
These new behaviors are only enabled when the main Go program
is in a module with a go.mod go line using Go 1.23.0 or
later. When Go 1.23 builds older programs, the old behaviors
remain in effect. The new GODEBUG setting asynctimerchan=1 can
be used to revert back to asynchronous channel behaviors even
when a program names Go 1.23.0 or later in its go.mod file.
* unique: The new unique package provides facilities for
canonicalizing values (like 'interning' or 'hash-consing').
Any value of comparable type may be canonicalized with the new
Make[T] function, which produces a reference to a canonical
copy of the value in the form of a Handle[T]. Two Handle[T] are
equal if and only if the values used to produce the handles are
equal, allowing programs to deduplicate values and reduce their
memory footprint. Comparing two Handle[T] values is efficient,
reducing down to a simple pointer comparison.
* iter: The new iter package provides the basic definitions for
working with user-defined iterators.
* slices: The slices package adds several functions that work
with iterators:
- All returns an iterator over slice indexes and values.
- Values returns an iterator over slice elements.
- Backward returns an iterator that loops over a slice backward.
- Collect collects values from an iterator into a new slice.
- AppendSeq appends values from an iterator to an existing slice.
- Sorted collects values from an iterator into a new slice, and then sorts the slice.
- SortedFunc is like Sorted but with a comparison function.
- SortedStableFunc is like SortFunc but uses a stable sort algorithm.
- Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice.
* maps: The maps package adds several functions that work with
iterators:
- All returns an iterator over key-value pairs from a map.
- Keys returns an iterator over keys in a map.
- Values returns an iterator over values in a map.
- Insert adds the key-value pairs from an iterator to an existing map.
- Collect collects key-value pairs from an iterator into a new map and returns it.
* structs: The new structs package provides types for struct
fields that modify properties of the containing struct type
such as memory layout.
In this release, the only such type is HostLayout which
indicates that a structure with a field of that type has a
layout that conforms to host platform expectations.
* Minor changes to the standard library: As always, there are
various minor changes and updates to the library, made with the
Go 1 promise of compatibility in mind.
* archive/tar: If the argument to FileInfoHeader implements the
new FileInfoNames interface, then the interface methods will be
used to set the Uname/Gname of the file header. This allows
applications to override the system-dependent Uname/Gname
lookup.
* crypto/tls: The TLS client now supports the Encrypted Client
Hello draft specification. This feature can be enabled by
setting the Config.EncryptedClientHelloConfigList field to an
encoded ECHConfigList for the host that is being connected to.
* crypto/tls: The QUICConn type used by QUIC implementations
includes new events reporting on the state of session
resumption, and provides a way for the QUIC layer to add data
to session tickets and session cache entries.
* crypto/tls: 3DES cipher suites were removed from the default
list used when Config.CipherSuites is nil. The default can be
reverted by adding tls3des=1 to the GODEBUG environment
variable.
* crypto/tls: The experimental post-quantum key exchange
mechanism X25519Kyber768Draft00 is now enabled by default when
Config.CurvePreferences is nil. The default can be reverted by
adding tlskyber=0 to the GODEBUG environment variable.
* crypto/tls: Go 1.23 changed the behavior of X509KeyPair and
LoadX509KeyPair to populate the Certificate.Leaf field of the
returned Certificate. The new x509keypairleaf GODEBUG setting
is added for this behavior.
* crypto/x509: CreateCertificateRequest now correctly supports
RSA-PSS signature algorithms.
* crypto/x509: CreateCertificateRequest and CreateRevocationList
now verify the generated signature using the signer's public
key. If the signature is invalid, an error is returned. This
has been the behavior of CreateCertificate since Go 1.16.
* crypto/x509: The x509sha1 GODEBUG setting will be removed in
the next Go major release (Go 1.24). This will mean that
crypto/x509 will no longer support verifying signatures on
certificates that use SHA-1 based signature algorithms.
* crypto/x509: The new ParseOID function parses a dot-encoded
ASN.1 Object Identifier string. The OID type now implements the
encoding.BinaryMarshaler, encoding.BinaryUnmarshaler,
encoding.TextMarshaler, encoding.TextUnmarshaler interfaces.
database/sql
* crypto/x509: Errors returned by driver.Valuer implementations
are now wrapped for improved error handling during operations
like DB.Query, DB.Exec, and DB.QueryRow.
* debug/elf: The debug/elf package now defines
PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch
Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD
binaries.
* debug/elf: Now defines the symbol type constants STT_RELC,
STT_SRELC, and STT_GNU_IFUNC.
* encoding/binary The new Encode and Decode functions are byte
slice equivalents to Read and Write. Append allows marshaling
multiple data into the same byte slice.
* go/ast: The new Preorder function returns a convenient iterator
over all the nodes of a syntax tree.
* go/types: The Func type, which represents a function or method
symbol, now has a Func.Signature method that returns the
function's type, which is always a Signature.
* go/types: The Alias type now has an Rhs method that returns the
type on the right-hand side of its declaration: given type A =
B, the Rhs of A is B. (go#66559)
* go/types: The methods Alias.Origin, Alias.SetTypeParams,
Alias.TypeParams, and Alias.TypeArgs have been added. They are
needed for generic alias types.
* go/types: By default, go/types now produces Alias type nodes
for type aliases. This behavior can be controlled by the
GODEBUG gotypesalias flag. Its default has changed from 0 in Go
1.22 to 1 in Go 1.23.
* math/rand/v2: The Uint function and Rand.Uint method have been
added. They were inadvertently left out of Go 1.22.
* math/rand/v2: The new ChaCha8.Read method implements the
io.Reader interface.
* net: The new type KeepAliveConfig permits fine-tuning the
keep-alive options for TCP connections, via a new
TCPConn.SetKeepAliveConfig method and new KeepAliveConfig
fields for Dialer and ListenConfig.
* net: The DNSError type now wraps errors caused by timeouts or
cancellation. For example, errors.Is(someDNSErr,
context.DeadlineExceedeed) will now report whether a DNS error
was caused by a timeout.
* net: The new GODEBUG setting netedns0=0 disables sending EDNS0
additional headers on DNS requests, as they reportedly break
the DNS server on some modems.
* net/http: Cookie now preserves double quotes surrounding a
cookie value. The new Cookie.Quoted field indicates whether the
Cookie.Value was originally quoted.
* net/http: The new Request.CookiesNamed method retrieves all
cookies that match the given name.
* net/http: The new Cookie.Partitioned field identifies cookies
with the Partitioned attribute.
* net/http: The patterns used by ServeMux now allow one or more
spaces or tabs after the method name. Previously, only a single
space was permitted.
* net/http: The new ParseCookie function parses a Cookie header
value and returns all the cookies which were set in it. Since
the same cookie name can appear multiple times the returned
Values can contain more than one value for a given key.
* net/http: The new ParseSetCookie function parses a Set-Cookie
header value and returns a cookie. It returns an error on
syntax error.
* net/http: ServeContent, ServeFile, and ServeFileFS now remove
the Cache-Control, Content-Encoding, Etag, and Last-Modified
headers when serving an error. These headers usually apply to
the non-error content, but not to the text of errors.
* net/http: Middleware which wraps a ResponseWriter and applies
on-the-fly encoding, such as Content-Encoding: gzip, will not
function after this change. The previous behavior of
ServeContent, ServeFile, and ServeFileFS may be restored by
setting GODEBUG=httpservecontentkeepheaders=1.
Note that middleware which changes the size of the served
content (such as by compressing it) already does not function
properly when ServeContent handles a Range request. On-the-fly
compression should use the Transfer-Encoding header instead of
Content-Encoding.
* net/http: For inbound requests, the new Request.Pattern field
contains the ServeMux pattern (if any) that matched the
request. This field is not set when GODEBUG=httpmuxgo121=1 is
set.
* net/http/httptest: The new NewRequestWithContext method creates
an incoming request with a context.Context.
* net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to
compare an Addr holding an IPv4 address to one holding the
IPv4-mapped IPv6 form of that address incorrectly returned
true, even though the Addr values were different when comparing
with == or Addr.Compare. This bug is now fixed and all three
approaches now report the same result.
* os: The Stat function now sets the ModeSocket bit for files
that are Unix sockets on Windows. These files are identified by
having a reparse tag set to IO_REPARSE_TAG_AF_UNIX.
* os: On Windows, the mode bits reported by Lstat and Stat for
reparse points changed. Mount points no longer have ModeSymlink
set, and reparse points that are not symlinks, Unix sockets, or
dedup files now always have ModeIrregular set. This behavior is
controlled by the winsymlink setting. For Go 1.23, it defaults
to winsymlink=1. Previous versions default to winsymlink=0.
* os: The CopyFS function copies an io/fs.FS into the local
filesystem.
* os: On Windows, Readlink no longer tries to normalize volumes
to drive letters, which was not always even possible. This
behavior is controlled by the winreadlinkvolume setting. For Go
1.23, it defaults to winreadlinkvolume=1. Previous versions
default to winreadlinkvolume=0.
* os: On Linux with pidfd support (generally Linux v5.4+),
Process-related functions and methods use pidfd (rather than
PID) internally, eliminating potential mistargeting when a PID
is reused by the OS. Pidfd support is fully transparent to a
user, except for additional process file descriptors that a
process may have.
* path/filepath: The new Localize function safely converts a
slash-separated path into an operating system path.
* path/filepath: On Windows, EvalSymlinks no longer evaluates
mount points, which was a source of many inconsistencies and
bugs. This behavior is controlled by the winsymlink
setting. For Go 1.23, it defaults to winsymlink=1. Previous
versions default to winsymlink=0.
* path/filepath: On Windows, EvalSymlinks no longer tries to
normalize volumes to drive letters, which was not always even
possible. This behavior is controlled by the winreadlinkvolume
setting. For Go 1.23, it defaults to
winreadlinkvolume=1. Previous versions default to
winreadlinkvolume=0.
* reflect: The new methods synonymous with the methods of the
same name in Value are added to Type:
- Type.OverflowComplex
- Type.OverflowFloat
- Type.OverflowInt
- Type.OverflowUint
* reflect: The new SliceAt function is analogous to NewAt, but
for slices.
* reflect: The Value.Pointer and Value.UnsafePointer methods now
support values of kind String.
* reflect: The new methods Value.Seq and Value.Seq2 return
sequences that iterate over the value as though it were used in
a for/range loop. The new methods Type.CanSeq and Type.CanSeq2
report whether calling Value.Seq and Value.Seq2, respectively,
will succeed without panicking.
* runtime/debug: The SetCrashOutput function allows the user to
specify an alternate file to which the runtime should write its
fatal crash report. It may be used to construct an automated
reporting mechanism for all unexpected crashes, not just those
in goroutines that explicitly use recover.
* runtime/pprof: The maximum stack depth for alloc, mutex, block,
threadcreate and goroutine profiles has been raised from 32 to
128 frames.
* runtime/trace: The runtime now explicitly flushes trace data
when a program crashes due to an uncaught panic. This means
that more complete trace data will be available in a trace if
the program crashes while tracing is active.
* slices: The Repeat function returns a new slice that repeats
the provided slice the given number of times.
* sync: The Map.Clear method deletes all the entries, resulting
in an empty Map. It is analogous to clear.
* sync/atomic: The new And and Or operators apply a bitwise AND
or OR to the given input, returning the old value.
* syscall: The syscall package now defines WSAENOPROTOOPT on
Windows.
* syscall: The GetsockoptInt function is now supported on
Windows.
* testing/fstest: TestFS now returns a structured error that can
be unwrapped (via method Unwrap() []error). This allows
inspecting errors using errors.Is or errors.As.
* text/template: Templates now support the new 'else with'
action, which reduces template complexity in some use cases.
* time: Parse and ParseInLocation now return an error if the time
zone offset is out of range.
* unicode/utf16: The RuneLen function returns the number of
16-bit words in the UTF-16 encoding of the rune. It returns -1
if the rune is not a valid value to encode in UTF-16.
* Port: Darwin: As announced in the Go 1.22 release notes, Go
1.23 requires macOS 11 Big Sur or later; support for previous
versions has been discontinued.
* Port: Linux: Go 1.23 is the last release that requires Linux
kernel version 2.6.32 or later. Go 1.24 will require Linux
kernel version 3.17 or later, with an exception that systems
running 3.10 or later will continue to be supported if the
kernel has been patched to support the getrandom system call.
* Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on
64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64).
* Port: ARM64: Go 1.23 introduces a new GOARM64 environment
variable, which specifies the minimum target version of the
ARM64 architecture at compile time. Allowed values are v8.{0-9}
and v9.{0-5}. This may be followed by an option specifying
extensions implemented by target hardware. Valid options are
,lse and ,crypto.
The GOARM64 environment variable defaults to v8.0.
* Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment
variable, which selects the RISC-V user-mode application
profile for which to compile. Allowed values are rva20u64 and
rva22u64.
The GORISCV64 environment variable defaults to rva20u64.
* Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm
has dropped support for versions of wasmtime < 14.0.0.
ImportantSUSE bug 1229122SUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for pcp (Important)openSUSE Leap 15.5
This update for pcp fixes the following issues:
pcp was updated from version 5.2.5 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389):
- Security issues fixed:
* CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552)
* CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551)
* CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826)
- Major changes:
* Add version 3 PCP archive support: instance domain change-deltas,
Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used
throughout for larger (beyond 2GB) individual volumes
+ Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting
+ Version 2 archives remain the default (for next few years)
* Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR);
this impacts on libpcp, PMAPI clients and PMCD use of encryption;
these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already
using OpenSSL.
* New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps
These are all optional, and full backward compatibility is preserved for existing tools.
* For the full list of changes please consult the packaged CHANGELOG file
- Other packaging changes:
* Moved pmlogger_daily into the main package (bsc#1222815)
* Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p.
Required for SLE-12
* Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64
* Change the architecture for various subpackages to 'noarch' as they contain no binaries
* Disable 'pmda-mssql', as it fails to build
ImportantSUSE bug 1217826SUSE bug 1222815SUSE bug 1230551SUSE bug 1230552SUSE bug 1231345CVE-2023-6917 at SUSECVE-2023-6917 at NVDCVE-2024-45769 at SUSECVE-2024-45769 at NVDCVE-2024-45770 at SUSECVE-2024-45770 at NVDcpe:/o:opensuse:leap:15.5Security update for xorg-x11-server (Important)openSUSE Leap 15.5
This update for xorg-x11-server fixes the following issues:
- CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565).
ImportantSUSE bug 1231565CVE-2024-9632 at SUSECVE-2024-9632 at NVDcpe:/o:opensuse:leap:15.5Security update for xwayland (Important)openSUSE Leap 15.5
This update for xwayland fixes the following issues:
- CVE-2024-9632: Fixed heap-based buffer overflow privilege escalation in _XkbSetCompatMap (bsc#1231565).
ImportantSUSE bug 1231565CVE-2024-9632 at SUSECVE-2024-9632 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21-openssl (Moderate)openSUSE Leap 15.5
This update for go1.21-openssl fixes the following issues:
- CVE-2024-34158: Fixed stack exhaustion in Parse in go/build/constraint (bsc#1230254).
- CVE-2024-34156: Fixed stack exhaustion in Decoder.Decode in encoding/gob (bsc#1230253).
- CVE-2024-34155: Fixed stack exhaustion in all Parse* functions (bsc#1230252).
- Update to version 1.21.13.3 cut from the go1.21-fips-release (jsc#SLE-18320).
ModerateSUSE bug 1230252SUSE bug 1230253SUSE bug 1230254CVE-2024-34155 at SUSECVE-2024-34155 at NVDCVE-2024-34156 at SUSECVE-2024-34156 at NVDCVE-2024-34158 at SUSECVE-2024-34158 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Werkzeug (Moderate)openSUSE Leap 15.5
This update for python-Werkzeug fixes the following issues:
- CVE-2024-49767: Fixed possible resource exhaustion when parsing file data in forms (bsc#1232449).
ModerateSUSE bug 1232449CVE-2024-49767 at SUSECVE-2024-49767 at NVDcpe:/o:opensuse:leap:15.5Security update for govulncheck-vulndb (Moderate)openSUSE Leap 15.5
This update for govulncheck-vulndb fixes the following issues:
- Update to version 0.0.20241028T152002 2024-10-28T15:20:02Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated:
* GO-2024-3207
* GO-2024-3208
* GO-2024-3210
* GO-2024-3211
* GO-2024-3212
* GO-2024-3213
* GO-2024-3214
* GO-2024-3215
* GO-2024-3216
* GO-2024-3217
* GO-2024-3219
* GO-2024-3220
* GO-2024-3221
* GO-2024-3222
* GO-2024-3223
* GO-2024-3224
- Update to version 0.0.20241017T153730 date 2024-10-17T15:37:30Z.
Go CVE Numbering Authority IDs added or updated:
* GO-2024-3189
* GO-2024-3203
* GO-2024-3204
Moderatecpe:/o:opensuse:leap:15.5Security update for 389-ds (Important)openSUSE Leap 15.5
This update for 389-ds fixes the following issues:
- Persist extracted key path for ldap_ssl_client_init over repeat invocations (bsc#1230852)
- Re-enable use of .dsrc basedn for dsidm commands (bsc#1231462)
- Update to version 2.2.10~git18.20ce9289:
* RFE: Use previously extracted key path
* Update dsidm to prioritize basedn from .dsrc over interactive input
* UI: Instance fails to load when DB backup directory doesn't exist
* Improve online import robustness when the server is under load
* Ensure all slapi_log_err calls end format strings with newline character \n
* RFE: when memberof is enabled, defer updates of members from the update of the group
* Provide more information in the error message during setup_ol_tls_conn()
* Wrong set of entries returned for some search filters
* Schema lib389 object is not keeping custom schema data upon editing
* UI: Fix audit issue with npm - micromatch
* Fix long delay when setting replication agreement with dsconf
* Changelog trims updates from a given RID even if a consumer has not received any of them
* test_password_modify_non_utf8 should set default password storage scheme
* Update Cargo.lock
* Rearrange includes for 32-bit support logic
* Fix fedora cop RawHide builds
* Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console
* Enabling replication for a sub suffix crashes browser
* d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes
* Slow ldif2db import on a newly created BDB backend
* Audit log buffering doesn't handle large updates
* RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members)
* passwordHistory is not updated with a pre-hashed password
* ns-slapd crash in referint_get_config
* Fix the UTC offset print
* Fix OpenLDAP version autodetection
* RFE: add new operation note for MFA authentications
* Add log buffering to audit log
* Fix connection timeout error breaking errormap
* Improve dsidm CLI No Such Entry handling
* Improve connection timeout error logging
* Add hidden -v and -j options to each CLI subcommand
* Fix various issues with logconv.pl
* Fix certificate lifetime displayed as NaN
* Enhance Rust and JS bundling and add SPDX licenses for both
* Remove audit-ci from dependencies
* Fix unused variable warning from previous commit
* covscan: fix memory leak in audit log when adding entries
* Add a check for tagged commits
* dscreate ds-root - accepts relative path
* Change replica_id from str to int
* Attribute Names changed to lowercase after adding the Attributes
* ns-slapd crashes at startup if a backend has no suffix
* During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it
* Reversion of the entry cache should be limited to BETXN plugin failures
* Disable Transparent Huge Pages
* Freelist ordering causes high wtime
* Security fix for CVE-2024-2199
- VUL-0: CVE-2024-3657: 389-ds: potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512)
- VUL-0: CVE-2024-5953: 389-ds: malformed userPassword hashes may cause a denial of service (bsc#1226277)
- 389ds crash when user does change password using iso-8859-1 encoding (bsc#1228912)
ImportantSUSE bug 1230852SUSE bug 1231462CVE-2024-2199 at SUSECVE-2024-2199 at NVDCVE-2024-3657 at SUSECVE-2024-3657 at NVDCVE-2024-5953 at SUSECVE-2024-5953 at NVDcpe:/o:opensuse:leap:15.5Security update for uwsgi (Moderate)openSUSE Leap 15.5
This update for uwsgi fixes the following issues:
- CVE-2024-24795: Fixed HTTP Response Splitting in multiple modules (bsc#1222332)
ModerateSUSE bug 1222332CVE-2024-24795 at SUSECVE-2024-24795 at NVDcpe:/o:opensuse:leap:15.5Security update for cups-filters (Critical)openSUSE Leap 15.5
This update for cups-filters fixes the following issues:
- CVE-2024-47850: cups-browsed can be abused to initiate remote DDoS against third-party targets (bsc#1231294)
- CVE-2024-47076: Fixed lack of input sanitization in cfGetPrinterAttributes5 (bsc#1230937).
CriticalSUSE bug 1230937SUSE bug 1231294CVE-2024-47076 at SUSECVE-2024-47076 at NVDCVE-2024-47850 at SUSECVE-2024-47850 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097)
ImportantSUSE bug 1228097CVE-2024-40725 at SUSECVE-2024-40725 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.0 (bsc#1231039).
- CVE-2024-40866
- CVE-2024-44187
Already fixed in version 2.44.3:
- CVE-2024-4558
- CVE-2024-27838
- CVE-2024-27851
Already fixed in version 2.44.2:
- CVE-2024-27834
- CVE-2024-27808
- CVE-2024-27820
- CVE-2024-27833
Already fixed in version 2.44.1:
- CVE-2024-23222
- CVE-2024-23206
- CVE-2024-23213
- CVE-2024-23271
ImportantSUSE bug 1231039CVE-2024-23206 at SUSECVE-2024-23206 at NVDCVE-2024-23213 at SUSECVE-2024-23213 at NVDCVE-2024-23222 at SUSECVE-2024-23222 at NVDCVE-2024-23271 at SUSECVE-2024-23271 at NVDCVE-2024-27808 at SUSECVE-2024-27808 at NVDCVE-2024-27820 at SUSECVE-2024-27820 at NVDCVE-2024-27833 at SUSECVE-2024-27833 at NVDCVE-2024-27834 at SUSECVE-2024-27834 at NVDCVE-2024-27838 at SUSECVE-2024-27838 at NVDCVE-2024-27851 at SUSECVE-2024-27851 at NVDCVE-2024-40866 at SUSECVE-2024-40866 at NVDCVE-2024-44187 at SUSECVE-2024-44187 at NVDCVE-2024-4558 at SUSECVE-2024-4558 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-bundler (Important)openSUSE Leap 15.5
This update for rubygem-bundler fixes the following issues:
- CVE-2021-43809: Fixed remote execution via Gemfile argument injection (bsc#1193578)
ImportantSUSE bug 1193578CVE-2021-43809 at SUSECVE-2021-43809 at NVDcpe:/o:opensuse:leap:15.5Security update for ruby2.5 (Important)openSUSE Leap 15.5
This update for ruby2.5 fixes the following issues:
- CVE-2024-43398: Fixed DoS when parsing a XML that has many deep elements with the same local name attributes (bsc#1229673)
- CVE-2024-41123: Fixed DoS when parsing an XML that contains many specific characters such as whitespaces, >] and ]> (bsc#1228794)
- CVE-2024-41946: Fixed DoS when parsing an XML that has many entity expansions with SAX2 or pull parser API (bsc#1228799)
- CVE-2024-35176: Fixed DoS when parsing an XML that has many left angled brackets in an attribute value (bsc#1224390)
- CVE-2024-39908: Fixed ReDos when parsing an XML that has many specific characters (bsc#1228072)
ImportantSUSE bug 1224390SUSE bug 1228072SUSE bug 1228794SUSE bug 1228799SUSE bug 1229673CVE-2024-35176 at SUSECVE-2024-35176 at NVDCVE-2024-39908 at SUSECVE-2024-39908 at NVDCVE-2024-41123 at SUSECVE-2024-41123 at NVDCVE-2024-41946 at SUSECVE-2024-41946 at NVDCVE-2024-43398 at SUSECVE-2024-43398 at NVDcpe:/o:opensuse:leap:15.5Security update for java-11-openjdk (Moderate)openSUSE Leap 15.5
This update for java-11-openjdk fixes the following issues:
Updated to version 11.0.25+9 (October 2024 CPU):
- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702)
- CVE-2024-21210: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231711)
- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716)
- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719)
ModerateSUSE bug 1231702SUSE bug 1231711SUSE bug 1231716SUSE bug 1231719CVE-2024-21208 at SUSECVE-2024-21208 at NVDCVE-2024-21210 at SUSECVE-2024-21210 at NVDCVE-2024-21217 at SUSECVE-2024-21217 at NVDCVE-2024-21235 at SUSECVE-2024-21235 at NVDcpe:/o:opensuse:leap:15.5Security update for python-waitress (Important)openSUSE Leap 15.5
This update for python-waitress fixes the following issues:
- CVE-2024-49768: Fixed request processing race condition in HTTP pipelining with invalid first request when lookahead is enabled (bsc#1232556)
- CVE-2024-49769: Fixed incorrect connection clean up leads to a busy-loop and resource exhaustion (bsc#1232554)
ImportantSUSE bug 1232554SUSE bug 1232556CVE-2024-49768 at SUSECVE-2024-49768 at NVDCVE-2024-49769 at SUSECVE-2024-49769 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-actionpack-5_1 (Moderate)openSUSE Leap 15.5
This update for rubygem-actionpack-5_1 fixes the following issues:
- CVE-2024-47887: Fixed Possible ReDoS vulnerability in HTTP Token authentication in Action Controller (bsc#1231729).
- CVE-2024-42228: Fixed uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667).
ModerateSUSE bug 1228667SUSE bug 1231729CVE-2024-42228 at SUSECVE-2024-42228 at NVDCVE-2024-47887 at SUSECVE-2024-47887 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-actionmailer-5_1 (Moderate)openSUSE Leap 15.5
This update for rubygem-actionmailer-5_1 fixes the following issues:
- CVE-2024-47889: Fixed Possible ReDoS vulnerability in block_format in Action Mailer (bsc#1231723).
ModerateSUSE bug 1231723CVE-2024-47889 at SUSECVE-2024-47889 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Moderate)openSUSE Leap 15.5
This update for python3 fixes the following issues:
Security fixes:
- CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241)
Other fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906)
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 128.4.0 ESR (bsc#1231879):
- CVE-2024-10458: Permission leak via embed or object elements
- CVE-2024-10459: Use-after-free in layout with accessibility
- CVE-2024-10460: Confusing display of origin for external protocol handler prompt
- CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
- CVE-2024-10462: Origin of permission prompt could be spoofed by long URL
- CVE-2024-10463: Cross origin video frame leak
- CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser
- CVE-2024-10465: Clipboard 'paste' button persisted across tabs
- CVE-2024-10466: DOM push subscription message could hang Firefox
- CVE-2024-10467: Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
ImportantSUSE bug 1231879CVE-2024-10458 at SUSECVE-2024-10458 at NVDCVE-2024-10459 at SUSECVE-2024-10459 at NVDCVE-2024-10460 at SUSECVE-2024-10460 at NVDCVE-2024-10461 at SUSECVE-2024-10461 at NVDCVE-2024-10462 at SUSECVE-2024-10462 at NVDCVE-2024-10463 at SUSECVE-2024-10463 at NVDCVE-2024-10464 at SUSECVE-2024-10464 at NVDCVE-2024-10465 at SUSECVE-2024-10465 at NVDCVE-2024-10466 at SUSECVE-2024-10466 at NVDCVE-2024-10467 at SUSECVE-2024-10467 at NVDcpe:/o:opensuse:leap:15.5Security update for govulncheck-vulndb (Important)openSUSE Leap 15.5
This update for govulncheck-vulndb fixes the following issues:
Update to version 0.0.20241030T212825 2024-10-30T21:28:25Z ( jsc#PED-11136 )
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3230 CVE-2024-48921 GHSA-qjvc-p88j-j9rm
* GO-2024-3232 CVE-2024-10241 GHSA-6mvp-gh77-7vwh
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3226 CVE-2024-47827 GHSA-ghjw-32xw-ffwr
* GO-2024-3227 CVE-2024-10214 GHSA-hm57-h27x-599c
* GO-2024-3228 GHSA-wcx9-ccpj-hx3c
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3207 GHSA-p5wf-cmr4-xrwr
* GO-2024-3208 CVE-2024-47825 GHSA-3wwx-63fv-pfq6
* GO-2024-3210 CVE-2024-8901
* GO-2024-3211 CVE-2024-50312
* GO-2024-3212 GHSA-rjfv-pjvx-mjgv
* GO-2024-3213 CVE-2024-49380
* GO-2024-3214 CVE-2024-49381
* GO-2024-3215 CVE-2024-9264 GHSA-q99m-qcv4-fpm7
* GO-2024-3216 CVE-2024-49753 GHSA-6cf5-w9h3-4rqv
* GO-2024-3217 CVE-2024-49757 GHSA-3rmw-76m6-4gjc
* GO-2024-3219 GHSA-7h65-4p22-39j6
* GO-2024-3220 CVE-2023-32197 GHSA-7h8m-pvw3-5gh4
* GO-2024-3221 CVE-2024-22036 GHSA-h99m-6755-rgwc
* GO-2024-3222 GHSA-x7xj-jvwp-97rv
* GO-2024-3223 CVE-2022-45157 GHSA-xj7w-r753-vj8v
* GO-2024-3224 CVE-2024-39223 GHSA-8wxx-35qc-vp6r
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3189 CVE-2024-38365 GHSA-27vh-h6mc-q6g8
* GO-2024-3203 CVE-2024-9486
* GO-2024-3204 CVE-2024-9594
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3189 CVE-2024-38365 GHSA-27vh-h6mc-q6g8
* GO-2024-3196 CVE-2024-47877 GHSA-8rm2-93mq-jqhc
* GO-2024-3199 GHSA-vv6c-69r6-chg9
* GO-2024-3200 CVE-2024-48909 GHSA-3c32-4hq9-6wgj
* GO-2024-3201 CVE-2023-22644
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3166 CVE-2024-47534 GHSA-4f8r-qqr9-fq8j
* GO-2024-3171 CVE-2024-9341 GHSA-mc76-5925-c5p6
- Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3161 CVE-2024-22030 GHSA-h4h5-9833-v2p4
* GO-2024-3162 CVE-2024-7594 GHSA-jg74-mwgw-v6x3
* GO-2024-3163 CVE-2024-47182
* GO-2024-3164 CVE-2024-47003 GHSA-59hf-mpf8-pqjh
* GO-2024-3166 CVE-2024-47534 GHSA-4f8r-qqr9-fq8j
* GO-2024-3167 CVE-2024-9355 GHSA-3h3x-2hwv-hr52
* GO-2024-3168 CVE-2024-8975 GHSA-chqx-36rm-rf8h
* GO-2024-3169 CVE-2024-9407 GHSA-fhqq-8f65-5xfc
* GO-2024-3170 CVE-2024-8996 GHSA-m5gv-m5f9-wgv4
* GO-2024-3172 CVE-2024-33662 GHSA-9mjw-79r6-c9m8
* GO-2024-3173 CVE-2024-7558 GHSA-mh98-763h-m9v4
* GO-2024-3174 CVE-2024-8037 GHSA-8v4w-f4r9-7h6x
* GO-2024-3175 CVE-2024-8038 GHSA-xwgj-vpm9-q2rq
* GO-2024-3179 CVE-2024-47616 GHSA-r7rh-jww5-5fjr
* GO-2024-3181 CVE-2024-9313 GHSA-x5q3-c8rm-w787
* GO-2024-3182 GHSA-wpr2-j6gr-pjw9
* GO-2024-3184 CVE-2024-36814 GHSA-9cp9-8gw2-8v7m
* GO-2024-3185 CVE-2024-47832
* GO-2024-3186 CVE-2024-9675 GHSA-586p-749j-fhwp
* GO-2024-3188 CVE-2024-9312 GHSA-4gfw-wf7c-w6g2
* GO-2024-3190 CVE-2024-47067 GHSA-8pph-gfhp-w226
* GO-2024-3191 CVE-2024-9180 GHSA-rr8j-7w34-xp5j ImportantCVE-2022-45157 at SUSECVE-2022-45157 at NVDCVE-2023-22644 at SUSECVE-2023-22644 at NVDCVE-2023-32197 at SUSECVE-2023-32197 at NVDCVE-2024-10214 at SUSECVE-2024-10214 at NVDCVE-2024-10241 at SUSECVE-2024-10241 at NVDCVE-2024-22030 at SUSECVE-2024-22030 at NVDCVE-2024-22036 at SUSECVE-2024-22036 at NVDCVE-2024-33662 at SUSECVE-2024-33662 at NVDCVE-2024-36814 at SUSECVE-2024-36814 at NVDCVE-2024-38365 at SUSECVE-2024-38365 at NVDCVE-2024-39223 at SUSECVE-2024-39223 at NVDCVE-2024-47003 at SUSECVE-2024-47003 at NVDCVE-2024-47067 at SUSECVE-2024-47067 at NVDCVE-2024-47182 at SUSECVE-2024-47182 at NVDCVE-2024-47534 at SUSECVE-2024-47534 at NVDCVE-2024-47616 at SUSECVE-2024-47616 at NVDCVE-2024-47825 at SUSECVE-2024-47825 at NVDCVE-2024-47827 at SUSECVE-2024-47827 at NVDCVE-2024-47832 at SUSECVE-2024-47832 at NVDCVE-2024-47877 at SUSECVE-2024-47877 at NVDCVE-2024-48909 at SUSECVE-2024-48909 at NVDCVE-2024-48921 at SUSECVE-2024-48921 at NVDCVE-2024-49380 at SUSECVE-2024-49380 at NVDCVE-2024-49381 at SUSECVE-2024-49381 at NVDCVE-2024-49753 at SUSECVE-2024-49753 at NVDCVE-2024-49757 at SUSECVE-2024-49757 at NVDCVE-2024-50312 at SUSECVE-2024-50312 at NVDCVE-2024-7558 at SUSECVE-2024-7558 at NVDCVE-2024-7594 at SUSECVE-2024-7594 at NVDCVE-2024-8037 at SUSECVE-2024-8037 at NVDCVE-2024-8038 at SUSECVE-2024-8038 at NVDCVE-2024-8901 at SUSECVE-2024-8901 at NVDCVE-2024-8975 at SUSECVE-2024-8975 at NVDCVE-2024-8996 at SUSECVE-2024-8996 at NVDCVE-2024-9180 at SUSECVE-2024-9180 at NVDCVE-2024-9264 at SUSECVE-2024-9264 at NVDCVE-2024-9312 at SUSECVE-2024-9312 at NVDCVE-2024-9313 at SUSECVE-2024-9313 at NVDCVE-2024-9341 at SUSECVE-2024-9341 at NVDCVE-2024-9355 at SUSECVE-2024-9355 at NVDCVE-2024-9407 at SUSECVE-2024-9407 at NVDCVE-2024-9486 at SUSECVE-2024-9486 at NVDCVE-2024-9594 at SUSECVE-2024-9594 at NVDCVE-2024-9675 at SUSECVE-2024-9675 at NVDcpe:/o:opensuse:leap:15.5Security update for libgsf (Important)openSUSE Leap 15.5
This update for libgsf fixes the following issues:
- CVE-2024-42415, CVE-2024-36474: Fixed integer overflows affecting memory allocation (bsc#1231282, bsc#1231283).
ImportantSUSE bug 1231282SUSE bug 1231283CVE-2024-36474 at SUSECVE-2024-36474 at NVDCVE-2024-42415 at SUSECVE-2024-42415 at NVDcpe:/o:opensuse:leap:15.5Security update for gradle (Important)openSUSE Leap 15.5
This update for gradle fixes the following issues:
- CVE-2023-35947: Fixed an issue while unpacking tar archives, where files could be created outside of the unpack location (bsc#1212931).
ImportantSUSE bug 1212931CVE-2023-35947 at SUSECVE-2023-35947 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Moderate)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241).
Bug fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906).
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
ModerateSUSE bug 1232528CVE-2024-9681 at SUSECVE-2024-9681 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Important)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- CVE-2024-46951: Fixed arbitrary code execution via unchecked 'Implementation' pointer in 'Pattern' color space (bsc#1232265).
- CVE-2024-46953: Fixed integer overflow when parsing the page format results in path truncation, path traversal, code execution (bsc#1232267).
- CVE-2024-46956: Fixed arbitrary code execution via out of bounds data access in filenameforall (bsc#1232270).
- CVE-2024-46955: Fixed out of bounds read when reading color in 'Indexed' color space (bsc#1232269).
ImportantSUSE bug 1232265SUSE bug 1232267SUSE bug 1232269SUSE bug 1232270CVE-2024-46951 at SUSECVE-2024-46951 at NVDCVE-2024-46953 at SUSECVE-2024-46953 at NVDCVE-2024-46955 at SUSECVE-2024-46955 at NVDCVE-2024-46956 at SUSECVE-2024-46956 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Moderate)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241).
Bug fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906).
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:opensuse:leap:15.5Security update for qemu (Important)openSUSE Leap 15.5
This update for qemu fixes the following issues:
- CVE-2024-8354: Fixed assertion failure in usb_ep_get() (bsc#1230834).
- CVE-2024-8612: Fixed nformation leak in virtio devices (bsc#1230915).
- CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007).
ImportantSUSE bug 1229007SUSE bug 1230834SUSE bug 1230915CVE-2024-7409 at SUSECVE-2024-7409 at NVDCVE-2024-8354 at SUSECVE-2024-8354 at NVDCVE-2024-8612 at SUSECVE-2024-8612 at NVDcpe:/o:opensuse:leap:15.5Security update for govulncheck-vulndb (Moderate)openSUSE Leap 15.5
This update for govulncheck-vulndb fixes the following issues:
- Update to version 0.0.20241104T154416 2024-11-04T15:44:16Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3233 CVE-2024-46872 GHSA-762g-9p7f-mrww
* GO-2024-3234 CVE-2024-47401 GHSA-762v-rq7q-ff97
* GO-2024-3235 CVE-2024-50052 GHSA-g376-m3h3-mj4r
* GO-2024-3237 CVE-2024-0133 GHSA-f748-7hpg-88ch
* GO-2024-3239 CVE-2024-0132 GHSA-mjjw-553x-87pq
* GO-2024-3240 CVE-2024-10452 GHSA-66c4-2g2v-54qw
* GO-2024-3241 CVE-2024-10006 GHSA-5c4w-8hhh-3c3h
* GO-2024-3242 CVE-2024-10086 GHSA-99wr-c2px-grmh
* GO-2024-3243 CVE-2024-10005 GHSA-chgm-7r52-whjj
- Update to version 0.0.20241101T215616 2024-11-01T21:56:16Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3244 CVE-2024-50354 GHSA-cph5-3pgr-c82g
* GO-2024-3245 CVE-2024-39720
* GO-2024-3246 CVE-2024-8185 GHSA-g233-2p4r-3q7v
ModerateCVE-2024-0132 at SUSECVE-2024-0132 at NVDCVE-2024-0133 at SUSECVE-2024-0133 at NVDCVE-2024-10005 at SUSECVE-2024-10005 at NVDCVE-2024-10006 at SUSECVE-2024-10006 at NVDCVE-2024-10086 at SUSECVE-2024-10086 at NVDCVE-2024-10452 at SUSECVE-2024-10452 at NVDCVE-2024-39720 at SUSECVE-2024-39720 at NVDCVE-2024-46872 at SUSECVE-2024-46872 at NVDCVE-2024-47401 at SUSECVE-2024-47401 at NVDCVE-2024-50052 at SUSECVE-2024-50052 at NVDCVE-2024-50354 at SUSECVE-2024-50354 at NVDCVE-2024-8185 at SUSECVE-2024-8185 at NVDcpe:/o:opensuse:leap:15.5Security update for python311 (Moderate)openSUSE Leap 15.5
This update for python311 fixes the following issues:
- CVE-2024-9287: Fixed quoted path names provided when creating a virtual environment (bsc#1232241).
Bug fixes:
- Drop .pyc files from docdir for reproducible builds (bsc#1230906).
ModerateSUSE bug 1230906SUSE bug 1232241CVE-2024-9287 at SUSECVE-2024-9287 at NVDcpe:/o:opensuse:leap:15.5Security update for libheif (Important)openSUSE Leap 15.5
This update for libheif fixes the following issues:
- CVE-2024-41311: Fixed out-of-bounds read and write in ImageOverlay:parse() due to decoding a heif file containing an overlay image with forged offsets (bsc#1231714).
ImportantSUSE bug 1231714CVE-2024-41311 at SUSECVE-2024-41311 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2023-45802: HTTP/2 stream memory not reclaimed right away on RST (bsc#1216423).
ImportantSUSE bug 1216423CVE-2023-45802 at SUSECVE-2023-45802 at NVDcpe:/o:opensuse:leap:15.5Security update for java-17-openjdk (Moderate)openSUSE Leap 15.5
This update for java-17-openjdk fixes the following issues:
- Update to upstream tag jdk-17.0.13+11 (October 2024 CPU)
* Security fixes
+ JDK-8307383: Enhance DTLS connections
+ JDK-8290367, JDK-8332643: Update default value and extend the
scope of com.sun.jndi.ldap.object.trustSerialData system property
+ JDK-8328286, CVE-2024-21208, bsc#1231702: Enhance HTTP client
+ JDK-8328544, CVE-2024-21210, bsc#1231711: Improve handling of vectorization
+ JDK-8328726: Better Kerberos support
+ JDK-8331446, CVE-2024-21217, bsc#1231716: Improve deserialization support
+ JDK-8332644, CVE-2024-21235, bsc#1231719: Improve graph optimizations
+ JDK-8335713: Enhance vectorization analysis
* Other changes
+ JDK-7022325: TEST_BUG: test/java/util/zip/ZipFile/
/ReadLongZipFileName.java leaks files if it fails
+ JDK-7026262: HttpServer: improve handling of finished HTTP exchanges
+ JDK-7124313: [macosx] Swing Popups should overlap taskbar
+ JDK-8005885: enhance PrintCodeCache to print more data
+ JDK-8051959: Add thread and timestamp options to
java.security.debug system property
+ JDK-8170817: G1: Returning MinTLABSize from
unsafe_max_tlab_alloc causes TLAB flapping
+ JDK-8183227: read/write APIs in class os shall return ssize_t
+ JDK-8193547: Regression automated test '/open/test/jdk/java/
/awt/Toolkit/DesktopProperties/rfe4758438.java' fails
+ JDK-8222884: ConcurrentClassDescLookup.java times out intermittently
+ JDK-8233725: ProcessTools.startProcess() has output issues
when using an OutputAnalyzer at the same time
+ JDK-8238169: BasicDirectoryModel getDirectories and
DoChangeContents.run can deadlock
+ JDK-8241550: [macOS] SSLSocketImpl/ReuseAddr.java failed due
to 'BindException: Address already in use'
+ JDK-8255898: Test java/awt/FileDialog/FilenameFilterTest/
/FilenameFilterTest.java fails on Mac OS
+ JDK-8256291: RunThese30M fails 'assert(_class_unload ? true :
((((JfrTraceIdBits::load(class_loader_klass)) &
((1 << 4) << 8)) != 0))) failed: invariant'
+ JDK-8257540: javax/swing/JFileChooser/8041694/bug8041694.java
failed with 'RuntimeException: The selected directory name is
not the expected 'd ' but 'D '.'
+ JDK-8259866: two java.util tests failed with 'IOException:
There is not enough space on the disk'
+ JDK-8260633: [macos] java/awt/dnd/MouseEventAfterStartDragTest/
/MouseEventAfterStartDragTest.html test failed
+ JDK-8261433: Better pkcs11 performance for
libpkcs11:C_EncryptInit/libpkcs11:C_DecryptInit
+ JDK-8263031: HttpClient throws Exception if it receives a
Push Promise that is too large
+ JDK-8265919: RunThese30M fails
'assert((!(((((JfrTraceIdBits::load(value)) & ((1 << 4) << 8))
!= 0))))) failed: invariant'
+ JDK-8269428: java/util/concurrent/ConcurrentHashMap/
/ToArray.java timed out
+ JDK-8269657: Test java/nio/channels/DatagramChannel/
/Loopback.java failed: Unexpected message
+ JDK-8272232: javax/swing/JTable/4275046/bug4275046.java
failed with 'Expected value in the cell: 'rededited' but found
'redEDITED'.'
+ JDK-8272558: IR Test Framework README misses some flags
+ JDK-8272777: Clean up remaining AccessController warnings in test library
+ JDK-8273216: JCMD does not work across container boundaries with Podman
+ JDK-8273430: Suspicious duplicate condition in
java.util.regex.Grapheme#isExcludedSpacingMark
+ JDK-8273541: Cleaner Thread creates with normal priority
instead of MAX_PRIORITY - 2
+ JDK-8275851: Deproblemlist open/test/jdk/javax/swing/
/JComponent/6683775/bug6683775.java
+ JDK-8276660: Scalability bottleneck in
java.security.Provider.getService()
+ JDK-8277042: add test for 8276036 to compiler/codecache
+ JDK-8279068: IGV: Update to work with JDK 16 and 17
+ JDK-8279164: Disable TLS_ECDH_* cipher suites
+ JDK-8279222: Incorrect legacyMap.get in
java.security.Provider after JDK-8276660
+ JDK-8279337: The MToolkit is still referenced in a few places
+ JDK-8279641: Create manual JTReg tests for Swing accessibility
+ JDK-8279878: java/awt/font/JNICheck/JNICheck.sh test fails on Ubuntu 21.10
+ JDK-8280034: ProblemList jdk/jfr/api/consumer/recordingstream/
/TestOnEvent.java on linux-x64
+ JDK-8280392: java/awt/Focus/NonFocusableWindowTest/
/NonfocusableOwnerTest.java failed with 'RuntimeException: Test failed.'
+ JDK-8280970: Cleanup dead code in java.security.Provider
+ JDK-8280982: [Wayland] [XWayland] java.awt.Robot taking screenshots
+ JDK-8280988: [XWayland] Click on title to request focus test failures
+ JDK-8280990: [XWayland] XTest emulated mouse click does not
bring window to front
+ JDK-8280993: [XWayland] Popup is not closed on click outside
of area controlled by XWayland
+ JDK-8280994: [XWayland] Drag and Drop does not work in java
-> wayland app direction
+ JDK-8281944: JavaDoc throws java.lang.IllegalStateException: ERRONEOUS
+ JDK-8282354: Remove dependancy of TestHttpServer,
HttpTransaction, HttpCallback from open/test/jdk/ tests
+ JDK-8282526: Default icon is not painted properly
+ JDK-8283728: jdk.hotspot.agent: Wrong location for
RISCV64ThreadContext.java
+ JDK-8284316: Support accessibility ManualTestFrame.java for
non SwingSet tests
+ JDK-8284585: PushPromiseContinuation test fails
intermittently in timeout
+ JDK-8285497: Add system property for Java SE specification
maintenance version
+ JDK-8288568: Reduce runtime of java.security microbenchmarks
+ JDK-8289182: NMT: MemTracker::baseline should return void
+ JDK-8290966: G1: Record number of PLAB filled and number of
direct allocations
+ JDK-8291760: PipelineLeaksFD.java still fails: More or fewer
pipes than expected
+ JDK-8292044: HttpClient doesn't handle 102 or 103 properly
+ JDK-8292739: Invalid legacy entries may be returned by
Provider.getServices() call
+ JDK-8292948: JEditorPane ignores font-size styles in external
linked css-file
+ JDK-8293862: javax/swing/JFileChooser/8046391/bug8046391.java
failed with 'Cannot invoke
'java.awt.Image.getWidth(java.awt.image.ImageObserver)'
because 'retVal' is null'
+ JDK-8293872: Make runtime/Thread/ThreadCountLimit.java more robust
+ JDK-8294148: Support JSplitPane for instructions and test UI
+ JDK-8294691: dynamicArchive/RelativePath.java is running
other test case
+ JDK-8294994: Update Jarsigner and Keytool i18n tests to
validate i18n compliance
+ JDK-8295111: dpkg appears to have problems resolving
symbolically linked native libraries
+ JDK-8296410: HttpClient throws java.io.IOException: no
statuscode in response for HTTP2
+ JDK-8296812: sprintf is deprecated in Xcode 14
+ JDK-8297878: KEM: Implementation
+ JDK-8298381: Improve handling of session tickets for multiple SSLContexts
+ JDK-8298596: vmTestbase/nsk/sysdict/vm/stress/chain/chain008/
/chain008.java fails with 'NoClassDefFoundError: Could not
initialize class java.util.concurrent.ThreadLocalRandom'
+ JDK-8298809: Clean up vm/compiler/InterfaceCalls JMH
+ JDK-8299058: AssertionError in sun.net.httpserver.ServerImpl
when connection is idle
+ JDK-8299254: Support dealing with standard assert macro
+ JDK-8299378: sprintf is deprecated in Xcode 14
+ JDK-8299395: Remove metaprogramming/removeCV.hpp
+ JDK-8299396: Remove metaprogramming/removeExtent.hpp
+ JDK-8299397: Remove metaprogramming/isFloatingPoint.hpp
+ JDK-8299398: Remove metaprogramming/isConst.hpp
+ JDK-8299399: Remove metaprogramming/isArray.hpp
+ JDK-8299402: Remove metaprogramming/isVolatile.hpp
+ JDK-8299479: Remove metaprogramming/decay.hpp
+ JDK-8299481: Remove metaprogramming/removePointer.hpp
+ JDK-8299482: Remove metaprogramming/isIntegral.hpp
+ JDK-8299487: Test java/net/httpclient/whitebox/
/SSLTubeTestDriver.java timed out
+ JDK-8299635: Hotspot update for deprecated sprintf in Xcode 14
+ JDK-8299779: Test tools/jpackage/share/jdk/jpackage/tests/
/MainClassTest.java timed out
+ JDK-8299813: java/nio/channels/DatagramChannel/Disconnect.java
fails with jtreg test timeout due to lost datagram
+ JDK-8299971: Remove metaprogramming/conditional.hpp
+ JDK-8299972: Remove metaprogramming/removeReference.hpp
+ JDK-8300169: Build failure with clang-15
+ JDK-8300260: Remove metaprogramming/isSame.hpp
+ JDK-8300264: Remove metaprogramming/isPointer.hpp
+ JDK-8300265: Remove metaprogramming/isSigned.hpp
+ JDK-8300806: Update googletest to v1.13.0
+ JDK-8300910: Remove metaprogramming/integralConstant.hpp
+ JDK-8301132: Test update for deprecated sprintf in Xcode 14
+ JDK-8301200: Don't scale timeout stress with timeout factor
+ JDK-8301274: update for deprecated sprintf for security components
+ JDK-8301279: update for deprecated sprintf for management components
+ JDK-8301686: TLS 1.3 handshake fails if server_name doesn't
match resuming session
+ JDK-8301704: Shorten the number of GCs in UnloadingTest.java
to verify a class loader not being unloaded
+ JDK-8302495: update for deprecated sprintf for java.desktop
+ JDK-8302800: Augment NaN handling tests of FDLIBM methods
+ JDK-8303216: Prefer ArrayList to LinkedList in
sun.net.httpserver.ServerImpl
+ JDK-8303466: C2: failed: malformed control flow. Limit type
made precise with MaxL/MinL
+ JDK-8303527: update for deprecated sprintf for
jdk.hotspot.agent
+ JDK-8303617: update for deprecated sprintf for jdk.jdwp.agent
+ JDK-8303830: update for deprecated sprintf for
jdk.accessibility
+ JDK-8303891: Speed up Zip64SizeTest using a small ZIP64 file
+ JDK-8303920: Avoid calling out to python in
DataDescriptorSignatureMissing test
+ JDK-8303942: os::write should write completely
+ JDK-8303965: java.net.http.HttpClient should reset the stream
if response headers contain malformed header fields
+ JDK-8304375: jdk/jfr/api/consumer/filestream/TestOrdered.java
failed with 'Expected at least some events to be out of order!
Reuse = false'
+ JDK-8304962: sun/net/www/http/KeepAliveCache/B5045306.java:
java.lang.RuntimeException: Failed: Initial Keep Alive
Connection is not being reused
+ JDK-8304963: HttpServer closes connection after processing
HEAD after JDK-7026262
+ JDK-8305072: Win32ShellFolder2.compareTo is inconsistent
+ JDK-8305079: Remove finalize() from compiler/c2/Test719030
+ JDK-8305081: Remove finalize() from
test/hotspot/jtreg/compiler/runtime/Test8168712
+ JDK-8305825: getBounds API returns wrong value resulting in
multiple Regression Test Failures on Ubuntu 23.04
+ JDK-8305959: x86: Improve itable_stub
+ JDK-8306583: Add JVM crash check in CDSTestUtils.executeAndLog
+ JDK-8306929: Avoid CleanClassLoaderDataMetaspaces safepoints
when previous versions are shared
+ JDK-8306946: jdk/test/lib/process/
/ProcessToolsStartProcessTest.java fails with 'wrong number of
lines in OutputAnalyzer output'
+ JDK-8307091: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8307193: Several Swing jtreg tests use class.forName on
L&F classes
+ JDK-8307352: AARCH64: Improve itable_stub
+ JDK-8307448: Test RedefineSharedClassJFR fail due to wrong assumption
+ JDK-8307779: Relax the java.awt.Robot specification
+ JDK-8307848: update for deprecated sprintf for jdk.attach
+ JDK-8307850: update for deprecated sprintf for jdk.jdi
+ JDK-8308022: update for deprecated sprintf for java.base
+ JDK-8308144: Uncontrolled memory consumption in
SSLFlowDelegate.Reader
+ JDK-8308184: Launching java with large number of jars in
classpath with java.protocol.handler.pkgs system property set
can lead to StackOverflowError
+ JDK-8308801: update for deprecated sprintf for libnet in java.base
+ JDK-8308891: TestCDSVMCrash.java needs @requires vm.cds
+ JDK-8309241: ClassForNameLeak fails intermittently as the
class loader hasn't been unloaded
+ JDK-8309621: [XWayland][Screencast] screen capture failure
with sun.java2d.uiScale other than 1
+ JDK-8309703: AIX build fails after JDK-8280982
+ JDK-8309756: Occasional crashes with pipewire screen capture on Wayland
+ JDK-8309934: Update GitHub Actions to use JDK 17 for building jtreg
+ JDK-8310070: Test:
javax/net/ssl/DTLS/DTLSWontNegotiateV10.java timed out
+ JDK-8310108: Skip ReplaceCriticalClassesForSubgraphs when
EnableJVMCI is specified
+ JDK-8310201: Reduce verbose locale output in -XshowSettings
launcher option
+ JDK-8310334: [XWayland][Screencast] screen capture error
message in debug
+ JDK-8310628: GcInfoBuilder.c missing JNI Exception checks
+ JDK-8310683: Refactor StandardCharset/standard.java to use JUnit
+ JDK-8311208: Improve CDS Support
+ JDK-8311666: Disabled tests in test/jdk/sun/java2d/marlin
+ JDK-8312049: runtime/logging/ClassLoadUnloadTest can be improved
+ JDK-8312140: jdk/jshell tests failed with JDI socket timeouts
+ JDK-8312229: Crash involving yield, switch and anonymous classes
+ JDK-8313256: Exclude failing multicast tests on AIX
+ JDK-8313394: Array Elements in OldObjectSample event has the
incorrect description
+ JDK-8313674: (fc) java/nio/channels/FileChannel/
/BlockDeviceSize.java should test for more block devices
+ JDK-8313697: [XWayland][Screencast] consequent getPixelColor
calls are slow
+ JDK-8313873: java/nio/channels/DatagramChannel/
/SendReceiveMaxSize.java fails on AIX due to small default
RCVBUF size and different IPv6 Header interpretation
+ JDK-8313901: [TESTBUG] test/hotspot/jtreg/compiler/codecache/
/CodeCacheFullCountTest.java fails with
java.lang.VirtualMachineError
+ JDK-8314476: TestJstatdPortAndServer.java failed with
'java.rmi.NoSuchObjectException: no such object in table'
+ JDK-8314614: jdk/jshell/ImportTest.java failed with
'InternalError: Failed remote listen'
+ JDK-8314837: 5 compiled/codecache tests ignore VM flags
+ JDK-8315024: Vector API FP reduction tests should not test
for exact equality
+ JDK-8315362: NMT: summary diff reports threads count incorrectly
+ JDK-8315422: getSoTimeout() would be in try block in SSLSocketImpl
+ JDK-8315437: Enable parallelism in
vmTestbase/nsk/monitoring/stress/classload tests
+ JDK-8315442: Enable parallelism in
vmTestbase/nsk/monitoring/stress/thread tests
+ JDK-8315559: Delay TempSymbol cleanup to avoid symbol table churn
+ JDK-8315576: compiler/codecache/CodeCacheFullCountTest.java
fails after JDK-8314837
+ JDK-8315651: Stop hiding AIX specific multicast socket errors
via NetworkConfiguration (aix)
+ JDK-8315684: Parallelize
sun/security/util/math/TestIntegerModuloP.java
+ JDK-8315774: Enable parallelism in vmTestbase/gc/g1/unloading tests
+ JDK-8315804: Open source several Swing JTabbedPane JTextArea
JTextField tests
+ JDK-8315936: Parallelize gc/stress/TestStressG1Humongous.java test
+ JDK-8315965: Open source various AWT applet tests
+ JDK-8316104: Open source several Swing SplitPane and
RadioButton related tests
+ JDK-8316193: jdk/jfr/event/oldobject/TestListenerLeak.java
java.lang.Exception: Could not find leak
+ JDK-8316211: Open source several manual applet tests
+ JDK-8316240: Open source several add/remove MenuBar manual tests
+ JDK-8316285: Opensource JButton manual tests
+ JDK-8316306: Open source and convert manual Swing test
+ JDK-8316328: Test jdk/jfr/event/oldobject/
/TestSanityDefault.java times out for some heap sizes
+ JDK-8316387: Exclude more failing multicast tests on AIX
after JDK-8315651
+ JDK-8316389: Open source few AWT applet tests
+ JDK-8316468: os::write incorrectly handles partial write
+ JDK-8316973: GC: Make TestDisableDefaultGC use createTestJvm
+ JDK-8317112: Add screenshot for Frame/DefaultSizeTest.java
+ JDK-8317228: GC: Make TestXXXHeapSizeFlags use createTestJvm
+ JDK-8317288: [macos] java/awt/Window/Grab/GrabTest.java:
Press on the outside area didn't cause ungrab
+ JDK-8317316: G1: Make TestG1PercentageOptions use
createTestJvm
+ JDK-8317343: GC: Make TestHeapFreeRatio use createTestJvm
+ JDK-8317358: G1: Make TestMaxNewSize use createTestJvm
+ JDK-8317360: Missing null checks in JfrCheckpointManager and
JfrStringPool initialization routines
+ JDK-8317372: Refactor some NumberFormat tests to use JUnit
+ JDK-8317635: Improve GetClassFields test to verify
correctness of field order
+ JDK-8317831: compiler/codecache/CheckLargePages.java fails on
OL 8.8 with unexpected memory string
+ JDK-8318039: GHA: Bump macOS and Xcode versions
+ JDK-8318089: Class space not marked as such with NMT when CDS is off
+ JDK-8318474: Fix memory reporter for thread_count
+ JDK-8318479: [jmh] the test security.CacheBench failed for
multiple threads run
+ JDK-8318605: Enable parallelism in
vmTestbase/nsk/stress/stack tests
+ JDK-8318696: Do not use LFS64 symbols on Linux
+ JDK-8318986: Improve GenericWaitBarrier performance
+ JDK-8319103: Popups that request focus are not shown on Linux with Wayland
+ JDK-8319197: Exclude hb-subset and hb-style from compilation
+ JDK-8319406: x86: Shorter movptr(reg, imm) for 32-bit immediates
+ JDK-8319713: Parallel: Remove
PSAdaptiveSizePolicy::should_full_GC
+ JDK-8320079: The ArabicBox.java test has no control buttons
+ JDK-8320379: C2: Sort spilling/unspilling sequence for better
ld/st merging into ldp/stp on AArch64
+ JDK-8320602: Lock contention in SchemaDVFactory.getInstance()
+ JDK-8320608: Many jtreg printing tests are missing the
@printer keyword
+ JDK-8320655: awt screencast robot spin and sync issues with
native libpipewire api
+ JDK-8320692: Null icon returned for .exe without custom icon
+ JDK-8320945: problemlist tests failing on latest Windows 11 update
+ JDK-8321025: Enable Neoverse N1 optimizations for Neoverse V2
+ JDK-8321176: [Screencast] make a second attempt on screencast failure
+ JDK-8321220: JFR: RecordedClass reports incorrect modifiers
+ JDK-8322008: Exclude some CDS tests from running with -Xshare:off
+ JDK-8322330: JavadocHelperTest.java OOMEs with Parallel GC and ZGC
+ JDK-8322726: C2: Unloaded signature class kills argument value
+ JDK-8322971: KEM.getInstance() should check if a 3rd-party
security provider is signed
+ JDK-8323122: AArch64: Increase itable stub size estimate
+ JDK-8323584: AArch64: Unnecessary ResourceMark in
NativeCall::set_destination_mt_safe
+ JDK-8323670: A few client tests intermittently throw
ConcurrentModificationException
+ JDK-8323801: <s> tag doesn't strikethrough the text
+ JDK-8324577: [REDO] - [IMPROVE] OPEN_MAX is no longer the max
limit on macOS >= 10.6 for RLIMIT_NOFILE
+ JDK-8324646: Avoid Class.forName in SecureRandom constructor
+ JDK-8324648: Avoid NoSuchMethodError when instantiating NativePRNG
+ JDK-8324668: JDWP process management needs more efficient
file descriptor handling
+ JDK-8324753: [AIX] adjust os_posix after JDK-8318696
+ JDK-8324755: Enable parallelism in
vmTestbase/gc/gctests/LargeObjects tests
+ JDK-8324933: ConcurrentHashTable::statistics_calculate
synchronization is expensive
+ JDK-8325022: Incorrect error message on client authentication
+ JDK-8325179: Race in BasicDirectoryModel.validateFileCache
+ JDK-8325194: GHA: Add macOS M1 testing
+ JDK-8325384: sun/security/ssl/SSLSessionImpl/
/ResumptionUpdateBoundValues.java failing intermittently when
main thread is a virtual thread
+ JDK-8325444: GHA: JDK-8325194 causes a regression
+ JDK-8325567: jspawnhelper without args fails with segfault
+ JDK-8325620: HTMLReader uses ConvertAction instead of
specified CharacterAction for <b>, <i>, <u>
+ JDK-8325621: Improve jspawnhelper version checks
+ JDK-8325754: Dead AbstractQueuedSynchronizer$ConditionNodes
survive minor garbage collections
+ JDK-8326106: Write and clear stack trace table outside of safepoint
+ JDK-8326332: Unclosed inline tags cause misalignment in
summary tables
+ JDK-8326446: The User and System of jdk.CPULoad on Apple M1 are inaccurate
+ JDK-8326734: text-decoration applied to <span> lost when
mixed with <u> or <s>
+ JDK-8327007: javax/swing/JSpinner/8008657/bug8008657.java fails
+ JDK-8327137: Add test for ConcurrentModificationException in
BasicDirectoryModel
+ JDK-8327312: [17u] Problem list
ReflectionCallerCacheTest.java due to 8324978
+ JDK-8327424: ProblemList serviceability/sa/TestJmapCore.java
on all platforms with ZGC
+ JDK-8327650: Test java/nio/channels/DatagramChannel/
/StressNativeSignal.java timed out
+ JDK-8327787: Convert javax/swing/border/Test4129681.java
applet test to main
+ JDK-8327840: Automate javax/swing/border/Test4129681.java
+ JDK-8328011: Convert java/awt/Frame/GetBoundsResizeTest/
/GetBoundsResizeTest.java applet test to main
+ JDK-8328075: Shenandoah: Avoid forwarding when objects don't
move in full-GC
+ JDK-8328110: Allow simultaneous use of PassFailJFrame with
split UI and additional windows
+ JDK-8328115: Convert java/awt/font/TextLayout/
/TestJustification.html applet test to main
+ JDK-8328158: Convert java/awt/Choice/NonFocusablePopupMenuTest
to automatic main test
+ JDK-8328218: Delete test
java/awt/Window/FindOwner/FindOwner.html
+ JDK-8328234: Remove unused nativeUtils files
+ JDK-8328238: Convert few closed manual applet tests to main
+ JDK-8328269: NonFocusablePopupMenuTest.java should be marked as headful
+ JDK-8328273: sun/management/jmxremote/bootstrap/
/RmiRegistrySslTest.java failed with
java.rmi.server.ExportException: Port already in use
+ JDK-8328560: java/awt/event/MouseEvent/ClickDuringKeypress/
/ClickDuringKeypress.java imports Applet
+ JDK-8328561: test java/awt/Robot/ManualInstructions/
/ManualInstructions.java isn't used
+ JDK-8328642: Convert applet test
MouseDraggedOutCauseScrollingTest.html to main
+ JDK-8328647: TestGarbageCollectorMXBean.java fails with
C1-only and -Xcomp
+ JDK-8328896: Fontmetrics for large Fonts has zero width
+ JDK-8328953: JEditorPane.read throws ChangedCharSetException
+ JDK-8328999: Update GIFlib to 5.2.2
+ JDK-8329004: Update Libpng to 1.6.43
+ JDK-8329103: assert(!thread->in_asgct()) failed during
multi-mode profiling
+ JDK-8329109: Threads::print_on() tries to print CPU time for
terminated GC threads
+ JDK-8329126: No native wrappers generated anymore with
-XX:-TieredCompilation after JDK-8251462
+ JDK-8329134: Reconsider TLAB zapping
+ JDK-8329510: Update ProblemList for
JFileChooser/8194044/FileSystemRootTest.java
+ JDK-8329559: Test javax/swing/JFrame/bug4419914.java failed
because The End and Start buttons are not placed correctly and
Tab focus does not move as expected
+ JDK-8329605: hs errfile generic events - move memory
protections and nmethod flushes to separate sections
+ JDK-8329663: hs_err file event log entry for thread
adding/removing should print current thread
+ JDK-8329667: [macos] Issue with JTree related fix for JDK-8317771
+ JDK-8329995: Restricted access to `/proc` can cause JFR
initialization to crash
+ JDK-8330063: Upgrade jQuery to 3.7.1
+ JDK-8330524: Linux ppc64le compile warning with clang in os_linux_ppc.cpp
+ JDK-8330611: AES-CTR vector intrinsic may read out of bounds (x86_64, AVX-512)
+ JDK-8330615: avoid signed integer overflows in zip_util.c
readCen / hashN
+ JDK-8331011: [XWayland] TokenStorage fails under Security Manager
+ JDK-8331063: Some HttpClient tests don't report leaks
+ JDK-8331077: nroff man page update for jar tool
+ JDK-8331164: createJMHBundle.sh download jars fail when url
needed to be redirected
+ JDK-8331265: Bump update version for OpenJDK: jdk-17.0.13
+ JDK-8331331: :tier1 target explanation in doc/testing.md is incorrect
+ JDK-8331466: Problemlist serviceability/dcmd/gc/
/RunFinalizationTest.java on generic-all
+ JDK-8331605:
jdk/test/lib/TestMutuallyExclusivePlatformPredicates.java test failure
+ JDK-8331746: Create a test to verify that the cmm id is not ignored
+ JDK-8331798: Remove unused arg of checkErgonomics() in
TestMaxHeapSizeTools.java
+ JDK-8331885: C2: meet between unloaded and speculative types
is not symmetric
+ JDK-8332008: Enable issuestitle check
+ JDK-8332113: Update nsk.share.Log to be always verbose
+ JDK-8332174: Remove 2 (unpaired) RLO Unicode characters in
ff_Adlm.xml
+ JDK-8332248: (fc) java/nio/channels/FileChannel/
/BlockDeviceSize.java failed with RuntimeException
+ JDK-8332424: Update IANA Language Subtag Registry to Version 2024-05-16
+ JDK-8332524: Instead of printing 'TLSv1.3,' it is showing 'TLS13'
+ JDK-8332898: failure_handler: log directory of commands
+ JDK-8332936: Test vmTestbase/metaspace/gc/watermark_70_80/
/TestDescription.java fails with no GC's recorded
+ JDK-8333270: HandlersOnComplexResetUpdate and
HandlersOnComplexUpdate tests fail with 'Unexpected reference'
if timeoutFactor is less than 1/3
+ JDK-8333353: Delete extra empty line in CodeBlob.java
+ JDK-8333398: Uncomment the commented test in test/jdk/java/
/util/jar/JarFile/mrjar/MultiReleaseJarAPI.java
+ JDK-8333477: Delete extra empty spaces in Makefiles
+ JDK-8333698: [17u] TestJstatdRmiPort fails after JDK-8333667
+ JDK-8333716: Shenandoah: Check for disarmed method before
taking the nmethod lock
+ JDK-8333724: Problem list security/infra/java/security/cert/
/CertPathValidator/certification/CAInterop.java
#teliasonerarootcav1
+ JDK-8333804: java/net/httpclient/ForbiddenHeadTest.java threw
an exception with 0 failures
+ JDK-8334166: Enable binary check
+ JDK-8334297: (so) java/nio/channels/SocketChannel/OpenLeak.java
should not depend on SecurityManager
+ JDK-8334332: TestIOException.java fails if run by root
+ JDK-8334333: MissingResourceCauseTestRun.java fails if run by root
+ JDK-8334335: [TESTBUG] Backport of 8279164 to 11u & 17u
includes elements of JDK-8163327
+ JDK-8334339: Test java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java fails on alinux3
+ JDK-8334418: Update IANA Language Subtag Registry to Version 2024-06-14
+ JDK-8334482: Shenandoah: Deadlock when safepoint is pending
during nmethods iteration
+ JDK-8334600: TEST java/net/MulticastSocket/IPMulticastIF.java
fails on linux-aarch64
+ JDK-8334653: ISO 4217 Amendment 177 Update
+ JDK-8334769: Shenandoah: Move CodeCache_lock close to its use
in ShenandoahConcurrentNMethodIterator
+ JDK-8335536: Fix assertion failure in IdealGraphPrinter when
append is true
+ JDK-8335775: Remove extraneous 's' in comment of
rawmonitor.cpp test file
+ JDK-8335808: update for deprecated sprintf for jfrTypeSetUtils
+ JDK-8335918: update for deprecated sprintf for jvmti
+ JDK-8335967: 'text-decoration: none' does not work with 'A' HTML tags
+ JDK-8336301: test/jdk/java/nio/channels/
/AsyncCloseAndInterrupt.java leaves around a FIFO file upon
test completion
+ JDK-8336928: GHA: Bundle artifacts removal broken
+ JDK-8337038: Test java/nio/file/attribute/
/BasicFileAttributeView/CreationTime.java shoud set as /native
+ JDK-8337283: configure.log is truncated when build dir is on
different filesystem
+ JDK-8337664: Distrust TLS server certificates issued after
Oct 2024 and anchored by Entrust Root CAs
+ JDK-8337669: [17u] Backport of JDK-8284047 missed to delete a file
+ JDK-8338139: {ClassLoading,Memory}MXBean::isVerbose methods
are inconsistent with their setVerbose methods
+ JDK-8338696: (fs) BasicFileAttributes.creationTime() falls
back to epoch if birth time is unavailable (Linux)
+ JDK-8339869: [21u] Test CreationTime.java fails with
UnsatisfiedLinkError after 8334339
+ JDK-8341057: Add 2 SSL.com TLS roots
+ JDK-8341059: Change Entrust TLS distrust date to November 12, 2024
+ JDK-8341673: [17u] Remove designator
DEFAULT_PROMOTED_VERSION_PRE=ea for release 17.0.13
ModerateSUSE bug 1231702SUSE bug 1231711SUSE bug 1231716SUSE bug 1231719CVE-2024-21208 at SUSECVE-2024-21208 at NVDCVE-2024-21210 at SUSECVE-2024-21210 at NVDCVE-2024-21217 at SUSECVE-2024-21217 at NVDCVE-2024-21235 at SUSECVE-2024-21235 at NVDcpe:/o:opensuse:leap:15.5Recommended update for mojo-parent (Moderate)openSUSE Leap 15.5
This update for mojo-parent fixes the following issues:
xalan-j2 was updated from version 2.7.2 to 2.7.3:
- Security issues fixed:
* CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets (bsc#1201684)
- Changes and Bugs fixed:
* Java 8 is now the minimum requirement
* Upgraded to Apache Commons BCEL 6.7.0
* Upgraded to Xerces-J 2.12.2
mojo-parent was updated from version 70 to 82:
- Main changes:
* Potentially Breaking Changes:
+ mojo.java.target should be set as '8', without '1.'
+ spotless plugin must be executed by JDK 11 at least
+ ossrh-snapshots repository was removed from parent
* New features and improvements:
+ Removed SHA-512 checksum for source release artifact
+ Use only project version as tag for release
+ Added space before close empty elements in poms by spotless
+ Using Checkstyle together with Spotless
+ Introduce spotless for automatic code formatting
+ Introduce enforcer rule for minimal version of Java and Maven
+ Use new Plugin Tools report - maven-plugin-report-plugin
+ Added sisu-maven-plugin
+ Introduced maven.version property
+ Execute spotless by JDK 11 at least
+ Use release options for m-compiler-p with newer JDKs
+ Allow override of invoker.streamLogsOnFailures
+ Require Maven 3.9.x at least for releases
+ Added maven-wrapper-plugin to pluginManagement
+ Removed ossrh-snapshots repository from MojoHaus parent
+ Added build-helper-maven-plugin to pluginManagement
+ Require Maven 3.6.3+
+ Updated palantirJavaFormat for spotless - JDK 21 compatible
+ Added dependencyManagement for maven-shade-plugin
+ Dropped recommendedJavaBuildVersion property
+ Format Markdown files with Spotless Plugin
* Bugs fixed:
+ Restore source release distribution in child projects
+ Rename property maven.version to mavenVersion
+ minimalMavenBuildVersion should not be overriding by
mavenVersion
+ Use simple checkstyle rules since spotless is executed by
default
+ Use old spotless version only for JDK < 11
+ Fixed spotless configuration for markdown
- Other changes:
* Removed Google search box due to privacy
* Put version for mrm-maven-plugin in property
* Added streamLogsOnFailures to m-invoker-p
* Added property for maven-fluido-skin version
* Setup Apache Matomo analytics
* Require Maven 3.2.5
* Added SHA-512 hashes
* Extract plugin version as variable so child pom can override if needed
* Removed issue-tracking as no longer exists
* Removed cim report as no longer exists
bcel was updated from version 5.2 to 6.10:
- Many APIs have been extended
- Added riscv64 support
- Various bugs were fixed
apache-commons-lang3 was updated to version 3.12.0 to 3.16.0:
- Included new APIs that are needed by bcel 6.x
- Various minor bugs were fixed
xerces-j2:
- Improved RPM packaging build instructions
netty3:
- Generate sources with protobuf instead of using pre-generated ones
ModerateCVE-2022-34169 at SUSECVE-2022-34169 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
Security issues fixed:
- CVE-2024-45818: xen: Deadlock in x86 HVM standard VGA handling (bsc#1232622)
- CVE-2024-45819: xen: libxl leaks data to PVH guests via ACPI tables (bsc#1232624)
- CVE-2024-45817: xen: x86: Deadlock in vlapic_error() (bsc#1230366)
Non-security issues fixed:
- Removed usage of net-tools-deprecated from supportconfig plugin (bsc#1232542)
- Upstream bug fixes (bsc#1027519)
ModerateSUSE bug 1027519SUSE bug 1230366SUSE bug 1232542SUSE bug 1232622SUSE bug 1232624CVE-2024-45817 at SUSECVE-2024-45817 at NVDCVE-2024-45818 at SUSECVE-2024-45818 at NVDCVE-2024-45819 at SUSECVE-2024-45819 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070 git-fix prerequisity).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005 stable-fixes).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837 stable-fixes).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
The following non-security bugs were fixed:
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- ACPI: battery: Simplify battery hook locking (bsc#1232154)
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda: Fix kctl->id initialization (git-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- Input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: Fix lockdep false negative during host resume (git-fixes).
- KVM: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- KVM: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- KVM: eventfd: Fix false positive RCU usage warning (git-fixes).
- KVM: fix memoryleak in kvm_init() (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- KVM: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (stable-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- USB: misc: yurex: fix race between read and write (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- block: print symbolic error name instead of error code (bsc#1231872).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kvm/arm64: rework guest entry logic (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
ImportantSUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216813SUSE bug 1218562SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1225762SUSE bug 1226498SUSE bug 1226797SUSE bug 1227437SUSE bug 1227885SUSE bug 1228119SUSE bug 1228269SUSE bug 1228709SUSE bug 1228743SUSE bug 1229005SUSE bug 1229019SUSE bug 1229450SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1229769SUSE bug 1229837SUSE bug 1230179SUSE bug 1230405SUSE bug 1230414SUSE bug 1230429SUSE bug 1230456SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230722SUSE bug 1230773SUSE bug 1230801SUSE bug 1230903SUSE bug 1230918SUSE bug 1231016SUSE bug 1231072SUSE bug 1231073SUSE bug 1231094SUSE bug 1231096SUSE bug 1231105SUSE bug 1231114SUSE bug 1231148SUSE bug 1231179SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231293SUSE bug 1231344SUSE bug 1231375SUSE bug 1231383SUSE bug 1231439SUSE bug 1231442SUSE bug 1231496SUSE bug 1231502SUSE bug 1231539SUSE bug 1231540SUSE bug 1231578SUSE bug 1231673SUSE bug 1231857SUSE bug 1231861SUSE bug 1231872SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231889SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231902SUSE bug 1231903SUSE bug 1231907SUSE bug 1231914SUSE bug 1231929SUSE bug 1231935SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231944SUSE bug 1231950SUSE bug 1231954SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231965SUSE bug 1231967SUSE bug 1231968SUSE bug 1231972SUSE bug 1231973SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231990SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1231998SUSE bug 1232001SUSE bug 1232004SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232034SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232043SUSE bug 1232049SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232075SUSE bug 1232083SUSE bug 1232084SUSE bug 1232085SUSE bug 1232089SUSE bug 1232097SUSE bug 1232104SUSE bug 1232105SUSE bug 1232108SUSE bug 1232114SUSE bug 1232116SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232124SUSE bug 1232133SUSE bug 1232135SUSE bug 1232136SUSE bug 1232140SUSE bug 1232145SUSE bug 1232149SUSE bug 1232150SUSE bug 1232151SUSE bug 1232154SUSE bug 1232155SUSE bug 1232160SUSE bug 1232163SUSE bug 1232164SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232175SUSE bug 1232191SUSE bug 1232196SUSE bug 1232199SUSE bug 1232200SUSE bug 1232201SUSE bug 1232217SUSE bug 1232220SUSE bug 1232221SUSE bug 1232229SUSE bug 1232233SUSE bug 1232237SUSE bug 1232251SUSE bug 1232253SUSE bug 1232259SUSE bug 1232260SUSE bug 1232262SUSE bug 1232263SUSE bug 1232282SUSE bug 1232285SUSE bug 1232286SUSE bug 1232304SUSE bug 1232305SUSE bug 1232307SUSE bug 1232309SUSE bug 1232310SUSE bug 1232313SUSE bug 1232314SUSE bug 1232316SUSE bug 1232329SUSE bug 1232332SUSE bug 1232335SUSE bug 1232337SUSE bug 1232342SUSE bug 1232345SUSE bug 1232352SUSE bug 1232354SUSE bug 1232355SUSE bug 1232358SUSE bug 1232361SUSE bug 1232366SUSE bug 1232367SUSE bug 1232368SUSE bug 1232369SUSE bug 1232374SUSE bug 1232381SUSE bug 1232383SUSE bug 1232392SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232435SUSE bug 1232442SUSE bug 1232446SUSE bug 1232501SUSE bug 1232519SUSE bug 1232630SUSE bug 1232631SUSE bug 1232632SUSE bug 1232757CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48957 at SUSECVE-2022-48957 at NVDCVE-2022-48958 at SUSECVE-2022-48958 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48966 at SUSECVE-2022-48966 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48980 at SUSECVE-2022-48980 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49017 at SUSECVE-2022-49017 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49020 at SUSECVE-2022-49020 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-36244 at SUSECVE-2024-36244 at NVDCVE-2024-36957 at SUSECVE-2024-36957 at NVDCVE-2024-39476 at SUSECVE-2024-39476 at NVDCVE-2024-40965 at SUSECVE-2024-40965 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42226 at SUSECVE-2024-42226 at NVDCVE-2024-42253 at SUSECVE-2024-42253 at NVDCVE-2024-44931 at SUSECVE-2024-44931 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-44958 at SUSECVE-2024-44958 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45025 at SUSECVE-2024-45025 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46719 at SUSECVE-2024-46719 at NVDCVE-2024-46754 at SUSECVE-2024-46754 at NVDCVE-2024-46777 at SUSECVE-2024-46777 at NVDCVE-2024-46809 at SUSECVE-2024-46809 at NVDCVE-2024-46811 at SUSECVE-2024-46811 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46828 at SUSECVE-2024-46828 at NVDCVE-2024-46834 at SUSECVE-2024-46834 at NVDCVE-2024-46840 at SUSECVE-2024-46840 at NVDCVE-2024-46841 at SUSECVE-2024-46841 at NVDCVE-2024-46848 at SUSECVE-2024-46848 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-47660 at SUSECVE-2024-47660 at NVDCVE-2024-47661 at SUSECVE-2024-47661 at NVDCVE-2024-47664 at SUSECVE-2024-47664 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47672 at SUSECVE-2024-47672 at NVDCVE-2024-47673 at SUSECVE-2024-47673 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47685 at SUSECVE-2024-47685 at NVDCVE-2024-47692 at SUSECVE-2024-47692 at NVDCVE-2024-47704 at SUSECVE-2024-47704 at NVDCVE-2024-47705 at SUSECVE-2024-47705 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47707 at SUSECVE-2024-47707 at NVDCVE-2024-47710 at SUSECVE-2024-47710 at NVDCVE-2024-47720 at SUSECVE-2024-47720 at NVDCVE-2024-47727 at SUSECVE-2024-47727 at NVDCVE-2024-47730 at SUSECVE-2024-47730 at NVDCVE-2024-47738 at SUSECVE-2024-47738 at NVDCVE-2024-47739 at SUSECVE-2024-47739 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49858 at SUSECVE-2024-49858 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49866 at SUSECVE-2024-49866 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49881 at SUSECVE-2024-49881 at NVDCVE-2024-49882 at SUSECVE-2024-49882 at NVDCVE-2024-49883 at SUSECVE-2024-49883 at NVDCVE-2024-49886 at SUSECVE-2024-49886 at NVDCVE-2024-49890 at SUSECVE-2024-49890 at NVDCVE-2024-49892 at SUSECVE-2024-49892 at NVDCVE-2024-49894 at SUSECVE-2024-49894 at NVDCVE-2024-49895 at SUSECVE-2024-49895 at NVDCVE-2024-49896 at SUSECVE-2024-49896 at NVDCVE-2024-49897 at SUSECVE-2024-49897 at NVDCVE-2024-49899 at SUSECVE-2024-49899 at NVDCVE-2024-49901 at SUSECVE-2024-49901 at NVDCVE-2024-49906 at SUSECVE-2024-49906 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49909 at SUSECVE-2024-49909 at NVDCVE-2024-49911 at SUSECVE-2024-49911 at NVDCVE-2024-49912 at SUSECVE-2024-49912 at NVDCVE-2024-49913 at SUSECVE-2024-49913 at NVDCVE-2024-49914 at SUSECVE-2024-49914 at NVDCVE-2024-49917 at SUSECVE-2024-49917 at NVDCVE-2024-49918 at SUSECVE-2024-49918 at NVDCVE-2024-49919 at SUSECVE-2024-49919 at NVDCVE-2024-49920 at SUSECVE-2024-49920 at NVDCVE-2024-49922 at SUSECVE-2024-49922 at NVDCVE-2024-49923 at SUSECVE-2024-49923 at NVDCVE-2024-49929 at SUSECVE-2024-49929 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49933 at SUSECVE-2024-49933 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49939 at SUSECVE-2024-49939 at NVDCVE-2024-49946 at SUSECVE-2024-49946 at NVDCVE-2024-49949 at SUSECVE-2024-49949 at NVDCVE-2024-49954 at SUSECVE-2024-49954 at NVDCVE-2024-49955 at SUSECVE-2024-49955 at NVDCVE-2024-49958 at SUSECVE-2024-49958 at NVDCVE-2024-49959 at SUSECVE-2024-49959 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49962 at SUSECVE-2024-49962 at NVDCVE-2024-49967 at SUSECVE-2024-49967 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49973 at SUSECVE-2024-49973 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49975 at SUSECVE-2024-49975 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49993 at SUSECVE-2024-49993 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-49996 at SUSECVE-2024-49996 at NVDCVE-2024-50000 at SUSECVE-2024-50000 at NVDCVE-2024-50001 at SUSECVE-2024-50001 at NVDCVE-2024-50002 at SUSECVE-2024-50002 at NVDCVE-2024-50006 at SUSECVE-2024-50006 at NVDCVE-2024-50014 at SUSECVE-2024-50014 at NVDCVE-2024-50019 at SUSECVE-2024-50019 at NVDCVE-2024-50024 at SUSECVE-2024-50024 at NVDCVE-2024-50028 at SUSECVE-2024-50028 at NVDCVE-2024-50033 at SUSECVE-2024-50033 at NVDCVE-2024-50035 at SUSECVE-2024-50035 at NVDCVE-2024-50041 at SUSECVE-2024-50041 at NVDCVE-2024-50045 at SUSECVE-2024-50045 at NVDCVE-2024-50046 at SUSECVE-2024-50046 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50048 at SUSECVE-2024-50048 at NVDCVE-2024-50049 at SUSECVE-2024-50049 at NVDCVE-2024-50055 at SUSECVE-2024-50055 at NVDCVE-2024-50058 at SUSECVE-2024-50058 at NVDCVE-2024-50059 at SUSECVE-2024-50059 at NVDCVE-2024-50061 at SUSECVE-2024-50061 at NVDCVE-2024-50063 at SUSECVE-2024-50063 at NVDCVE-2024-50081 at SUSECVE-2024-50081 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49962: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (bsc#1232314).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
The following non-security bugs were fixed:
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- ACPI: battery: Simplify battery hook locking (bsc#1232154)
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- ALSA: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda: Fix kctl->id initialization (git-fixes).
- ALSA: hda: cs35l41: fix module autoloading (git-fixes).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ASoC: allow module autoloading for table db1200_pids (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: intel: fix module autoloading (stable-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- ASoC: tda7419: fix module autoloading (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- Drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: multitouch: Add support for GT7868Q (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- Input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: Fix lockdep false negative during host resume (git-fixes).
- KVM: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- KVM: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- KVM: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- KVM: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- KVM: eventfd: Fix false positive RCU usage warning (git-fixes).
- KVM: fix memoryleak in kvm_init() (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- KVM: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- KVM: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- KVM: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (stable-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- USB: misc: yurex: fix race between read and write (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- block: print symbolic error name instead of error code (bsc#1231872).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kvm/arm64: rework guest entry logic (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
ImportantSUSE bug 1054914SUSE bug 1065729SUSE bug 1194869SUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216813SUSE bug 1218562SUSE bug 1223384SUSE bug 1223524SUSE bug 1223824SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1225762SUSE bug 1226498SUSE bug 1226631SUSE bug 1226797SUSE bug 1227437SUSE bug 1227885SUSE bug 1228119SUSE bug 1228269SUSE bug 1228709SUSE bug 1228743SUSE bug 1228747SUSE bug 1229005SUSE bug 1229019SUSE bug 1229450SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1229769SUSE bug 1229837SUSE bug 1229891SUSE bug 1230055SUSE bug 1230179SUSE bug 1230289SUSE bug 1230405SUSE bug 1230414SUSE bug 1230429SUSE bug 1230456SUSE bug 1230550SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230722SUSE bug 1230763SUSE bug 1230773SUSE bug 1230774SUSE bug 1230801SUSE bug 1230903SUSE bug 1230918SUSE bug 1231016SUSE bug 1231072SUSE bug 1231073SUSE bug 1231084SUSE bug 1231085SUSE bug 1231087SUSE bug 1231094SUSE bug 1231096SUSE bug 1231105SUSE bug 1231114SUSE bug 1231115SUSE bug 1231148SUSE bug 1231179SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231203SUSE bug 1231277SUSE bug 1231293SUSE bug 1231327SUSE bug 1231344SUSE bug 1231375SUSE bug 1231383SUSE bug 1231439SUSE bug 1231442SUSE bug 1231496SUSE bug 1231502SUSE bug 1231539SUSE bug 1231540SUSE bug 1231578SUSE bug 1231673SUSE bug 1231857SUSE bug 1231861SUSE bug 1231872SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231889SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231902SUSE bug 1231903SUSE bug 1231907SUSE bug 1231914SUSE bug 1231929SUSE bug 1231935SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231944SUSE bug 1231950SUSE bug 1231954SUSE bug 1231958SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231965SUSE bug 1231967SUSE bug 1231968SUSE bug 1231972SUSE bug 1231973SUSE bug 1231976SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231990SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1231998SUSE bug 1232001SUSE bug 1232004SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232025SUSE bug 1232026SUSE bug 1232033SUSE bug 1232034SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232043SUSE bug 1232049SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232075SUSE bug 1232083SUSE bug 1232084SUSE bug 1232085SUSE bug 1232089SUSE bug 1232097SUSE bug 1232104SUSE bug 1232105SUSE bug 1232108SUSE bug 1232114SUSE bug 1232116SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232124SUSE bug 1232133SUSE bug 1232135SUSE bug 1232136SUSE bug 1232140SUSE bug 1232145SUSE bug 1232149SUSE bug 1232150SUSE bug 1232151SUSE bug 1232154SUSE bug 1232155SUSE bug 1232160SUSE bug 1232163SUSE bug 1232164SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232175SUSE bug 1232191SUSE bug 1232196SUSE bug 1232199SUSE bug 1232200SUSE bug 1232201SUSE bug 1232217SUSE bug 1232220SUSE bug 1232221SUSE bug 1232229SUSE bug 1232233SUSE bug 1232237SUSE bug 1232251SUSE bug 1232253SUSE bug 1232259SUSE bug 1232260SUSE bug 1232262SUSE bug 1232263SUSE bug 1232282SUSE bug 1232285SUSE bug 1232286SUSE bug 1232304SUSE bug 1232305SUSE bug 1232307SUSE bug 1232309SUSE bug 1232310SUSE bug 1232313SUSE bug 1232314SUSE bug 1232316SUSE bug 1232329SUSE bug 1232332SUSE bug 1232335SUSE bug 1232337SUSE bug 1232342SUSE bug 1232345SUSE bug 1232352SUSE bug 1232354SUSE bug 1232355SUSE bug 1232358SUSE bug 1232361SUSE bug 1232366SUSE bug 1232367SUSE bug 1232368SUSE bug 1232369SUSE bug 1232374SUSE bug 1232381SUSE bug 1232383SUSE bug 1232392SUSE bug 1232395SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232435SUSE bug 1232442SUSE bug 1232446SUSE bug 1232501SUSE bug 1232519SUSE bug 1232630SUSE bug 1232631SUSE bug 1232632SUSE bug 1232757CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48957 at SUSECVE-2022-48957 at NVDCVE-2022-48958 at SUSECVE-2022-48958 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48966 at SUSECVE-2022-48966 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48980 at SUSECVE-2022-48980 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49017 at SUSECVE-2022-49017 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49020 at SUSECVE-2022-49020 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-36244 at SUSECVE-2024-36244 at NVDCVE-2024-36957 at SUSECVE-2024-36957 at NVDCVE-2024-39476 at SUSECVE-2024-39476 at NVDCVE-2024-40965 at SUSECVE-2024-40965 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42226 at SUSECVE-2024-42226 at NVDCVE-2024-42253 at SUSECVE-2024-42253 at NVDCVE-2024-44931 at SUSECVE-2024-44931 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-44958 at SUSECVE-2024-44958 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45025 at SUSECVE-2024-45025 at NVDCVE-2024-46678 at SUSECVE-2024-46678 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46719 at SUSECVE-2024-46719 at NVDCVE-2024-46754 at SUSECVE-2024-46754 at NVDCVE-2024-46770 at SUSECVE-2024-46770 at NVDCVE-2024-46775 at SUSECVE-2024-46775 at NVDCVE-2024-46777 at SUSECVE-2024-46777 at NVDCVE-2024-46809 at SUSECVE-2024-46809 at NVDCVE-2024-46811 at SUSECVE-2024-46811 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46826 at SUSECVE-2024-46826 at NVDCVE-2024-46828 at SUSECVE-2024-46828 at NVDCVE-2024-46834 at SUSECVE-2024-46834 at NVDCVE-2024-46840 at SUSECVE-2024-46840 at NVDCVE-2024-46841 at SUSECVE-2024-46841 at NVDCVE-2024-46848 at SUSECVE-2024-46848 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-46855 at SUSECVE-2024-46855 at NVDCVE-2024-46857 at SUSECVE-2024-46857 at NVDCVE-2024-47660 at SUSECVE-2024-47660 at NVDCVE-2024-47661 at SUSECVE-2024-47661 at NVDCVE-2024-47664 at SUSECVE-2024-47664 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47672 at SUSECVE-2024-47672 at NVDCVE-2024-47673 at SUSECVE-2024-47673 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47685 at SUSECVE-2024-47685 at NVDCVE-2024-47692 at SUSECVE-2024-47692 at NVDCVE-2024-47704 at SUSECVE-2024-47704 at NVDCVE-2024-47705 at SUSECVE-2024-47705 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47707 at SUSECVE-2024-47707 at NVDCVE-2024-47710 at SUSECVE-2024-47710 at NVDCVE-2024-47720 at SUSECVE-2024-47720 at NVDCVE-2024-47727 at SUSECVE-2024-47727 at NVDCVE-2024-47730 at SUSECVE-2024-47730 at NVDCVE-2024-47738 at SUSECVE-2024-47738 at NVDCVE-2024-47739 at SUSECVE-2024-47739 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-49858 at SUSECVE-2024-49858 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49866 at SUSECVE-2024-49866 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49881 at SUSECVE-2024-49881 at NVDCVE-2024-49882 at SUSECVE-2024-49882 at NVDCVE-2024-49883 at SUSECVE-2024-49883 at NVDCVE-2024-49886 at SUSECVE-2024-49886 at NVDCVE-2024-49890 at SUSECVE-2024-49890 at NVDCVE-2024-49892 at SUSECVE-2024-49892 at NVDCVE-2024-49894 at SUSECVE-2024-49894 at NVDCVE-2024-49895 at SUSECVE-2024-49895 at NVDCVE-2024-49896 at SUSECVE-2024-49896 at NVDCVE-2024-49897 at SUSECVE-2024-49897 at NVDCVE-2024-49899 at SUSECVE-2024-49899 at NVDCVE-2024-49901 at SUSECVE-2024-49901 at NVDCVE-2024-49906 at SUSECVE-2024-49906 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49909 at SUSECVE-2024-49909 at NVDCVE-2024-49911 at SUSECVE-2024-49911 at NVDCVE-2024-49912 at SUSECVE-2024-49912 at NVDCVE-2024-49913 at SUSECVE-2024-49913 at NVDCVE-2024-49914 at SUSECVE-2024-49914 at NVDCVE-2024-49917 at SUSECVE-2024-49917 at NVDCVE-2024-49918 at SUSECVE-2024-49918 at NVDCVE-2024-49919 at SUSECVE-2024-49919 at NVDCVE-2024-49920 at SUSECVE-2024-49920 at NVDCVE-2024-49922 at SUSECVE-2024-49922 at NVDCVE-2024-49923 at SUSECVE-2024-49923 at NVDCVE-2024-49929 at SUSECVE-2024-49929 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49933 at SUSECVE-2024-49933 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49939 at SUSECVE-2024-49939 at NVDCVE-2024-49946 at SUSECVE-2024-49946 at NVDCVE-2024-49949 at SUSECVE-2024-49949 at NVDCVE-2024-49954 at SUSECVE-2024-49954 at NVDCVE-2024-49955 at SUSECVE-2024-49955 at NVDCVE-2024-49958 at SUSECVE-2024-49958 at NVDCVE-2024-49959 at SUSECVE-2024-49959 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49962 at SUSECVE-2024-49962 at NVDCVE-2024-49967 at SUSECVE-2024-49967 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49973 at SUSECVE-2024-49973 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49975 at SUSECVE-2024-49975 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49993 at SUSECVE-2024-49993 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-49996 at SUSECVE-2024-49996 at NVDCVE-2024-50000 at SUSECVE-2024-50000 at NVDCVE-2024-50001 at SUSECVE-2024-50001 at NVDCVE-2024-50002 at SUSECVE-2024-50002 at NVDCVE-2024-50006 at SUSECVE-2024-50006 at NVDCVE-2024-50014 at SUSECVE-2024-50014 at NVDCVE-2024-50019 at SUSECVE-2024-50019 at NVDCVE-2024-50024 at SUSECVE-2024-50024 at NVDCVE-2024-50028 at SUSECVE-2024-50028 at NVDCVE-2024-50033 at SUSECVE-2024-50033 at NVDCVE-2024-50035 at SUSECVE-2024-50035 at NVDCVE-2024-50041 at SUSECVE-2024-50041 at NVDCVE-2024-50045 at SUSECVE-2024-50045 at NVDCVE-2024-50046 at SUSECVE-2024-50046 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50048 at SUSECVE-2024-50048 at NVDCVE-2024-50049 at SUSECVE-2024-50049 at NVDCVE-2024-50055 at SUSECVE-2024-50055 at NVDCVE-2024-50058 at SUSECVE-2024-50058 at NVDCVE-2024-50059 at SUSECVE-2024-50059 at NVDCVE-2024-50061 at SUSECVE-2024-50061 at NVDCVE-2024-50063 at SUSECVE-2024-50063 at NVDCVE-2024-50081 at SUSECVE-2024-50081 at NVDcpe:/o:opensuse:leap:15.5Security update for python3-wxPython (Moderate)openSUSE Leap 15.5
This update for python3-wxPython fixes the following issues:
- CVE-2024-50602: Fixed a denial of service in the vendored libexpat's XML_ResumeParser function (bsc#1232590).
ModerateSUSE bug 1232590CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2 (Important)openSUSE Leap 15.5
This update for apache2 fixes the following issues:
- CVE-2023-45802: Fixed regression with previous fix (bsc#1233165).
ImportantSUSE bug 1233165CVE-2023-45802 at SUSECVE-2023-45802 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
- CVE-2023-42890: Fixed processing malicious web content may lead to arbitrary code execution (bsc#1218033).
- CVE-2023-42883: Fixed processing a malicious image may lead to a denial-of-service (bsc#1218032).
- CVE-2023-41074: Fixed use-after-free in the MediaRecorder API of the WebKit GStreamer-based ports (bsc#1215870).
- CVE-2023-40451, CVE-2023-41074: Update to version 2.42.4 (bsc#1218032, bsc#1215868).
ImportantSUSE bug 1215868SUSE bug 1215869SUSE bug 1215870SUSE bug 1218032SUSE bug 1218033CVE-2023-32359 at SUSECVE-2023-32359 at NVDCVE-2023-39928 at SUSECVE-2023-39928 at NVDCVE-2023-40451 at SUSECVE-2023-40451 at NVDCVE-2023-41074 at SUSECVE-2023-41074 at NVDCVE-2023-42883 at SUSECVE-2023-42883 at NVDCVE-2023-42890 at SUSECVE-2023-42890 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Moderate)openSUSE Leap 15.5
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Security issues fixed:
* CVE-2023-3978: Fixed security bug in x/net dependency (bsc#1213933)
- Other changes and issues fixed:
* Delete unpackaged debug files for RHEL
* Do not include source files in the package for RHEL 9
* Require Go 1.20 when building for RedHat derivatives
* Drop EnvironmentFile from the service definition
* Explicitly unset $ARGS environment variable. Setting environment
variables should be done in drop-in systemd configuration files.
* Drop go_nostrip macro. It is not needed with current binutils and
Go.
* Migrate from `disabled` to `manual` source service type
* Drop BuildRequires: golang-packaging
* Upgrade to version 1.0.8 (bsc#1227341)
+ Update prometheus/client_golang to version 1.19.1
+ Update x/net to version 0.23.0
* Upgrade to version 1.0.7
+ Update protobuf to version 1.33.0
+ Update prometheus/client_golang to version 1.19.0
+ Update prometheus/common to version 0.46.0
+ Standardize landing page
* Upgrade to version 1.0.6
+ Update prometheus/exporter-toolkit to version 0.11.0
+ Update prometheus/client_golang to version 1.18.0
+ Add User-Agent header
* Upgrade to version 1.0.4
+ Update x/crypto to version 0.17.0
+ Update alecthomas/kingpin/v2 to version 2.4.0
+ Update prometheus/common to version 0.45.0
* Upgrade to version 1.0.3
+ Update prometheus/client_golang to version 1.17.0
+ Update x/net 0.17.0
* Upgrade to version 1.0.1
+ Update prometheus/exporter-toolkit to version 0.10.0
+ Update prometheus/common to version 0.44.0
+ Update prometheus/client_golang to version 1.16.0
golang-github-prometheus-promu:
- Require Go >= 1.21 for building
- Packaging improvements:
* Drop export CGO_ENABLED='0'. Use the default unless there is a
defined requirement or benefit (bsc#1230623).
- Update to version 0.16.0:
* Do not discover user/host for reproducible builds
* Fix example/prometheus build error
- Update to version 0.15.0:
* Add linux/riscv64 to default platforms
* Use yaml.Unmarshalstrict to validate configuration files
spacecmd:
- Version 5.0.10-0
* Speed up softwarechannel_removepackages (bsc#1227606)
* Fix error in 'kickstart_delete' when using wildcards
(bsc#1227578)
* Spacecmd bootstrap now works with specified port (bsc#1229437)
* Fix sls backup creation as directory with spacecmd (bsc#1230745)
uyuni-common-libs:
- Version 5.0.5-0
* Enforce directory permissions at repo-sync when creating
directories (bsc#1229260)
uyuni-tools:
- version 0.1.23-0
* Ensure namespace is defined in all kubernetes commands
* Use SCC credentials to authenticate against registry.suse.com
for kubernetes (bsc#1231157)
* Fix namespace usage on mgrctl cp command
- version 0.1.22-0
* Set projectId also for test packages/images
* mgradm migration should not pull Confidential Computing and Hub
image is replicas == 0 (bsc#1229432, bsc#1230136)
* Do not allow SUSE Manager downgrade
* Prevent completion issue when /var/log/uyuni-tools.log is missing
* Fix proxy shared volume flag
* During migration, exclude mgr-sync configuration file (bsc#1228685)
* Migrate from PostgreSQL 14 to PostgreSQL 16 pg_hba.conf and
postgresql.conf files (bsc#1231206)
* During migration, handle empty autoinstallation path (bsc#1230285)
* During migration, handle symlinks (bsc#1230288)
* During migration, trust the remote sender's file list (bsc#1228424)
* Use SCC flags during podman pull
* Restore SELinux permission after migration (bsc#1229501)
* Share volumes between containers (bsc#1223142)
* Save supportconfig in current directory (bsc#1226759)
* Fix error code handling on reinstallation (bsc#1230139)
* Fix creating first user and organization
* Add missing variable quotes for install vars (bsc#1229108)
* Add API login and logout calls to allow persistent login
Changes that only impact SUSE Manager 4.3:
mgr-daemon:
- Version 4.3.11-0
* Update translation strings
spacewalk-client-tools:
- Version 4.3.21-0
* Update translation strings
ModerateSUSE bug 1213933SUSE bug 1223142SUSE bug 1226759SUSE bug 1227341SUSE bug 1227578SUSE bug 1227606SUSE bug 1228424SUSE bug 1228685SUSE bug 1229108SUSE bug 1229260SUSE bug 1229432SUSE bug 1229437SUSE bug 1229501SUSE bug 1230136SUSE bug 1230139SUSE bug 1230285SUSE bug 1230288SUSE bug 1230745SUSE bug 1231157SUSE bug 1231206CVE-2023-3978 at SUSECVE-2023-3978 at NVDcpe:/o:opensuse:leap:15.5Security update for expat (Moderate)openSUSE Leap 15.5
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
ModerateSUSE bug 1232579CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:opensuse:leap:15.5Security update for httpcomponents-client, httpcomponents-core (Moderate)openSUSE Leap 15.5
This update for httpcomponents-client, httpcomponents-core fixes the following issues:
httpcomponents-client:
- Update to version 4.5.14
* HTTPCLIENT-2206: Corrected resource de-allocation by fluent
response objects.
* HTTPCLIENT-2174: URIBuilder to return a new empty list instead
of unmodifiable Collections#emptyList.
* Don't retry requests in case of NoRouteToHostException.
* HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
of requests with form url-encoded body.
* PR #269: 4.5.x use array fill and more.
+ Use Arrays.fill().
+ Remove redundant modifiers.
+ Use Collections.addAll() and Collection.addAll() APIs instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
+ Use a 'L' instead of 'l' to make long literals more readable.
* PublicSuffixListParser.parseByType(Reader) allocates but does
not use a 256 char StringBuilder.
* Incorrect handling of malformed authority component by
URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
* Avoid updating Content-Length header in a 304 response.
* Bug fix: BasicExpiresHandler is annotated as immutable but is
not (#239)
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
httpcomponents-core:
- Upgraded to version 4.4.14
* PR #231: 4.4.x Use better map apis and more.
+ Remove redundant modifiers.
+ Use Collections.addAll() API instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
* Bug fix: Non-blocking TLSv1.3 connections can end up in an
infinite event spin when closed concurrently by the local and
the remote endpoints.
* HTTPCORE-647: Non-blocking connection terminated due to
'java.io.IOException: Broken pipe' can enter an infinite loop
flushing buffered output data.
* PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
that can cause internal state corruption when persistent
connections are manually removed from the pool.
ModerateSUSE bug 1177488CVE-2020-13956 at SUSECVE-2020-13956 at NVDcpe:/o:opensuse:leap:15.5Security update for bea-stax, xstream (Important)openSUSE Leap 15.5
This update for bea-stax, xstream fixes the following issues:
- CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085).
ImportantSUSE bug 1233085CVE-2024-47072 at SUSECVE-2024-47072 at NVDcpe:/o:opensuse:leap:15.5Security update for govulncheck-vulndb (Important)openSUSE Leap 15.5
This update for govulncheck-vulndb fixes the following issues:
- Update to version 0.0.20241112T145010 2024-11-12T14:50:10Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3250 CVE-2024-51744 GHSA-29wx-vh33-7x7r
- Update to version 0.0.20241108T172500 2024-11-08T17:25:00Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3260 CVE-2024-45794 GHSA-q78v-cv36-8fxj
* GO-2024-3262 CVE-2024-10975 GHSA-2w5v-x29g-jw7j
- Update to version 0.0.20241106T172143 2024-11-06T17:21:43Z.
Refs jsc#PED-11136
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3251 CVE-2024-10389 GHSA-q3rp-vvm7-j8jg
* GO-2024-3252 CVE-2024-51746 GHSA-8pmp-678w-c8xx
* GO-2024-3253 CVE-2024-48057 GHSA-ghx4-cgxw-7h9p
* GO-2024-3254 CVE-2024-51735 GHSA-wvv7-wm5v-w2gv
ImportantCVE-2024-10389 at SUSECVE-2024-10389 at NVDCVE-2024-10975 at SUSECVE-2024-10975 at NVDCVE-2024-45794 at SUSECVE-2024-45794 at NVDCVE-2024-48057 at SUSECVE-2024-48057 at NVDCVE-2024-51735 at SUSECVE-2024-51735 at NVDCVE-2024-51744 at SUSECVE-2024-51744 at NVDCVE-2024-51746 at SUSECVE-2024-51746 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Critical)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 128.4.3
* fixed: Folder corruption could cause Thunderbird to freeze
and become unusable
* fixed: Message corruption could be propagated when reading mbox
* fixed: Folder compaction was not abandoned on shutdown
* fixed: Folder compaction did not clean up on failure
* fixed: Collapsed NNTP thread incorrectly indicated there were
unread messages
* fixed: Navigating to next unread message did not wait for all
messages to be loaded
* fixed: Applying column view to folder and children could
break if folder error occurred
* fixed: Remote content notifications were broken with
encrypted messages
* fixed: Updating criteria of a saved search resulted in poor
search performance
* fixed: Drop-downs may not work in some places
* fixed: Security fixes
MFSA 2024-61 (bsc#1233355)
* CVE-2024-11159 Potential disclosure of plaintext in OpenPGP encrypted message
- Mozilla Thunderbird 128.4.2
* changed: Increased the auto-compaction threshold to reduce
frequency of compaction
* fixed: New profile creation caused console errors
* fixed: Repair folder could result in older messages showing
wrong date and time
* fixed: Recently deleted messages could become undeleted if
message compaction failed
* fixed: Visual and UX improvements
* fixed: Clicking on an HTML button could cause Thunderbird to freeze
* fixed: Messages could not be selected for dragging
* fixed: Could not open attached file in a MIME encrypted message
* fixed: Account creation 'Setup Documentation' link was broken
* fixed: Unable to generate QR codes when exporting to mobile
in some cases
* fixed: Operating system reauthentication was missing when
exporting QR codes for mobile
* fixed: Could not drag all-day events from one day to another
in week view
- Mozilla Thunderbird 128.4.1
* new: Add the 20 year donation appeal
- Mozilla Thunderbird 128.4
* new: Export Thunderbird account settings to Thunderbird
Mobile via QRCode
* fixed: Unable to send an unencrypted response to an OpenPGP
encrypted message
* fixed: Thunderbird update did not update language pack
version until another restart
* fixed: Security fixes
MFSA 2024-58 (bsc#1231879)
* CVE-2024-10458 Permission leak via embed or object elements
* CVE-2024-10459 Use-after-free in layout with accessibility
* CVE-2024-10460 Confusing display of origin for external protocol handler prompt
* CVE-2024-10461 XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response
* CVE-2024-10462 Origin of permission prompt could be spoofed by long URL
* CVE-2024-10463 Cross origin video frame leak
* CVE-2024-10464 History interface could have been used to cause a Denial of Service condition in the browser
* CVE-2024-10465 Clipboard 'paste' button persisted across tabs
* CVE-2024-10466 DOM push subscription message could hang Firefox
* CVE-2024-10467 Memory safety bugs fixed in Firefox 132, Thunderbird 132, Firefox ESR 128.4, and Thunderbird 128.4
CriticalSUSE bug 1231879SUSE bug 1233355CVE-2024-10458 at SUSECVE-2024-10458 at NVDCVE-2024-10459 at SUSECVE-2024-10459 at NVDCVE-2024-10460 at SUSECVE-2024-10460 at NVDCVE-2024-10461 at SUSECVE-2024-10461 at NVDCVE-2024-10462 at SUSECVE-2024-10462 at NVDCVE-2024-10463 at SUSECVE-2024-10463 at NVDCVE-2024-10464 at SUSECVE-2024-10464 at NVDCVE-2024-10465 at SUSECVE-2024-10465 at NVDCVE-2024-10466 at SUSECVE-2024-10466 at NVDCVE-2024-10467 at SUSECVE-2024-10467 at NVDCVE-2024-11159 at SUSECVE-2024-11159 at NVDcpe:/o:opensuse:leap:15.5Security update for ucode-intel (Important)openSUSE Leap 15.5
This update for ucode-intel fixes the following issues:
- Intel CPU Microcode was updated to the 20241112 release (bsc#1233313)
- CVE-2024-21853: Faulty finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel Xeon Processors may allow an authorized user to potentially enable denial of service via local access.
- CVE-2024-23918: Improper conditions check in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-21820: Incorrect default permissions in some Intel Xeon processor memory controller configurations when using Intel SGX may allow a privileged user to potentially enable escalation of privilege via local access.
- CVE-2024-24968: Improper finite state machines (FSMs) in hardware logic in some Intel Processors may allow an privileged user to potentially enable a denial of service via local access.
- CVE-2024-23984: Observable discrepancy in RAPL interface for some Intel Processors may allow a privileged user to potentially enable information disclosure via local access.
- Update for functional issues.
New Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ADL | C0 | 06-97-02/07 | 00000036 | 00000037 | Core Gen12
| ADL | H0 | 06-97-05/07 | 00000036 | 00000037 | Core Gen12
| ADL | L0 | 06-9a-03/80 | 00000434 | 00000435 | Core Gen12
| ADL | R0 | 06-9a-04/80 | 00000434 | 00000435 | Core Gen12
| EMR-SP | A0 | 06-cf-01/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| EMR-SP | A1 | 06-cf-02/87 | 21000230 | 21000283 | Xeon Scalable Gen5
| MTL | C0 | 06-aa-04/e6 | 0000001f | 00000020 | Core™ Ultra Processor
| RPL-H/P/PX 6+8 | J0 | 06-ba-02/e0 | 00004122 | 00004123 | Core Gen13
| RPL-HX/S | C0 | 06-bf-02/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-S | H0 | 06-bf-05/07 | 00000036 | 00000037 | Core Gen13/Gen14
| RPL-U 2+8 | Q0 | 06-ba-03/e0 | 00004122 | 00004123 | Core Gen13
| SPR-SP | E3 | 06-8f-06/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E4/S2 | 06-8f-07/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
| SPR-SP | E5/S3 | 06-8f-08/87 | 2b0005c0 | 2b000603 | Xeon Scalable Gen4
New Disclosures Updated in Prior Releases:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| ICL-D | B0 | 06-6c-01/10 | 010002b0 | N/A | Xeon D-17xx/D-18xx, D-27xx/D-28xx
| ICX-SP | Dx/M1 | 06-6a-06/87 | 0d0003e7 | N/A | Xeon Scalable Gen3
- Intel CPU Microcode was updated to the 20241029 release
Update for functional issues.
Updated Platforms:
| Processor | Stepping | F-M-S/PI | Old Ver | New Ver | Products
|:---------------|:---------|:------------|:---------|:---------|:---------
| RPL-E/HX/S | B0 | 06-b7-01/32 | 00000129 | 0000012b | Core Gen13/Gen14
ImportantSUSE bug 1233313CVE-2024-21820 at SUSECVE-2024-21820 at NVDCVE-2024-21853 at SUSECVE-2024-21853 at NVDCVE-2024-23918 at SUSECVE-2024-23918 at NVDCVE-2024-23984 at SUSECVE-2024-23984 at NVDCVE-2024-24968 at SUSECVE-2024-24968 at NVDcpe:/o:opensuse:leap:15.5Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop (Moderate)openSUSE Leap 15.5
This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues:
xmlgraphics-fop was updated from version 2.8 to 2.10:
- Security issues fixed:
* CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428)
- Upstream changes and bugs fixed:
* Version 2.10:
+ footnote-body ignores rl-tb writing mode
+ SVG tspan content is displayed out of place
+ Added new schema to handle pdf/a and pdfa/ua
+ Correct fop version at runtime
+ NoSuchElementException when using font with no family name
+ Resolve classpath for binary distribution
+ Switch to spotbugs
+ Set an automatic module name
+ Rename packages to avoid conflicts with modules
+ Resize table only for multicolumn page
+ Missing jars in servlet
+ Optimise performance of PNG with alpha using raw loader
+ basic-link not navigating to corresponding footnote
+ Added option to sign PDF
+ Added secure processing for XSL input
+ Allow sections which need security permissions to be run when AllPermission denied in caller code
+ Remove unused PDFStructElem
+ Remove space generated by fo:wrapper
+ Reset content length for table changing ipd
+ Added alt text to PDF signature
+ Allow change of resource level for SVG in AFP
+ Exclude shape not in clipping path for AFP
+ Only support 1 column for redo of layout without page pos only
+ Switch to Jakarta servlet API
+ NPE when list item is split alongside an ipd change
+ Added mandatory MODCA triplet to AFP
+ Redo layout for multipage columns
+ Added image mask option for AFP
+ Skip written block ipds inside float
+ Allow curly braces for src url
+ Missing content for last page with change ipd
+ Added warning when different pdf languages are used
+ Only restart line manager when there is a linebreak for blocklayout
* Version 2.9:
+ Values in PDF Number Trees must be indirect references
+ Do not delete files on syntax errors using command line
+ Surrogate pair edge-case causes Exception
+ Reset character spacing
+ SVG text containing certain glyphs isn't rendered
+ Remove duplicate classes from maven classpath
+ Allow use of page position only on redo of layout
+ Failure to render multi-block itemBody alongside float
+ Update to PDFBox 2.0.27
+ NPE if link destination is missing with accessibility
+ Make property cache thread safe
+ Font size was rounded to 0 for AFP TTF
+ Cannot process a SVG using mvn jars
+ Remove serializer jar
+ Allow creating a PDF 2.0 document
+ Text missing after page break inside table inline
+ IllegalArgumentException for list in a table
+ Table width may be too wide when layout width changes
+ NPE when using broken link and PDF 1.5
+ Allow XMP at PDF page level
+ Symbol font was not being mapped to unicode
+ Correct font differences table for Chrome
+ Link against Java 8 API
+ Added support for font-selection-strategy=character-by-character
+ Merge form fields in external PDFs
+ Fixed test for Java 11
xmlgraphics-batik was updated from version 1.17 to 1.18:
- PNG transcoder references nonexistent class
- Set offset to 0 if missing in stop tag
- Validate throws NPE
- Fixed missing arabic characters
- Animated rotate tranform ignores y-origin at exactly 270 degrees
- Set an automatic module name
- Ignore inkscape properties
- Switch to spotbugs
- Allow source and target resolution configuration
xmlgraphics-commons was updated from version 2.8 to 2.10:
- Fixed test for Java 11
- Allow XMP at PDF page level
- Allow source resolution configuration
- Added new schema to handle pdf/a and pdfa/ua
- Set an automatic module name
- Switch to spotbugs
- Do not use a singleton for ImageImplRegistry
javapackages-tools was updated from version 6.3.0 to 6.3.4:
- Version 6.3.4:
* A corner case when which is not present
* Remove dependency on which
* Simplify after the which -> type -p change
* jpackage_script: Remove pointless assignment when %java_home is unset
* Don't export JAVA_HOME (bsc#1231347)
- Version 6.3.2:
* Search for JAVACMD under JAVA_HOME only if it's set
* Obsolete set_jvm and set_jvm_dirs functions
* Drop unneeded _set_java_home function
* Remove JAVA_HOME check from check_java_env function
* Bump codecov/codecov-action from 2.0.2 to 4.6.0
* Bump actions/setup-python from 4 to 5
* Bump actions/checkout from 2 to 4
* Added custom dependabot config
* Remove the test for JAVA_HOME and error if it is not set
* java-functions: Remove unneeded local variables
* Fixed build status shield
- Version 6.3.1:
* Allow missing components with abs2rel
* Fixed tests with python 3.4
* Sync spec file from Fedora
* Drop default JRE/JDK
* Fixed the use of java-functions in scripts
* Test that we don't bomb on <relativePath/>
* Test variable expansion in artifactId
* Interpolate properties also in the current artifact
* Rewrite abs2rel in shell
* Use asciidoctor instead of asciidoc
* Fixed incompatibility with RPM 4.20
* Reproducible exclusions order in maven metadata
* Do not bomb on <relativePath/> construct
* Make maven_depmap order of aliases reproducible
ModerateSUSE bug 1231347SUSE bug 1231428CVE-2024-28168 at SUSECVE-2024-28168 at NVDcpe:/o:opensuse:leap:15.5Security update for hplip (Low)openSUSE Leap 15.5
This update for hplip fixes the following issues:
- hpmud: sanitize printer serial number (bsc#1209401)
LowSUSE bug 1209401cpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)
ModerateSUSE bug 1233447CVE-2024-52304 at SUSECVE-2024-52304 at NVDcpe:/o:opensuse:leap:15.5Security update for glib2 (Important)openSUSE Leap 15.5
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
ImportantSUSE bug 1233282CVE-2024-52533 at SUSECVE-2024-52533 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 128.5.0 ESR, fixed various security fixes
and other quality improvements, MFSA 2024-64 (bsc#1233695):
* CVE-2024-11691: Memory corruption in Apple GPU drivers
* CVE-2024-11692: Select list elements could be shown over another site
* CVE-2024-11693: Download Protections were bypassed by .library-ms files on Windows
* CVE-2024-11694: CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695: URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11696: Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697: Inproper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11698: Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
* CVE-2024-11699: Memory safety bugs fixed in Firefox 133, Firefox ESR 128.5, and Thunderbird 128.5
ImportantSUSE bug 1233695CVE-2024-11691 at SUSECVE-2024-11691 at NVDCVE-2024-11692 at SUSECVE-2024-11692 at NVDCVE-2024-11693 at SUSECVE-2024-11693 at NVDCVE-2024-11694 at SUSECVE-2024-11694 at NVDCVE-2024-11695 at SUSECVE-2024-11695 at NVDCVE-2024-11696 at SUSECVE-2024-11696 at NVDCVE-2024-11697 at SUSECVE-2024-11697 at NVDCVE-2024-11698 at SUSECVE-2024-11698 at NVDCVE-2024-11699 at SUSECVE-2024-11699 at NVDcpe:/o:opensuse:leap:15.5Security update for ovmf (Moderate)openSUSE Leap 15.5
This update for ovmf fixes the following issues:
- CVE-2024-1298: Fixed potential UINT32 overflow in S3 ResumeCount (bsc#1225889).
ModerateSUSE bug 1225889CVE-2024-1298 at SUSECVE-2024-1298 at NVDcpe:/o:opensuse:leap:15.5Security update for frr (Important)openSUSE Leap 15.5
This update for frr fixes the following issues:
Update to frr 8.5.6 (jsc#PED-PED-11092) including fixes for:
- CVE-2024-44070,CVE-2024-34088,CVE-2024-31951,CVE-2024-31950,
CVE-2024-31948,CVE-2024-27913,CVE-2023-47235,CVE-2023-47234,
CVE-2023-46753,CVE-2023-46752,CVE-2023-41909,CVE-2023-41360,
CVE-2023-41358,CVE-2023-38802,CVE-2023-38407,CVE-2023-38406,
CVE-2023-3748,CVE-2023-31490,CVE-2023-31489 and other bugfixes.
See https://frrouting.org/release/8.5.6/ for details.
The most recent frr 8.x series provides several new features,
improvements and bug fixes for various protocols and daemons,
especially for PIM/PIMv6/BGP and VRF support.
See https://frrouting.org/release/8.5/ for details and links.
ImportantCVE-2023-31489 at SUSECVE-2023-31489 at NVDCVE-2023-31490 at SUSECVE-2023-31490 at NVDCVE-2023-3748 at SUSECVE-2023-3748 at NVDCVE-2023-38406 at SUSECVE-2023-38406 at NVDCVE-2023-38407 at SUSECVE-2023-38407 at NVDCVE-2023-38802 at SUSECVE-2023-38802 at NVDCVE-2023-41358 at SUSECVE-2023-41358 at NVDCVE-2023-41360 at SUSECVE-2023-41360 at NVDCVE-2023-41909 at SUSECVE-2023-41909 at NVDCVE-2023-46752 at SUSECVE-2023-46752 at NVDCVE-2023-46753 at SUSECVE-2023-46753 at NVDCVE-2023-47234 at SUSECVE-2023-47234 at NVDCVE-2023-47235 at SUSECVE-2023-47235 at NVDCVE-2024-27913 at SUSECVE-2024-27913 at NVDCVE-2024-31948 at SUSECVE-2024-31948 at NVDCVE-2024-31950 at SUSECVE-2024-31950 at NVDCVE-2024-31951 at SUSECVE-2024-31951 at NVDCVE-2024-34088 at SUSECVE-2024-34088 at NVDCVE-2024-44070 at SUSECVE-2024-44070 at NVDcpe:/o:opensuse:leap:15.5Security update for python-virtualenv (Important)openSUSE Leap 15.5
This update for python-virtualenv fixes the following issues:
- CVE-2024-53899: Fixed a command injection through activation scripts (bsc#1233706)
ImportantSUSE bug 1233706CVE-2024-53899 at SUSECVE-2024-53899 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql12 (Important)openSUSE Leap 15.5
This update for postgresql12 fixes the following issues:
- CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323).
- CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325).
- CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326).
- CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).
ImportantSUSE bug 1233323SUSE bug 1233325SUSE bug 1233326SUSE bug 1233327CVE-2024-10976 at SUSECVE-2024-10976 at NVDCVE-2024-10977 at SUSECVE-2024-10977 at NVDCVE-2024-10978 at SUSECVE-2024-10978 at NVDCVE-2024-10979 at SUSECVE-2024-10979 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat10 (Critical)openSUSE Leap 15.5
This update for tomcat10 fixes the following issues:
- Update to Tomcat 10.1.33
* Fixed CVEs:
+ CVE-2024-52316: If the Jakarta Authentication fails with an exception,
set a 500 status (bsc#1233434)
* Catalina
+ Add: Add support for the new Servlet API method HttpServletResponse.sendEarlyHints(). (markt)
+ Add: 55470: Add debug logging that reports the class path when a
ClassNotFoundException occurs in the digester or the web application class loader.
Based on a patch by Ralf Hauser. (markt)
+ Update: 69374: Properly separate between table header and body in
DefaultServlet's listing. (michaelo)
+ Update: 69373: Make DefaultServlet's HTML listing file last modified
rendering better (flexible). (michaelo)
+ Update: Improve HTML output of DefaultServlet. (michaelo)
+ Code: Refactor RateLimitFilter to use FilterBase as the base class.
The primary advantage is less code to process init-param values. (markt)
+ Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
(michaelo)
+ Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped requests. (remm)
+ Fix: Add missing WebDAV Lock-Token header in the response when locking
a folder. (remm)
+ Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
+ Fix: Fix regression in WebDAV when attempting to unlock a collection. (remm)
+ Fix: Verify that destination is not locked for a WebDAV copy operation. (remm)
+ Fix: Send 415 response to WebDAV MKCOL operations that include a request
body since this is optional and unsupported. (remm)
+ Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
+ Fix: Do not allow a new WebDAV lock on a child resource if a parent
collection is locked (RFC 4918 section 6.1). (remm)
+ Fix: WebDAV DELETE should remove any existing lock on successfully
deleted resources. (remm)
+ Update: Remove WebDAV lock null support in accordance with RFC 4918
section 7.3 and annex D. Instead, a lock on a non-existing resource will
create an empty file locked with a regular lock. (remm)
+ Update: Rewrite implementation of WebDAV shared locks to comply with
RFC 4918. (remm)
+ Update: Implement WebDAV If header using code from the Apache Jackrabbit
project. (remm)
+ Add: Add PropertyStore interface in the WebDAV Servlet, to allow
implementation of dead properties storage. The store used can be configured
using the propertyStore init parameter of the WebDAV servlet by specifying
the class name of the store. A simple non-persistent implementation is
used if no custom store is configured. (remm)
+ Update: Implement WebDAV PROPPATCH method using the newly added
PropertyStore, and update PROPFIND to support it. (remm)
+ Fix: Cache not found results when searching for web application class
loader resources. This addresses performance problems caused by components
such as java.sql.DriverManager, which in some circumstances will search
for the same class repeatedly. The size of the cache can be controlled
via the new notFoundClassResourceCacheSize on the StandardContext. (markt)
+ Fix: Stop after INITIALIZED state should be a noop since it is possible
for subcomponents to be in FAILED after init. (remm)
+ Fix: Fix incorrect web resource cache size calculations when there are
concurrent PUT and DELETE requests for the same resource. (markt)
+ Add: Add debug logging for the web resource cache so the current size
can be tracked as resources are added and removed. (markt)
+ Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
with urn:uuid: as recommended by RFC 4918, and remove secret init
parameter. (remm)
+ Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
same path caused corruption of the FileResource where some of the fields
were set as if the file exists and some as set as if it does not. This
resulted in inconsistent metadata. (markt)
+ Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
GET and HEAD requests. Also, skip requests where the application has
set Cache-Control: no-store. (markt)
+ Fix: 69419: Improve the performance of ServletRequest.getAttribute()
when there are multiple levels of nested includes. Based on a patch
provided by John Engebretson. (markt)
+ Add: All applications to send an early hints informational response
by calling HttpServletResponse.sendError() with a status code of 103.
(schultz)
+ Fix: Ensure that ServerAuthModule.initialize() is called when a
Jakarta Authentication module is configured via registerServerAuthModule().
(markt)
+ Fix: Ensure that the Jakarta Authentication CallbackHandler only creates
one GenericPrincipal in the Subject. (markt)
+ Fix: If the Jakarta Authentication process fails with an Exception,
explicitly set the HTTP response status to 500 as the ServerAuthContext
may not have set it. (markt)
+ Fix: When persisting the Jakarta Authentication provider configuration,
create any necessary parent directories that don't already exist. (markt)
+ Fix: Correct the logic used to detect errors when deleting temporary files
associated with persisting the Jakarta Authentication provider
configuration. (markt)
+ Fix: When processing Jakarta Authentication callbacks, don't overwrite
a Principal obtained from the PasswordValidationCallback with null if the
CallerPrincipalCallback does not provide a Principal. (markt)
+ Fix: Avoid store config backup loss when storing one configuration more
than once per second. (remm)
+ Fix: 69359: WebdavServlet duplicates getRelativePath() method from
super class with incorrect Javadoc. (michaelo)
+ Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
DefaultServlet. (michaelo)
+ Fix: Make WebdavServlet properly return the Allow header when deletion
of a resource is not allowed. (michaelo)
+ Fix: Add log warning if non-wildcard mappings are used with the WebdavServlet.
(remm)
+ Fix: 69361: Ensure that the order of entries in a multi-status response
to a WebDAV is consistent with the order in which resources were processed.
(markt)
+ Fix: 69362: Provide a better multi-status response when deleting a
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
+ Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
ensure that the correct path is used when the WebDAV servlet is mounted
at a sub-path within the web application. (markt)
+ Fix 69320, a regression in the fix for 69302 that meant the HTTP/2 processing
was likely to be broken for all clients once any client sent an HTTP/2
reset frame. (markt)
+ Fix: Improve performance of ApplicationHttpRequest.parseParameters().
Based on sample code and test cases provided by John Engebretson. (markt)
+ Fix: Correct regressions in the refactoring that added recycling of the coyote
request and response to the HTTP/2 processing. (markt)
+ Add: Add support for RFC 8297 (Early Hints). Applications can use this
feature by casting the HttpServletResponse to org.apache.catalina.connector.
Response and then calling the method void sendEarlyHints(). This method
will be added to the Servlet API (removing the need for the cast) in Servlet
6.2 onwards. (markt)
+ Fix: 69214: Do not reject a CORS request that uses POST but does not include
a content-type header. Tomcat now correctly processes this as a simple CORS
request. Based on a patch suggested by thebluemountain. (markt)
+ Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather than
Subject.doAs() when available. (markt)
+ Fix: Allow JAASRealm to use the configuration source to load a configured
configFile, for easier use with testing. (remm)
+ Fix: Add missing algorithm callback to the JAASCallbackHandler. (remm)
+ Fix: Add the OpenSSL version number on the APR and OpenSSL status classes.
(remm)
+ Fix: 69131: Expand the implementation of the filter value of the Authenticator
attribute allowCorsPreflight, so that it applies to all requests that match
the configured URL patterns for the CORS filter, rather than only applying
if the CORS filter is mapped to /*. (markt)
+ Fix: Using the OpenSSLListener will now cause the connector to use OpenSSL
if available. (remm)
* Coyote
+ Fix: Return null SSL session id on zero-length byte array returned
from the SSL implementation. (remm)
+ Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ Fix: Create the HttpParser in Http11Processor if it is not present on
the AbstractHttp11Protocol to provide better lifecycle robustness for
regular HTTP/1.1. The new behavior was introduced in a previous refactoring
to improve HTTP/2 performance. (remm)
+ Fix: OpenSSLContext will now throw a KeyManagementException if something
is known to have gone wrong in the init method, which is the behavior
documented by javax.net.ssl.SSLContext.init. This makes error handling
more consistent. (remm)
+ Fix: 69379: The default HEAD response no longer includes the payload
HTTP header fields as per section 9.3.2 of RFC 9110. (markt)
+ Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
generate Date headers for HTTP responses) generates the correct string
for the given input. Prior to this change, the output may have been
wrong by one second in some cases. Pull request #751 provided by Chenjp.
(markt)
+ Fix: Request start time may not have been accurately recorded for HTTP/1.1
requests preceded by a large number of blank lines. (markt)
+ Add: Add server and serverRemoveAppProvidedValues to the list of attributes
the HTTP/2 protocol will inherit from the HTTP/1.1 connector it is nested
within. (markt)
+ Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
destroying SSLContext objects through GC after APR has been terminated.
(remm)
+ Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer fields
no longer need to be received before the headers of the subsequent stream,
nor are trailer fields for an in-progress stream swallowed if the Connector
is paused before the trailer fields are received. (markt)
+ Fix: Ensure the request and response are not recycled too soon for an
HTTP/2 stream when a stream-level error is detected during the processing
of incoming HTTP/2 frames. This could lead to incorrect processing times
appearing in the access log. (markt)
+ Fix: Correct a regression in the fix for non-blocking reads of chunked
request bodies that caused InputStream.available() to return a non-zero
value when there was no data to read. In some circumstances this could
cause a blocking read to block waiting for more data rather than return
the data it had already received. (markt)
+ Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
The default behaviour is unchanged. (markt)
+ Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
one from the client when using the OpenSSLImplementation. (markt)
+ Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
response headers to the access log. Based on a patch and test case
provided by hypnoce. (markt)
+ Fix: 69302: If an HTTP/2 client resets a stream before the request body
is fully written, ensure that any ReadListener is notified via a call
to ReadListener.onError(). (markt)
+ Fix: Ensure that HTTP/2 stream input buffers are only created when there is
a request body to be read. (markt)
+ Code: Refactor creation of HttpParser instances from the Processor level to
the Protocol level since the parser configuration depends on the protocol
and the parser is, otherwise, stateless. (markt)
+ Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal request
and response processing objects by default. This behaviour can be controlled
via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol.
(markt)
+ Fix: Clean and log OpenSSL errors before processing of OpenSSL conf commands
in the FFM code. (remm)
+ Fix: 69121: Ensure that the onComplete() event is triggered if AsyncListener.
onError() dispatches to a target that throws an exception. (markt)
+ Fix: Following the trailer header field refactoring, -1 is no longer an allowed
value for maxTrailerSize. Adjust documentation accordingly. (remm)
+ Update: Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm.
jar that advertises Java 22 in its manifest. (remm)
+ Fix: Fix search for OpenSSL library for FFM on Mac OS so that java.library.path
is searched. (markt)
+ Update: Add FFM compatibility methods for LibreSSL support. Renegotiation is
not supported at the moment. (remm)
+ Update: Add org.apache.tomcat.util.openssl.LIBRARY_NAME (specifies the name
of the library to load) and org.apache.tomcat.util.openssl.USE_SYSTEM_LOAD_LIBRARY
(set to true to use System.loadLibrary rather than the FFM library loading code)
to configure the OpenSSL library loading using FFM. (remm)
+ Update: Add FFM compatibility methods for BoringSSL support. Renegotiation is
not supported in many cases. (remm)
* Jasper
+ Fix: Add back tag release method as deprecated in the runtime for
compatibility with old generated code. (remm)
+ Fix: 69399: Fix regression caused by improvement 69333, which caused
the tag release to be called when using tag pooling, and to be skipped
when not using it. Patch submitted by Michal Sobkiewicz. (remm)
+ Fix: 69381: Improve method lookup performance in expression language.
When the required method has no arguments, there is no need to consider
casting or coercion, and the method lookup process can be simplified.
Based on a pull request by John Engebretson. (markt)
+ Fix: 69382: Improve the performance of the JSP include action by re-using
results of relatively expensive method calls in the generated code rather
than repeating them. Patch provided by John Engebretson. (markt)
+ Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
Based on a suggestion by John Engebretson. (markt)
+ Fix: 69406: When using StringInterpreterEnum, do not throw an
IllegalArgumentException when an invalid Enum is encountered. Instead,
resolve the value at runtime. Patch provided by John Engebretson. (markt)
+ Fix: 69429: Optimize EL evaluation of method parameters for methods
that do not accept any parameters. Patch provided by John Engebretson. (markt)
+ Fix: Further optimize EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
+ Fix: 69338: Improve the performance of processing expressions that include
AND or OR operations with more than two operands and expressions that use
not empty. (markt)
+ Fix: 69348: Reduce memory consumption in ELContext by using lazy
initialization for the data structure used to track lambda arguments. (markt)
+ Fix: Switch the TldScanner back to logging detailed scan results at debug
level rather than trace level. (markt)
+ Fix: Update the optimisation in jakarta.el.ImportHandler so it is aware of
new classes added to the java.lang package in Java 23. (markt)
+ Fix: Ensure that an exception in toString() still results in an ELException
when an object is coerced to a String using ExpressionFactory.coerceToType().
(markt)
+ Add: Add support for specifying Java 24 (with the value 24) as the compiler
source and/or compiler target for JSP compilation. If used with an Eclipse JDT
compiler version that does not support these values, a warning will be logged
and the default will be used. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR file,
ensure that context relative includes are processed correctly. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR file,
ensure that file relative includes are processed correctly. (markt)
+ Fix: 69135: When using include directives in a tag file packaged in a JAR file,
ensure that file relative includes are not permitted to access files outside
of the /META_INF/tags/ directory nor outside of the JAR file. (markt)
* WebSocket
+ Fix: If a blocking message write exceeds the timeout, don't attempt the
write again before throwing the exception. (markt)
+ Fix: An EncodeException being thrown during a message write should not
automatically cause the connection to close. The application should handle
the exception and make the decision whether or not to close the connection.
(markt)
* Web applications
+ Fix: The manager webapp will now be able to access certificates again
when OpenSSL is used. (remm)
+ Fix: Documentation. Align the logging configuration documentation with
the current defaults. (markt)
+ Fix: Fix status servlet detailed view of the connectors when using automatic
port. (remm)
* jdbc-pool
+ Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
rather than the application seeing the original SQLException. Fixed by pull
request #744 provided by Michael Clarke. (markt)
+ Fix: 69279: Correct a regression in the fix for 69206 that meant that methods
that previously returned a null ResultSet were returning a proxy with a
null delegate. Fixed by pull request #745 provided by Huub de Beer. (markt)
+ Fix: 69206: Ensure statements returned from Statement methods executeQuery(),
getResultSet() and getGeneratedKeys() are correctly wrapped before being returned
to the caller. Based on pull request #742 provided by Michael Clarke. (markt)
* Other
+ Update: Switch from DigiCert ONE to ssl.com eSigner for code signing. (markt)
+ Update: Update Byte Buddy to 1.15.10. (markt)
+ Update: Update CheckStyle to 10.20.0. (markt)
+ Add: Improvements to German translations. (remm)
+ Update: Update Byte Buddy to 1.15.3. (markt)
+ Update: Update CheckStyle to 10.18.2. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by Ch_jp. (markt)
+ Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default. (markt)
+ Fix: Change the default log handler level to ALL so log messages are not
dropped by default if a logger is configured to use trace (FINEST) level
logging. (markt)
+ Update: Update Hamcrest to 3.0. (markt)
+ Update: Update EasyMock to 5.4.0. (markt)
+ Update: Update Byte Buddy to 1.15.0. (markt)
+ Update: Update CheckStyle to 10.18.0. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.10.0. (markt)
+ Add: Improvements to Spanish translations by Fernando. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Fix packaging regression with missing osgi information following addition
of the test-only build target. (remm)
+ Update: Update Tomcat Native to 2.0.8. (markt)
+ Update: Update Byte Buddy to 1.14.18. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Update: Add test-only build target to allow running only the testsuite,
supporting Java versions down to the minimum supported to run Tomcat. (rjung)
+ Update: Update UnboundID to 7.0.1. (markt)
+ Update: Update to SpotBugs 4.8.6. (markt)
+ Update: Remove cglib dependency as it is not required by the version of EasyMock
used by the unit tests. (markt)
+ Update: Update EasyMock to 5.3.0. This adds a test dependency on Byte-Buddy
1.14.17. (markt)
+ Add: Improvements to Czech translations by Vladim?r Chlup. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by fangzheng. (markt)
CriticalSUSE bug 1233434CVE-2024-52316 at SUSECVE-2024-52316 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat (Critical)openSUSE Leap 15.5
This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.97
* Fixed CVEs:
+ CVE-2024-52316: If the Jakarta Authentication fails with an exception,
set a 500 status (bsc#1233434)
* Catalina
+ Add: Add support for the new Servlet API method
HttpServletResponse.sendEarlyHints(). (markt)
+ Add: 55470: Add debug logging that reports the class path when a
ClassNotFoundException occurs in the digester or the web application
class loader. Based on a patch by Ralf Hauser. (markt)
+ Update: 69374: Properly separate between table header and body in
DefaultServlet's listing. (michaelo)
+ Update: 69373: Make DefaultServlet's HTML listing file last modified
rendering better (flexible). (michaelo)
+ Update: Improve HTML output of DefaultServlet. (michaelo)
+ Code: Refactor RateLimitFilter to use FilterBase as the base class. The
primary advantage for doing this is less code to process init-param
values. (markt)
+ Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
(michaelo)
+ Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped
requests. (remm)
+ Fix: Add missing WebDAV Lock-Token header in the response when locking
a folder. (remm)
+ Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
+ Fix: Fix regression in WebDAV when attempting to unlock a collection.
(remm)
+ Fix: Verify that destination is not locked for a WebDAV copy operation.
(remm)
+ Fix: Send 415 response to WebDAV MKCOL operations that include a
request body since this is optional and unsupported. (remm)
+ Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
+ Fix: Do not allow a new WebDAV lock on a child resource if a parent
collection is locked (RFC 4918 section 6.1). (remm)
+ Fix: WebDAV Delete should remove any existing lock on successfully
deleted resources. (remm)
+ Update: Remove WebDAV lock null support in accordance with RFC 4918
section 7.3 and annex D. Instead, a lock on a non-existing resource
will create an empty file locked with a regular lock. (remm)
+ Update: Rewrite implementation of WebDAV shared locks to comply with
RFC 4918. (remm)
+ Update: Implement WebDAV If header using code from the Apache Jackrabbit
project. (remm)
+ Add: Add PropertyStore interface in the WebDAV Servlet, to allow
implementation of dead properties storage. The store used can be
configured using the 'propertyStore' init parameter of the WebDAV
servlet. A simple non-persistent implementation is used if no custom
store is configured. (remm)
+ Update: Implement WebDAV PROPPATCH method using the newly added
PropertyStore. (remm)
+ Fix: Cache not found results when searching for web application class
loader resources. This addresses performance problems caused by
components such as java.sql.DriverManager which, in some circumstances,
will search for the same class repeatedly. In a large web application
this can cause performance problems. The size of the cache can be
controlled via the new notFoundClassResourceCacheSize on the
StandardContext. (markt)
+ Fix: Stop after INITIALIZED state should be a noop since it is possible
for subcomponents to be in FAILED after init. (remm)
+ Fix: Fix incorrect web resource cache size calculations when there are
concurrent PUT and DELETE requests for the same resource. (markt)
+ Add: Add debug logging for the web resource cache so the current size
can be tracked as resources are added and removed. (markt)
+ Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
with urn:uuid: as recommended by RFC 4918, and remove secret init
parameter. (remm)
+ Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
same path caused corruption of the FileResource where some of the
fields were set as if the file exists and some as set as if it does
not. This resulted in inconsistent metadata. (markt)
+ Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
GET and HEAD requests. Also skip requests where the application has set
Cache-Control: no-store. (markt)
+ Fix: 69419: Improve the performance of ServletRequest.getAttribute()
when there are multiple levels of nested includes. Based on a patch
provided by John Engebretson. (markt)
+ Add: All applications to send an early hints informational response by
calling HttpServletResponse.sendError() with a status code of 103.
(schultz)
+ Fix: Ensure that the Jakarta Authentication CallbackHandler only
creates one GenericPrincipal in the Subject. (markt)
+ Fix: If the Jakarta Authentication process fails with an Exception,
explicitly set the HTTP response status to 500 as the ServerAuthContext
may not have set it. (markt)
+ Fix: When persisting the Jakarta Authentication provider configuration,
create any necessary parent directories that don't already exist.
(markt)
+ Fix: Correct the logic used to detect errors when deleting temporary
files associated with persisting the Jakarta Authentication provider
configuration. (markt)
+ Fix: When processing Jakarta Authentication callbacks, don't overwrite
a Principal obtained from the PasswordValidationCallback with null if
the CallerPrincipalCallback does not provide a Principal. (markt)
+ Fix: Avoid store config backup loss when storing one configuration more
than once per second. (remm)
+ Fix: 69359: WebdavServlet duplicates getRelativePath() method from
super class with incorrect Javadoc. (michaelo)
+ Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
DefaultServlet. (michaelo)
+ Fix: Make WebdavServlet properly return the Allow header when deletion
of a resource is not allowed. (michaelo)
+ Fix: Add log warning if non wildcard mappings are used with the
WebdavServlet. (remm)
+ Fix: 69361: Ensure that the order of entries in a multi-status response
to a WebDAV is consistent with the order in which resources were
processed. (markt)
+ Fix: 69362: Provide a better multi-status response when deleting a
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
+ Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
ensure that the correct path is used when the WebDAV servlet is mounted
at a sub-path within the web application. (markt)
+ Fix: Improve performance of ApplicationHttpRequest.parseParameters().
Based on sample code and test cases provided by John Engebretson.
(markt)
+ Add: Add support for RFC 8297 (Early Hints). Applications can use
this feature by casting the HttpServletResponse to
org.apache.catalina.connector.Reponse and then calling the method
void sendEarlyHints(). This method will be added to the Servlet API
(removing the need for the cast) in Servlet 6.2 onwards. (markt)
+ Fix: 69214: Do not reject a CORS request that uses POST but does not
include a content-type header. Tomcat now correctly processes this as
a simple CORS request. Based on a patch suggested by thebluemountain.
(markt)
+ Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather
than Subject.doAs() when available. (markt)
* Coyote
+ Fix: Return null SSL session id on zero length byte array returned from
the SSL implementation. (remm)
+ Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ Fix: Create the HttpParser in Http11Processor if it is not present on
the AbstractHttp11Protocol to provide better lifecycle robustness for
regular HTTP/1.1. The new behavior was introduced on a previous
refactoring to improve HTTP/2 performance. (remm)
+ Fix: OpenSSLContext will now throw a KeyManagementException if something
is known to have gone wrong in the init method, which is the behavior
documented by javax.net.ssl.SSLContext.init. This makes error handling
more consistent. (remm)
+ Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
generate Date headers for HTTP responses) generates the correct string
for the given input. Prior to this change, the output may have been
wrong by one second in some cases. Pull request #751 provided by Chenjp.
(markt)
+ Add: Add server and serverRemoveAppProvidedValues to the list of
attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector
it is nested within. (markt)
+ Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
destroying SSLContext objects through GC after APR has been terminated.
(remm)
+ Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer
fields no longer need to be received before the headers of the
subsequent stream nor are trailer fields for an in-progress stream
swallowed if the Connector is paused before the trailer fields are
received. (markt)
+ Fix: Ensure the request and response are not recycled too soon for an
HTTP/2 stream when a stream level error is detected during the processing
of incoming HTTP/2 frames. This could lead to incorrect processing times
appearing in the access log. (markt)
+ Fix: Fix 69320, a regression in the fix for 69302 that meant the
HTTP/2 processing was likely to be broken for all clients once any
client sent an HTTP/2 reset frame. (markt)
+ Fix: Correct a regression in the fix for non-blocking reads of chunked
request bodies that caused InputStream.available() to return a non-zero
value when there was no data to read. In some circumstances this could
cause a blocking read to block waiting for more data rather than return
the data it had already received. (markt)
+ Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
The default behaviour is unchanged. (markt)
+ Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
one from the client when using the OpenSSLImplementation. (markt)
+ Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
response headers to the access log. Based on a patch and test case
provided by hypnoce. (markt)
+ Fix: 69302: If an HTTP/2 client resets a stream before the request body is
fully written, ensure that any ReadListener is notified via a call to
ReadListener.onErrror(). (markt)
+ Fix: Correct regressions in the refactoring that added recycling of the
coyote request and response to the HTTP/2 processing. (markt)
+ Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
OpenSSL support may be enabled by adding the
org.apache.catalina.core.OpenSSLLifecycleListener listener on the
Server element when using Java 22 or later. (remm)
+ Fix: Ensure that HTTP/2 stream input buffers are only created when there
is a request body to be read. (markt)
+ Code: Refactor creation of HttpParser instances from the Processor level
to the Protocol level since the parser configuration depends on the
protocol and the parser is, otherwise, stateless. (markt)
+ Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal
request and response processing objects by default. This behaviour can
be controlled via the new discardRequestsAndResponses attribute on the
HTTP/2 upgrade protocol. (markt)
* Jasper
+ Fix: Add back tag release method as deprecated in the runtime for
compatibility with old generated code. (remm)
+ Fix: 69399: Fix regression caused by the improvement 69333 which caused
the tag release to be called when using tag pooling, and to be skipped
when not using it. Patch submitted by Michal Sobkiewicz. (remm)
+ Fix: 69381: Improve method lookup performance in expression language.
When the required method has no arguments there is no need to consider
casting or coercion and the method lookup process can be simplified.
Based on pull request #770 by John Engebretson.
+ Fix: 69382: Improve the performance of the JSP include action by
re-using results of relatively expensive method calls in the generated
code rather than repeating them. Patch provided by John Engebretson.
(markt)
+ Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
Based on a suggestion by John Engebretson. (markt)
+ Fix: 69406: When using StringInterpreterEnum, do not throw an
IllegalArgumentException when an invalid Enum is encountered. Instead,
resolve the value at runtime. Patch provided by John Engebretson.
(markt)
+ Fix: 69429: Optimise EL evaluation of method parameters for methods
that do not accept any parameters. Patch provided by John Engebretson.
(markt)
+ Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
+ Fix: 69338: Improve the performance of processing expressions that
include AND or OR operations with more than two operands and expressions
that use not empty. (markt)
+ Fix: 69348: Reduce memory consumption in ELContext by using lazy
initialization for the data structure used to track lambda arguments.
(markt)
+ Fix: Switch the TldScanner back to logging detailed scan results at debug
level rather than trace level. (markt)
* Web applications
+ Fix: The manager webapp will now be able to access certificates again
when OpenSSL is used. (remm)
+ Fix: Documentation. Align the logging configuration documentation with
the current defaults. (markt)
* WebSocket
+ Fix: If a blocking message write exceeds the timeout, don't attempt the
write again before throwing the exception. (markt)
+ Fix: An EncodeException being thrown during a message write should not
automatically cause the connection to close. The application should
handle the exception and make the decision whether or not to close the
connection. (markt)
* jdbc-pool
+ Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
rather than the application seeing the original SQLException. Fixed by
pull request #744 provided by Michael Clarke. (markt)
+ Fix: 69279: Correct a regression in the fix for 69206 that meant that
methods that previously returned a null ResultSet were returning a proxy
with a null delegate. Fixed by pull request #745 provided by Huub de Beer.
(markt)
+ Fix: 69206: Ensure statements returned from Statement methods
executeQuery(), getResultSet() and getGeneratedKeys() are correctly
wrapped before being returned to the caller. Based on pull request
#742 provided by Michael Clarke.
* Other
+ Update: Switch from DigiCert ONE to ssl.com eSigner for code signing.
(markt)
+ Update: Update Byte Buddy to 1.15.10. (markt)
+ Update: Update CheckStyle to 10.20.0. (markt)
+ Add: Improvements to German translations. (remm)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by Ch_jp. (markt)
+ Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default.
(markt)
+ Fix: Change the default log handler level to ALL so log messages are
not dropped by default if a logger is configured to use trace (FINEST)
level logging. (markt)
+ Update: Update Hamcrest to 3.0. (markt)
+ Update: Update EasyMock to 5.4.0. (markt)
+ Update: Update Byte Buddy to 1.15.0. (markt)
+ Update: Update CheckStyle to 10.18.0. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.10.0.
(markt)
+ Add: Improvements to Spanish translations by Fernando. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Fix packaging regression with missing osgi information following
addition of the test-only build target. (remm)
+ Update: Update Tomcat Native to 1.3.1. (markt)
+ Update: Update Byte Buddy to 1.14.18. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
CriticalSUSE bug 1233434CVE-2024-52316 at SUSECVE-2024-52316 at NVDcpe:/o:opensuse:leap:15.5Security update for python-waitress (Important)openSUSE Leap 15.5
This update for python-waitress fixes the following issues:
- CVE-2024-49769: Fixed a denial of service caused by incorrect connection clean up (bsc#1232554)
ImportantSUSE bug 1232554CVE-2024-49769 at SUSECVE-2024-49769 at NVDcpe:/o:opensuse:leap:15.5Security update for libuv (Moderate)openSUSE Leap 15.5
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
ModerateSUSE bug 1219724CVE-2024-24806 at SUSECVE-2024-24806 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-52304: Fixed request smuggling due to incorrect parsing of chunk extensions (bsc#1233447)
ModerateSUSE bug 1233447CVE-2024-52304 at SUSECVE-2024-52304 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.46.3 (bsc#1232747), including fixes for:
- CVE-2024-44308: Fixed arbitrary code execution by not allocating DFG register after a slow path (bsc#1233631).
- CVE-2024-44309: Fixed a data isolation bypass vulnerability (bsc#1233632).
- CVE-2024-44244: Processing maliciously crafted web content may lead to an unexpected process crash.
- CVE-2024-44296: Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
ImportantSUSE bug 1232747SUSE bug 1233631SUSE bug 1233632CVE-2024-44185 at SUSECVE-2024-44185 at NVDCVE-2024-44244 at SUSECVE-2024-44244 at NVDCVE-2024-44296 at SUSECVE-2024-44296 at NVDCVE-2024-44308 at SUSECVE-2024-44308 at NVDCVE-2024-44309 at SUSECVE-2024-44309 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Moderate)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- CVE-2024-11168: Improper validation of IPv6 and IPvFuture addresses (bsc#1233307).
Bug fixes:
- Remove -IVendor/ from python-config (bsc#1231795).
ModerateSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:opensuse:leap:15.5Security update for python-tornado6 (Moderate)openSUSE Leap 15.5
This update for python-tornado6 fixes the following issues:
- CVE-2024-52804: Fixed a denial of service caused by quadratic performance of cookie parsing (bsc#1233668)
ModerateSUSE bug 1233668CVE-2024-52804 at SUSECVE-2024-52804 at NVDcpe:/o:opensuse:leap:15.5Security update for wget (Moderate)openSUSE Leap 15.5
This update for wget fixes the following issues:
- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)
ModerateSUSE bug 1233773CVE-2024-10524 at SUSECVE-2024-10524 at NVDcpe:/o:opensuse:leap:15.5Security update for php7 (Moderate)openSUSE Leap 15.5
This update for php7 fixes the following issues:
- CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702).
- CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703).
- CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651).
ModerateSUSE bug 1233651SUSE bug 1233702SUSE bug 1233703CVE-2024-11233 at SUSECVE-2024-11233 at NVDCVE-2024-11234 at SUSECVE-2024-11234 at NVDCVE-2024-8929 at SUSECVE-2024-8929 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- Mozilla Thunderbird 128.5
* fixed: IMAP could crash when reading cached messages
* fixed: Enabling 'Show Folder Size' on Maildir profile could
render Thunderbird unusable
* fixed: Messages corrupted by folder compaction were only
fixed by user intervention
* fixed: Reading a message from past the end of an mbox file
did not cause an error
* fixed: View -> Folders had duplicate F access keys
* fixed: Add-ons adding columns to the message list could fail
and cause display issue
* fixed: 'Empty trash on exit' and 'Expunge inbox on exit' did
not always work
* fixed: Selecting a display option in View -> Tasks did not
apply in the Task interface
* fixed: Security fixes
MFSA 2024-68 (bsc#1233695)
* CVE-2024-11691 Out-of-bounds write in Apple GPU drivers via WebGL
* CVE-2024-11692 Select list elements could be shown over another site
* CVE-2024-11693 Download Protections were bypassed by .library-ms files on Windows
* CVE-2024-11694 CSP Bypass and XSS Exposure via Web Compatibility Shims
* CVE-2024-11695 URL Bar Spoofing via Manipulated Punycode and Whitespace Characters
* CVE-2024-11696 Unhandled Exception in Add-on Signature Verification
* CVE-2024-11697 Improper Keypress Handling in Executable File Confirmation Dialog
* CVE-2024-11698 Fullscreen Lock-Up When Modal Dialog Interrupts Transition on macOS
* CVE-2024-11699 Memory safety bugs fixed in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5
- Handle upstream changes with esr-prefix of desktop-file (bsc#1233650)
ImportantSUSE bug 1233650SUSE bug 1233695CVE-2024-11691 at SUSECVE-2024-11691 at NVDCVE-2024-11692 at SUSECVE-2024-11692 at NVDCVE-2024-11693 at SUSECVE-2024-11693 at NVDCVE-2024-11694 at SUSECVE-2024-11694 at NVDCVE-2024-11695 at SUSECVE-2024-11695 at NVDCVE-2024-11696 at SUSECVE-2024-11696 at NVDCVE-2024-11697 at SUSECVE-2024-11697 at NVDCVE-2024-11698 at SUSECVE-2024-11698 at NVDCVE-2024-11699 at SUSECVE-2024-11699 at NVDcpe:/o:opensuse:leap:15.5Security update for python (Low)openSUSE Leap 15.5
This update for python fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Add ipaddress module from https://github.com/phihag/ipaddress
- Remove -IVendor/ from python-config (bsc#1231795)
- Stop using %%defattr, it seems to be breaking proper executable
attributes on /usr/bin/ scripts (bsc#1227378).
LowSUSE bug 1227378SUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Moderate)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2024-11168: improper validation of IPv6 and IPvFuture addresses. (bsc#1233307)
Bug fixes:
- Remove -IVendor/ from python-config. (bsc#1231795)
- Include renaming :noindex: option to :no-index: in Sphinx 7.2. (bsc#1232750)
ModerateSUSE bug 1231795SUSE bug 1232750SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql, postgresql16, postgresql17 (Important)openSUSE Leap 15.5
This update for postgresql, postgresql16, postgresql17 fixes the following issues:
This update ships postgresql17 , and fixes security issues with postgresql16:
- bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.
- bsc#1219340: The last fix was not correct. Improve it by removing
the dependency again and call fillup only if it is installed.
postgresql16 was updated to 16.6:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* https://www.postgresql.org/docs/release/16.6/
postgresql16 was updated to 16.5:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/16.5/
- Don't build the libs and mini flavor anymore to hand over to
PostgreSQL 17.
* https://www.postgresql.org/about/news/p-2910/
postgresql17 is shipped in version 17.2:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/17.1/
* https://www.postgresql.org/docs/release/17.2/
Upgrade to 17.2:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
Upgrade to 17.0:
* New memory management system for VACUUM, which reduces memory
consumption and can improve overall vacuuming performance.
* New SQL/JSON capabilities, including constructors, identity
functions, and the JSON_TABLE() function, which converts JSON
data into a table representation.
* Various query performance improvements, including for
sequential reads using streaming I/O, write throughput under
high concurrency, and searches over multiple values in a btree
index.
* Logical replication enhancements, including:
+ Failover control
+ pg_createsubscriber, a utility that creates logical replicas
from physical standbys
+ pg_upgrade now preserves replication slots on both publishers
and subscribers
* New client-side connection option, sslnegotiation=direct, that
performs a direct TLS handshake to avoid a round-trip
negotiation.
* pg_basebackup now supports incremental backup.
* COPY adds a new option, ON_ERROR ignore, that allows a copy
operation to continue in the event of an error.
* https://www.postgresql.org/about/news/p-2936/
* https://www.postgresql.org/docs/17/release-17.html
ImportantSUSE bug 1219340SUSE bug 1230423SUSE bug 1233323SUSE bug 1233325SUSE bug 1233326SUSE bug 1233327CVE-2024-10976 at SUSECVE-2024-10976 at NVDCVE-2024-10977 at SUSECVE-2024-10977 at NVDCVE-2024-10978 at SUSECVE-2024-10978 at NVDCVE-2024-10979 at SUSECVE-2024-10979 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Important)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
- CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323).
- CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325).
- CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326).
- CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).
ImportantSUSE bug 1233323SUSE bug 1233325SUSE bug 1233326SUSE bug 1233327CVE-2024-10976 at SUSECVE-2024-10976 at NVDCVE-2024-10977 at SUSECVE-2024-10977 at NVDCVE-2024-10978 at SUSECVE-2024-10978 at NVDCVE-2024-10979 at SUSECVE-2024-10979 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql13 (Important)openSUSE Leap 15.5
This update for postgresql13 fixes the following issues:
- CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323).
- CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325).
- CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326).
- CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).
ImportantSUSE bug 1233323SUSE bug 1233325SUSE bug 1233326SUSE bug 1233327CVE-2024-10976 at SUSECVE-2024-10976 at NVDCVE-2024-10977 at SUSECVE-2024-10977 at NVDCVE-2024-10978 at SUSECVE-2024-10978 at NVDCVE-2024-10979 at SUSECVE-2024-10979 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql14 (Important)openSUSE Leap 15.5
This update for postgresql14 fixes the following issues:
- CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference (bsc#1233323).
- CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiation (bsc#1233325).
- CVE-2024-10978: Fix unintended interactions between SET SESSION AUTHORIZATION and SET ROLE (bsc#1233326).
- CVE-2024-10979: Prevent trusted PL/Perl code from changing environment variables (bsc#1233327).
ImportantSUSE bug 1233323SUSE bug 1233325SUSE bug 1233326SUSE bug 1233327CVE-2024-10976 at SUSECVE-2024-10976 at NVDCVE-2024-10977 at SUSECVE-2024-10977 at NVDCVE-2024-10978 at SUSECVE-2024-10978 at NVDCVE-2024-10979 at SUSECVE-2024-10979 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Low)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
LowSUSE bug 1231795SUSE bug 1233307CVE-2024-11168 at SUSECVE-2024-11168 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Moderate)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
Update to version jdk8u432 (icedtea-3.33.0):
- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286)
- CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544)
- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446)
- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644)
ModerateSUSE bug 1231702SUSE bug 1231711SUSE bug 1231716SUSE bug 1231719CVE-2024-21208 at SUSECVE-2024-21208 at NVDCVE-2024-21210 at SUSECVE-2024-21210 at NVDCVE-2024-21217 at SUSECVE-2024-21217 at NVDCVE-2024-21235 at SUSECVE-2024-21235 at NVDcpe:/o:opensuse:leap:15.5Security update for docker-stable (Important)openSUSE Leap 15.5
This update for docker-stable fixes the following issues:
- CVE-2024-41110: Fixed Authz zero length regression (bsc#1228324).
Bug fixes:
- Allow users to disable SUSE secrets support by setting DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker (bsc#1231348).
- Import specfile changes for docker-buildx as well as the changes to help reduce specfile differences between docker-stable and docker (bsc#1230331, bsc#1230333).
- Fix BuildKit's symlink resolution logic to correctly handle non-lexical symlinks (bsc#1221916).
- Write volume options atomically so sudden system crashes won't result in future Docker starts failing due to empty files (bsc#1214855).
ImportantSUSE bug 1214855SUSE bug 1221916SUSE bug 1228324SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348CVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:opensuse:leap:15.5Security update for obs-scm-bridge (Important)openSUSE Leap 15.5
This update for obs-scm-bridge fixes the following issues:
Updated to version 0.5.4:
- CVE-2024-22038: Fixed DoS attacks, information leaks with crafted Git repositories (bnc#1230469)
ImportantSUSE bug 1230469CVE-2024-22038 at SUSECVE-2024-22038 at NVDcpe:/o:opensuse:leap:15.5Recommended update for helm (Moderate)openSUSE Leap 15.5
helm was updated to fix the following issues:
Update to version 3.16.3:
* fix: fix label name
* Fix typo in pkg/lint/rules/chartfile_test.go
* Increasing the size of the runner used for releases.
* fix(hooks): correct hooks delete order
* Bump github.com/containerd/containerd from 1.7.12 to 1.7.23
Update to version 3.16.2:
* Revering change unrelated to issue #13176
* adds tests for handling of Helm index with broken chart
versions #13176
* improves handling of Helm index with broken helm chart versions
#13176
* Bump the k8s-io group with 7 updates
* adding check-latest:true
* Grammar fixes
* Fix typos
Update to version 3.16.1:
* bumping version to 1.22.7
* Merge pull request #13327 from mattfarina/revert-11726
Update to version 3.16.0:
Helm v3.16.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Notable Changes
- added sha512sum template function
- added ActiveHelp for cmds that don't take any more args
- drops very old Kubernetes versions support in helm create
- add --skip-schema-validation flag to helm 'install',
'upgrade' and 'lint'
- fixed bug to now use burst limit setting for discovery
- Added windows arm64 support
* Full changelog see
https://github.com/helm/helm/releases/tag/v3.16.0
Update to version 3.15.4:
* Bump the k8s-io group across 1 directory with 7 updates
* Bump github.com/docker/docker
-------------------------------------------------------------------
Thu Jul 11 05:39:32 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 3.15.3:
* fix(helm): Use burst limit setting for discovery
* fixed dependency_update_test.go
* fix(dependencyBuild): prevent race condition in concurrent helm
dependency
* fix: respect proxy envvars on helm install/upgrade
* Merge pull request #13085 from
alex-kattathra-johnson/issue-12961
Update to version 3.15.2:
* fix: wrong cli description
* fix typo in load_plugins.go
* fix docs of DeployedAll
* Bump github.com/docker/docker
* bump oras minor version
* feat(load.go): add warning on requirements.lock
Update to version 3.15.1:
* Fixing build issue where wrong version is used
Update to version 3.15.0:
Helm v3.15.0 is a feature release. Users are encouraged to
upgrade for the best experience.
* Updating to k8s 1.30 c4e37b3 (Matt Farina)
* bump version to v3.15.0 d7afa3b (Matt Farina)
* bump version to 7743467 (Matt Farina)
* Fix namespace on kubeconfig error 214fb6e (Calvin Krist)
* Update testdata PKI with keys that have validity until 3393
(Fixes #12880) 1b75d48 (Dirk M?ller)
* Modified how created annotation is populated based on package
creation time 0a69a0d (Andrew Block)
* Enabling hide secrets on install and upgrade dry run 25c4738
(Matt Farina)
* Fixing all the linting errors d58d7b3 (Robert Sirchia)
* Add a note about --dry-run displaying secrets a23dd9e (Matt
Farina)
* Updating .gitignore 8b424ba (Robert Sirchia)
* add error messages 8d19bcb (George Jenkins)
* Fix: Ignore alias validation error for index load 68294fd
(George Jenkins)
* validation fix 8e6a514 (Matt Farina)
* bug: add proxy support for oci getter 94c1dea (Ricardo
Maraschini)
* Update architecture detection method 57a1bb8 (weidongkl)
* Improve release action 4790bb9 (George Jenkins)
* Fix grammatical error c25736c (Matt Carr)
* Updated for review comments d2cf8c6 (MichaelMorris)
* Add robustness to wait status checks fc74964 (MichaelMorris)
* refactor: create a helper for checking if a release is
uninstalled f908379 (Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history
9e198fa (Alex Petrov)
Update to version 3.14.4:
Helm v3.14.4 is a patch release. Users are encouraged to upgrade
for the best experience. Users are encouraged to upgrade for the
best experience.
* refactor: create a helper for checking if a release is
uninstalled 81c902a (Alex Petrov)
* fix: reinstall previously uninstalled chart with --keep-history
5a11c76 (Alex Petrov)
* bug: add proxy support for oci getter aa7d953 (Ricardo
Maraschini)
Update to version 3.14.3:
* Add a note about --dry-run displaying secrets
* add error messages
* Fix: Ignore alias validation error for index load
* Update architecture detection method
Update to version 3.14.2 (bsc#1220207, CVE-2024-26147):
* Fix for uninitialized variable in yaml parsing
Update to version 3.14.1 (bsc#1219969, CVE-2024-25620):
* validation fix
Update to version 3.14.0:
* Notable Changes
- New helm search flag of --fail-on-no-result
- Allow a nested tpl invocation access to defines
- Speed up the tpl function
- Added qps/HELM_QPS parameter that tells Kubernetes packages
how to operate
- Added --kube-version to lint command
- The ignore pkg is now public
* Changelog
- Improve release action
- Fix issues when verify generation readiness was merged
- fix test to use the default code's k8sVersionMinor
- lint: Add --kube-version flag to set capabilities and
deprecation rules
- Removing Asset Transparency
- tests(pkg/engine): test RenderWithClientProvider
- Make the `ignore` pkg public again
- feature(pkg/engine): introduce RenderWithClientProvider
- Updating Helm libraries for k8s 1.28.4
- Remove excessive logging
- Update CONTRIBUTING.md
- Fixing release labelling in rollback
- feat: move livenessProbe and readinessProbe values to default
values file
- Revert 'fix(main): fix basic auth for helm pull or push'
- Revert 'fix(registry): address anonymous pull issue'
- Update get-helm-3
- Drop filterSystemLabels usage from Query method
- Apply review suggestions
- Update get-helm-3 to get version through get.helm.sh
- feat: print failed hook name
- Fixing precedence issue with the import of values.
- chore(create): indent to spaces
- Allow using label selectors for system labels for sql
backend.
- Allow using label selectors for system labels for secrets and
configmap backends.
- remove useless print during prepareUpgrade
- Add missing with clause to release gh action
- FIX Default ServiceAccount yaml
- fix(registry): address anonymous pull issue
- fix(registry): unswallow error
- Fix missing run statement on release action
- Add qps/HELM_QPS parameter
- Write latest version to get.helm.sh bucket
- Increased release information key name max length.
- Pin gox to specific commit
- Remove `GoFish` from package managers for installing the
binary
- Test update for 'Allow a nested `tpl` invocation access to
`defines` in a containing one'
- Test update for 'Speed up `tpl`'
- Add support for RISC-V
- lint and validate dependency metadata to reference
dependencies with a unique key (name or alias)
- Work around template.Clone omitting options
- fix: pass 'passCredentialsAll' as env-var to getter
- feat: pass basic auth to env-vars when running download
plugins
- helm search: New CLI Flag --fail-on-no-result
- Update pkg/kube/ready.go
- fix post install hook deletion due to before-hook-creation
policy
- Allow a nested `tpl` invocation access to `defines` in a
containing one
- Remove the 'reference templates' concept
- Speed up `tpl`
- ready checker- comment update
- ready checker- remove duplicate statefulset generational
check
- Verify generation in readiness checks
- feat(helm): add --reset-then-reuse-values flag to 'helm
upgrade'
ModerateSUSE bug 1219969SUSE bug 1220207CVE-2024-25620 at SUSECVE-2024-25620 at NVDCVE-2024-26147 at SUSECVE-2024-26147 at NVDcpe:/o:opensuse:leap:15.5Security update for php8 (Moderate)openSUSE Leap 15.5
This update for php8 fixes the following issues:
- CVE-2024-11233: buffer overread when processing input with the convert.quoted-printable-decode filter. (bsc#1233702)
- CVE-2024-11234: possible CRLF injection in URIs when a proxy is configured in a stream context. (bsc#1233703)
- CVE-2024-8929: data exposure on MySQL clients due to heap buffer overread in mysqlnd. (bsc#1233651)
ModerateSUSE bug 1233651SUSE bug 1233702SUSE bug 1233703CVE-2024-11233 at SUSECVE-2024-11233 at NVDCVE-2024-11234 at SUSECVE-2024-11234 at NVDCVE-2024-8929 at SUSECVE-2024-8929 at NVDcpe:/o:opensuse:leap:15.5Security update for libavif (Important)openSUSE Leap 15.5
This update for libavif fixes the following issues:
- CVE-2023-6704: Fixed use after free by not storing colorproperties until alpha item is found (bsc#1218303).
ImportantSUSE bug 1218303CVE-2023-6704 at SUSECVE-2023-6704 at NVDcpe:/o:opensuse:leap:15.5Security update for govulncheck-vulndb (Moderate)openSUSE Leap 15.5
This update for govulncheck-vulndb fixes the following issues:
- Update to version 0.0.20241209T183251 2024-12-09T18:32:51Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3284
* GO-2024-3286
* GO-2024-3287
* GO-2024-3288
* GO-2024-3289
* GO-2024-3290
* GO-2024-3291
* GO-2024-3292
* GO-2024-3294
* GO-2024-3296
* GO-2024-3299
* GO-2024-3300
* GO-2024-3302
* GO-2024-3303
* GO-2024-3304
* GO-2024-3305
* GO-2024-3307
* GO-2024-3308
* GO-2024-3310
* GO-2024-3311
* GO-2024-3312
* GO-2024-3313
- Update to version 0.0.20241121T195252 2024-11-21T19:52:52Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3279
* GO-2024-3280
* GO-2024-3281
* GO-2024-3282
* GO-2024-3283
- Update to version 0.0.20241120T172248 2024-11-20T17:22:48Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3140
* GO-2024-3259
* GO-2024-3265
- Update to version 0.0.20241119T173509 2024-11-19T17:35:09Z (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2022-0646
* GO-2024-3267
* GO-2024-3269
* GO-2024-3271
* GO-2024-3272
* GO-2024-3273
* GO-2024-3274
* GO-2024-3275
* GO-2024-3277
* GO-2024-3278
Moderatecpe:/o:opensuse:leap:15.5Security update for cosign (Moderate)openSUSE Leap 15.5
This update for cosign fixes the following issues:
Updated to 2.2.3 (jsc#SLE-23879):
Bug Fixes:
* Fix race condition on verification with multiple signatures attached to image (#3486)
* fix(clean): Fix clean cmd for private registries (#3446)
* Fixed BYO PKI verification (#3427)
Features:
* Allow for option in cosign attest and attest-blob to upload attestation as supported in Rekor (#3466)
* Add support for OpenVEX predicate type (#3405)
Documentation:
* Resolves #3088: `version` sub-command expected behaviour documentation and testing (#3447)
* add examples for cosign attach signature cmd (#3468)
Misc:
* Remove CertSubject function (#3467)
* Use local rekor and fulcio instances in e2e tests (#3478)
- bumped embedded golang.org/x/crypto/ssh to fix the Terrapin attack CVE-2023-48795 (bsc#1218207)
Updated to 2.2.2 (jsc#SLE-23879):
v2.2.2 adds a new container with a shell,
gcr.io/projectsigstore/cosign:vx.y.z-dev, in addition to the existing
container gcr.io/projectsigstore/cosign:vx.y.z without a shell.
For private deployments, we have also added an alias for
--insecure-skip-log, --private-infrastructure.
Bug Fixes:
* chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411) which fixes a bug with using Azure KMS
* Don't require CT log keys if using a key/sk (#3415)
* Fix copy without any flag set (#3409)
* Update cosign generate cmd to not include newline (#3393)
* Fix idempotency error with signing (#3371)
Features:
* Add --yes flag cosign import-key-pair to skip the overwrite confirmation. (#3383)
* Use the timeout flag value in verify* commands. (#3391)
* add --private-infrastructure flag (#3369)
Container Updates:
* Bump builder image to use go1.21.4 and add new cosign image tags with shell (#3373)
Documentation:
* Update SBOM_SPEC.md (#3358)
- CVE-2023-48795: Fixed the Terrapin attack in embedded golang.org/x/crypto/ssh (bsc#1218207).
ModerateSUSE bug 1218207CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs20 (Moderate)openSUSE Leap 15.5
This update for nodejs20 fixes the following issues:
- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)
Other fixes:
- Updated to 20.18.1:
* Experimental Network Inspection Support in Node.js
* Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext
* New option for vm.createContext() to create a context with a
freezable globalThis
* buffer: optimize createFromString
- Changes in 20.17.0:
* module: support require()ing synchronous ESM graphs
* path: add matchesGlob method
* stream: expose DuplexPair API
- Changes in 20.16.0:
* process: add process.getBuiltinModule(id)
* inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth
* buffer: add .bytes() method to Blob
ModerateSUSE bug 1233856CVE-2024-21538 at SUSECVE-2024-21538 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Moderate)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)
Other fixes:
- Update to 18.20.5
* esm: mark import attributes and JSON module as stable
* deps:
+ upgrade npm to 10.8.2
+ update simdutf to 5.6.0
+ update brotli to 1.1.0
+ update ada to 2.8.0
+ update acorn to 8.13.0
+ update acorn-walk to 8.3.4
+ update c-ares to 1.29.0
ModerateSUSE bug 1233856CVE-2024-21538 at SUSECVE-2024-21538 at NVDcpe:/o:opensuse:leap:15.5Security update for socat (Moderate)openSUSE Leap 15.5
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
ModerateSUSE bug 1225462CVE-2024-54661 at SUSECVE-2024-54661 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Moderate)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
Updated to Java 8.0 Service Refresh 8 Fix Pack 35 with Oracle October 15 2024 CPU (bsc#1232064):
- CVE-2024-21208: Fixed partial DoS in component Networking (bsc#1231702,JDK-8328286)
- CVE-2024-21210: Fixed unauthorized update, insert or delete access to some of Oracle Java SE accessible data in component Hotspot (bsc#1231711,JDK-8328544)
- CVE-2024-21217: Fixed partial DoS in component Serialization (bsc#1231716,JDK-8331446)
- CVE-2024-21235: Fixed unauthorized read/write access to data in component Hotspot (bsc#1231719,JDK-8332644)
Other issues fixed in past releases:
- CVE-2024-3933: Fixed evaluate constant byteLenNode of arrayCopyChild (bsc#1225470) ModerateSUSE bug 1225470SUSE bug 1231702SUSE bug 1231711SUSE bug 1231716SUSE bug 1231719SUSE bug 1232064CVE-2024-21208 at SUSECVE-2024-21208 at NVDCVE-2024-21210 at SUSECVE-2024-21210 at NVDCVE-2024-21217 at SUSECVE-2024-21217 at NVDCVE-2024-21235 at SUSECVE-2024-21235 at NVDCVE-2024-3933 at SUSECVE-2024-3933 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- Drop OCFS2 patch causing a regression (bsc#1233255)
- Fix regression on AMDGPU driver (bsc#1233134)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bugreference to a hv_netvsc patch (bsc#1232413).
- add commit message for the kABI patch
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- qed: avoid truncating work queue length (git-fixes).
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
ImportantSUSE bug 1082555SUSE bug 1194869SUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1221333SUSE bug 1222364SUSE bug 1222590SUSE bug 1223202SUSE bug 1223656SUSE bug 1223848SUSE bug 1223919SUSE bug 1223942SUSE bug 1224518SUSE bug 1224526SUSE bug 1224574SUSE bug 1225725SUSE bug 1225730SUSE bug 1225742SUSE bug 1225764SUSE bug 1225812SUSE bug 1226560SUSE bug 1226592SUSE bug 1226631SUSE bug 1226748SUSE bug 1226872SUSE bug 1227853SUSE bug 1228410SUSE bug 1228430SUSE bug 1228486SUSE bug 1228650SUSE bug 1228857SUSE bug 1229312SUSE bug 1229429SUSE bug 1229585SUSE bug 1229752SUSE bug 1229808SUSE bug 1230055SUSE bug 1230220SUSE bug 1230231SUSE bug 1230270SUSE bug 1230558SUSE bug 1230827SUSE bug 1230918SUSE bug 1231083SUSE bug 1231089SUSE bug 1231098SUSE bug 1231101SUSE bug 1231108SUSE bug 1231111SUSE bug 1231132SUSE bug 1231135SUSE bug 1231138SUSE bug 1231169SUSE bug 1231178SUSE bug 1231180SUSE bug 1231181SUSE bug 1231187SUSE bug 1231202SUSE bug 1231434SUSE bug 1231441SUSE bug 1231452SUSE bug 1231465SUSE bug 1231474SUSE bug 1231481SUSE bug 1231537SUSE bug 1231541SUSE bug 1231646SUSE bug 1231849SUSE bug 1231856SUSE bug 1231858SUSE bug 1231859SUSE bug 1231864SUSE bug 1231904SUSE bug 1231916SUSE bug 1231920SUSE bug 1231923SUSE bug 1231930SUSE bug 1231931SUSE bug 1231947SUSE bug 1231952SUSE bug 1231953SUSE bug 1231959SUSE bug 1231978SUSE bug 1232013SUSE bug 1232015SUSE bug 1232016SUSE bug 1232017SUSE bug 1232027SUSE bug 1232028SUSE bug 1232047SUSE bug 1232048SUSE bug 1232050SUSE bug 1232056SUSE bug 1232076SUSE bug 1232080SUSE bug 1232094SUSE bug 1232096SUSE bug 1232098SUSE bug 1232111SUSE bug 1232126SUSE bug 1232134SUSE bug 1232135SUSE bug 1232141SUSE bug 1232142SUSE bug 1232147SUSE bug 1232152SUSE bug 1232159SUSE bug 1232162SUSE bug 1232165SUSE bug 1232180SUSE bug 1232185SUSE bug 1232187SUSE bug 1232189SUSE bug 1232195SUSE bug 1232198SUSE bug 1232201SUSE bug 1232218SUSE bug 1232224SUSE bug 1232232SUSE bug 1232254SUSE bug 1232255SUSE bug 1232264SUSE bug 1232272SUSE bug 1232279SUSE bug 1232287SUSE bug 1232293SUSE bug 1232312SUSE bug 1232317SUSE bug 1232318SUSE bug 1232333SUSE bug 1232334SUSE bug 1232335SUSE bug 1232339SUSE bug 1232349SUSE bug 1232357SUSE bug 1232359SUSE bug 1232362SUSE bug 1232364SUSE bug 1232370SUSE bug 1232371SUSE bug 1232378SUSE bug 1232385SUSE bug 1232387SUSE bug 1232394SUSE bug 1232413SUSE bug 1232416SUSE bug 1232436SUSE bug 1232483SUSE bug 1232500SUSE bug 1232503SUSE bug 1232504SUSE bug 1232507SUSE bug 1232520SUSE bug 1232552SUSE bug 1232757SUSE bug 1232819SUSE bug 1232860SUSE bug 1232870SUSE bug 1232873SUSE bug 1232877SUSE bug 1232878SUSE bug 1232881SUSE bug 1232884SUSE bug 1232885SUSE bug 1232887SUSE bug 1232888SUSE bug 1232890SUSE bug 1232892SUSE bug 1232896SUSE bug 1232897SUSE bug 1232905SUSE bug 1232907SUSE bug 1232919SUSE bug 1232926SUSE bug 1232928SUSE bug 1232935SUSE bug 1233035SUSE bug 1233049SUSE bug 1233051SUSE bug 1233056SUSE bug 1233057SUSE bug 1233061SUSE bug 1233063SUSE bug 1233065SUSE bug 1233067SUSE bug 1233070SUSE bug 1233073SUSE bug 1233074SUSE bug 1233100SUSE bug 1233103SUSE bug 1233104SUSE bug 1233105SUSE bug 1233106SUSE bug 1233107SUSE bug 1233108SUSE bug 1233110SUSE bug 1233111SUSE bug 1233113SUSE bug 1233114SUSE bug 1233117SUSE bug 1233123SUSE bug 1233125SUSE bug 1233129SUSE bug 1233130SUSE bug 1233134SUSE bug 1233135SUSE bug 1233150SUSE bug 1233189SUSE bug 1233191SUSE bug 1233197SUSE bug 1233205SUSE bug 1233206SUSE bug 1233209SUSE bug 1233210SUSE bug 1233211SUSE bug 1233212SUSE bug 1233214SUSE bug 1233216SUSE bug 1233238SUSE bug 1233241SUSE bug 1233253SUSE bug 1233255SUSE bug 1233293SUSE bug 1233350SUSE bug 1233452SUSE bug 1233453SUSE bug 1233454SUSE bug 1233456SUSE bug 1233457SUSE bug 1233458SUSE bug 1233460SUSE bug 1233462SUSE bug 1233463SUSE bug 1233468SUSE bug 1233471SUSE bug 1233476SUSE bug 1233478SUSE bug 1233479SUSE bug 1233481SUSE bug 1233484SUSE bug 1233487SUSE bug 1233490SUSE bug 1233491SUSE bug 1233528SUSE bug 1233548SUSE bug 1233552SUSE bug 1233553SUSE bug 1233554SUSE bug 1233555SUSE bug 1233557SUSE bug 1233560SUSE bug 1233561SUSE bug 1233570SUSE bug 1233577SUSE bug 1233580SUSE bug 1233977SUSE bug 1234012SUSE bug 1234025SUSE bug 1234085SUSE bug 1234093SUSE bug 1234098SUSE bug 1234108CVE-2021-47594 at SUSECVE-2021-47594 at NVDCVE-2022-48674 at SUSECVE-2022-48674 at NVDCVE-2022-48979 at SUSECVE-2022-48979 at NVDCVE-2022-48982 at SUSECVE-2022-48982 at NVDCVE-2022-48983 at SUSECVE-2022-48983 at NVDCVE-2022-48989 at SUSECVE-2022-48989 at NVDCVE-2022-48990 at SUSECVE-2022-48990 at NVDCVE-2023-52915 at SUSECVE-2023-52915 at NVDCVE-2023-52917 at SUSECVE-2023-52917 at NVDCVE-2023-52918 at SUSECVE-2023-52918 at NVDCVE-2023-52921 at SUSECVE-2023-52921 at NVDCVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-26953 at SUSECVE-2024-26953 at NVDCVE-2024-35888 at SUSECVE-2024-35888 at NVDCVE-2024-35937 at SUSECVE-2024-35937 at NVDCVE-2024-35980 at SUSECVE-2024-35980 at NVDCVE-2024-36484 at SUSECVE-2024-36484 at NVDCVE-2024-36883 at SUSECVE-2024-36883 at NVDCVE-2024-36886 at SUSECVE-2024-36886 at NVDCVE-2024-36905 at SUSECVE-2024-36905 at NVDCVE-2024-36953 at SUSECVE-2024-36953 at NVDCVE-2024-36954 at SUSECVE-2024-36954 at NVDCVE-2024-38577 at SUSECVE-2024-38577 at NVDCVE-2024-38589 at SUSECVE-2024-38589 at NVDCVE-2024-38615 at SUSECVE-2024-38615 at NVDCVE-2024-40997 at SUSECVE-2024-40997 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41023 at SUSECVE-2024-41023 at NVDCVE-2024-41049 at SUSECVE-2024-41049 at NVDCVE-2024-42131 at SUSECVE-2024-42131 at NVDCVE-2024-43817 at SUSECVE-2024-43817 at NVDCVE-2024-43897 at SUSECVE-2024-43897 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-44995 at SUSECVE-2024-44995 at NVDCVE-2024-46681 at SUSECVE-2024-46681 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-46802 at SUSECVE-2024-46802 at NVDCVE-2024-46804 at SUSECVE-2024-46804 at NVDCVE-2024-46805 at SUSECVE-2024-46805 at NVDCVE-2024-46807 at SUSECVE-2024-46807 at NVDCVE-2024-46810 at SUSECVE-2024-46810 at NVDCVE-2024-46812 at SUSECVE-2024-46812 at NVDCVE-2024-46819 at SUSECVE-2024-46819 at NVDCVE-2024-46821 at SUSECVE-2024-46821 at NVDCVE-2024-46835 at SUSECVE-2024-46835 at NVDCVE-2024-46842 at SUSECVE-2024-46842 at NVDCVE-2024-46853 at SUSECVE-2024-46853 at NVDCVE-2024-46859 at SUSECVE-2024-46859 at NVDCVE-2024-46864 at SUSECVE-2024-46864 at NVDCVE-2024-46871 at SUSECVE-2024-46871 at NVDCVE-2024-47663 at SUSECVE-2024-47663 at NVDCVE-2024-47665 at SUSECVE-2024-47665 at NVDCVE-2024-47667 at SUSECVE-2024-47667 at NVDCVE-2024-47669 at SUSECVE-2024-47669 at NVDCVE-2024-47670 at SUSECVE-2024-47670 at NVDCVE-2024-47671 at SUSECVE-2024-47671 at NVDCVE-2024-47679 at SUSECVE-2024-47679 at NVDCVE-2024-47682 at SUSECVE-2024-47682 at NVDCVE-2024-47693 at SUSECVE-2024-47693 at NVDCVE-2024-47695 at SUSECVE-2024-47695 at NVDCVE-2024-47696 at SUSECVE-2024-47696 at NVDCVE-2024-47697 at SUSECVE-2024-47697 at NVDCVE-2024-47698 at SUSECVE-2024-47698 at NVDCVE-2024-47699 at SUSECVE-2024-47699 at NVDCVE-2024-47701 at SUSECVE-2024-47701 at NVDCVE-2024-47709 at SUSECVE-2024-47709 at NVDCVE-2024-47712 at SUSECVE-2024-47712 at NVDCVE-2024-47713 at SUSECVE-2024-47713 at NVDCVE-2024-47718 at SUSECVE-2024-47718 at NVDCVE-2024-47723 at SUSECVE-2024-47723 at NVDCVE-2024-47728 at SUSECVE-2024-47728 at NVDCVE-2024-47735 at SUSECVE-2024-47735 at NVDCVE-2024-47737 at SUSECVE-2024-47737 at NVDCVE-2024-47742 at SUSECVE-2024-47742 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47749 at SUSECVE-2024-47749 at NVDCVE-2024-47756 at SUSECVE-2024-47756 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49850 at SUSECVE-2024-49850 at NVDCVE-2024-49851 at SUSECVE-2024-49851 at NVDCVE-2024-49852 at SUSECVE-2024-49852 at NVDCVE-2024-49855 at SUSECVE-2024-49855 at NVDCVE-2024-49861 at SUSECVE-2024-49861 at NVDCVE-2024-49863 at SUSECVE-2024-49863 at NVDCVE-2024-49868 at SUSECVE-2024-49868 at NVDCVE-2024-49870 at SUSECVE-2024-49870 at NVDCVE-2024-49871 at SUSECVE-2024-49871 at NVDCVE-2024-49875 at SUSECVE-2024-49875 at NVDCVE-2024-49877 at SUSECVE-2024-49877 at NVDCVE-2024-49879 at SUSECVE-2024-49879 at NVDCVE-2024-49884 at SUSECVE-2024-49884 at NVDCVE-2024-49891 at SUSECVE-2024-49891 at NVDCVE-2024-49900 at SUSECVE-2024-49900 at NVDCVE-2024-49902 at SUSECVE-2024-49902 at NVDCVE-2024-49903 at SUSECVE-2024-49903 at NVDCVE-2024-49905 at SUSECVE-2024-49905 at NVDCVE-2024-49907 at SUSECVE-2024-49907 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49921 at SUSECVE-2024-49921 at NVDCVE-2024-49924 at SUSECVE-2024-49924 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49934 at SUSECVE-2024-49934 at NVDCVE-2024-49935 at SUSECVE-2024-49935 at NVDCVE-2024-49938 at SUSECVE-2024-49938 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49947 at SUSECVE-2024-49947 at NVDCVE-2024-49950 at SUSECVE-2024-49950 at NVDCVE-2024-49957 at SUSECVE-2024-49957 at NVDCVE-2024-49963 at SUSECVE-2024-49963 at NVDCVE-2024-49965 at SUSECVE-2024-49965 at NVDCVE-2024-49966 at SUSECVE-2024-49966 at NVDCVE-2024-49968 at SUSECVE-2024-49968 at NVDCVE-2024-49981 at SUSECVE-2024-49981 at NVDCVE-2024-49983 at SUSECVE-2024-49983 at NVDCVE-2024-49985 at SUSECVE-2024-49985 at NVDCVE-2024-49989 at SUSECVE-2024-49989 at NVDCVE-2024-50003 at SUSECVE-2024-50003 at NVDCVE-2024-50007 at SUSECVE-2024-50007 at NVDCVE-2024-50008 at SUSECVE-2024-50008 at NVDCVE-2024-50009 at SUSECVE-2024-50009 at NVDCVE-2024-50013 at SUSECVE-2024-50013 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50025 at SUSECVE-2024-50025 at NVDCVE-2024-50026 at SUSECVE-2024-50026 at NVDCVE-2024-50031 at SUSECVE-2024-50031 at NVDCVE-2024-50044 at SUSECVE-2024-50044 at NVDCVE-2024-50062 at SUSECVE-2024-50062 at NVDCVE-2024-50067 at SUSECVE-2024-50067 at NVDCVE-2024-50073 at SUSECVE-2024-50073 at NVDCVE-2024-50074 at SUSECVE-2024-50074 at NVDCVE-2024-50077 at SUSECVE-2024-50077 at NVDCVE-2024-50078 at SUSECVE-2024-50078 at NVDCVE-2024-50082 at SUSECVE-2024-50082 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50093 at SUSECVE-2024-50093 at NVDCVE-2024-50095 at SUSECVE-2024-50095 at NVDCVE-2024-50096 at SUSECVE-2024-50096 at NVDCVE-2024-50098 at SUSECVE-2024-50098 at NVDCVE-2024-50099 at SUSECVE-2024-50099 at NVDCVE-2024-50103 at SUSECVE-2024-50103 at NVDCVE-2024-50108 at SUSECVE-2024-50108 at NVDCVE-2024-50110 at SUSECVE-2024-50110 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50116 at SUSECVE-2024-50116 at NVDCVE-2024-50117 at SUSECVE-2024-50117 at NVDCVE-2024-50124 at SUSECVE-2024-50124 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-50131 at SUSECVE-2024-50131 at NVDCVE-2024-50134 at SUSECVE-2024-50134 at NVDCVE-2024-50135 at SUSECVE-2024-50135 at NVDCVE-2024-50138 at SUSECVE-2024-50138 at NVDCVE-2024-50141 at SUSECVE-2024-50141 at NVDCVE-2024-50146 at SUSECVE-2024-50146 at NVDCVE-2024-50147 at SUSECVE-2024-50147 at NVDCVE-2024-50148 at SUSECVE-2024-50148 at NVDCVE-2024-50150 at SUSECVE-2024-50150 at NVDCVE-2024-50153 at SUSECVE-2024-50153 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50155 at SUSECVE-2024-50155 at NVDCVE-2024-50156 at SUSECVE-2024-50156 at NVDCVE-2024-50160 at SUSECVE-2024-50160 at NVDCVE-2024-50167 at SUSECVE-2024-50167 at NVDCVE-2024-50171 at SUSECVE-2024-50171 at NVDCVE-2024-50179 at SUSECVE-2024-50179 at NVDCVE-2024-50180 at SUSECVE-2024-50180 at NVDCVE-2024-50182 at SUSECVE-2024-50182 at NVDCVE-2024-50183 at SUSECVE-2024-50183 at NVDCVE-2024-50184 at SUSECVE-2024-50184 at NVDCVE-2024-50186 at SUSECVE-2024-50186 at NVDCVE-2024-50187 at SUSECVE-2024-50187 at NVDCVE-2024-50188 at SUSECVE-2024-50188 at NVDCVE-2024-50189 at SUSECVE-2024-50189 at NVDCVE-2024-50192 at SUSECVE-2024-50192 at NVDCVE-2024-50194 at SUSECVE-2024-50194 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50196 at SUSECVE-2024-50196 at NVDCVE-2024-50198 at SUSECVE-2024-50198 at NVDCVE-2024-50201 at SUSECVE-2024-50201 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50209 at SUSECVE-2024-50209 at NVDCVE-2024-50215 at SUSECVE-2024-50215 at NVDCVE-2024-50218 at SUSECVE-2024-50218 at NVDCVE-2024-50229 at SUSECVE-2024-50229 at NVDCVE-2024-50230 at SUSECVE-2024-50230 at NVDCVE-2024-50232 at SUSECVE-2024-50232 at NVDCVE-2024-50233 at SUSECVE-2024-50233 at NVDCVE-2024-50234 at SUSECVE-2024-50234 at NVDCVE-2024-50236 at SUSECVE-2024-50236 at NVDCVE-2024-50237 at SUSECVE-2024-50237 at NVDCVE-2024-50249 at SUSECVE-2024-50249 at NVDCVE-2024-50255 at SUSECVE-2024-50255 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50261 at SUSECVE-2024-50261 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50265 at SUSECVE-2024-50265 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50268 at SUSECVE-2024-50268 at NVDCVE-2024-50269 at SUSECVE-2024-50269 at NVDCVE-2024-50271 at SUSECVE-2024-50271 at NVDCVE-2024-50273 at SUSECVE-2024-50273 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50282 at SUSECVE-2024-50282 at NVDCVE-2024-50287 at SUSECVE-2024-50287 at NVDCVE-2024-50289 at SUSECVE-2024-50289 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50292 at SUSECVE-2024-50292 at NVDCVE-2024-50295 at SUSECVE-2024-50295 at NVDCVE-2024-50298 at SUSECVE-2024-50298 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53052 at SUSECVE-2024-53052 at NVDCVE-2024-53058 at SUSECVE-2024-53058 at NVDCVE-2024-53059 at SUSECVE-2024-53059 at NVDCVE-2024-53060 at SUSECVE-2024-53060 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53066 at SUSECVE-2024-53066 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDCVE-2024-53079 at SUSECVE-2024-53079 at NVDCVE-2024-53085 at SUSECVE-2024-53085 at NVDCVE-2024-53088 at SUSECVE-2024-53088 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53110 at SUSECVE-2024-53110 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 128.5.1 ESR (bsc#1234326):
- Fixed an issue that prevented some websites from
loading when using SSL Inspection. (bmo#1933747)
ImportantSUSE bug 1234326cpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Moderate)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
- CVE-2024-50336: Fixed insufficient MXC URI validation which could allow client-side path traversal (bsc#1234413)
Other fixes:
- Updated to Mozilla Thunderbird 128.5.2i (bsc#1234413):
* fixed: Large virtual folders could be very slow
* fixed: Message could disappear after moving from IMAP folder
followed by Undo and Redo
* fixed: XMPP chat did not display messages sent inside a CDATA
element
* fixed: Selected calendar day did not move forward at midnight
* fixed: Today pane agenda sometimes scrolled for no apparent
reason
* fixed: CalDAV calendars without offline support could degrade
start-up performance
* fixed: Visual and UX improvements
* fixed: Security fixes
- Updated to Mozilla Thunderbird 128.5.1:
* new: Add end of year donation appeal
* fixed: Total message count for favorite folders did not work
consistently
ModerateSUSE bug 1234413CVE-2024-50336 at SUSECVE-2024-50336 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Important)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726).
ImportantSUSE bug 1223726CVE-2024-30251 at SUSECVE-2024-30251 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Important)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-30251: Fixed infinite loop on specially crafted POST request (bsc#1223726).
ImportantSUSE bug 1223726CVE-2024-30251 at SUSECVE-2024-30251 at NVDcpe:/o:opensuse:leap:15.5Security update for aws-iam-authenticator (Critical)openSUSE Leap 15.5
This update for aws-iam-authenticator fixes the following issues:
- CVE-2022-1996: Fixed CORS bypass (bsc#1200528).
CriticalSUSE bug 1200528CVE-2022-1996 at SUSECVE-2022-1996 at NVDcpe:/o:opensuse:leap:15.5Security update for vim (Low)openSUSE Leap 15.5
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
LowSUSE bug 1229238SUSE bug 1231373CVE-2024-43374 at SUSECVE-2024-43374 at NVDCVE-2024-47814 at SUSECVE-2024-47814 at NVDcpe:/o:opensuse:leap:15.5Security update for libaom, libyuv (Moderate)openSUSE Leap 15.5
This update for libaom, libyuv fixes the following issues:
libaom was updated to version 3.7.1:
* Bug Fixes:
- aomedia:3349: heap overflow when increasing resolution
- aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning
on aom/av1/encoder/motion_search_facade.c
- aomedia:3489: Detect encoder and image high bit depth
mismatch
- aomedia:3491: heap-buffer-overflow on frame size change
- b/303023614: Segfault at encoding time for high bit depth
images
- New upstream release 3.7.0
- New Features
* New codec controls:
* AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame.
* AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta
quantization in all intra mode. The 'enable-rate-guide-deltaq' option is
added for this control.
* AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate
distribution used in all intra mode. The 'rate-distribution-info' option
is added for this control.
* AV1E_GET_LUMA_CDEF_STRENGTH
* AV1E_SET_BITRATE_ONE_PASS_CBR
* AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling.
* aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP.
The 'tune' option is extended to include 'vmaf_saliency_map'.
* SVC example encoder svc_encoder_rtc is able to use the rate control
library.
* Loopfilter level and CDEF filter level is supported by RTC rate control
library.
* New speed (--cpu-used) 11, intended for RTC screen sharing, added for
faster encoding with ~3% bdrate loss with 16% IC (instruction count)
speedup compared to speed 10.
- Compression Efficiency Improvements
* Improved VoD encoding performance
* 0.1-0.6% BDrate gains for encoding speeds 2 to 6
* Rate control accuracy improvement in VBR mode
* RTC encoding improvements
* Screen content mode: 10-19% BDrate gains for speeds 6 - 10
* Temporal layers video mode, for speed 10:
* 2 temporal layers on low resolutions: 13-15% BDrate gain
* 3 temporal layers on VGA/HD: 3-4% BDrate gain
- Perceptual Quality Improvements
* Fixed multiple block and color artifacts for RTC screen content by
* Incorporating color into RD cost for IDTX
* Reducing thresholds for palette mode in non RD mode
* Allowing more palette mode testing
* Improved color sensitivity for altref in non-RD mode.
* Reduced video flickering for temporal layer encoding.
- Speedup and Memory Optimizations
* Speed up the VoD encoder
* 2-5% for encoding speed 2 to 4
* 9-15% for encoding speed 5 to 6
* ARM
* Standard bitdepth
* speed 5: +31%
* speed 4: +2%
* speed 3: +9%
* speed 2: +157%
* High bitdepth
* speed 5: +85%
* RTC speedups
* Screen content mode
* 15% IC speedup for speeds 6-8
* ARM: 7% for speed 9, 3% for speed 10
* Temporal layers video mode
* 7% speedup for 3 temporal layers on VGA/HD, for speed 10
* Single layer video
* x86: 2% IC speedup for speeds 7-10
* ARM: 2-4% speedup across speeds 5-10
- Bug Fixes
* aomedia:3261 Assertion failed when encoding av1 with film grain and
'--monochrome' flag
* aomedia:3276 ensure all allocations are checked (partial fix)
* aomedia:3451 The libaom library calls exit()
* aomedia:3450 enable -Wshadow for C++ sources
* aomedia:3449 Test Seg Faults After
b459af3e345be402db052a143fcc5383d4b74cbd
* aomedia:3416 prune unused symbols / restrict symbol visibility
* aomedia:3443 Jenkins failure:
UninstantiatedParameterizedTestSuite<EstimateNoiseTest>
* aomedia:3434 realtime failures with CONFIG_BITSTREAM_DEBUG=1
* aomedia:3433 DeltaqModeTest crash w/row_mt=0
* aomedia:3429 Encoder crash when turn on both ExternalResize and
g_threads > 2
* aomedia:3438 Build failure with
`-DSANITIZE=address -DBUILD_SHARED_LIBS=ON` when using clang.
* aomedia:3435 Block artifacts when scrolling with AV1 in screen sharing
scenarios
* aomedia:3170 vmaf tune presets produce extreme glitches in one scene
* aomedia:3401 Building shared libaom with MSVC results in a race condition
with the export library
* aomedia:3420 Floating point exception in av1_tpl_get_frame_importance()
* aomedia:3424 heap-buffer-overflow in ScaleFilterCols_16_C() (SIGABRT)
* aomedia:3417 examples/svc_encoder_rtc.c is using internal macros and
functions
* aomedia:3372 SEGV in assign_frame_buffer_p av1_common_int.h
* aomedia:3130 'cpu-features.h' file not found on Android NDK 22
* aomedia:3415 Encoder/decoder mismatch for svc_encoder_rtc running
1 SL 3 TL
* aomedia:3412 Lossless Mode Fails Loopback Bit Test
* aomedia:3409 The use of AV1_VAR_OFFS in av1/encoder/var_based_part.c is
incorrect for high bit depths
* aomedia:3403 test_libaom fails with error message
'feenableexcept() failed' on Linux arm
* aomedia:3370 Random color block at fast motion area
* aomedia:3393 Assertion failure in av1_convolve_2d_sr_c()
* aomedia:3392 Strong artifacting for high bit-depth real-time
* aomedia:3376 aomenc --threads=10 --deltaq-mode=3 crashes after
'Allintra: multi-threading of calculating differential contrast'
* aomedia:3380 Crashes and ASan and TSan errors in deltaq-mode=3
multithreading code
* chromium:1410766 heap-buffer-overflow in aom_yv12_copy_v_c
* Cannot set level via AV1E_SET_TARGET_SEQ_LEVEL_IDX
* Encoding failure due to the use of loop restoration with unintended use of
lossless mode.
* Signed integer overflow in scan_past_frames
* Signed integer overflow in update_a_sep_sym
* Flickering in AV1 1440p/2160p HDR transcodes
* Fixed artifacts with screen share at encoder speed 10
* Fixed prediction setup for IDTX
- Update to version 3.6.1:
* aomedia:2871: Guard the support of the 7.x and 8.x levels for
AV1 under the CONFIG_CWG_C013 config flag, and only output the
7.x and 8.x levels when explicitly requested.
* aomedia:3382: Choose sb_size by ppi instead of svc.
* aomedia:3384: Fix fullpel search limits.
* aomedia:3388: Replace left shift of xq_active by
multiplication.
* aomedia:3389: Fix MV clamping in av1_mv_pred.
* aomedia:3390: set_ld_layer_depth: cap max_layer_depth to
MAX_ARF_LAYERS.
* aomedia:3418: Fix MV clamping in av1_int_pro_motion_estimation.
* aomedia:3429: Move lpf thread data init to
lpf_pipeline_mt_init().
* b:266719111: Fix undefined behavior in Arm Neon code.
* b:269840681: nonrd_opt: align scan tables.
* rtc: Fix is_key_frame setting in variance partition.
* Build: Fix build with clang-cl and Visual Studio.
- Update to version 3.6.0:
* This release includes compression efficiency and perceptual
quality improvements, speedup and memory optimizations, and
some new features. This release is ABI compatible with the last
release.
* New Features:
- New values 20-27 (corresponding to levels 7.0-7.3 and
8.0-8.3) for the encoder control
AV1E_SET_TARGET_SEQ_LEVEL_IDX (note that the proposal to add
the new levels are still in draft status). The original
special value 24 (keep level stats only for level monitoring)
is renumbered as 32.
- New encoder control AV1E_SET_SKIP_POSTPROC_FILTERING to skip
the application of post-processing filters on reconstructed
frame in all intra mode.
- New encoder option 'kf-max-pyr-height': Maximum height of
pyramid structure used for the GOP starting with a key frame
(-1 to 5).
- Make SVC work for screen content.
- Rate control improvements to reduce frame-size spikes for
screen content coding.
- RISC-V architecture support with gcc toolchain.
* Compression Efficiency Improvements:
- Peak compression efficiency in VOD setting is improved by 1%.
- 0.7% - 2.2% RTC encoding BDrate gains for real time speed 8
to 10.
- 15% RTC encoding BDrate gains for screen content speed 10.
* Perceptual Quality Improvements:
- Resolved a visual quality issue that was reported for high
resolution clips (2K) for speed 4 and above in VOD use case.
- Visual quality improvements to screen content coding.
- Quality improvements to temporal layer RTC coding.
* Speedup and Memory Optimizations:
- RTC single-thread encoder speedup:
. ~6% instruction count reduction for speed 5 and 6.
. ~15% instruction count reduction for speed 7.
. ~10% instruction count reduction for speed 8 to 10 (>=360p
resolutions).
- RTC multi-thread encoder speedup (beyond single-thread
speedup):
. 5-8% encode time reduction for speed 7 to 10.
- RTC screen-content encoder speedup:
. 11% instruction count reduction for speed 9 and 10 (>=720p
resolutions).
- ~5% reduction in heap memory requirements for RTC, speed 6 to
10.
* AVIF:
. 4-5% speedup for speed 9 in still-picture encoding mode.
. 3-4% heap memory reduction in still-picture encoding mode
for 360p-720p resolutions with multiple threads.
* Bug Fixes:
- Added a workaround for an AV1 specification bug which makes
TRANSLATION type global motion models unusable.
- Fixed AddressSanitizer global-buffer-overflow errors in
av1/encoder/arm/neon/av1_fwd_txfm2d_neon.c.
- Fixed AddressSanitizer heap-buffer-overflow error in
av1_wiener_convolve_add_src_neon().
- chromium:1393384 Avoid scene detection on spatial resize.
- aomedia:3308 Remove color artifacts under high motion.
- aomedia:3310 Avoid out of memory failures with Visual Studio
2017, 2019, and 2022 for Win32 x86 builds.
- aomedia:3346 Make SVC work properly for screen content.
- aomedia:3348 Fix a bug where an uninitialized search_site is
used.
- aomedia:3365 Work around what seems like a Visual Studio 2022
compiler optimization bug.
- aomedia:3369 Incorrect PSNR values reported by libaom for
12-bit encode.
- Update to version 3.5.0:
* This release is ABI compatible with the last one, including
speedup and memory optimizations, and new APIs and features.
* New Features
- Support for frame parallel encode for larger number of
threads. --fp-mt flag is available for all build
configurations.
- New codec control AV1E_GET_NUM_OPERATING_POINTS
* Speedup and Memory Optimizations
- Speed-up multithreaded encoding for good quality mode for
larger number of threads through frame parallel encoding:
. 30-34% encode time reduction for 1080p, 16 threads, 1x1
tile configuration (tile_rows x tile_columns)
. 18-28% encode time reduction for 1080p, 16 threads, 2x4
tile configuration
. 18-20% encode time reduction for 2160p, 32 threads, 2x4
tile configuration
- 16-20% speed-up for speed=6 to 8 in still-picture encoding
mode
- 5-6% heap memory reduction for speed=6 to 10 in real-time
encoding mode
- Improvements to the speed for speed=7, 8 in real-time
encoding mode
- Improvements to the speed for speed=9, 10 in real-time screen
encoding mode
- Optimizations to improve multi-thread efficiency in real-time
encoding mode
- 10-15% speed up for SVC with temporal layers
- SIMD optimizations:
. Improve av1_quantize_fp_32x32_neon() 1.05x to 1.24x faster
. Add aom_highbd_quantize_b{,_32x32,_64x64}_adaptive_neon()
3.15x to 5.6x faster than 'C'
. Improve av1_quantize_fp_64x64_neon() 1.17x to 1.66x faster
. Add aom_quantize_b_avx2() 1.4x to 1.7x faster than
aom_quantize_b_avx()
. Add aom_quantize_b_32x32_avx2() 1.4x to 2.3x faster than
aom_quantize_b_32x32_avx()
. Add aom_quantize_b_64x64_avx2() 2.0x to 2.4x faster than
aom_quantize_b_64x64_ssse3()
. Add aom_highbd_quantize_b_32x32_avx2() 9.0x to 10.5x faster
than aom_highbd_quantize_b_32x32_c()
. Add aom_highbd_quantize_b_64x64_avx2() 7.3x to 9.7x faster
than aom_highbd_quantize_b_64x64_c()
. Improve aom_highbd_quantize_b_avx2() 1.07x to 1.20x faster
. Improve av1_quantize_fp_avx2() 1.13x to 1.49x faster
. Improve av1_quantize_fp_32x32_avx2() 1.07x to 1.54x faster
. Improve av1_quantize_fp_64x64_avx2() 1.03x to 1.25x faster
. Improve av1_quantize_lp_avx2() 1.07x to 1.16x faster
* Bug fixes including but not limited to
- aomedia:3206 Assert that skip_width > 0 for deconvolve
function
- aomedia:3278 row_mt enc: Delay top-right sync when intraBC is
enabled
- aomedia:3282 blend_a64_*_neon: fix bus error in armv7
- aomedia:3283 FRAME_PARALLEL: Propagate border size to all
cpis
- aomedia:3283 RESIZE_MODE: Fix incorrect strides being used
for motion search
- aomedia:3286 rtc-svc: Fix to dynamic_enable spatial layers
- aomedia:3289 rtc-screen: Fix to skipping inter-mode test in
nonrd
- aomedia:3289 rtc-screen: Fix for skip newmv on flat blocks
- aomedia:3299 Fix build failure with CONFIG_TUNE_VMAF=1
- aomedia:3296 Fix the conflict --enable-tx-size-search=0 with
nonrd mode --enable-tx-size-search will be ignored in non-rd
pick mode
- aomedia:3304 Fix off-by-one error of max w/h in
validate_config
- aomedia:3306 Do not use pthread_setname_np on GNU/Hurd
- aomedia:3325 row-multithreading produces invalid bitstream in
some cases
- chromium:1346938, chromium:1338114
- compiler_flags.cmake: fix flag detection w/cmake 3.17-3.18.2
- tools/*.py: update to python3
- aom_configure.cmake: detect PIE and set CONFIG_PIC
- test/simd_cmp_impl: use explicit types w/CompareSimd*
- rtc: Fix to disable segm for aq-mode=3
- rtc: Fix to color_sensitivity in variance partition
- rtc-screen: Fix bsize in model rd computation for intra
chroma
- Fixes to ensure the correct behavior of the encoder
algorithms (like segmentation, computation of statistics,
etc.)
- Update to version 3.4.0:
* This release includes compression efficiency and perceptual
quality improvements, speedup and memory optimizations, and
some new features. There are no ABI or API breaking changes in
this release.
* New Features:
- New --dist-metric flag with 'qm-psnr' value to use
quantization matrices in the distortion computation for RD
search. The default value is 'psnr'.
- New command line option '--auto-intra-tools-off=1' to make
all-intra encoding faster for high bit rate under
'--deltaq-mode=3' mode.
- New rate control library aom_av1_rc for real-time hardware
encoders. Supports CBR for both one spatial layer and SVC.
- New image format AOM_IMG_FMT_NV12 can be used as input to the
encoder. The presence of AOM_IMG_FMT_NV12 can be detected at
compile time by checking if the macro AOM_HAVE_IMG_FMT_NV12
is defined.
- New codec controls for the encoder:
o AV1E_SET_AUTO_INTRA_TOOLS_OFF. Only in effect if
--deltaq-mode=3.
o AV1E_SET_RTC_EXTERNAL_RC
o AV1E_SET_FP_MT. Only supported if libaom is built with
-DCONFIG_FRAME_PARALLEL_ENCODE=1.
o AV1E_GET_TARGET_SEQ_LEVEL_IDX
- New key-value pairs for the key-value API:
o --auto-intra-tools-off=0 (default) or 1. Only in effect if
--deltaq-mode=3.
o --strict-level-conformance=0 (default) or 1
o --fp-mt=0 (default) or 1. Only supported if libaom is built
with -DCONFIG_FRAME_PARALLEL_ENCODE=1.
- New aomenc options (not supported by the key-value API):
o --nv12
* Compression Efficiency Improvements:
- Correctly calculate SSE for high bitdepth in skip mode, 0.2%
to 0.6% coding gain.
- RTC at speed 9/10: BD-rate gain of ~4/5%
- RTC screen content coding: many improvements for real-time
screen at speed 10 (quality, speedup, and rate control), up
to high resolutions (1080p).
- RTC-SVC: fixes to make intra-only frames work for spatial
layers.
- RTC-SVC: quality improvements for temporal layers.
- AV1 RT: A new passive rate control strategy for screen
content, an average of 7.5% coding gain, with some clips of
20+%. The feature is turned off by default due to higher bit
rate variation.
* Perceptual Quality Improvements:
- RTC: Visual quality improvements for high speeds (9/10)
- Improvements in coding quality for all intra mode
* Speedup and Memory Optimizations:
- ~10% speedup in good quality mode encoding.
- ~7% heap memory reduction in good quality encoding mode for
speed 5 and 6.
- Ongoing improvements to intra-frame encoding performance on
Arm
- Faster encoding speed for '--deltaq-mode=3' mode.
- ~10% speedup for speed 5/6, ~15% speedup for speed 7/8, and
~10% speedup for speed 9/10 in real time encoding mode
- ~20% heap memory reduction in still-picture encoding mode for
360p-720p resolutions with multiple threads
- ~13% speedup for speed 6 and ~12% speedup for speed 9 in
still-picture encoding mode.
- Optimizations to improve multi-thread efficiency for
still-picture encoding mode.
* Bug Fixes:
- b/204460717: README.md: replace master with main
- b/210677928: libaom disable_order is surprising for
max_reference_frames=3
- b/222461449: -DCONFIG_TUNE_BUTTERAUGLI=1 broken
- b/227207606: write_greyscale writes incorrect chroma in
highbd mode
- b/229955363: Integer-overflow in linsolve_wiener
Update to version 3.3.0:
* This release includes compression efficiency and perceptual
quality improvements, speedup and memory optimizations, some
new features, and several bug fixes.
* New Features
- AV1 RT: Introducing CDEF search level 5
- Changed real time speed 4 to behave the same as real time
speed 5
- Add --deltaq-strength
- rtc: Allow scene-change and overshoot detection for svc
- rtc: Intra-only frame for svc
- AV1 RT: Option 2 for codec control AV1E_SET_ENABLE_CDEF to
disable CDEF on non-ref frames
- New codec controls AV1E_SET_LOOPFILTER_CONTROL and
AOME_GET_LOOPFILTER_LEVEL
- Improvements to three pass encoding
* Compression Efficiency Improvements: Overall compression gains:
0.6%
* Perceptual Quality Improvements
- Improves the perceptual quality of high QP encoding for
delta-q mode 4
- Auto select noise synthesis level for all intra
* Speedup and Memory Optimizations
- Added many SSE2 optimizations.
- Good quality 2-pass encoder speedups:
o Speed 2: 9%
o Speed 3: 12.5%
o Speed 4: 8%
o Speed 5: 3%
o Speed 6: 4%
- Real time mode encoder speedups:
o Speed 5: 2.6% BDRate gain, 4% speedup
o Speed 6: 3.5% BDRate gain, 4% speedup
o Speed 9: 1% BDRate gain, 3% speedup
o Speed 10: 3% BDRate gain, neutral speedup
- All intra encoding speedups (AVIF):
o Single thread - speed 6: 8%
o Single thread - speed 9: 15%
o Multi thread(8) - speed 6: 14%
o Multi thread(8) - speed 9: 34%
* Bug Fixes
- Issue 3163: Segmentation fault when using
--enable-keyframe-filtering=2
- Issue 2436: Integer overflow in av1_warp_affine_c()
- Issue 3226: armv7 build failure due to gcc-11
- Issue 3195: Bug report on libaom (AddressSanitizer:
heap-buffer-overflow)
- Issue 3191: Bug report on libaom (AddressSanitizer: SEGV on
unknown address)
- Drop libaom-devel Requires from libaom-devel-doc sub-package: We
do not need the devel package to be able to read the devel
documentation.
libyuv was added new in version 20230517+a377993.
ModerateCVE-2023-6879 at SUSECVE-2023-6879 at NVDcpe:/o:opensuse:leap:15.5Security update for libsoup2 (Important)openSUSE Leap 15.5
This update for libsoup2 fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:opensuse:leap:15.5Security update for netpbm (Moderate)openSUSE Leap 15.5
This update for netpbm fixes the following issues:
- CVE-2017-5849: Fixed out-of-bound read and write issue that can occur in function putgreytile() and put1bitbwtile() (bsc#1022790, bsc#1022791).
ModerateSUSE bug 1022790SUSE bug 1022791CVE-2017-5849 at SUSECVE-2017-5849 at NVDcpe:/o:opensuse:leap:15.5Security update for libsoup (Important)openSUSE Leap 15.5
This update for libsoup fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
Other fixes:
- websocket-test: disconnect error copy after
the test ends (glgo#GNOME/libsoup#391).
- fix an intermittent test failure
(glgo#GNOME/soup#399).
- Increase test timeout on s390x. The http2-body-stream test can be
slow and sometimes times out in our builds.
ImportantSUSE bug 1233285SUSE bug 1233287SUSE bug 1233292CVE-2024-52530 at SUSECVE-2024-52530 at NVDCVE-2024-52531 at SUSECVE-2024-52531 at NVDCVE-2024-52532 at SUSECVE-2024-52532 at NVDcpe:/o:opensuse:leap:15.5Security update for curl (Moderate)openSUSE Leap 15.5
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
ModerateSUSE bug 1234068CVE-2024-11053 at SUSECVE-2024-11053 at NVDcpe:/o:opensuse:leap:15.5Security update for docker (Important)openSUSE Leap 15.5
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path. ImportantSUSE bug 1217070SUSE bug 1228324SUSE bug 1228553SUSE bug 1229806SUSE bug 1230294SUSE bug 1230331SUSE bug 1230333SUSE bug 1231348SUSE bug 1232999SUSE bug 1233819CVE-2023-45142 at SUSECVE-2023-45142 at NVDCVE-2023-47108 at SUSECVE-2023-47108 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (bsc#1232251).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- acpi: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- acpi: battery: Simplify battery hook locking (bsc#1232154)
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: EC: Do not release locks during operation region accesses (stable-fixes).
- acpi: PAD: fix crash in exit_round_robin() (stable-fixes).
- acpi: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- acpi: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- acpi: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- acpi: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- acpica: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- acpica: iasl: handle empty connection_node (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: asihpi: Fix potential OOB array access (stable-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: core: add isascii() check to card ID generator (stable-fixes).
- alsa: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda: cs35l41: fix module autoloading (git-fixes).
- alsa: hda: Fix kctl->id initialization (git-fixes).
- alsa: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- alsa: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- alsa: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- alsa: hda/cs8409: Fix possible NULL dereference (git-fixes).
- alsa: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- alsa: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- alsa: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- alsa: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: Update default depop procedure (git-fixes).
- alsa: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- alsa: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- alsa: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- alsa: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- alsa: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- alsa: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usb-audio: Define macros for quirk table entries (stable-fixes).
- alsa: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- asoc: allow module autoloading for table db1200_pids (stable-fixes).
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- asoc: intel: fix module autoloading (stable-fixes).
- asoc: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- asoc: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- asoc: tda7419: fix module autoloading (stable-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- block: print symbolic error name instead of error code (bsc#1231872).
- bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- bluetooth: Call iso_exit() on module unload (git-fixes).
- bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: Remove debugfs directory on module init failure (git-fixes).
- bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop OCFS2 patch causing a regression (bsc#1233255)
- drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- Fix regression on AMDGPU driver (bsc#1233134)
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: multitouch: Add support for GT7868Q (stable-fixes).
- hid: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- hid: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- itco_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: Restore exported __arm_smccc_sve_check (git-fixes)
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- kvm: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- kvm: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- kvm: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- kvm: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- kvm: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kvm: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kvm: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- kvm: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- kvm: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- kvm: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- kvm: eventfd: Fix false positive RCU usage warning (git-fixes).
- kvm: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- kvm: Fix lockdep false negative during host resume (git-fixes).
- kvm: fix memoryleak in kvm_init() (git-fixes).
- kvm: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- kvm: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- kvm: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- kvm: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- kvm: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- kvm: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- kvm: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- kvm: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- kvm: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- kvm: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- kvm: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- kvm: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- kvm: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- kvm: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- kvm: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- kvm/arm64: rework guest entry logic (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: Fix NFSv4's PUTPUBFH operation (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: Mark filecache 'down' if init fails (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nfsv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- nfsv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- pci: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- pci: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rdma/bnxt_re: Add a check for memory allocation (git-fixes)
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- rdma/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- rdma/bnxt_re: Fix the GID table length (git-fixes)
- rdma/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- rdma/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- rdma/bnxt_re: Return more meaningful error (git-fixes)
- rdma/bnxt_re: synchronize the qp-handle table array (git-fixes)
- rdma/cxgb4: Dump vendor specific QP details (git-fixes)
- rdma/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/irdma: Fix misspelling of 'accept*' (git-fixes)
- rdma/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- rdma/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- rdma/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rdma/srpt: Make slab cache names unique (git-fixes)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (stable-fixes).
- Revert PM changes that caused a regression on S4 resume (bsc#1231578).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- sunrpc: clnt.c: Remove misleading comment (git-fixes).
- sunrpc: Fix integer overflow in decode_rc_list() (git-fixes).
- sunrpc: Fixup gss_status tracepoint error output (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: appledisplay: close race between probe and completion handler (stable-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- usb: misc: yurex: fix race between read and write (stable-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- usb: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- usb: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
ImportantSUSE bug 1054914SUSE bug 1065729SUSE bug 1082555SUSE bug 1194869SUSE bug 1204171SUSE bug 1205796SUSE bug 1206188SUSE bug 1206344SUSE bug 1209290SUSE bug 1210449SUSE bug 1210627SUSE bug 1213034SUSE bug 1216813SUSE bug 1218562SUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1221333SUSE bug 1222364SUSE bug 1222590SUSE bug 1223202SUSE bug 1223384SUSE bug 1223524SUSE bug 1223656SUSE bug 1223824SUSE bug 1223848SUSE bug 1223919SUSE bug 1223942SUSE bug 1224518SUSE bug 1224526SUSE bug 1224574SUSE bug 1225189SUSE bug 1225336SUSE bug 1225611SUSE bug 1225725SUSE bug 1225730SUSE bug 1225742SUSE bug 1225762SUSE bug 1225764SUSE bug 1225812SUSE bug 1226498SUSE bug 1226560SUSE bug 1226592SUSE bug 1226631SUSE bug 1226748SUSE bug 1226797SUSE bug 1226872SUSE bug 1227437SUSE bug 1227853SUSE bug 1227885SUSE bug 1228119SUSE bug 1228269SUSE bug 1228410SUSE bug 1228430SUSE bug 1228486SUSE bug 1228650SUSE bug 1228709SUSE bug 1228743SUSE bug 1228747SUSE bug 1228857SUSE bug 1229005SUSE bug 1229019SUSE bug 1229312SUSE bug 1229429SUSE bug 1229450SUSE bug 1229454SUSE bug 1229456SUSE bug 1229556SUSE bug 1229585SUSE bug 1229752SUSE bug 1229769SUSE bug 1229808SUSE bug 1229837SUSE bug 1229891SUSE bug 1230055SUSE bug 1230179SUSE bug 1230220SUSE bug 1230231SUSE bug 1230270SUSE bug 1230289SUSE bug 1230405SUSE bug 1230414SUSE bug 1230429SUSE bug 1230456SUSE bug 1230550SUSE bug 1230558SUSE bug 1230600SUSE bug 1230620SUSE bug 1230715SUSE bug 1230722SUSE bug 1230763SUSE bug 1230773SUSE bug 1230774SUSE bug 1230801SUSE bug 1230827SUSE bug 1230903SUSE bug 1230918SUSE bug 1231016SUSE bug 1231072SUSE bug 1231073SUSE bug 1231083SUSE bug 1231084SUSE bug 1231085SUSE bug 1231087SUSE bug 1231089SUSE bug 1231094SUSE bug 1231096SUSE bug 1231098SUSE bug 1231101SUSE bug 1231105SUSE bug 1231108SUSE bug 1231111SUSE bug 1231114SUSE bug 1231115SUSE bug 1231132SUSE bug 1231135SUSE bug 1231138SUSE bug 1231148SUSE bug 1231169SUSE bug 1231178SUSE bug 1231179SUSE bug 1231180SUSE bug 1231181SUSE bug 1231187SUSE bug 1231191SUSE bug 1231193SUSE bug 1231195SUSE bug 1231197SUSE bug 1231200SUSE bug 1231202SUSE bug 1231203SUSE bug 1231277SUSE bug 1231293SUSE bug 1231327SUSE bug 1231344SUSE bug 1231375SUSE bug 1231383SUSE bug 1231434SUSE bug 1231439SUSE bug 1231441SUSE bug 1231442SUSE bug 1231452SUSE bug 1231465SUSE bug 1231474SUSE bug 1231481SUSE bug 1231496SUSE bug 1231502SUSE bug 1231537SUSE bug 1231539SUSE bug 1231540SUSE bug 1231541SUSE bug 1231578SUSE bug 1231646SUSE bug 1231673SUSE bug 1231849SUSE bug 1231856SUSE bug 1231857SUSE bug 1231858SUSE bug 1231859SUSE bug 1231861SUSE bug 1231864SUSE bug 1231872SUSE bug 1231883SUSE bug 1231885SUSE bug 1231887SUSE bug 1231888SUSE bug 1231889SUSE bug 1231890SUSE bug 1231892SUSE bug 1231893SUSE bug 1231895SUSE bug 1231896SUSE bug 1231897SUSE bug 1231902SUSE bug 1231903SUSE bug 1231904SUSE bug 1231907SUSE bug 1231914SUSE bug 1231916SUSE bug 1231920SUSE bug 1231923SUSE bug 1231929SUSE bug 1231930SUSE bug 1231931SUSE bug 1231935SUSE bug 1231936SUSE bug 1231937SUSE bug 1231938SUSE bug 1231939SUSE bug 1231940SUSE bug 1231941SUSE bug 1231942SUSE bug 1231944SUSE bug 1231947SUSE bug 1231950SUSE bug 1231952SUSE bug 1231953SUSE bug 1231954SUSE bug 1231958SUSE bug 1231959SUSE bug 1231960SUSE bug 1231961SUSE bug 1231962SUSE bug 1231965SUSE bug 1231967SUSE bug 1231968SUSE bug 1231972SUSE bug 1231973SUSE bug 1231976SUSE bug 1231978SUSE bug 1231979SUSE bug 1231987SUSE bug 1231988SUSE bug 1231990SUSE bug 1231991SUSE bug 1231992SUSE bug 1231995SUSE bug 1231996SUSE bug 1231997SUSE bug 1231998SUSE bug 1232001SUSE bug 1232004SUSE bug 1232005SUSE bug 1232006SUSE bug 1232007SUSE bug 1232013SUSE bug 1232015SUSE bug 1232016SUSE bug 1232017SUSE bug 1232025SUSE bug 1232026SUSE bug 1232027SUSE bug 1232028SUSE bug 1232033SUSE bug 1232034SUSE bug 1232035SUSE bug 1232036SUSE bug 1232037SUSE bug 1232038SUSE bug 1232039SUSE bug 1232043SUSE bug 1232047SUSE bug 1232048SUSE bug 1232049SUSE bug 1232050SUSE bug 1232056SUSE bug 1232067SUSE bug 1232069SUSE bug 1232070SUSE bug 1232071SUSE bug 1232075SUSE bug 1232076SUSE bug 1232080SUSE bug 1232083SUSE bug 1232084SUSE bug 1232085SUSE bug 1232089SUSE bug 1232094SUSE bug 1232096SUSE bug 1232097SUSE bug 1232098SUSE bug 1232104SUSE bug 1232105SUSE bug 1232108SUSE bug 1232111SUSE bug 1232114SUSE bug 1232116SUSE bug 1232119SUSE bug 1232120SUSE bug 1232123SUSE bug 1232124SUSE bug 1232126SUSE bug 1232133SUSE bug 1232134SUSE bug 1232135SUSE bug 1232136SUSE bug 1232140SUSE bug 1232141SUSE bug 1232142SUSE bug 1232145SUSE bug 1232147SUSE bug 1232149SUSE bug 1232150SUSE bug 1232151SUSE bug 1232152SUSE bug 1232154SUSE bug 1232155SUSE bug 1232159SUSE bug 1232160SUSE bug 1232162SUSE bug 1232163SUSE bug 1232164SUSE bug 1232165SUSE bug 1232170SUSE bug 1232172SUSE bug 1232174SUSE bug 1232175SUSE bug 1232180SUSE bug 1232185SUSE bug 1232187SUSE bug 1232189SUSE bug 1232191SUSE bug 1232195SUSE bug 1232196SUSE bug 1232198SUSE bug 1232199SUSE bug 1232200SUSE bug 1232201SUSE bug 1232217SUSE bug 1232218SUSE bug 1232220SUSE bug 1232221SUSE bug 1232224SUSE bug 1232229SUSE bug 1232232SUSE bug 1232233SUSE bug 1232237SUSE bug 1232251SUSE bug 1232253SUSE bug 1232254SUSE bug 1232255SUSE bug 1232259SUSE bug 1232260SUSE bug 1232262SUSE bug 1232263SUSE bug 1232264SUSE bug 1232272SUSE bug 1232279SUSE bug 1232282SUSE bug 1232285SUSE bug 1232286SUSE bug 1232287SUSE bug 1232293SUSE bug 1232304SUSE bug 1232305SUSE bug 1232307SUSE bug 1232309SUSE bug 1232310SUSE bug 1232312SUSE bug 1232313SUSE bug 1232314SUSE bug 1232316SUSE bug 1232317SUSE bug 1232318SUSE bug 1232329SUSE bug 1232332SUSE bug 1232333SUSE bug 1232334SUSE bug 1232335SUSE bug 1232337SUSE bug 1232339SUSE bug 1232342SUSE bug 1232345SUSE bug 1232349SUSE bug 1232352SUSE bug 1232354SUSE bug 1232355SUSE bug 1232357SUSE bug 1232358SUSE bug 1232359SUSE bug 1232361SUSE bug 1232362SUSE bug 1232364SUSE bug 1232366SUSE bug 1232367SUSE bug 1232368SUSE bug 1232369SUSE bug 1232370SUSE bug 1232371SUSE bug 1232374SUSE bug 1232378SUSE bug 1232381SUSE bug 1232383SUSE bug 1232385SUSE bug 1232387SUSE bug 1232392SUSE bug 1232394SUSE bug 1232395SUSE bug 1232413SUSE bug 1232416SUSE bug 1232418SUSE bug 1232424SUSE bug 1232432SUSE bug 1232435SUSE bug 1232436SUSE bug 1232442SUSE bug 1232446SUSE bug 1232483SUSE bug 1232500SUSE bug 1232501SUSE bug 1232503SUSE bug 1232504SUSE bug 1232507SUSE bug 1232519SUSE bug 1232520SUSE bug 1232552SUSE bug 1232630SUSE bug 1232631SUSE bug 1232632SUSE bug 1232757SUSE bug 1232819SUSE bug 1232860SUSE bug 1232870SUSE bug 1232873SUSE bug 1232877SUSE bug 1232878SUSE bug 1232881SUSE bug 1232884SUSE bug 1232885SUSE bug 1232887SUSE bug 1232888SUSE bug 1232890SUSE bug 1232892SUSE bug 1232896SUSE bug 1232897SUSE bug 1232905SUSE bug 1232907SUSE bug 1232919SUSE bug 1232926SUSE bug 1232928SUSE bug 1232935SUSE bug 1233035SUSE bug 1233049SUSE bug 1233051SUSE bug 1233056SUSE bug 1233057SUSE bug 1233061SUSE bug 1233063SUSE bug 1233065SUSE bug 1233067SUSE bug 1233070SUSE bug 1233073SUSE bug 1233074SUSE bug 1233100SUSE bug 1233103SUSE bug 1233104SUSE bug 1233105SUSE bug 1233106SUSE bug 1233107SUSE bug 1233108SUSE bug 1233110SUSE bug 1233111SUSE bug 1233113SUSE bug 1233114SUSE bug 1233117SUSE bug 1233123SUSE bug 1233125SUSE bug 1233129SUSE bug 1233130SUSE bug 1233134SUSE bug 1233135SUSE bug 1233150SUSE bug 1233189SUSE bug 1233191SUSE bug 1233197SUSE bug 1233205SUSE bug 1233206SUSE bug 1233209SUSE bug 1233210SUSE bug 1233211SUSE bug 1233212SUSE bug 1233214SUSE bug 1233216SUSE bug 1233238SUSE bug 1233241SUSE bug 1233253SUSE bug 1233255SUSE bug 1233293SUSE bug 1233350SUSE bug 1233452SUSE bug 1233453SUSE bug 1233454SUSE bug 1233456SUSE bug 1233457SUSE bug 1233458SUSE bug 1233460SUSE bug 1233462SUSE bug 1233463SUSE bug 1233468SUSE bug 1233471SUSE bug 1233476SUSE bug 1233478SUSE bug 1233479SUSE bug 1233481SUSE bug 1233484SUSE bug 1233487SUSE bug 1233490SUSE bug 1233491SUSE bug 1233528SUSE bug 1233548SUSE bug 1233552SUSE bug 1233553SUSE bug 1233554SUSE bug 1233555SUSE bug 1233557SUSE bug 1233560SUSE bug 1233561SUSE bug 1233570SUSE bug 1233577SUSE bug 1233580SUSE bug 1233977SUSE bug 1234012SUSE bug 1234025SUSE bug 1234085SUSE bug 1234093SUSE bug 1234098SUSE bug 1234108CVE-2021-47416 at SUSECVE-2021-47416 at NVDCVE-2021-47534 at SUSECVE-2021-47534 at NVDCVE-2021-47594 at SUSECVE-2021-47594 at NVDCVE-2022-3435 at SUSECVE-2022-3435 at NVDCVE-2022-45934 at SUSECVE-2022-45934 at NVDCVE-2022-48664 at SUSECVE-2022-48664 at NVDCVE-2022-48674 at SUSECVE-2022-48674 at NVDCVE-2022-48879 at SUSECVE-2022-48879 at NVDCVE-2022-48946 at SUSECVE-2022-48946 at NVDCVE-2022-48947 at SUSECVE-2022-48947 at NVDCVE-2022-48948 at SUSECVE-2022-48948 at NVDCVE-2022-48949 at SUSECVE-2022-48949 at NVDCVE-2022-48951 at SUSECVE-2022-48951 at NVDCVE-2022-48953 at SUSECVE-2022-48953 at NVDCVE-2022-48954 at SUSECVE-2022-48954 at NVDCVE-2022-48955 at SUSECVE-2022-48955 at NVDCVE-2022-48956 at SUSECVE-2022-48956 at NVDCVE-2022-48957 at SUSECVE-2022-48957 at NVDCVE-2022-48958 at SUSECVE-2022-48958 at NVDCVE-2022-48959 at SUSECVE-2022-48959 at NVDCVE-2022-48960 at SUSECVE-2022-48960 at NVDCVE-2022-48961 at SUSECVE-2022-48961 at NVDCVE-2022-48962 at SUSECVE-2022-48962 at NVDCVE-2022-48966 at SUSECVE-2022-48966 at NVDCVE-2022-48967 at SUSECVE-2022-48967 at NVDCVE-2022-48968 at SUSECVE-2022-48968 at NVDCVE-2022-48969 at SUSECVE-2022-48969 at NVDCVE-2022-48970 at SUSECVE-2022-48970 at NVDCVE-2022-48971 at SUSECVE-2022-48971 at NVDCVE-2022-48972 at SUSECVE-2022-48972 at NVDCVE-2022-48973 at SUSECVE-2022-48973 at NVDCVE-2022-48975 at SUSECVE-2022-48975 at NVDCVE-2022-48977 at SUSECVE-2022-48977 at NVDCVE-2022-48978 at SUSECVE-2022-48978 at NVDCVE-2022-48979 at SUSECVE-2022-48979 at NVDCVE-2022-48980 at SUSECVE-2022-48980 at NVDCVE-2022-48981 at SUSECVE-2022-48981 at NVDCVE-2022-48982 at SUSECVE-2022-48982 at NVDCVE-2022-48983 at SUSECVE-2022-48983 at NVDCVE-2022-48985 at SUSECVE-2022-48985 at NVDCVE-2022-48987 at SUSECVE-2022-48987 at NVDCVE-2022-48988 at SUSECVE-2022-48988 at NVDCVE-2022-48989 at SUSECVE-2022-48989 at NVDCVE-2022-48990 at SUSECVE-2022-48990 at NVDCVE-2022-48991 at SUSECVE-2022-48991 at NVDCVE-2022-48992 at SUSECVE-2022-48992 at NVDCVE-2022-48994 at SUSECVE-2022-48994 at NVDCVE-2022-48995 at SUSECVE-2022-48995 at NVDCVE-2022-48997 at SUSECVE-2022-48997 at NVDCVE-2022-48999 at SUSECVE-2022-48999 at NVDCVE-2022-49000 at SUSECVE-2022-49000 at NVDCVE-2022-49002 at SUSECVE-2022-49002 at NVDCVE-2022-49003 at SUSECVE-2022-49003 at NVDCVE-2022-49005 at SUSECVE-2022-49005 at NVDCVE-2022-49006 at SUSECVE-2022-49006 at NVDCVE-2022-49007 at SUSECVE-2022-49007 at NVDCVE-2022-49010 at SUSECVE-2022-49010 at NVDCVE-2022-49011 at SUSECVE-2022-49011 at NVDCVE-2022-49012 at SUSECVE-2022-49012 at NVDCVE-2022-49014 at SUSECVE-2022-49014 at NVDCVE-2022-49015 at SUSECVE-2022-49015 at NVDCVE-2022-49016 at SUSECVE-2022-49016 at NVDCVE-2022-49017 at SUSECVE-2022-49017 at NVDCVE-2022-49019 at SUSECVE-2022-49019 at NVDCVE-2022-49020 at SUSECVE-2022-49020 at NVDCVE-2022-49021 at SUSECVE-2022-49021 at NVDCVE-2022-49022 at SUSECVE-2022-49022 at NVDCVE-2022-49023 at SUSECVE-2022-49023 at NVDCVE-2022-49024 at SUSECVE-2022-49024 at NVDCVE-2022-49025 at SUSECVE-2022-49025 at NVDCVE-2022-49026 at SUSECVE-2022-49026 at NVDCVE-2022-49027 at SUSECVE-2022-49027 at NVDCVE-2022-49028 at SUSECVE-2022-49028 at NVDCVE-2022-49029 at SUSECVE-2022-49029 at NVDCVE-2022-49031 at SUSECVE-2022-49031 at NVDCVE-2022-49032 at SUSECVE-2022-49032 at NVDCVE-2023-2166 at SUSECVE-2023-2166 at NVDCVE-2023-28327 at SUSECVE-2023-28327 at NVDCVE-2023-52766 at SUSECVE-2023-52766 at NVDCVE-2023-52800 at SUSECVE-2023-52800 at NVDCVE-2023-52881 at SUSECVE-2023-52881 at NVDCVE-2023-52915 at SUSECVE-2023-52915 at NVDCVE-2023-52917 at SUSECVE-2023-52917 at NVDCVE-2023-52918 at SUSECVE-2023-52918 at NVDCVE-2023-52919 at SUSECVE-2023-52919 at NVDCVE-2023-52921 at SUSECVE-2023-52921 at NVDCVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-26953 at SUSECVE-2024-26953 at NVDCVE-2024-27043 at SUSECVE-2024-27043 at NVDCVE-2024-35888 at SUSECVE-2024-35888 at NVDCVE-2024-35937 at SUSECVE-2024-35937 at NVDCVE-2024-35980 at SUSECVE-2024-35980 at NVDCVE-2024-36244 at SUSECVE-2024-36244 at NVDCVE-2024-36484 at SUSECVE-2024-36484 at NVDCVE-2024-36883 at SUSECVE-2024-36883 at NVDCVE-2024-36886 at SUSECVE-2024-36886 at NVDCVE-2024-36905 at SUSECVE-2024-36905 at NVDCVE-2024-36953 at SUSECVE-2024-36953 at NVDCVE-2024-36954 at SUSECVE-2024-36954 at NVDCVE-2024-36957 at SUSECVE-2024-36957 at NVDCVE-2024-38577 at SUSECVE-2024-38577 at NVDCVE-2024-38589 at SUSECVE-2024-38589 at NVDCVE-2024-38615 at SUSECVE-2024-38615 at NVDCVE-2024-39476 at SUSECVE-2024-39476 at NVDCVE-2024-40965 at SUSECVE-2024-40965 at NVDCVE-2024-40997 at SUSECVE-2024-40997 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41023 at SUSECVE-2024-41023 at NVDCVE-2024-41049 at SUSECVE-2024-41049 at NVDCVE-2024-42131 at SUSECVE-2024-42131 at NVDCVE-2024-42145 at SUSECVE-2024-42145 at NVDCVE-2024-42226 at SUSECVE-2024-42226 at NVDCVE-2024-42253 at SUSECVE-2024-42253 at NVDCVE-2024-43817 at SUSECVE-2024-43817 at NVDCVE-2024-43897 at SUSECVE-2024-43897 at NVDCVE-2024-44931 at SUSECVE-2024-44931 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44947 at SUSECVE-2024-44947 at NVDCVE-2024-44958 at SUSECVE-2024-44958 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-44995 at SUSECVE-2024-44995 at NVDCVE-2024-45016 at SUSECVE-2024-45016 at NVDCVE-2024-45025 at SUSECVE-2024-45025 at NVDCVE-2024-46678 at SUSECVE-2024-46678 at NVDCVE-2024-46681 at SUSECVE-2024-46681 at NVDCVE-2024-46716 at SUSECVE-2024-46716 at NVDCVE-2024-46719 at SUSECVE-2024-46719 at NVDCVE-2024-46754 at SUSECVE-2024-46754 at NVDCVE-2024-46770 at SUSECVE-2024-46770 at NVDCVE-2024-46775 at SUSECVE-2024-46775 at NVDCVE-2024-46777 at SUSECVE-2024-46777 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-46802 at SUSECVE-2024-46802 at NVDCVE-2024-46804 at SUSECVE-2024-46804 at NVDCVE-2024-46805 at SUSECVE-2024-46805 at NVDCVE-2024-46807 at SUSECVE-2024-46807 at NVDCVE-2024-46809 at SUSECVE-2024-46809 at NVDCVE-2024-46810 at SUSECVE-2024-46810 at NVDCVE-2024-46811 at SUSECVE-2024-46811 at NVDCVE-2024-46812 at SUSECVE-2024-46812 at NVDCVE-2024-46813 at SUSECVE-2024-46813 at NVDCVE-2024-46814 at SUSECVE-2024-46814 at NVDCVE-2024-46815 at SUSECVE-2024-46815 at NVDCVE-2024-46816 at SUSECVE-2024-46816 at NVDCVE-2024-46817 at SUSECVE-2024-46817 at NVDCVE-2024-46818 at SUSECVE-2024-46818 at NVDCVE-2024-46819 at SUSECVE-2024-46819 at NVDCVE-2024-46821 at SUSECVE-2024-46821 at NVDCVE-2024-46826 at SUSECVE-2024-46826 at NVDCVE-2024-46828 at SUSECVE-2024-46828 at NVDCVE-2024-46834 at SUSECVE-2024-46834 at NVDCVE-2024-46835 at SUSECVE-2024-46835 at NVDCVE-2024-46840 at SUSECVE-2024-46840 at NVDCVE-2024-46841 at SUSECVE-2024-46841 at NVDCVE-2024-46842 at SUSECVE-2024-46842 at NVDCVE-2024-46848 at SUSECVE-2024-46848 at NVDCVE-2024-46849 at SUSECVE-2024-46849 at NVDCVE-2024-46853 at SUSECVE-2024-46853 at NVDCVE-2024-46854 at SUSECVE-2024-46854 at NVDCVE-2024-46855 at SUSECVE-2024-46855 at NVDCVE-2024-46857 at SUSECVE-2024-46857 at NVDCVE-2024-46859 at SUSECVE-2024-46859 at NVDCVE-2024-46864 at SUSECVE-2024-46864 at NVDCVE-2024-46871 at SUSECVE-2024-46871 at NVDCVE-2024-47660 at SUSECVE-2024-47660 at NVDCVE-2024-47661 at SUSECVE-2024-47661 at NVDCVE-2024-47663 at SUSECVE-2024-47663 at NVDCVE-2024-47664 at SUSECVE-2024-47664 at NVDCVE-2024-47665 at SUSECVE-2024-47665 at NVDCVE-2024-47667 at SUSECVE-2024-47667 at NVDCVE-2024-47668 at SUSECVE-2024-47668 at NVDCVE-2024-47669 at SUSECVE-2024-47669 at NVDCVE-2024-47670 at SUSECVE-2024-47670 at NVDCVE-2024-47671 at SUSECVE-2024-47671 at NVDCVE-2024-47672 at SUSECVE-2024-47672 at NVDCVE-2024-47673 at SUSECVE-2024-47673 at NVDCVE-2024-47674 at SUSECVE-2024-47674 at NVDCVE-2024-47679 at SUSECVE-2024-47679 at NVDCVE-2024-47682 at SUSECVE-2024-47682 at NVDCVE-2024-47684 at SUSECVE-2024-47684 at NVDCVE-2024-47685 at SUSECVE-2024-47685 at NVDCVE-2024-47692 at SUSECVE-2024-47692 at NVDCVE-2024-47693 at SUSECVE-2024-47693 at NVDCVE-2024-47695 at SUSECVE-2024-47695 at NVDCVE-2024-47696 at SUSECVE-2024-47696 at NVDCVE-2024-47697 at SUSECVE-2024-47697 at NVDCVE-2024-47698 at SUSECVE-2024-47698 at NVDCVE-2024-47699 at SUSECVE-2024-47699 at NVDCVE-2024-47701 at SUSECVE-2024-47701 at NVDCVE-2024-47704 at SUSECVE-2024-47704 at NVDCVE-2024-47705 at SUSECVE-2024-47705 at NVDCVE-2024-47706 at SUSECVE-2024-47706 at NVDCVE-2024-47707 at SUSECVE-2024-47707 at NVDCVE-2024-47709 at SUSECVE-2024-47709 at NVDCVE-2024-47710 at SUSECVE-2024-47710 at NVDCVE-2024-47712 at SUSECVE-2024-47712 at NVDCVE-2024-47713 at SUSECVE-2024-47713 at NVDCVE-2024-47718 at SUSECVE-2024-47718 at NVDCVE-2024-47720 at SUSECVE-2024-47720 at NVDCVE-2024-47723 at SUSECVE-2024-47723 at NVDCVE-2024-47727 at SUSECVE-2024-47727 at NVDCVE-2024-47728 at SUSECVE-2024-47728 at NVDCVE-2024-47730 at SUSECVE-2024-47730 at NVDCVE-2024-47735 at SUSECVE-2024-47735 at NVDCVE-2024-47737 at SUSECVE-2024-47737 at NVDCVE-2024-47738 at SUSECVE-2024-47738 at NVDCVE-2024-47739 at SUSECVE-2024-47739 at NVDCVE-2024-47742 at SUSECVE-2024-47742 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47747 at SUSECVE-2024-47747 at NVDCVE-2024-47748 at SUSECVE-2024-47748 at NVDCVE-2024-47749 at SUSECVE-2024-47749 at NVDCVE-2024-47756 at SUSECVE-2024-47756 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49850 at SUSECVE-2024-49850 at NVDCVE-2024-49851 at SUSECVE-2024-49851 at NVDCVE-2024-49852 at SUSECVE-2024-49852 at NVDCVE-2024-49855 at SUSECVE-2024-49855 at NVDCVE-2024-49858 at SUSECVE-2024-49858 at NVDCVE-2024-49860 at SUSECVE-2024-49860 at NVDCVE-2024-49861 at SUSECVE-2024-49861 at NVDCVE-2024-49863 at SUSECVE-2024-49863 at NVDCVE-2024-49866 at SUSECVE-2024-49866 at NVDCVE-2024-49867 at SUSECVE-2024-49867 at NVDCVE-2024-49868 at SUSECVE-2024-49868 at NVDCVE-2024-49870 at SUSECVE-2024-49870 at NVDCVE-2024-49871 at SUSECVE-2024-49871 at NVDCVE-2024-49875 at SUSECVE-2024-49875 at NVDCVE-2024-49877 at SUSECVE-2024-49877 at NVDCVE-2024-49879 at SUSECVE-2024-49879 at NVDCVE-2024-49881 at SUSECVE-2024-49881 at NVDCVE-2024-49882 at SUSECVE-2024-49882 at NVDCVE-2024-49883 at SUSECVE-2024-49883 at NVDCVE-2024-49884 at SUSECVE-2024-49884 at NVDCVE-2024-49886 at SUSECVE-2024-49886 at NVDCVE-2024-49890 at SUSECVE-2024-49890 at NVDCVE-2024-49891 at SUSECVE-2024-49891 at NVDCVE-2024-49892 at SUSECVE-2024-49892 at NVDCVE-2024-49894 at SUSECVE-2024-49894 at NVDCVE-2024-49895 at SUSECVE-2024-49895 at NVDCVE-2024-49896 at SUSECVE-2024-49896 at NVDCVE-2024-49897 at SUSECVE-2024-49897 at NVDCVE-2024-49899 at SUSECVE-2024-49899 at NVDCVE-2024-49900 at SUSECVE-2024-49900 at NVDCVE-2024-49901 at SUSECVE-2024-49901 at NVDCVE-2024-49902 at SUSECVE-2024-49902 at NVDCVE-2024-49903 at SUSECVE-2024-49903 at NVDCVE-2024-49905 at SUSECVE-2024-49905 at NVDCVE-2024-49906 at SUSECVE-2024-49906 at NVDCVE-2024-49907 at SUSECVE-2024-49907 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49909 at SUSECVE-2024-49909 at NVDCVE-2024-49911 at SUSECVE-2024-49911 at NVDCVE-2024-49912 at SUSECVE-2024-49912 at NVDCVE-2024-49913 at SUSECVE-2024-49913 at NVDCVE-2024-49914 at SUSECVE-2024-49914 at NVDCVE-2024-49917 at SUSECVE-2024-49917 at NVDCVE-2024-49918 at SUSECVE-2024-49918 at NVDCVE-2024-49919 at SUSECVE-2024-49919 at NVDCVE-2024-49920 at SUSECVE-2024-49920 at NVDCVE-2024-49921 at SUSECVE-2024-49921 at NVDCVE-2024-49922 at SUSECVE-2024-49922 at NVDCVE-2024-49923 at SUSECVE-2024-49923 at NVDCVE-2024-49924 at SUSECVE-2024-49924 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49929 at SUSECVE-2024-49929 at NVDCVE-2024-49930 at SUSECVE-2024-49930 at NVDCVE-2024-49933 at SUSECVE-2024-49933 at NVDCVE-2024-49934 at SUSECVE-2024-49934 at NVDCVE-2024-49935 at SUSECVE-2024-49935 at NVDCVE-2024-49936 at SUSECVE-2024-49936 at NVDCVE-2024-49938 at SUSECVE-2024-49938 at NVDCVE-2024-49939 at SUSECVE-2024-49939 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49946 at SUSECVE-2024-49946 at NVDCVE-2024-49947 at SUSECVE-2024-49947 at NVDCVE-2024-49949 at SUSECVE-2024-49949 at NVDCVE-2024-49950 at SUSECVE-2024-49950 at NVDCVE-2024-49954 at SUSECVE-2024-49954 at NVDCVE-2024-49955 at SUSECVE-2024-49955 at NVDCVE-2024-49957 at SUSECVE-2024-49957 at NVDCVE-2024-49958 at SUSECVE-2024-49958 at NVDCVE-2024-49959 at SUSECVE-2024-49959 at NVDCVE-2024-49960 at SUSECVE-2024-49960 at NVDCVE-2024-49962 at SUSECVE-2024-49962 at NVDCVE-2024-49963 at SUSECVE-2024-49963 at NVDCVE-2024-49965 at SUSECVE-2024-49965 at NVDCVE-2024-49966 at SUSECVE-2024-49966 at NVDCVE-2024-49967 at SUSECVE-2024-49967 at NVDCVE-2024-49968 at SUSECVE-2024-49968 at NVDCVE-2024-49969 at SUSECVE-2024-49969 at NVDCVE-2024-49973 at SUSECVE-2024-49973 at NVDCVE-2024-49974 at SUSECVE-2024-49974 at NVDCVE-2024-49975 at SUSECVE-2024-49975 at NVDCVE-2024-49981 at SUSECVE-2024-49981 at NVDCVE-2024-49982 at SUSECVE-2024-49982 at NVDCVE-2024-49983 at SUSECVE-2024-49983 at NVDCVE-2024-49985 at SUSECVE-2024-49985 at NVDCVE-2024-49989 at SUSECVE-2024-49989 at NVDCVE-2024-49991 at SUSECVE-2024-49991 at NVDCVE-2024-49993 at SUSECVE-2024-49993 at NVDCVE-2024-49995 at SUSECVE-2024-49995 at NVDCVE-2024-49996 at SUSECVE-2024-49996 at NVDCVE-2024-50000 at SUSECVE-2024-50000 at NVDCVE-2024-50001 at SUSECVE-2024-50001 at NVDCVE-2024-50002 at SUSECVE-2024-50002 at NVDCVE-2024-50003 at SUSECVE-2024-50003 at NVDCVE-2024-50006 at SUSECVE-2024-50006 at NVDCVE-2024-50007 at SUSECVE-2024-50007 at NVDCVE-2024-50008 at SUSECVE-2024-50008 at NVDCVE-2024-50009 at SUSECVE-2024-50009 at NVDCVE-2024-50013 at SUSECVE-2024-50013 at NVDCVE-2024-50014 at SUSECVE-2024-50014 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50019 at SUSECVE-2024-50019 at NVDCVE-2024-50024 at SUSECVE-2024-50024 at NVDCVE-2024-50025 at SUSECVE-2024-50025 at NVDCVE-2024-50026 at SUSECVE-2024-50026 at NVDCVE-2024-50028 at SUSECVE-2024-50028 at NVDCVE-2024-50031 at SUSECVE-2024-50031 at NVDCVE-2024-50033 at SUSECVE-2024-50033 at NVDCVE-2024-50035 at SUSECVE-2024-50035 at NVDCVE-2024-50041 at SUSECVE-2024-50041 at NVDCVE-2024-50044 at SUSECVE-2024-50044 at NVDCVE-2024-50045 at SUSECVE-2024-50045 at NVDCVE-2024-50046 at SUSECVE-2024-50046 at NVDCVE-2024-50047 at SUSECVE-2024-50047 at NVDCVE-2024-50048 at SUSECVE-2024-50048 at NVDCVE-2024-50049 at SUSECVE-2024-50049 at NVDCVE-2024-50055 at SUSECVE-2024-50055 at NVDCVE-2024-50058 at SUSECVE-2024-50058 at NVDCVE-2024-50059 at SUSECVE-2024-50059 at NVDCVE-2024-50061 at SUSECVE-2024-50061 at NVDCVE-2024-50062 at SUSECVE-2024-50062 at NVDCVE-2024-50063 at SUSECVE-2024-50063 at NVDCVE-2024-50067 at SUSECVE-2024-50067 at NVDCVE-2024-50073 at SUSECVE-2024-50073 at NVDCVE-2024-50074 at SUSECVE-2024-50074 at NVDCVE-2024-50077 at SUSECVE-2024-50077 at NVDCVE-2024-50078 at SUSECVE-2024-50078 at NVDCVE-2024-50081 at SUSECVE-2024-50081 at NVDCVE-2024-50082 at SUSECVE-2024-50082 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50093 at SUSECVE-2024-50093 at NVDCVE-2024-50095 at SUSECVE-2024-50095 at NVDCVE-2024-50096 at SUSECVE-2024-50096 at NVDCVE-2024-50098 at SUSECVE-2024-50098 at NVDCVE-2024-50099 at SUSECVE-2024-50099 at NVDCVE-2024-50103 at SUSECVE-2024-50103 at NVDCVE-2024-50108 at SUSECVE-2024-50108 at NVDCVE-2024-50110 at SUSECVE-2024-50110 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50116 at SUSECVE-2024-50116 at NVDCVE-2024-50117 at SUSECVE-2024-50117 at NVDCVE-2024-50124 at SUSECVE-2024-50124 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-50131 at SUSECVE-2024-50131 at NVDCVE-2024-50134 at SUSECVE-2024-50134 at NVDCVE-2024-50135 at SUSECVE-2024-50135 at NVDCVE-2024-50138 at SUSECVE-2024-50138 at NVDCVE-2024-50141 at SUSECVE-2024-50141 at NVDCVE-2024-50146 at SUSECVE-2024-50146 at NVDCVE-2024-50147 at SUSECVE-2024-50147 at NVDCVE-2024-50148 at SUSECVE-2024-50148 at NVDCVE-2024-50150 at SUSECVE-2024-50150 at NVDCVE-2024-50153 at SUSECVE-2024-50153 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50155 at SUSECVE-2024-50155 at NVDCVE-2024-50156 at SUSECVE-2024-50156 at NVDCVE-2024-50160 at SUSECVE-2024-50160 at NVDCVE-2024-50167 at SUSECVE-2024-50167 at NVDCVE-2024-50171 at SUSECVE-2024-50171 at NVDCVE-2024-50179 at SUSECVE-2024-50179 at NVDCVE-2024-50180 at SUSECVE-2024-50180 at NVDCVE-2024-50182 at SUSECVE-2024-50182 at NVDCVE-2024-50183 at SUSECVE-2024-50183 at NVDCVE-2024-50184 at SUSECVE-2024-50184 at NVDCVE-2024-50186 at SUSECVE-2024-50186 at NVDCVE-2024-50187 at SUSECVE-2024-50187 at NVDCVE-2024-50188 at SUSECVE-2024-50188 at NVDCVE-2024-50189 at SUSECVE-2024-50189 at NVDCVE-2024-50192 at SUSECVE-2024-50192 at NVDCVE-2024-50194 at SUSECVE-2024-50194 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50196 at SUSECVE-2024-50196 at NVDCVE-2024-50198 at SUSECVE-2024-50198 at NVDCVE-2024-50201 at SUSECVE-2024-50201 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50209 at SUSECVE-2024-50209 at NVDCVE-2024-50215 at SUSECVE-2024-50215 at NVDCVE-2024-50218 at SUSECVE-2024-50218 at NVDCVE-2024-50229 at SUSECVE-2024-50229 at NVDCVE-2024-50230 at SUSECVE-2024-50230 at NVDCVE-2024-50232 at SUSECVE-2024-50232 at NVDCVE-2024-50233 at SUSECVE-2024-50233 at NVDCVE-2024-50234 at SUSECVE-2024-50234 at NVDCVE-2024-50236 at SUSECVE-2024-50236 at NVDCVE-2024-50237 at SUSECVE-2024-50237 at NVDCVE-2024-50249 at SUSECVE-2024-50249 at NVDCVE-2024-50255 at SUSECVE-2024-50255 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50261 at SUSECVE-2024-50261 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50265 at SUSECVE-2024-50265 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50268 at SUSECVE-2024-50268 at NVDCVE-2024-50269 at SUSECVE-2024-50269 at NVDCVE-2024-50271 at SUSECVE-2024-50271 at NVDCVE-2024-50273 at SUSECVE-2024-50273 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50282 at SUSECVE-2024-50282 at NVDCVE-2024-50287 at SUSECVE-2024-50287 at NVDCVE-2024-50289 at SUSECVE-2024-50289 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50292 at SUSECVE-2024-50292 at NVDCVE-2024-50295 at SUSECVE-2024-50295 at NVDCVE-2024-50298 at SUSECVE-2024-50298 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53052 at SUSECVE-2024-53052 at NVDCVE-2024-53058 at SUSECVE-2024-53058 at NVDCVE-2024-53059 at SUSECVE-2024-53059 at NVDCVE-2024-53060 at SUSECVE-2024-53060 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53066 at SUSECVE-2024-53066 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDCVE-2024-53079 at SUSECVE-2024-53079 at NVDCVE-2024-53085 at SUSECVE-2024-53085 at NVDCVE-2024-53088 at SUSECVE-2024-53088 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53110 at SUSECVE-2024-53110 at NVDcpe:/o:opensuse:leap:15.5Security update for subversion (Moderate)openSUSE Leap 15.5
This update for subversion fixes the following issues:
- CVE-2024-46901: Fixed denial-of-service via control characters in paths in mod_dav_svn (bsc#1234317)
ModerateSUSE bug 1234317CVE-2024-46901 at SUSECVE-2024-46901 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: USB: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- Drop OCFS2 patch causing a regression (bsc#1233255).
- Fix regression on AMDGPU driver (bsc#1233134).
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Update config files (bsc#1218644).
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- qed: avoid truncating work queue length (git-fixes).
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
ImportantSUSE bug 1082555SUSE bug 1194869SUSE bug 1218644SUSE bug 1220382SUSE bug 1221309SUSE bug 1221333SUSE bug 1222364SUSE bug 1222590SUSE bug 1223202SUSE bug 1223656SUSE bug 1223848SUSE bug 1223919SUSE bug 1223942SUSE bug 1224518SUSE bug 1224526SUSE bug 1224574SUSE bug 1225725SUSE bug 1225730SUSE bug 1225742SUSE bug 1225764SUSE bug 1225812SUSE bug 1226560SUSE bug 1226592SUSE bug 1226631SUSE bug 1226748SUSE bug 1226872SUSE bug 1227853SUSE bug 1228410SUSE bug 1228430SUSE bug 1228486SUSE bug 1228650SUSE bug 1228857SUSE bug 1229312SUSE bug 1229429SUSE bug 1229585SUSE bug 1229752SUSE bug 1229808SUSE bug 1230055SUSE bug 1230220SUSE bug 1230231SUSE bug 1230270SUSE bug 1230558SUSE bug 1230827SUSE bug 1230918SUSE bug 1231083SUSE bug 1231089SUSE bug 1231098SUSE bug 1231101SUSE bug 1231108SUSE bug 1231111SUSE bug 1231132SUSE bug 1231135SUSE bug 1231138SUSE bug 1231169SUSE bug 1231178SUSE bug 1231180SUSE bug 1231181SUSE bug 1231187SUSE bug 1231202SUSE bug 1231434SUSE bug 1231441SUSE bug 1231452SUSE bug 1231465SUSE bug 1231474SUSE bug 1231481SUSE bug 1231537SUSE bug 1231541SUSE bug 1231646SUSE bug 1231849SUSE bug 1231856SUSE bug 1231858SUSE bug 1231859SUSE bug 1231864SUSE bug 1231904SUSE bug 1231916SUSE bug 1231920SUSE bug 1231923SUSE bug 1231930SUSE bug 1231931SUSE bug 1231947SUSE bug 1231952SUSE bug 1231953SUSE bug 1231959SUSE bug 1231978SUSE bug 1232013SUSE bug 1232015SUSE bug 1232016SUSE bug 1232017SUSE bug 1232027SUSE bug 1232028SUSE bug 1232047SUSE bug 1232048SUSE bug 1232050SUSE bug 1232056SUSE bug 1232076SUSE bug 1232080SUSE bug 1232094SUSE bug 1232096SUSE bug 1232098SUSE bug 1232111SUSE bug 1232126SUSE bug 1232134SUSE bug 1232135SUSE bug 1232141SUSE bug 1232142SUSE bug 1232147SUSE bug 1232152SUSE bug 1232159SUSE bug 1232162SUSE bug 1232165SUSE bug 1232180SUSE bug 1232185SUSE bug 1232187SUSE bug 1232189SUSE bug 1232195SUSE bug 1232198SUSE bug 1232201SUSE bug 1232218SUSE bug 1232224SUSE bug 1232232SUSE bug 1232254SUSE bug 1232255SUSE bug 1232264SUSE bug 1232272SUSE bug 1232279SUSE bug 1232287SUSE bug 1232293SUSE bug 1232312SUSE bug 1232317SUSE bug 1232318SUSE bug 1232333SUSE bug 1232334SUSE bug 1232335SUSE bug 1232339SUSE bug 1232349SUSE bug 1232357SUSE bug 1232359SUSE bug 1232362SUSE bug 1232364SUSE bug 1232370SUSE bug 1232371SUSE bug 1232378SUSE bug 1232385SUSE bug 1232387SUSE bug 1232394SUSE bug 1232413SUSE bug 1232416SUSE bug 1232436SUSE bug 1232483SUSE bug 1232500SUSE bug 1232503SUSE bug 1232504SUSE bug 1232507SUSE bug 1232520SUSE bug 1232552SUSE bug 1232757SUSE bug 1232819SUSE bug 1232860SUSE bug 1232870SUSE bug 1232873SUSE bug 1232877SUSE bug 1232878SUSE bug 1232881SUSE bug 1232884SUSE bug 1232885SUSE bug 1232887SUSE bug 1232888SUSE bug 1232890SUSE bug 1232892SUSE bug 1232896SUSE bug 1232897SUSE bug 1232905SUSE bug 1232907SUSE bug 1232919SUSE bug 1232926SUSE bug 1232928SUSE bug 1232935SUSE bug 1233035SUSE bug 1233049SUSE bug 1233051SUSE bug 1233056SUSE bug 1233057SUSE bug 1233061SUSE bug 1233063SUSE bug 1233065SUSE bug 1233067SUSE bug 1233070SUSE bug 1233073SUSE bug 1233074SUSE bug 1233100SUSE bug 1233103SUSE bug 1233104SUSE bug 1233105SUSE bug 1233106SUSE bug 1233107SUSE bug 1233108SUSE bug 1233110SUSE bug 1233111SUSE bug 1233113SUSE bug 1233114SUSE bug 1233117SUSE bug 1233123SUSE bug 1233125SUSE bug 1233129SUSE bug 1233130SUSE bug 1233134SUSE bug 1233135SUSE bug 1233150SUSE bug 1233189SUSE bug 1233191SUSE bug 1233197SUSE bug 1233205SUSE bug 1233206SUSE bug 1233209SUSE bug 1233210SUSE bug 1233211SUSE bug 1233212SUSE bug 1233214SUSE bug 1233216SUSE bug 1233238SUSE bug 1233241SUSE bug 1233253SUSE bug 1233255SUSE bug 1233293SUSE bug 1233350SUSE bug 1233452SUSE bug 1233453SUSE bug 1233454SUSE bug 1233456SUSE bug 1233457SUSE bug 1233458SUSE bug 1233460SUSE bug 1233462SUSE bug 1233463SUSE bug 1233468SUSE bug 1233471SUSE bug 1233476SUSE bug 1233478SUSE bug 1233479SUSE bug 1233481SUSE bug 1233484SUSE bug 1233487SUSE bug 1233490SUSE bug 1233491SUSE bug 1233528SUSE bug 1233548SUSE bug 1233552SUSE bug 1233553SUSE bug 1233554SUSE bug 1233555SUSE bug 1233557SUSE bug 1233560SUSE bug 1233561SUSE bug 1233570SUSE bug 1233577SUSE bug 1233580SUSE bug 1233977SUSE bug 1234012SUSE bug 1234025SUSE bug 1234085SUSE bug 1234093SUSE bug 1234098SUSE bug 1234108CVE-2021-47594 at SUSECVE-2021-47594 at NVDCVE-2022-48674 at SUSECVE-2022-48674 at NVDCVE-2022-48979 at SUSECVE-2022-48979 at NVDCVE-2022-48982 at SUSECVE-2022-48982 at NVDCVE-2022-48983 at SUSECVE-2022-48983 at NVDCVE-2022-48989 at SUSECVE-2022-48989 at NVDCVE-2022-48990 at SUSECVE-2022-48990 at NVDCVE-2023-52915 at SUSECVE-2023-52915 at NVDCVE-2023-52917 at SUSECVE-2023-52917 at NVDCVE-2023-52918 at SUSECVE-2023-52918 at NVDCVE-2023-52921 at SUSECVE-2023-52921 at NVDCVE-2023-52922 at SUSECVE-2023-52922 at NVDCVE-2024-26782 at SUSECVE-2024-26782 at NVDCVE-2024-26906 at SUSECVE-2024-26906 at NVDCVE-2024-26953 at SUSECVE-2024-26953 at NVDCVE-2024-35888 at SUSECVE-2024-35888 at NVDCVE-2024-35937 at SUSECVE-2024-35937 at NVDCVE-2024-35980 at SUSECVE-2024-35980 at NVDCVE-2024-36484 at SUSECVE-2024-36484 at NVDCVE-2024-36883 at SUSECVE-2024-36883 at NVDCVE-2024-36886 at SUSECVE-2024-36886 at NVDCVE-2024-36905 at SUSECVE-2024-36905 at NVDCVE-2024-36953 at SUSECVE-2024-36953 at NVDCVE-2024-36954 at SUSECVE-2024-36954 at NVDCVE-2024-38577 at SUSECVE-2024-38577 at NVDCVE-2024-38589 at SUSECVE-2024-38589 at NVDCVE-2024-38615 at SUSECVE-2024-38615 at NVDCVE-2024-40997 at SUSECVE-2024-40997 at NVDCVE-2024-41016 at SUSECVE-2024-41016 at NVDCVE-2024-41023 at SUSECVE-2024-41023 at NVDCVE-2024-41049 at SUSECVE-2024-41049 at NVDCVE-2024-42131 at SUSECVE-2024-42131 at NVDCVE-2024-43817 at SUSECVE-2024-43817 at NVDCVE-2024-43897 at SUSECVE-2024-43897 at NVDCVE-2024-44932 at SUSECVE-2024-44932 at NVDCVE-2024-44964 at SUSECVE-2024-44964 at NVDCVE-2024-44995 at SUSECVE-2024-44995 at NVDCVE-2024-46681 at SUSECVE-2024-46681 at NVDCVE-2024-46800 at SUSECVE-2024-46800 at NVDCVE-2024-46802 at SUSECVE-2024-46802 at NVDCVE-2024-46804 at SUSECVE-2024-46804 at NVDCVE-2024-46805 at SUSECVE-2024-46805 at NVDCVE-2024-46807 at SUSECVE-2024-46807 at NVDCVE-2024-46810 at SUSECVE-2024-46810 at NVDCVE-2024-46812 at SUSECVE-2024-46812 at NVDCVE-2024-46819 at SUSECVE-2024-46819 at NVDCVE-2024-46821 at SUSECVE-2024-46821 at NVDCVE-2024-46835 at SUSECVE-2024-46835 at NVDCVE-2024-46842 at SUSECVE-2024-46842 at NVDCVE-2024-46853 at SUSECVE-2024-46853 at NVDCVE-2024-46859 at SUSECVE-2024-46859 at NVDCVE-2024-46864 at SUSECVE-2024-46864 at NVDCVE-2024-46871 at SUSECVE-2024-46871 at NVDCVE-2024-47663 at SUSECVE-2024-47663 at NVDCVE-2024-47665 at SUSECVE-2024-47665 at NVDCVE-2024-47667 at SUSECVE-2024-47667 at NVDCVE-2024-47669 at SUSECVE-2024-47669 at NVDCVE-2024-47670 at SUSECVE-2024-47670 at NVDCVE-2024-47671 at SUSECVE-2024-47671 at NVDCVE-2024-47679 at SUSECVE-2024-47679 at NVDCVE-2024-47682 at SUSECVE-2024-47682 at NVDCVE-2024-47693 at SUSECVE-2024-47693 at NVDCVE-2024-47695 at SUSECVE-2024-47695 at NVDCVE-2024-47696 at SUSECVE-2024-47696 at NVDCVE-2024-47697 at SUSECVE-2024-47697 at NVDCVE-2024-47698 at SUSECVE-2024-47698 at NVDCVE-2024-47699 at SUSECVE-2024-47699 at NVDCVE-2024-47701 at SUSECVE-2024-47701 at NVDCVE-2024-47709 at SUSECVE-2024-47709 at NVDCVE-2024-47712 at SUSECVE-2024-47712 at NVDCVE-2024-47713 at SUSECVE-2024-47713 at NVDCVE-2024-47718 at SUSECVE-2024-47718 at NVDCVE-2024-47723 at SUSECVE-2024-47723 at NVDCVE-2024-47728 at SUSECVE-2024-47728 at NVDCVE-2024-47735 at SUSECVE-2024-47735 at NVDCVE-2024-47737 at SUSECVE-2024-47737 at NVDCVE-2024-47742 at SUSECVE-2024-47742 at NVDCVE-2024-47745 at SUSECVE-2024-47745 at NVDCVE-2024-47749 at SUSECVE-2024-47749 at NVDCVE-2024-47756 at SUSECVE-2024-47756 at NVDCVE-2024-47757 at SUSECVE-2024-47757 at NVDCVE-2024-49850 at SUSECVE-2024-49850 at NVDCVE-2024-49851 at SUSECVE-2024-49851 at NVDCVE-2024-49852 at SUSECVE-2024-49852 at NVDCVE-2024-49855 at SUSECVE-2024-49855 at NVDCVE-2024-49861 at SUSECVE-2024-49861 at NVDCVE-2024-49863 at SUSECVE-2024-49863 at NVDCVE-2024-49868 at SUSECVE-2024-49868 at NVDCVE-2024-49870 at SUSECVE-2024-49870 at NVDCVE-2024-49871 at SUSECVE-2024-49871 at NVDCVE-2024-49875 at SUSECVE-2024-49875 at NVDCVE-2024-49877 at SUSECVE-2024-49877 at NVDCVE-2024-49879 at SUSECVE-2024-49879 at NVDCVE-2024-49884 at SUSECVE-2024-49884 at NVDCVE-2024-49891 at SUSECVE-2024-49891 at NVDCVE-2024-49900 at SUSECVE-2024-49900 at NVDCVE-2024-49902 at SUSECVE-2024-49902 at NVDCVE-2024-49903 at SUSECVE-2024-49903 at NVDCVE-2024-49905 at SUSECVE-2024-49905 at NVDCVE-2024-49907 at SUSECVE-2024-49907 at NVDCVE-2024-49908 at SUSECVE-2024-49908 at NVDCVE-2024-49921 at SUSECVE-2024-49921 at NVDCVE-2024-49924 at SUSECVE-2024-49924 at NVDCVE-2024-49925 at SUSECVE-2024-49925 at NVDCVE-2024-49934 at SUSECVE-2024-49934 at NVDCVE-2024-49935 at SUSECVE-2024-49935 at NVDCVE-2024-49938 at SUSECVE-2024-49938 at NVDCVE-2024-49945 at SUSECVE-2024-49945 at NVDCVE-2024-49947 at SUSECVE-2024-49947 at NVDCVE-2024-49950 at SUSECVE-2024-49950 at NVDCVE-2024-49957 at SUSECVE-2024-49957 at NVDCVE-2024-49963 at SUSECVE-2024-49963 at NVDCVE-2024-49965 at SUSECVE-2024-49965 at NVDCVE-2024-49966 at SUSECVE-2024-49966 at NVDCVE-2024-49968 at SUSECVE-2024-49968 at NVDCVE-2024-49981 at SUSECVE-2024-49981 at NVDCVE-2024-49983 at SUSECVE-2024-49983 at NVDCVE-2024-49985 at SUSECVE-2024-49985 at NVDCVE-2024-49989 at SUSECVE-2024-49989 at NVDCVE-2024-50003 at SUSECVE-2024-50003 at NVDCVE-2024-50007 at SUSECVE-2024-50007 at NVDCVE-2024-50008 at SUSECVE-2024-50008 at NVDCVE-2024-50009 at SUSECVE-2024-50009 at NVDCVE-2024-50013 at SUSECVE-2024-50013 at NVDCVE-2024-50017 at SUSECVE-2024-50017 at NVDCVE-2024-50025 at SUSECVE-2024-50025 at NVDCVE-2024-50026 at SUSECVE-2024-50026 at NVDCVE-2024-50031 at SUSECVE-2024-50031 at NVDCVE-2024-50044 at SUSECVE-2024-50044 at NVDCVE-2024-50062 at SUSECVE-2024-50062 at NVDCVE-2024-50067 at SUSECVE-2024-50067 at NVDCVE-2024-50073 at SUSECVE-2024-50073 at NVDCVE-2024-50074 at SUSECVE-2024-50074 at NVDCVE-2024-50077 at SUSECVE-2024-50077 at NVDCVE-2024-50078 at SUSECVE-2024-50078 at NVDCVE-2024-50082 at SUSECVE-2024-50082 at NVDCVE-2024-50089 at SUSECVE-2024-50089 at NVDCVE-2024-50093 at SUSECVE-2024-50093 at NVDCVE-2024-50095 at SUSECVE-2024-50095 at NVDCVE-2024-50096 at SUSECVE-2024-50096 at NVDCVE-2024-50098 at SUSECVE-2024-50098 at NVDCVE-2024-50099 at SUSECVE-2024-50099 at NVDCVE-2024-50103 at SUSECVE-2024-50103 at NVDCVE-2024-50108 at SUSECVE-2024-50108 at NVDCVE-2024-50110 at SUSECVE-2024-50110 at NVDCVE-2024-50115 at SUSECVE-2024-50115 at NVDCVE-2024-50116 at SUSECVE-2024-50116 at NVDCVE-2024-50117 at SUSECVE-2024-50117 at NVDCVE-2024-50124 at SUSECVE-2024-50124 at NVDCVE-2024-50125 at SUSECVE-2024-50125 at NVDCVE-2024-50127 at SUSECVE-2024-50127 at NVDCVE-2024-50128 at SUSECVE-2024-50128 at NVDCVE-2024-50131 at SUSECVE-2024-50131 at NVDCVE-2024-50134 at SUSECVE-2024-50134 at NVDCVE-2024-50135 at SUSECVE-2024-50135 at NVDCVE-2024-50138 at SUSECVE-2024-50138 at NVDCVE-2024-50141 at SUSECVE-2024-50141 at NVDCVE-2024-50146 at SUSECVE-2024-50146 at NVDCVE-2024-50147 at SUSECVE-2024-50147 at NVDCVE-2024-50148 at SUSECVE-2024-50148 at NVDCVE-2024-50150 at SUSECVE-2024-50150 at NVDCVE-2024-50153 at SUSECVE-2024-50153 at NVDCVE-2024-50154 at SUSECVE-2024-50154 at NVDCVE-2024-50155 at SUSECVE-2024-50155 at NVDCVE-2024-50156 at SUSECVE-2024-50156 at NVDCVE-2024-50160 at SUSECVE-2024-50160 at NVDCVE-2024-50167 at SUSECVE-2024-50167 at NVDCVE-2024-50171 at SUSECVE-2024-50171 at NVDCVE-2024-50179 at SUSECVE-2024-50179 at NVDCVE-2024-50180 at SUSECVE-2024-50180 at NVDCVE-2024-50182 at SUSECVE-2024-50182 at NVDCVE-2024-50183 at SUSECVE-2024-50183 at NVDCVE-2024-50184 at SUSECVE-2024-50184 at NVDCVE-2024-50186 at SUSECVE-2024-50186 at NVDCVE-2024-50187 at SUSECVE-2024-50187 at NVDCVE-2024-50188 at SUSECVE-2024-50188 at NVDCVE-2024-50189 at SUSECVE-2024-50189 at NVDCVE-2024-50192 at SUSECVE-2024-50192 at NVDCVE-2024-50194 at SUSECVE-2024-50194 at NVDCVE-2024-50195 at SUSECVE-2024-50195 at NVDCVE-2024-50196 at SUSECVE-2024-50196 at NVDCVE-2024-50198 at SUSECVE-2024-50198 at NVDCVE-2024-50201 at SUSECVE-2024-50201 at NVDCVE-2024-50205 at SUSECVE-2024-50205 at NVDCVE-2024-50208 at SUSECVE-2024-50208 at NVDCVE-2024-50209 at SUSECVE-2024-50209 at NVDCVE-2024-50215 at SUSECVE-2024-50215 at NVDCVE-2024-50218 at SUSECVE-2024-50218 at NVDCVE-2024-50229 at SUSECVE-2024-50229 at NVDCVE-2024-50230 at SUSECVE-2024-50230 at NVDCVE-2024-50232 at SUSECVE-2024-50232 at NVDCVE-2024-50233 at SUSECVE-2024-50233 at NVDCVE-2024-50234 at SUSECVE-2024-50234 at NVDCVE-2024-50236 at SUSECVE-2024-50236 at NVDCVE-2024-50237 at SUSECVE-2024-50237 at NVDCVE-2024-50249 at SUSECVE-2024-50249 at NVDCVE-2024-50255 at SUSECVE-2024-50255 at NVDCVE-2024-50259 at SUSECVE-2024-50259 at NVDCVE-2024-50261 at SUSECVE-2024-50261 at NVDCVE-2024-50264 at SUSECVE-2024-50264 at NVDCVE-2024-50265 at SUSECVE-2024-50265 at NVDCVE-2024-50267 at SUSECVE-2024-50267 at NVDCVE-2024-50268 at SUSECVE-2024-50268 at NVDCVE-2024-50269 at SUSECVE-2024-50269 at NVDCVE-2024-50271 at SUSECVE-2024-50271 at NVDCVE-2024-50273 at SUSECVE-2024-50273 at NVDCVE-2024-50274 at SUSECVE-2024-50274 at NVDCVE-2024-50279 at SUSECVE-2024-50279 at NVDCVE-2024-50282 at SUSECVE-2024-50282 at NVDCVE-2024-50287 at SUSECVE-2024-50287 at NVDCVE-2024-50289 at SUSECVE-2024-50289 at NVDCVE-2024-50290 at SUSECVE-2024-50290 at NVDCVE-2024-50292 at SUSECVE-2024-50292 at NVDCVE-2024-50295 at SUSECVE-2024-50295 at NVDCVE-2024-50298 at SUSECVE-2024-50298 at NVDCVE-2024-50301 at SUSECVE-2024-50301 at NVDCVE-2024-50302 at SUSECVE-2024-50302 at NVDCVE-2024-53052 at SUSECVE-2024-53052 at NVDCVE-2024-53058 at SUSECVE-2024-53058 at NVDCVE-2024-53059 at SUSECVE-2024-53059 at NVDCVE-2024-53060 at SUSECVE-2024-53060 at NVDCVE-2024-53061 at SUSECVE-2024-53061 at NVDCVE-2024-53063 at SUSECVE-2024-53063 at NVDCVE-2024-53066 at SUSECVE-2024-53066 at NVDCVE-2024-53068 at SUSECVE-2024-53068 at NVDCVE-2024-53079 at SUSECVE-2024-53079 at NVDCVE-2024-53085 at SUSECVE-2024-53085 at NVDCVE-2024-53088 at SUSECVE-2024-53088 at NVDCVE-2024-53104 at SUSECVE-2024-53104 at NVDCVE-2024-53110 at SUSECVE-2024-53110 at NVDcpe:/o:opensuse:leap:15.5Security update for avahi (Moderate)openSUSE Leap 15.5
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
ModerateSUSE bug 1226586SUSE bug 1233420CVE-2024-52616 at SUSECVE-2024-52616 at NVDcpe:/o:opensuse:leap:15.5Recommended update for docker-stable (Moderate)openSUSE Leap 15.5
This update for docker-stable fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
ModerateSUSE bug 1231348SUSE bug 1232999CVE-2024-23653 at SUSECVE-2024-23653 at NVDCVE-2024-41110 at SUSECVE-2024-41110 at NVDcpe:/o:opensuse:leap:15.5Security update for emacs (Important)openSUSE Leap 15.5
This update for emacs fixes the following issues:
- CVE-2024-53920: Fixed arbitrary code execution via Lisp macro expansion (bsc#1233894)
ImportantSUSE bug 1233894CVE-2024-53920 at SUSECVE-2024-53920 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp (Moderate)openSUSE Leap 15.5
This update for python-aiohttp fixes the following issues:
- CVE-2024-27306: filenames and paths not escaped when generating index pages for static file handling. (bsc#1223098)
ModerateSUSE bug 1223098CVE-2024-27306 at SUSECVE-2024-27306 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Firefox Extended Support Release 115.6.0 ESR (bsc#1217974):
* CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782).
* CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023).
* CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).
* CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).
* CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669).
* CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118).
* CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).
* CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).
* CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
* CVE-2023-50762: Truncated signed text was shown with a valid OpenPGP signature (bmo#1862625).
ImportantSUSE bug 1217974CVE-2023-50761 at SUSECVE-2023-50761 at NVDCVE-2023-50762 at SUSECVE-2023-50762 at NVDCVE-2023-6856 at SUSECVE-2023-6856 at NVDCVE-2023-6857 at SUSECVE-2023-6857 at NVDCVE-2023-6858 at SUSECVE-2023-6858 at NVDCVE-2023-6859 at SUSECVE-2023-6859 at NVDCVE-2023-6860 at SUSECVE-2023-6860 at NVDCVE-2023-6861 at SUSECVE-2023-6861 at NVDCVE-2023-6862 at SUSECVE-2023-6862 at NVDCVE-2023-6863 at SUSECVE-2023-6863 at NVDCVE-2023-6864 at SUSECVE-2023-6864 at NVDcpe:/o:opensuse:leap:15.5Security update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative (Moderate)openSUSE Leap 15.5
This update for aalto-xml, flatten-maven-plugin, jctools, moditect, netty, netty-tcnative fixes the following issues:
- CVE-2024-47535: Fixed unsafe reading of large environment files when Netty is loaded by a java application can
lead to a crash due to the JVM memory limit being exceeded in netty (bsc#1233297)
Other fixes:
- Upgraded netty to upstream version 4.1.115
- Upgraded netty-tcnative to version 2.0.69 Final
- Updated jctools to version 4.0.5
- Updated aalto-xml to version 1.3.3
- Updated moditect to version 1.2.2
- Updated flatten-maven-plugin to version 1.6.0 ModerateSUSE bug 1047218SUSE bug 1233297CVE-2024-47535 at SUSECVE-2024-47535 at NVDcpe:/o:opensuse:leap:15.5Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container (Moderate)openSUSE Leap 15.5
This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:
Update to version 1.1.1:
Release notes are on https://github.com/kubevirt/kubevirt/releases/tag/v1.1.1
- Fix seccomp profile for post-copy migration
- Fix firmware path for aarch64 (/usr/share/AAVMF)
- Fix test with initially invalid DataVolume (bsc#1218174)
The containers were also rebuilt against updated go version.
ModerateSUSE bug 1218174cpe:/o:opensuse:leap:15.5Security update for mozjs78 (Moderate)openSUSE Leap 15.5
This update for mozjs78 fixes the following issues:
- CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599)
ModerateSUSE bug 1232599CVE-2024-50602 at SUSECVE-2024-50602 at NVDcpe:/o:opensuse:leap:15.5Security update for gdb (Moderate)openSUSE Leap 15.5
This update for gdb fixes the following issues:
Mention changes in GDB 14:
* GDB now supports the AArch64 Scalable Matrix Extension 2
(SME2), which includes a new 512 bit lookup table register
named ZT0.
* GDB now supports the AArch64 Scalable Matrix Extension (SME),
which includes a new matrix register named ZA, a new thread
register TPIDR2 and a new vector length register SVG
(streaming vector granule). GDB also supports tracking ZA
state across signal frames. Some features are still under
development or are dependent on ABI specs that are still in
alpha stage. For example, manual function calls with ZA state
don't have any special handling, and tracking of SVG changes
based on DWARF information is still not implemented, but there
are plans to do so in the future.
* GDB now recognizes the NO_COLOR environment variable and
disables styling according to the spec. See
https://no-color.org/. Styling can be re-enabled with
'set style enabled on'.
* The AArch64 'org.gnu.gdb.aarch64.pauth' Pointer Authentication
feature string has been deprecated in favor of the
'org.gnu.gdb.aarch64.pauth_v2' feature string.
* GDB now has some support for integer types larger than 64 bits.
* Multi-target feature configuration.
GDB now supports the individual configuration of remote
targets' feature sets. Based on the current selection of a
target, the commands 'set remote <name>-packet (on|off|auto)'
and 'show remote <name>-packet' can be used to configure a
target's feature packet and to display its configuration,
respectively.
* GDB has initial built-in support for the Debugger Adapter
Protocol.
* For the break command, multiple uses of the 'thread' or 'task'
keywords will now give an error instead of just using the
thread or task id from the last instance of the keyword. E.g.:
break foo thread 1 thread 2
will now give an error rather than using 'thread 2'.
* For the watch command, multiple uses of the 'task' keyword will
now give an error instead of just using the task id from the
last instance of the keyword. E.g.:
watch my_var task 1 task 2
will now give an error rather than using 'task 2'. The
'thread' keyword already gave an error when used multiple times
with the watch command, this remains unchanged.
* The 'set print elements' setting now helps when printing large
arrays. If an array would otherwise exceed max-value-size, but
'print elements' is set such that the size of elements to print
is less than or equal to 'max-value-size', GDB will now still
print the array, however only 'max-value-size' worth of data
will be added into the value history.
* For both the break and watch commands, it is now invalid to use
both the 'thread' and 'task' keywords within the same command.
For example the following commnds will now give an error:
break foo thread 1 task 1
watch var thread 2 task 3
* The printf command now accepts a '%V' output format which will
format an expression just as the 'print' command would. Print
options can be placed withing '[...]' after the '%V' to modify
how the value is printed. E.g:
printf '%V', some_array
printf '%V[-array-indexes on]', some_array
will print the array without, or with array indexes included,
just as the array would be printed by the 'print' command.
This functionality is also available for dprintf when
dprintf-style is 'gdb'.
* When the printf command requires a string to be fetched from
the inferior, GDB now uses the existing 'max-value-size'
setting to the limit the memory allocated within GDB. The
default 'max-value-size' is 64k. To print longer strings you
should increase 'max-value-size'.
* The Ada 2022 Enum_Rep and Enum_Val attributes are now
supported.
* The Ada 2022 target name symbol ('@') is now supported by the
Ada expression parser.
* The 'list' command now accepts '.' as an argument, which tells
GDB to print the location around the point of execution within
the current frame. If the inferior hasn't started yet, the
command will print around the beginning of the 'main' function.
* Using the 'list' command with no arguments in a situation where
the command would attempt to list past the end of the file now
warns the user that the end of file has been reached, refers
the user to the newly added '.' argument
* Breakpoints can now be inferior-specific. This is similar to
the existing thread-specific breakpoint support. Breakpoint
conditions can include the 'inferior' keyword followed by an
inferior id (as displayed in the 'info inferiors' output).
It is invalid to use the 'inferior' keyword with either the
'thread' or 'task' keywords when creating a breakpoint.
* New convenience function '$_shell', to execute a shell command
and return the result. This lets you run shell commands in
expressions. Some examples:
(gdb) p $_shell('true')
$1 = 0
(gdb) p $_shell('false')
$2 = 1
(gdb) break func if $_shell('some command') == 0
* New commands:
* set debug breakpoint on|off
show debug breakpoint
Print additional debug messages about breakpoint insertion
and removal.
* maintenance print record-instruction [ N ]
Print the recorded information for a given instruction. If N
is not given prints how GDB would undo the last instruction
executed. If N is negative, prints how GDB would undo the
N-th previous instruction, and if N is positive, it prints
how GDB will redo the N-th following instruction.
* maintenance info frame-unwinders
List the frame unwinders currently in effect, starting with
the highest priority.
* maintenance wait-for-index-cache
Wait until all pending writes to the index cache have
completed.
* set always-read-ctf on|off
show always-read-ctf
When off, CTF is only read if DWARF is not present. When on,
CTF is read regardless of whether DWARF is present. Off by
default.
* info main
Get main symbol to identify entry point into program.
* set tui mouse-events [on|off]
show tui mouse-events
When on (default), mouse clicks control the TUI and can be
accessed by Python extensions. When off, mouse clicks are
handled by the terminal, enabling terminal-native text
selection.
* MI changes:
* MI version 1 has been removed.
* mi now reports 'no-history' as a stop reason when hitting the
end of the reverse execution history.
* When creating a thread-specific breakpoint using the '-p'
option, the -break-insert command would report the 'thread'
field twice in the reply. The content of both fields was
always identical. This has now been fixed; the 'thread'
field will be reported just once for thread-specific
breakpoints, or not at all for breakpoints without a thread
restriction. The same is also true for the 'task' field of
an Ada task-specific breakpoint.
* It is no longer possible to create a thread-specific
breakpoint for a thread that doesn't exist using
'-break-insert -p ID'. Creating breakpoints for
non-existent threads is not allowed when using the CLI, that
the MI allowed it was a long standing bug, which has now
been fixed.
* The '--simple-values' argument to the
'-stack-list-arguments','-stack-list-locals',
'-stack-list-variables', and '-var-list-children' commands now
takes reference types into account: that is, a value is now
considered simple if it is neither an array, structure, or
union, nor a reference to an array, structure, or union.
(Previously all references were considered simple.) Support
for this feature can be verified by using the
'-list-features' command, which should contain
'simple-values-ref-types'.
* The -break-insert command now accepts a '-g thread-group-id'
option to allow for the creation of inferior-specific
breakpoints.
* The bkpt tuple, which appears in breakpoint-created
notifications, and in the result of the -break-insert
command can now include an optional 'inferior' field for both
the main breakpoint, and each location, when the breakpoint
is inferior-specific.
* Python API:
* gdb.ThreadExitedEvent added. Emits a ThreadEvent.
* The gdb.unwinder.Unwinder.name attribute is now read-only.
* The name argument passed to gdb.unwinder.Unwinder.__init__
must now be of type 'str' otherwise a TypeError will be
raised.
* The gdb.unwinder.Unwinder.enabled attribute can now only
accept values of type 'bool'. Changing this attribute will
now invalidate GDB's frame-cache, which means GDB will need
to rebuild its frame-cache when next required - either with,
or without the particular unwinder, depending on how
'enabled' was changed.
* New methods added to the gdb.PendingFrame class. These
methods have the same behaviour as the corresponding
methods on gdb.Frame. The new methods are:
* gdb.PendingFrame.name: Return the name for the frame's
function, or None.
* gdb.PendingFrame.is_valid: Return True if the pending
frame object is valid.
* gdb.PendingFrame.pc: Return the $pc register value for
this frame.
* gdb.PendingFrame.language: Return a string containing the
language for this frame, or None.
* gdb.PendingFrame.find_sal: Return a gdb.Symtab_and_line
object for the current location within the pending frame,
or None.
* gdb.PendingFrame.block: Return a gdb.Block for the current
pending frame, or None.
* gdb.PendingFrame.function: Return a gdb.Symbol for the
current pending frame, or None.
* The frame-id passed to gdb.PendingFrame.create_unwind_info
can now use either an integer or a gdb.Value object for each
of its 'sp', 'pc', and 'special' attributes.
* A new class gdb.unwinder.FrameId has been added. Instances
of this class are constructed with 'sp' (stack-pointer) and
'pc' (program-counter) values, and can be used as the
frame-id when calling gdb.PendingFrame.create_unwind_info.
* It is now no longer possible to sub-class the
gdb.disassembler.DisassemblerResult type.
* The Disassembler API from the gdb.disassembler module has
been extended to include styling support:
* The DisassemblerResult class can now be initialized with a
list of parts. Each part represents part of the
disassembled instruction along with the associated style
information. This list of parts can be accessed with the
new DisassemblerResult.parts property.
* New constants gdb.disassembler.STYLE_* representing all the
different styles part of an instruction might have.
* New methods DisassembleInfo.text_part and
DisassembleInfo.address_part which are used to create the
new styled parts of a disassembled instruction.
* Changes are backwards compatible, the older API can still
be used to disassemble instructions without styling.
* New function gdb.execute_mi(COMMAND, [ARG]...), that invokes
a GDB/MI command and returns the output as a Python
dictionary.
* New function gdb.block_signals(). This returns a context
manager that blocks any signals that GDB needs to handle
itself.
* New class gdb.Thread. This is a subclass of threading.Thread
that calls gdb.block_signals in its 'start' method.
* gdb.parse_and_eval now has a new 'global_context' parameter.
This can be used to request that the parse only examine
global symbols.
* gdb.Inferior now has a new 'arguments' attribute. This holds
the command-line arguments to the inferior, if known.
* gdb.Inferior now has a new 'main_name' attribute. This holds
the name of the inferior's 'main', if known.
* gdb.Inferior now has new methods 'clear_env', 'set_env', and
'unset_env'. These can be used to modify the inferior's
environment before it is started.
* gdb.Value now has the 'assign' method.
* gdb.Value now has the 'to_array' method. This converts an
array-like Value to an array.
* gdb.Progspace now has the new method 'objfile_for_address'.
This returns the gdb.Objfile, if any, that covers a given
address.
* gdb.Breakpoint now has an 'inferior' attribute. If the
Breakpoint object is inferior specific then this attribute
holds the inferior-id (an integer). If the Breakpoint
object is not inferior specific, then this field contains
None. This field can be written too.
* gdb.Type now has the 'is_array_like' and 'is_string_like'
methods. These reflect GDB's internal idea of whether a
type might be array- or string-like, even if they do not
have the corresponding type code.
* gdb.ValuePrinter is a new class that can be used as the base
class for the result of applying a pretty-printer. As a
base class, it signals to gdb that the printer may implement
new pretty-printer methods.
* New attribute Progspace.symbol_file. This attribute holds
the gdb.Objfile that corresponds to Progspace.filename (when
Progspace.filename is not None), otherwise, this attribute is
itself None.
* New attribute Progspace.executable_filename. This attribute
holds a string containing a file name set by the 'exec-file'
or 'file' commands, or None if no executable file is set.
This isn't the exact string passed by the user to these
commands; the file name will have been partially resolved to
an absolute file name.
* A new executable_changed event registry is available. This
event emits ExecutableChangedEvent objects, which have
'progspace' (a gdb.Progspace) and 'reload' (a Boolean)
attributes. This event is emitted when
gdb.Progspace.executable_filename changes.
* New event registries gdb.events.new_progspace and
gdb.events.free_progspace, these emit NewProgspaceEvent and
FreeProgspaceEvent event types respectively. Both of these
event types have a single 'progspace' attribute, which is
the gdb.Progspace that is either being added to GDB, or
removed from GDB.
* gdb.LazyString now implements the __str__ method.
* New method gdb.Frame.static_link that returns the outer
frame of a nested function frame.
ModerateSUSE bug 1220490CVE-2022-48064 at SUSECVE-2022-48064 at NVDcpe:/o:opensuse:leap:15.5Security update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer (Important)openSUSE Leap 15.5
This update for cdi-apiserver-container, cdi-cloner-container, cdi-controller-container, cdi-importer-container, cdi-operator-container, cdi-uploadproxy-container, cdi-uploadserver-container, containerized-data-importer fixes the following issues:
- Set ExclusiveArch conditionally depending on the distro
- rebuild with current go release.
Importantcpe:/o:opensuse:leap:15.5Security update for poppler (Moderate)openSUSE Leap 15.5
This update for poppler fixes the following issues:
- CVE-2024-56378: out-of-bounds read within JBIG2Bitmap::combine, which can lead to an application crash. (bsc#1234795)
ModerateSUSE bug 1234795CVE-2024-56378 at SUSECVE-2024-56378 at NVDcpe:/o:opensuse:leap:15.5Security update for python-grpcio (Moderate)openSUSE Leap 15.5
This update for python-grpcio fixes the following issues:
- CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821)
- CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919)
ModerateSUSE bug 1228919SUSE bug 1233821CVE-2024-11407 at SUSECVE-2024-11407 at NVDCVE-2024-7246 at SUSECVE-2024-7246 at NVDcpe:/o:opensuse:leap:15.5Security update for govulncheck-vulndb (Moderate)openSUSE Leap 15.5
This update for govulncheck-vulndb fixes the following issues:
- Update to version 0.0.20241218T202206 2024-12-18T20:22:06Z. (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3333
- Update to version 0.0.20241218T163557 2024-12-18T16:35:57Z. (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3331 GHSA-9j3m-fr7q-jxfw
* GO-2024-3334 GHSA-qqc8-rv37-79q5
* GO-2024-3335 GHSA-xx83-cxmq-x89m
* GO-2024-3336 GHSA-cwq8-g58r-32hg
* GO-2024-3337 GHSA-69pr-78gv-7c6h
* GO-2024-3338 GHSA-826h-p4c3-477p
* GO-2024-3339 GHSA-8wcc-m6j2-qxvm
* GO-2024-3340 GHSA-v647-h8jj-fw5r
- Update to version 0.0.20241213T205935 2024-12-13T20:59:35Z. (jsc#PED-11136)
Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2022-0635 GHSA-7f33-f4f5-xwgw
* GO-2022-0646 GHSA-f5pg-7wfw-84q9
* GO-2022-0828 GHSA-fx8w-mjvm-hvpc
* GO-2023-2170 GHSA-q78c-gwqw-jcmc
* GO-2023-2330 GHSA-7fxm-f474-hf8w
* GO-2024-2901 GHSA-8hqg-whrw-pv92
* GO-2024-3104 GHSA-846m-99qv-67mg
* GO-2024-3122 GHSA-q3hw-3gm4-w5cr
* GO-2024-3140 GHSA-xxxw-3j6h-q7h6
* GO-2024-3169 GHSA-fhqq-8f65-5xfc
* GO-2024-3186 GHSA-586p-749j-fhwp
* GO-2024-3205 GHSA-xhr3-wf7j-h255
* GO-2024-3218 GHSA-mqr9-hjr8-2m9w
* GO-2024-3245 GHSA-95j2-w8x7-hm88
* GO-2024-3248 GHSA-p26r-gfgc-c47h
* GO-2024-3259 GHSA-p7mv-53f2-4cwj
* GO-2024-3265 GHSA-gppm-hq3p-h4rp
* GO-2024-3268 GHSA-r864-28pw-8682
* GO-2024-3279 GHSA-7225-m954-23v7
* GO-2024-3282 GHSA-r4pg-vg54-wxx4
* GO-2024-3286 GHSA-27wf-5967-98gx
* GO-2024-3293
* GO-2024-3295 GHSA-55v3-xh23-96gh
* GO-2024-3302 GHSA-px8v-pp82-rcvr
* GO-2024-3306 GHSA-7mwh-q3xm-qh6p
* GO-2024-3312 GHSA-4c49-9fpc-hc3v
* GO-2024-3313 GHSA-jpmc-7p9c-4rxf
* GO-2024-3314 GHSA-c2xf-9v2r-r2rx
* GO-2024-3315
* GO-2024-3319 GHSA-vmg2-r3xv-r3xf
* GO-2024-3321 GHSA-v778-237x-gjrc
* GO-2024-3323 GHSA-25w9-wqfq-gwqx
* GO-2024-3324 GHSA-4pjc-pwgq-q9jp
* GO-2024-3325 GHSA-c7xh-gjv4-4jgv
* GO-2024-3326 GHSA-fqj6-whhx-47p7
* GO-2024-3327 GHSA-xx68-37v4-4596
* GO-2024-3330 GHSA-7prj-hgx4-2xc3
Moderatecpe:/o:opensuse:leap:15.5Security update for grpc (Moderate)openSUSE Leap 15.5
This update for grpc fixes the following issues:
- CVE-2024-7246: HPACK table poisoning by gRPC clients communicating with a HTTP/2 proxy. (bsc#1228919)
- CVE-2024-11407: data corruption on servers with transmit zero copy enabled. (bsc#1233821)
ModerateSUSE bug 1228919SUSE bug 1233821CVE-2024-11407 at SUSECVE-2024-11407 at NVDCVE-2024-7246 at SUSECVE-2024-7246 at NVDcpe:/o:opensuse:leap:15.5Security update for suse-build-key (Important)openSUSE Leap 15.5
This update for suse-build-key fixes the following issues:
This update runs a import-suse-build-key script.
The previous libzypp-post-script based installation is replaced
with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777).
- suse-build-key-import.service
- suse-build-key-import.timer
It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys.
After successful import the timer is disabled.
To manually import them you can also run:
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc
# rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc
Bugfix added since last update:
- run rpm commands in import script only when libzypp is not
active. bsc#1219189 bsc#1219123
ImportantSUSE bug 1219123SUSE bug 1219189cpe:/o:opensuse:leap:15.5Security update for squid (Important)openSUSE Leap 15.5
This update for squid fixes the following issues:
- CVE-2023-50269: fixed X-Forwarded-For Stack Overflow. (bsc#1217654)
- CVE-2024-23638: fixed Denial of Service attack against Cache Manager error responses. (bsc#1219131)
ImportantSUSE bug 1217654SUSE bug 1219131CVE-2023-50269 at SUSECVE-2023-50269 at NVDCVE-2024-23638 at SUSECVE-2024-23638 at NVDcpe:/o:opensuse:leap:15.5Security update for runc (Important)openSUSE Leap 15.5
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
ImportantSUSE bug 1218894CVE-2024-21626 at SUSECVE-2024-21626 at NVDcpe:/o:opensuse:leap:15.5Security update for rekor (Important)openSUSE Leap 15.5
This update for rekor fixes the following issues:
update to 1.3.5 (jsc#SLE-23476):
- Additional unique index correction
- Remove timestamp from checkpoint
- Drop conditional when verifying entry checkpoint
- Fix panic for DSSE canonicalization
- Change Redis value for locking mechanism
- give log timestamps nanosecond precision
- output trace in slog and override correlation header name
- bumped embedded golang.org/x/crypto/ssh to fix the Terrapin attack CVE-2023-48795 (bsc#1218207)
Updated to 1.3.4:
* add mysql indexstorage backend
* add s3 storage for attestations
* fix: Do not check for pubsub.topics.get on initialization
* fix optional field in cose schema
* Update ranges.go
* update indexstorage interface to reduce roundtrips
* use a single validator library in rekor-cli
* Remove go-playground/validator dependency from pkg/pki
Updated to rekor 1.3.3 (jsc#SLE-23476):
- Update signer flag description
- update trillian to 1.5.3
- adds redis_auth
- Add method to get artifact hash for an entry
- make e2e tests more usable with docker-compose
- install go at correct version for codeql
Updated to rekor 1.3.2 (jsc#SLE-23476):
Updated to rekor 1.3.1 (jsc#SLE-23476):
New Features:
- enable GCP cloud profiling on rekor-server (#1746)
- move index storage into interface (#1741)
- add info to readme to denote additional documentation sources (#1722)
- Add type of ed25519 key for TUF (#1677)
- Allow parsing base64-encoded TUF metadata and root content (#1671)
Quality Enhancements:
- disable quota in trillian in test harness (#1680)
Bug Fixes:
- Update contact for code of conduct (#1720)
- Fix panic when parsing SSH SK pubkeys (#1712)
- Correct index creation (#1708)
- docs: fixzes a small typo on the readme (#1686)
- chore: fix backfill-redis Makefile target (#1685)
Updated to rekor 1.3.0 (jsc#SLE-23476):
- Update openapi.yaml (#1655)
- pass transient errors through retrieveLogEntry (#1653)
- return full entryID on HTTP 409 responses (#1650)
- feat: Support publishing new log entries to Pub/Sub topics (#1580)
- Change values of Identity.Raw, add fingerprints (#1628)
- Extract all subjects from SANs for x509 verifier (#1632)
- Fix type comment for Identity struct (#1619)
- Refactor Identities API (#1611)
- Refactor Verifiers to return multiple keys (#1601)
- Update checkpoint link (#1597)
- Use correct log index in inclusion proof (#1599)
- remove instrumentation library (#1595)
Updated to rekor 1.2.2 (jsc#SLE-23476):
- pass down error with message instead of nil
- swap killswitch for 'docker-compose restart'
- CVE-2023-48795: Fixed Terrapin attack in embedded golang.org/x/crypto/ssh (bsc#1218207).
ImportantSUSE bug 1218207CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Important)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ImportantSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- Update patch reference for ax88179 fix (bsc#1218948)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441.
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an internal function that shouldn't have been exported
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernel-source: Fix description typo
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mkspec: Include constraints for both multibuild and plain package always There is no need to check for multibuild flag, the constraints can be always generated for both cases.
- mkspec: Use variant in constraints template Constraints are not applied consistently with kernel package variants. Add variant to the constraints template as appropriate, and expand it in mkspec.
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- s390: vfio-ap: tighten the NIB validity check (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the 'max_mapping_size' method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of 'its' (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1108281SUSE bug 1141539SUSE bug 1174649SUSE bug 1181674SUSE bug 1193285SUSE bug 1194869SUSE bug 1209834SUSE bug 1210443SUSE bug 1211515SUSE bug 1212091SUSE bug 1214377SUSE bug 1215275SUSE bug 1215885SUSE bug 1216441SUSE bug 1216559SUSE bug 1216702SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218005SUSE bug 1218447SUSE bug 1218527SUSE bug 1218659SUSE bug 1218713SUSE bug 1218723SUSE bug 1218730SUSE bug 1218738SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218778SUSE bug 1218779SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218948SUSE bug 1218958SUSE bug 1218968SUSE bug 1218997SUSE bug 1219006SUSE bug 1219012SUSE bug 1219013SUSE bug 1219014SUSE bug 1219053SUSE bug 1219067SUSE bug 1219120SUSE bug 1219128SUSE bug 1219136SUSE bug 1219285SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219512SUSE bug 1219568SUSE bug 1219582CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat (Important)openSUSE Leap 15.5
This update for tomcat fixes the following issues:
Updated to Tomcat 9.0.85:
- CVE-2023-45648: Improve trailer header parsing (bsc#1216118).
- CVE-2023-42794: FileUpload: remove tmp files to avoid DoS on Windows (bsc#1216120).
- CVE-2023-42795: Improve handling of failures during recycle() methods (bsc#1216119).
- CVE-2023-46589: Fixed HTTP request smuggling due to incorrect headers parsing (bsc#1217649)
- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)
The following non-security issues were fixed:
- Fixed the file permissions for server.xml (bsc#1217768, bsc#1217402).
Find the full release notes at:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html
ImportantSUSE bug 1216118SUSE bug 1216119SUSE bug 1216120SUSE bug 1217402SUSE bug 1217649SUSE bug 1217768SUSE bug 1219208CVE-2023-42794 at SUSECVE-2023-42794 at NVDCVE-2023-42795 at SUSECVE-2023-42795 at NVDCVE-2023-45648 at SUSECVE-2023-45648 at NVDCVE-2023-46589 at SUSECVE-2023-46589 at NVDCVE-2024-22029 at SUSECVE-2024-22029 at NVDcpe:/o:opensuse:leap:15.5Security update for tomcat10 (Important)openSUSE Leap 15.5
This update for tomcat10 fixes the following issues:
- CVE-2024-22029: Fixed escalation to root from tomcat user via %post script. (bsc#1219208)
ImportantSUSE bug 1219208CVE-2024-22029 at SUSECVE-2024-22029 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openj9 (Important)openSUSE Leap 15.5
This update for java-1_8_0-openj9 fixes the following issues:
Update to OpenJDK 8u402 build 06 with OpenJ9 0.43.0 virtual machine
* Including OpenJ9 0.41.0 fixes of CVE-2023-5676, bsc#1217214
* CVE-2024-20918 (bsc#1218907), CVE-2024-20919 (bsc#1218903),
CVE-2024-20921 (bsc#1218905), CVE-2024-20926 (bsc#1218906),
CVE-2024-20945 (bsc#1218909), CVE-2024-20952 (bsc#1218911)
ImportantSUSE bug 1217214SUSE bug 1218903SUSE bug 1218905SUSE bug 1218906SUSE bug 1218907SUSE bug 1218909SUSE bug 1218911CVE-2023-5676 at SUSECVE-2023-5676 at NVDCVE-2024-20918 at SUSECVE-2024-20918 at NVDCVE-2024-20919 at SUSECVE-2024-20919 at NVDCVE-2024-20921 at SUSECVE-2024-20921 at NVDCVE-2024-20926 at SUSECVE-2024-20926 at NVDCVE-2024-20945 at SUSECVE-2024-20945 at NVDCVE-2024-20952 at SUSECVE-2024-20952 at NVDcpe:/o:opensuse:leap:15.5Security update for SUSE Manager Client Tools (Moderate)openSUSE Leap 15.5
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Do not strip if SUSE Linux Enterprise 15 SP3
- Exclude debug for Red Hat Enterprise Linux >= 8
- Build with Go >= 1.20 when the OS is not Red Hat Enterprise Linux
mgr-daemon:
- Version 4.3.8-1
* Update translation strings
prometheus-postgres_exporter:
- Remove duplicated call to systemd requirements
- Do not build debug if Red Hat Enterprise Linux >= 8
- Do not strip if SUSE Linux Enterprise 15 SP3
- Build at least with with Go >= 1.18 on Red Hat Enterprise Linux
- Build with Go >= 1.20 elsewhere
spacecmd:
- Version 4.3.26-1
* Update translation strings
spacewalk-client-tools:
- Version 4.3.18-1
* Update translation strings
uyuni-proxy-systemd-services:
- Version 4.3.10-1
* Update the image version
- Version 4.3.9-1
* Integrate the containerized proxy into the usual rel-eng workflow
ModerateSUSE bug 1192154SUSE bug 1192696SUSE bug 1193492SUSE bug 1193686SUSE bug 1200480SUSE bug 1204023SUSE bug 1218843SUSE bug 1218844CVE-2020-7753 at SUSECVE-2020-7753 at NVDCVE-2021-3807 at SUSECVE-2021-3807 at NVDCVE-2021-3918 at SUSECVE-2021-3918 at NVDCVE-2021-43138 at SUSECVE-2021-43138 at NVDCVE-2021-43798 at SUSECVE-2021-43798 at NVDCVE-2021-43815 at SUSECVE-2021-43815 at NVDCVE-2022-0155 at SUSECVE-2022-0155 at NVDCVE-2022-41715 at SUSECVE-2022-41715 at NVDcpe:/o:opensuse:leap:15.5Security update for salt (Important)openSUSE Leap 15.5
This update for salt fixes the following issues:
Security issues fixed:
- CVE-2024-22231: Prevent directory traversal when creating syndic cache directory
on the master (bsc#1219430)
- CVE-2024-22232: Prevent directory traversal attacks in the master's serve_file
method (bsc#1219431)
Bugs fixed:
- Ensure that pillar refresh loads beacons from pillar without restart
- Fix the aptpkg.py unit test failure
- Prefer unittest.mock to python-mock in test suite
- Enable 'KeepAlive' probes for Salt SSH executions (bsc#1211649)
- Revert changes to set Salt configured user early in the stack (bsc#1216284)
- Align behavior of some modules when using salt-call via symlink (bsc#1215963)
- Fix gitfs '__env__' and improve cache cleaning (bsc#1193948)
- Remove python-boto dependency for the python3-salt-testsuite package for Tumbleweed
ImportantSUSE bug 1193948SUSE bug 1211649SUSE bug 1215963SUSE bug 1216284SUSE bug 1219430SUSE bug 1219431CVE-2024-22231 at SUSECVE-2024-22231 at NVDCVE-2024-22232 at SUSECVE-2024-22232 at NVDcpe:/o:opensuse:leap:15.5Recommended update for grafana (Moderate)openSUSE Leap 15.5
This update for grafana fixes the following issues:
- Fixed changelog entries for the Bugzilla trackers related to previously implemented security fixes
(no source code changes)
ModerateSUSE bug 1192154SUSE bug 1192696SUSE bug 1200480SUSE bug 1218843SUSE bug 1218844CVE-2020-7753 at SUSECVE-2020-7753 at NVDCVE-2021-3807 at SUSECVE-2021-3807 at NVDCVE-2021-3918 at SUSECVE-2021-3918 at NVDCVE-2021-43138 at SUSECVE-2021-43138 at NVDCVE-2022-0155 at SUSECVE-2022-0155 at NVDcpe:/o:opensuse:leap:15.5Security update for golang-github-prometheus-alertmanager (Important)openSUSE Leap 15.5
This update for golang-github-prometheus-alertmanager fixes the following issues:
golang-github-prometheus-alertmanager was updated from version 0.23.0 to 0.26.0 (jsc#PED-7353):
- Version 0.26.0:
* Security fixes:
+ CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
* Other changes and bugs fixed:
+ Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
+ Templating: Fixed a race condition when using the title function. It is now race-safe
+ API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
+ API: Attempting to delete a silence now returns the correct status code, 404 instead of 500
+ Clustering: Fixes a panic when tls_client_config is empty
+ Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text
+ Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the
alert delivery
+ Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster
+ Integrations: Add Microsoft Teams as a supported integration
- Version 0.25.0:
* Fail configuration loading if api_key and api_key_file are defined at the same time
* Fix the alertmanager_alerts metric to avoid counting resolved alerts as active. Also added a new
alertmanager_marked_alerts metric that retain the old behavior
* Trim contents of Slack API URLs when reading from files
* amtool: Avoid panic when the label value matcher is empty
* Fail configuration loading if api_url is empty for OpsGenie
* Fix email template for resolved notifications
* Add proxy_url support for OAuth2 in HTTP client configuration
* Reload TLS certificate and key from disk when updated
* Add Discord integration
* Add Webex integration
* Add min_version support to select the minimum TLS version in HTTP client configuration
* Add max_version support to select the maximum TLS version in HTTP client configuration
* Emit warning logs when truncating messages in notifications
* Support HEAD method for the /-/healty and /-/ready endpoints
* Add support for reading global and local SMTP passwords from files
* UI: Add 'Link' button to alerts in list
* UI: Allow to choose the first day of the week as Sunday or Monday
- Version 0.24.0:
* Fix HTTP client configuration for the SNS receiver
* Fix unclosed file descriptor after reading the silences snapshot file
* Fix field names for mute_time_intervals in JSON marshaling
* Ensure that the root route doesn't have any matchers
* Truncate the message's title to 1024 chars to avoid hitting Slack limits
* Fix the default HTML email template (email.default.html) to match with the canonical source
* Detect SNS FIFO topic based on the rendered value
* Avoid deleting and recreating a silence when an update is possible
* api/v2: Return 200 OK when deleting an expired silence
* amtool: Fix the silence's end date when adding a silence. The end date is (start date + duration) while it used to
be (current time + duration). The new behavior is consistent with the update operation
* Add the /api/v2 prefix to all endpoints in the OpenAPI specification and generated client code
* Add --cluster.tls-config experimental flag to secure cluster traffic via mutual TLS
* Add Telegram integration
ImportantSUSE bug 1218838CVE-2023-40577 at SUSECVE-2023-40577 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- Fix crash in vmw_context_cotables_unref when 3d support is enabled (bsc#1218738)
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kabi/severities: ignore _rtl92c_phy_calculate_bit_shift symbol It's an internal function that shouldn't have been exported
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernel-source: Fix description typo
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- s390: vfio-ap: tighten the NIB validity check (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scripts/kernel-doc: restore warning for Excess struct/union (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the 'max_mapping_size' method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of 'its' (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1108281SUSE bug 1141539SUSE bug 1174649SUSE bug 1181674SUSE bug 1193285SUSE bug 1194869SUSE bug 1209834SUSE bug 1210443SUSE bug 1211515SUSE bug 1212091SUSE bug 1214377SUSE bug 1215275SUSE bug 1215885SUSE bug 1216441SUSE bug 1216559SUSE bug 1216702SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218005SUSE bug 1218447SUSE bug 1218527SUSE bug 1218659SUSE bug 1218689SUSE bug 1218713SUSE bug 1218723SUSE bug 1218730SUSE bug 1218738SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218778SUSE bug 1218779SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218948SUSE bug 1218958SUSE bug 1218968SUSE bug 1218997SUSE bug 1219006SUSE bug 1219012SUSE bug 1219013SUSE bug 1219014SUSE bug 1219053SUSE bug 1219067SUSE bug 1219120SUSE bug 1219128SUSE bug 1219136SUSE bug 1219285SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219512SUSE bug 1219568SUSE bug 1219582SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
- CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447).
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
The following non-security bugs were fixed:
- Documentation: RAS: Add index and address translation section (jsc#PED-7618).
- ACPI: LPIT: Avoid u32 multiplication overflow (git-fixes).
- ACPI: LPSS: Fix the fractional clock divider flags (git-fixes).
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (bsc#1214377)
- ACPI: extlog: Clear Extended Error Log status when RAS_CEC handled the error (git-fixes).
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (bsc#1214377)
- ACPI: property: Allow _DSD buffer data only for byte accessors (git-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (git-fixes).
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (bsc#1214377)
- ACPI: video: check for error while searching for backlight device parent (git-fixes).
- ALSA: hda/conexant: Fix headset auto detect fail in cx8070 and SN6140 (git-fixes).
- ALSA: hda/cs8409: Suppress vmaster control for Dolphin models (git-fixes).
- ALSA: hda/realtek: Add quirks for ASUS Zenbook 2022 Models (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Lenovo M70 Gen5 (git-fixes).
- ALSA: hda/realtek: Enable mute/micmute LEDs and limit mic boost on HP ZBook (git-fixes).
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP Envy X360 13-ay0xxx (git-fixes).
- ALSA: hda/relatek: Enable Mute LED on HP Laptop 15s-fq2xxx (git-fixes).
- ALSA: hda: Refer to correct stream index at loops (git-fixes).
- ALSA: hda: intel-nhlt: Ignore vbps when looking for DMIC 32 bps format (git-fixes).
- ALSA: oxygen: Fix right channel of capture volume mixer (git-fixes).
- ASoC: Intel: Skylake: Fix mem leak in few functions (git-fixes).
- ASoC: Intel: Skylake: mem leak in skl register function (git-fixes).
- ASoC: Intel: bytcr_rt5640: Add quirk for the Medion Lifetab S10346 (git-fixes).
- ASoC: Intel: glk_rt5682_max98357a: fix board id mismatch (git-fixes).
- ASoC: amd: Add Dell G15 5525 to quirks list (bsc#1219136).
- ASoC: amd: Add check for acp config flags (bsc#1219136).
- ASoC: amd: Add new dmi entries to config entry (bsc#1219136).
- ASoC: amd: Drop da7219_aad_jack_det() usage (bsc#1219136).
- ASoC: amd: Drop empty platform remove function (bsc#1219136).
- ASoC: amd: Update Pink Sardine platform ACP register header (bsc#1219136).
- ASoC: amd: acp-config: Add missing MODULE_DESCRIPTION (git-fixes).
- ASoC: amd: acp-da7219-max98357a: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp-rt5645: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Configure jack as not detecting Line Out (bsc#1219136).
- ASoC: amd: acp3x-rt5682-max9836: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Add TDM slots setting support for ACP I2S controller (bsc#1219136).
- ASoC: amd: acp: Add TDM support for acp i2s stream (bsc#1219136).
- ASoC: amd: acp: Add i2s tdm support in machine driver (bsc#1219136).
- ASoC: amd: acp: Add kcontrols and widgets per-codec in common code (bsc#1219136).
- ASoC: amd: acp: Add missing MODULE_DESCRIPTION in mach-common (git-fixes).
- ASoC: amd: acp: Add new cpu dai's in machine driver (bsc#1219136).
- ASoC: amd: acp: Add setbias level for rt5682s codec in machine driver (bsc#1219136).
- ASoC: amd: acp: Enable i2s tdm support for skyrim platforms (bsc#1219136).
- ASoC: amd: acp: Fix possible UAF in acp_dma_open (bsc#1219136).
- ASoC: amd: acp: Initialize list to store acp_stream during pcm_open (bsc#1219136).
- ASoC: amd: acp: Map missing jack kcontrols (bsc#1219136).
- ASoC: amd: acp: Modify dai_id macros to be more generic (bsc#1219136).
- ASoC: amd: acp: Refactor bit width calculation (bsc#1219136).
- ASoC: amd: acp: Refactor dai format implementation (bsc#1219136).
- ASoC: amd: acp: Refactor i2s clocks programming sequence (bsc#1219136).
- ASoC: amd: acp: add a label to make error path more clean (bsc#1219136).
- ASoC: amd: acp: add acp i2s master clock generation for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: add pm ops support for acp pci driver (bsc#1219136).
- ASoC: amd: acp: add pm ops support for rembrandt platform (bsc#1219136).
- ASoC: amd: acp: clean up some inconsistent indentings (bsc#1219136).
- ASoC: amd: acp: clear pdm dma interrupt mask (bsc#1219136).
- ASoC: amd: acp: delete unnecessary NULL check (bsc#1219136).
- ASoC: amd: acp: export config_acp_dma() and config_pte_for_stream() symbols (bsc#1219136).
- ASoC: amd: acp: fix SND_SOC_AMD_ACP_PCI depdenencies (bsc#1219136).
- ASoC: amd: acp: move pdm macros to common header file (bsc#1219136).
- ASoC: amd: acp: refactor the acp init and de-init sequence (bsc#1219136).
- ASoC: amd: acp: rembrandt: Drop if blocks with always false condition (bsc#1219136).
- ASoC: amd: acp: remove acp poweroff function (bsc#1219136).
- ASoC: amd: acp: remove the redundant acp enable/disable interrupts functions (bsc#1219136).
- ASoC: amd: acp: remove unnecessary NULL checks (bsc#1219136).
- ASoC: amd: acp: store platform device reference created in pci probe call (bsc#1219136).
- ASoC: amd: acp: store the pdm stream channel mask (bsc#1219136).
- ASoC: amd: acp: store xfer_resolution of the stream (bsc#1219136).
- ASoC: amd: acp: switch to use dev_err_probe() (bsc#1219136).
- ASoC: amd: acp: use devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: acp: use function devm_kcalloc() instead of devm_kzalloc() (bsc#1219136).
- ASoC: amd: add Pink Sardine ACP PCI driver (bsc#1219136).
- ASoC: amd: add Pink Sardine machine driver using dmic (bsc#1219136).
- ASoC: amd: add Pink Sardine platform ACP IP register header (bsc#1219136).
- ASoC: amd: add acp6.2 init/de-init functions (bsc#1219136).
- ASoC: amd: add acp6.2 irq handler (bsc#1219136).
- ASoC: amd: add acp6.2 pci driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver dma ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm driver pm ops (bsc#1219136).
- ASoC: amd: add acp6.2 pdm platform driver (bsc#1219136).
- ASoC: amd: add platform devices for acp6.2 pdm driver and dmic driver (bsc#1219136).
- ASoC: amd: create platform device for acp6.2 machine driver (bsc#1219136).
- ASoC: amd: enable Pink Sardine acp6.2 drivers build (bsc#1219136).
- ASoC: amd: enable Pink sardine platform machine driver build (bsc#1219136).
- ASoC: amd: fix ACP version typo mistake (bsc#1219136).
- ASoC: amd: fix spelling mistake: 'i.e' -> 'i.e.' (bsc#1219136).
- ASoC: amd: ps: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: ps: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: ps: Fix uninitialized ret in create_acp64_platform_devs() (bsc#1219136).
- ASoC: amd: ps: Move acp63_dev_data strcture from PCI driver (bsc#1219136).
- ASoC: amd: ps: Update copyright notice (bsc#1219136).
- ASoC: amd: ps: add mutex lock for accessing common registers (bsc#1219136).
- ASoC: amd: ps: fix for acp_lock access in pdm driver (bsc#1219136).
- ASoC: amd: ps: implement api to retrieve acp device config (bsc#1219136).
- ASoC: amd: ps: move irq handler registration (bsc#1219136).
- ASoC: amd: ps: refactor acp power on and reset functions (bsc#1219136).
- ASoC: amd: ps: refactor platform device creation logic (bsc#1219136).
- ASoC: amd: ps: remove the register read and write wrappers (bsc#1219136).
- ASoC: amd: ps: remove unused variable (bsc#1219136).
- ASoC: amd: ps: update dev index value in irq handler (bsc#1219136).
- ASoC: amd: ps: update macros with ps platform naming convention (bsc#1219136).
- ASoC: amd: ps: update the acp clock source (bsc#1219136).
- ASoC: amd: ps: use acp_lock to protect common registers in pdm driver (bsc#1219136).
- ASoC: amd: ps: use static function (bsc#1219136).
- ASoC: amd: renoir: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: renoir: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: update pm_runtime enable sequence (bsc#1219136).
- ASoC: amd: vangogh: Add check for acp config flags in vangogh platform (bsc#1219136).
- ASoC: amd: vangogh: Make use of DRV_NAME (bsc#1219136).
- ASoC: amd: vangogh: Remove unnecessary init function (bsc#1219136).
- ASoC: amd: vangogh: select CONFIG_SND_AMD_ACP_CONFIG (bsc#1219136).
- ASoC: amd: yc: Add ASUS M3402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ASUS M5402RA into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Alienware m17 R5 AMD into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Asus VivoBook Pro 14 OLED M6400RC to the quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A42) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support HP OMEN 16-n0xxx (8A43) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Gaming Laptop 15-fb0xxx (8A3E) (bsc#1219136).
- ASoC: amd: yc: Add DMI entries to support Victus by HP Laptop 16-e1xxx (8A22) (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 12 (bsc#1219136).
- ASoC: amd: yc: Add DMI entry to support System76 Pangolin 13 (bsc#1219136).
- ASoC: amd: yc: Add DMI support for new acer/emdoor platforms (bsc#1219136).
- ASoC: amd: yc: Add HP 255 G10 into quirk table (bsc#1219136).
- ASoC: amd: yc: Add Lenovo Thinkbook 14+ 2022 21D0 to quirks table (bsc#1219136).
- ASoC: amd: yc: Add MECHREVO Jiaolong Series MRID6 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Razer Blade 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add ThinkBook 14 G5+ ARP to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Thinkpad Neo14 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add VivoBook Pro 15 to quirks list for acp6x (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 14 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add Xiaomi Redmi Book Pro 15 2022 into DMI table (bsc#1219136).
- ASoC: amd: yc: Add a module parameter to influence pdm_gain (bsc#1219136).
- ASoC: amd: yc: Adding Lenovo ThinkBook 14 Gen 4+ ARA and Lenovo ThinkBook 16 Gen 4+ ARA to the Quirks List (bsc#1219136).
- ASoC: amd: yc: Adjust the gain for PDM DMIC (bsc#1219136).
- ASoC: amd: yc: Fix a non-functional mic on Lenovo 82TL (bsc#1219136).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1504FA (bsc#1219136).
- ASoC: amd: yp: Add OMEN by HP Gaming Laptop 16z-n000 to quirks (bsc#1219136).
- ASoC: codecs: lpass-wsa-macro: fix compander volume hack (git-fixes).
- ASoC: codecs: wcd938x: fix headphones volume controls (git-fixes).
- ASoC: codecs: wcd938x: handle deferred probe (git-fixes).
- ASoC: cs35l33: Fix GPIO name and drop legacy include (git-fixes).
- ASoC: cs43130: Fix incorrect frame delay configuration (git-fixes).
- ASoC: cs43130: Fix the position of const qualifier (git-fixes).
- ASoC: da7219: Support low DC impedance headset (git-fixes).
- ASoC: nau8822: Fix incorrect type in assignment and cast to restricted __be16 (git-fixes).
- ASoC: ops: add correct range check for limiting volume (git-fixes).
- ASoC: rt5645: Drop double EF20 entry from dmi_platform_data[] (git-fixes).
- ASoC: rt5650: add mutex to avoid the jack detection failure (git-fixes).
- ASoC: sun4i-spdif: Fix requirements for H6 (git-fixes).
- ASoC: wm8974: Correct boost mixer inputs (git-fixes).
- Add DMI ID for MSI Bravo 15 B7ED (bsc#1219136).
- Bluetooth: Fix atomicity violation in {min,max}_key_size_set (git-fixes).
- Bluetooth: btmtkuart: fix recv_buf() return value (git-fixes).
- Documentation: Begin a RAS section (jsc#PED-7622).
- EDAC/amd64: Add MI300 row retirement support (jsc#PED-7618).
- EDAC/amd64: Add context struct (jsc#PED-7615).
- EDAC/amd64: Add get_err_info() to pvt->ops (jsc#PED-7615).
- EDAC/amd64: Add support for AMD heterogeneous Family 19h Model 30h-3Fh (jsc#PED-7616).
- EDAC/amd64: Add support for ECC on family 19h model 60h-7Fh (jsc#PED-7615).
- EDAC/amd64: Add support for family 0x19, models 0x90-9f devices (jsc#PED-7622).
- EDAC/amd64: Allow for DF Indirect Broadcast reads (jsc#PED-7615).
- EDAC/amd64: Cache and use GPU node map (jsc#PED-7616).
- EDAC/amd64: Do not discover ECC symbol size for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Do not set up EDAC PCI control on Family 17h+ (jsc#PED-7615).
- EDAC/amd64: Document heterogeneous system enumeration (jsc#PED-7616).
- EDAC/amd64: Drop dbam_to_cs() for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Fix indentation in umc_determine_edac_cap() (jsc#PED-7615).
- EDAC/amd64: Merge struct amd64_family_type into struct amd64_pvt (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 0 (jsc#PED-7615).
- EDAC/amd64: Remove PCI Function 6 (jsc#PED-7615).
- EDAC/amd64: Remove early_channel_count() (jsc#PED-7615).
- EDAC/amd64: Remove module version string (jsc#PED-7615).
- EDAC/amd64: Remove scrub rate control for Family 17h and later (jsc#PED-7615).
- EDAC/amd64: Rename debug_display_dimm_sizes() (jsc#PED-7615).
- EDAC/amd64: Rename f17h_determine_edac_ctl_cap() (jsc#PED-7615).
- EDAC/amd64: Rework hw_info_{get,put} (jsc#PED-7615).
- EDAC/amd64: Shut up an -Werror,-Wsometimes-uninitialized clang false positive (jsc#PED-7615).
- EDAC/amd64: Split determine_edac_cap() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split determine_memory_type() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split dump_misc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split ecc_enabled() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split get_csrow_nr_pages() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split init_csrows() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split prep_chip_selects() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_base_mask() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split read_mc_regs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Split setup_mci_misc_attrs() into dct/umc functions (jsc#PED-7615).
- EDAC/amd64: Use new AMD Address Translation Library (jsc#PED-7618).
- EDAC/mc: Add new HBM2 memory type (jsc#PED-7616).
- EDAC/mc: Add support for HBM3 memory type (jsc#PED-7622).
- EDAC/mce_amd: Remove SMCA Extended Error code descriptions (jsc#PED-7622).
- EDAC/thunderx: Fix possible out-of-bounds string access (git-fixes).
- HID: i2c-hid-of: fix NULL-deref on failed power up (git-fixes).
- HID: wacom: Correct behavior when processing some confidence == false touches (git-fixes).
- IB/iser: Prevent invalidating wrong MR (git-fixes)
- Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (git-fixes).
- Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID (git-fixes).
- Input: atkbd - use ab83 as id when skipping the getid command (git-fixes).
- Input: bcm5974 - check endpoint type before starting traffic (git-fixes).
- Input: i8042 - add nomux quirk for Acer P459-G2-M (git-fixes).
- Input: xpad - add Razer Wolverine V2 support (git-fixes).
- KVM: SVM: Update EFER software model on CR0 trap for SEV-ES (git-fixes).
- KVM: s390: vsie: Fix STFLE interpretive execution identification (git-fixes bsc#1218997).
- KVM: x86: Mask LVTPC when handling a PMI (jsc#PED-7322).
- Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281).
- PCI/AER: Configure ECRC only if AER is native (bsc#1218778)
- PCI/P2PDMA: Remove reference to pci_p2pdma_map_sg() (git-fixes).
- PCI: Add ACS quirk for more Zhaoxin Root Ports (git-fixes).
- PCI: keystone: Fix race condition when initializing PHYs (git-fixes).
- PM: hibernate: Enforce ordering during image compression/decompression (git-fixes).
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (jsc#PED-7618).
- RAS/AMD/ATL: Add MI300 support (jsc#PED-7618).
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (jsc#PED-7618).
- RAS: Introduce AMD Address Translation Library (jsc#PED-7618).
- RDMA/hns: Fix inappropriate err code for unsupported operations (git-fixes)
- RDMA/hns: Fix unnecessary err return when using invalid congest control algorithm (git-fixes)
- RDMA/hns: Remove unnecessary checks for NULL in mtr_alloc_bufs() (git-fixes)
- RDMA/irdma: Add wait for suspend on SQD (git-fixes)
- RDMA/irdma: Avoid free the non-cqp_request scratch (git-fixes)
- RDMA/irdma: Do not modify to SQD on error (git-fixes)
- RDMA/irdma: Fix UAF in irdma_sc_ccq_get_cqe_info() (git-fixes)
- RDMA/irdma: Refactor error handling in create CQP (git-fixes)
- RDMA/rtrs-clt: Fix the max_send_wr setting (git-fixes)
- RDMA/rtrs-clt: Remove the warnings for req in_use check (git-fixes)
- RDMA/rtrs-clt: Start hb after path_up (git-fixes)
- RDMA/rtrs-srv: Check return values while processing info request (git-fixes)
- RDMA/rtrs-srv: Destroy path files after making sure no IOs in-flight (git-fixes)
- RDMA/rtrs-srv: Do not unconditionally enable irq (git-fixes)
- RDMA/rtrs-srv: Free srv_mr iu only when always_invalidate is true (git-fixes)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (git-fixes)
- USB: xhci: workaround for grace period (git-fixes).
- Update config files: enable ASoC AMD PS drivers (bsc#1219136)
- Update patch reference for ax88179 fix (bsc#1218948)
- acpi: property: Let args be NULL in __acpi_node_get_property_reference (git-fixes).
- aio: fix mremap after fork null-deref (git-fixes).
- apparmor: avoid crash when parsed profile name is empty (git-fixes).
- arm64: Add CNT{P,V}CTSS_EL0 alternatives to cnt{p,v}ct_el0 (jsc#PED-4729)
- arm64: Add a capability for FEAT_ECV (jsc#PED-4729) Use cpu_hwcaps PLACEHOLDER_4 for HAS_ECV.
- arm64: alternative: patch alternatives in the vDSO (jsc#PED-4729)
- arm64: dts: armada-3720-turris-mox: set irq type for RTC (git-fixes)
- arm64: dts: imx8mp: imx8mq: Add parkmode-disable-ss-quirk on DWC3 (git-fixes)
- arm64: dts: imx8mq: drop usb3-resume-missing-cas from usb (git-fixes)
- arm64: dts: ls208xa: use a pseudo-bus to constrain usb dma size (git-fixes)
- arm64: dts: rockchip: Expand reg size of vdec node for RK3399 (git-fixes)
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (git-fixes)
- arm64: module: move find_section to header (jsc#PED-4729)
- arm64: vdso: Fix 'no previous prototype' warning (jsc#PED-4729)
- arm64: vdso: remove two .altinstructions related symbols (jsc#PED-4729)
- arm64: vdso: use SYS_CNTVCTSS_EL0 for gettimeofday (jsc#PED-4729)
- asix: Add check for usbnet_get_endpoints (git-fixes).
- attr: block mode changes of symlinks (git-fixes).
- badblocks: add helper routines for badblock ranges handling (bsc#1174649).
- badblocks: add more helper structure and routines in badblocks.h (bsc#1174649).
- badblocks: avoid checking invalid range in badblocks_check() (bsc#1174649).
- badblocks: improve badblocks_check() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_clear() for multiple ranges handling (bsc#1174649).
- badblocks: improve badblocks_set() for multiple ranges handling (bsc#1174649).
- badblocks: switch to the improved badblock handling code (bsc#1174649).
- bpf: Limit the number of kprobes when attaching program to multiple kprobes (git-fixes).
- bus: mhi: host: Add alignment check for event ring read pointer (git-fixes).
- bus: mhi: host: Add spinlock to protect WP access when queueing TREs (git-fixes).
- bus: mhi: host: Drop chan lock before queuing buffers (git-fixes).
- ceph: select FS_ENCRYPTION_ALGS if FS_ENCRYPTION (bsc#1219568).
- clk: qcom: gpucc-sm8150: Update the gpu_cc_pll1 config (git-fixes).
- clk: qcom: videocc-sm8150: Add missing PLL config property (git-fixes).
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (git-fixes).
- clk: samsung: Fix kernel-doc comments (git-fixes).
- clk: si5341: fix an error code problem in si5341_output_clk_set_rate (git-fixes).
- clk: zynqmp: Add a check for NULL pointer (git-fixes).
- clk: zynqmp: make bestdiv unsigned (git-fixes).
- clocksource: Skip watchdog check for large watchdog intervals (git-fixes).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- coresight: etm4x: Add ACPI support in platform driver (bsc#1218779)
- coresight: etm4x: Allocate and device assign 'struct etmv4_drvdata' (bsc#1218779)
- coresight: etm4x: Change etm4_platform_driver driver for MMIO devices (bsc#1218779)
- coresight: etm4x: Drop iomem 'base' argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Drop pid argument from etm4_probe() (bsc#1218779)
- coresight: etm4x: Ensure valid drvdata and clock before clk_put() (bsc#1218779)
- coresight: platform: acpi: Ignore the absence of graph (bsc#1218779)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (git-fixes).
- crypto: s390/aes - Fix buffer overread in CTR mode (git-fixes).
- crypto: sa2ul - Return crypto_aead_setkey to transfer the error (git-fixes).
- crypto: sahara - do not resize req->src when doing hash operations (git-fixes).
- crypto: sahara - fix ahash reqsize (git-fixes).
- crypto: sahara - fix ahash selftest failure (git-fixes).
- crypto: sahara - fix cbc selftest failure (git-fixes).
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (git-fixes).
- crypto: sahara - fix processing requests with cryptlen < sg->length (git-fixes).
- crypto: sahara - fix wait_for_completion_timeout() error handling (git-fixes).
- crypto: sahara - handle zero-length aes requests (git-fixes).
- crypto: sahara - improve error handling in sahara_sha_process() (git-fixes).
- crypto: sahara - remove FLAGS_NEW_KEY logic (git-fixes).
- crypto: scomp - fix req->dst buffer overflow (git-fixes).
- dma-debug: fix kernel-doc warnings (git-fixes).
- dmaengine: fix NULL pointer in channel unregistration function (git-fixes).
- dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV (git-fixes).
- dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools (git-fixes).
- dmaengine: idxd: Protect int_handle field in hw descriptor (git-fixes).
- dmaengine: ti: k3-udma: Report short packet errors (git-fixes).
- doc/README.KSYMS: Add to repo.
- docs: Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (git-fixes).
- drivers: clk: zynqmp: calculate closest mux rate (git-fixes).
- drivers: clk: zynqmp: update divider round rate logic (git-fixes).
- drm/amd/display: Fix tiled display misalignment (git-fixes).
- drm/amd/display: Port DENTIST hang and TDR fixes to OTG disable W/A (git-fixes).
- drm/amd/display: add nv12 bounding box (git-fixes).
- drm/amd/display: get dprefclk ss info from integration info table (git-fixes).
- drm/amd/display: make flip_timestamp_in_us a 64-bit variable (git-fixes).
- drm/amd/display: pbn_div need be updated for hotplug event (git-fixes).
- drm/amd/display: update dcn315 lpddr pstate latency (git-fixes).
- drm/amd/pm/smu7: fix a memleak in smu7_hwmgr_backend_init (git-fixes).
- drm/amd/pm: fix a double-free in amdgpu_parse_extended_power_table (git-fixes).
- drm/amd/pm: fix a double-free in si_dpm_init (git-fixes).
- drm/amd/powerplay: Fix kzalloc parameter 'ATOM_Tonga_PPM_Table' in 'get_platform_power_management_table()' (git-fixes).
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (git-fixes).
- drm/amdgpu/pm: Fix the power source flag error (git-fixes).
- drm/amdgpu: Add NULL checks for function pointers (git-fixes).
- drm/amdgpu: Drop 'fence' check in 'to_amdgpu_amdkfd_fence()' (git-fixes).
- drm/amdgpu: Fix '*fw' from request_firmware() not released in 'amdgpu_ucode_request()' (git-fixes).
- drm/amdgpu: Fix cat debugfs amdgpu_regs_didt causes kernel null pointer (git-fixes).
- drm/amdgpu: Fix ecc irq enable/disable unpaired (git-fixes).
- drm/amdgpu: Fix missing error code in 'gmc_v6/7/8/9_0_hw_init()' (git-fixes).
- drm/amdgpu: Fix with right return code '-EIO' in 'amdgpu_gmc_vram_checking()' (git-fixes).
- drm/amdgpu: Let KFD sync with VM fences (git-fixes).
- drm/amdgpu: Release 'adev->pm.fw' before return in 'amdgpu_device_need_post()' (git-fixes).
- drm/amdgpu: fix ftrace event amdgpu_bo_move always move on same heap (git-fixes).
- drm/amdgpu: skip gpu_info fw loading on navi12 (git-fixes).
- drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c (git-fixes).
- drm/amdkfd: Fix 'node' NULL check in 'svm_range_get_range_boundaries()' (git-fixes).
- drm/amdkfd: Fix iterator used outside loop in 'kfd_add_peer_prop()' (git-fixes).
- drm/amdkfd: Fix lock dependency warning (git-fixes).
- drm/amdkfd: Fix lock dependency warning with srcu (git-fixes).
- drm/amdkfd: Use resource_size() helper function (git-fixes).
- drm/amdkfd: fixes for HMM mem allocation (git-fixes).
- drm/bridge: Fix typo in post_disable() description (git-fixes).
- drm/bridge: anx7625: Ensure bridge is suspended in disable() (git-fixes).
- drm/bridge: cdns-mhdp8546: Fix use of uninitialized variable (git-fixes).
- drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking (git-fixes).
- drm/bridge: nxp-ptn3460: simplify some error checking (git-fixes).
- drm/bridge: parade-ps8640: Ensure bridge is suspended in .post_disable() (git-fixes).
- drm/bridge: parade-ps8640: Make sure we drop the AUX mutex in the error case (git-fixes).
- drm/bridge: parade-ps8640: Wait for HPD when doing an AUX transfer (git-fixes).
- drm/bridge: tc358767: Fix return value on error case (git-fixes).
- drm/bridge: tpd12s015: Drop buggy __exit annotation for remove function (git-fixes).
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (git-fixes).
- drm/crtc: fix uninitialized variable use (git-fixes).
- drm/drv: propagate errors from drm_modeset_register_all() (git-fixes).
- drm/exynos: Call drm_atomic_helper_shutdown() at shutdown/unbind time (git-fixes).
- drm/exynos: fix a potential error pointer dereference (git-fixes).
- drm/exynos: fix a wrong error checking (git-fixes).
- drm/exynos: fix accidental on-stack copy of exynos_drm_plane (git-fixes).
- drm/exynos: gsc: minor fix for loop iteration in gsc_runtime_resume (git-fixes).
- drm/framebuffer: Fix use of uninitialized variable (git-fixes).
- drm/mediatek: Return error if MDP RDMA failed to enable the clock (git-fixes).
- drm/msm/dpu: Drop enable and frame_count parameters from dpu_hw_setup_misr() (git-fixes).
- drm/msm/dpu: Ratelimit framedone timeout msgs (git-fixes).
- drm/msm/dpu: Set input_sel bit for INTF (git-fixes).
- drm/msm/dpu: fix writeback programming for YUV cases (git-fixes).
- drm/msm/dpu: rename dpu_encoder_phys_wb_setup_cdp to match its functionality (git-fixes).
- drm/msm/dsi: Enable runtime PM (git-fixes).
- drm/msm/dsi: Use pm_runtime_resume_and_get to prevent refcnt leaks (git-fixes).
- drm/msm/mdp4: flush vblank event on disable (git-fixes).
- drm/nouveau/fence:: fix warning directly dereferencing a rcu pointer (git-fixes).
- drm/panel-edp: Add override_edid_mode quirk for generic edp (git-fixes).
- drm/panel-elida-kd35t133: hold panel in reset for unprepare (git-fixes).
- drm/panel: nt35510: fix typo (git-fixes).
- drm/panfrost: Ignore core_mask for poweroff and disable PWRTRANS irq (git-fixes).
- drm/panfrost: Really power off GPU cores in panfrost_gpu_power_off() (git-fixes).
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (git-fixes).
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (git-fixes).
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (git-fixes).
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (git-fixes).
- drm/radeon: check return value of radeon_ring_lock() (git-fixes).
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (git-fixes).
- drm/tidss: Check for K2G in in dispc_softreset() (git-fixes).
- drm/tidss: Fix atomic_flush check (git-fixes).
- drm/tidss: Fix dss reset (git-fixes).
- drm/tidss: Move reset to the end of dispc_init() (git-fixes).
- drm/tidss: Return error value from from softreset (git-fixes).
- drm/tilcdc: Fix irq free on unload (git-fixes).
- drm: Do not unref the same fb many times by mistake due to deadlock handling (git-fixes).
- drm: panel-simple: add missing bus flags for Tianma tm070jvhg[30/33] (git-fixes).
- drm: using mul_u32_u32() requires linux/math64.h (git-fixes).
- dt-bindings: gpio: Remove FSI domain ports on Tegra234 (jsc#PED-6694)
- efi/libstub: Disable PCI DMA before grabbing the EFI memory map (git-fixes).
- eventfd: prevent underflow for eventfd semaphores (git-fixes).
- exfat: fix reporting fs error when reading dir beyond EOF (git-fixes).
- exfat: support handle zero-size directory (git-fixes).
- exfat: use kvmalloc_array/kvfree instead of kmalloc_array/kfree (git-fixes).
- fbdev: Only disable sysfb on the primary device (bsc#1216441)
- fbdev: Only disable sysfb on the primary device (bsc#1216441) Update an existing patch to fix bsc#1216441.
- fbdev: flush deferred IO before closing (git-fixes).
- fbdev: flush deferred work in fb_deferred_io_fsync() (git-fixes).
- fbdev: imxfb: fix left margin setting (git-fixes).
- fbdev: mmp: Fix typo and wording in code comment (git-fixes).
- firewire: core: correct documentation of fw_csr_string() kernel API (git-fixes).
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (git-fixes).
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (git-fixes).
- fjes: fix memleaks in fjes_hw_setup (git-fixes).
- fs/mount_setattr: always cleanup mount_kattr (git-fixes).
- fs: Fix error checking for d_hash_and_lookup() (git-fixes).
- fs: Move notify_change permission checks into may_setattr (git-fixes).
- fs: do not audit the capability check in simple_xattr_list() (git-fixes).
- fs: drop peer group ids under namespace lock (git-fixes).
- fs: indicate request originates from old mount API (git-fixes).
- fs: sendfile handles O_NONBLOCK of out_fd (git-fixes).
- fuse: dax: set fc->dax to NULL in fuse_dax_conn_free() (bsc#1218659).
- gfs2: Always check inode size of inline inodes (git-fixes).
- gfs2: Cosmetic gfs2_dinode_{in,out} cleanup (git-fixes).
- gfs2: Disable page faults during lockless buffered reads (git-fixes).
- gfs2: Eliminate ip->i_gh (git-fixes).
- gfs2: Eliminate vestigial HIF_FIRST (git-fixes).
- gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump (git-fixes).
- gfs2: Introduce flag for glock holder auto-demotion (git-fixes).
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (git-fixes).
- gfs2: Remove redundant check from gfs2_glock_dq (git-fixes).
- gfs2: Switch to wait_event in gfs2_logd (git-fixes).
- gfs2: assign rgrp glock before compute_bitstructs (git-fixes).
- gfs2: low-memory forced flush fixes (git-fixes).
- gfs2: release iopen glock early in evict (git-fixes).
- gpio: eic-sprd: Clear interrupt after set the interrupt type (git-fixes).
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (git-fixes).
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- hwmon: (corsair-psu) Fix probe when built-in (git-fixes).
- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (git-fixes).
- i2c: rk3x: fix potential spinlock recursion on poll (git-fixes).
- i2c: s3c24xx: fix read transfers in polling mode (git-fixes).
- i2c: s3c24xx: fix transferring more than one message in polling mode (git-fixes).
- iio: adc: ad7091r: Pass iio_dev to event handler (git-fixes).
- iio: adc: ad9467: add mutex to struct ad9467_state (git-fixes).
- iio: adc: ad9467: do not ignore error codes (git-fixes).
- iio: adc: ad9467: fix reset gpio handling (git-fixes).
- ipmi: Use regspacings passed as a module parameter (git-fixes).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kabi/severities: ignore ASoC AMD acp driver symbols (bsc#1219136)
- kdb: Fix a potential buffer overflow in kdb_local() (git-fixes).
- kernel-doc: handle a void function without producing a warning (git-fixes).
- kernfs: fix missing kernfs_idr_lock to remove an ID from the IDR (git-fixes).
- leds: aw2013: Select missing dependency REGMAP_I2C (git-fixes).
- leds: ledtrig-tty: Free allocated ttyname buffer on deactivate (git-fixes).
- libapi: Add missing linux/types.h header to get the __u64 type on io.h (git-fixes).
- md: fix bi_status reporting in md_end_clone_io (bsc#1210443).
- media: cx231xx: fix a memleak in cx231xx_init_isoc (git-fixes).
- media: dt-bindings: ov8856: decouple lanes and link frequency from driver (git-fixes).
- media: dvb-frontends: m88ds3103: Fix a memory leak in an error handling path of m88ds3103_probe() (git-fixes).
- media: imx355: Enable runtime PM before registering async sub-device (git-fixes).
- media: ov9734: Enable runtime PM before registering async sub-device (git-fixes).
- media: pvrusb2: fix use after free on context disconnection (git-fixes).
- media: rkisp1: Disable runtime PM in probe error path (git-fixes).
- media: rkisp1: Fix media device memory leak (git-fixes).
- media: rkisp1: Read the ID register at probe time instead of streamon (git-fixes).
- media: videobuf2-dma-sg: fix vmap callback (git-fixes).
- mfd: intel-lpss: Fix the fractional clock divider flags (git-fixes).
- misc: fastrpc: Mark all sessions as invalid in cb_remove (git-fixes).
- mm: fs: initialize fsdata passed to write_begin/write_end interface (git-fixes).
- mmc: core: Cancel delayed work before releasing host (git-fixes).
- modpost: move __attribute__((format(printf, 2, 3))) to modpost.h (git-fixes).
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (git-fixes).
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (git-fixes).
- mtd: rawnand: pl353: Fix kernel doc (git-fixes).
- mtd: rawnand: rockchip: Add missing title to a kernel doc comment (git-fixes).
- mtd: rawnand: rockchip: Rename a structure (git-fixes).
- net: phy: micrel: populate .soft_reset for KSZ9131 (git-fixes).
- net: usb: ax88179_178a: Bind only to vendor-specific interface (bsc#1218948).
- net: usb: ax88179_178a: avoid two consecutive device resets (bsc#1218948).
- net: usb: ax88179_178a: move priv to driver_priv (git-fixes).
- net: usb: ax88179_178a: remove redundant init code (git-fixes).
- net: usb: ax88179_178a: restore state on resume (bsc#1218948).
- nfc: nci: free rx_data_reassembly skb on NCI device cleanup (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- nouveau/tu102: flush all pdbs on vmm flush (git-fixes).
- nouveau/vmm: do not set addr on the fail path to avoid warning (git-fixes).
- nsfs: add compat ioctl handler (git-fixes).
- nvme-loop: always quiesce and cancel commands before destroying admin q (bsc#1211515).
- nvme-pci: add BOGUS_NID for Intel 0a54 device (git-fixes).
- nvme-pci: fix sleeping function called from interrupt context (git-fixes).
- nvme-rdma: Fix transfer length when write_generate/read_verify are 0 (git-fixes).
- nvme-tcp: avoid open-coding nvme_tcp_teardown_admin_queue() (bsc#1211515).
- nvme: fix max_discard_sectors calculation (git-fixes).
- nvme: introduce helper function to get ctrl state (git-fixes).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- nvme: trace: avoid memcpy overflow warning (git-fixes).
- nvmet: re-fix tracing strncpy() warning (git-fixes).
- of: Fix double free in of_parse_phandle_with_args_map (git-fixes).
- of: unittest: Fix of_count_phandle_with_args() expected value message (git-fixes).
- parport: parport_serial: Add Brainboxes BAR details (git-fixes).
- parport: parport_serial: Add Brainboxes device IDs and geometry (git-fixes).
- pci: Drop PCI vmd patches that caused a regression (bsc#1218005)
- perf/x86/intel/uncore: Factor out topology_gidnid_map() (bsc#1218958).
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (bsc#1218958).
- perf/x86/uncore: Use u64 to replace unsigned for the uncore offsets array (bsc#1219512).
- phy: renesas: rcar-gen3-usb2: Fix returning wrong error code (git-fixes).
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (git-fixes).
- pinctrl: intel: Revert 'Unexport intel_pinctrl_probe()' (git-fixes).
- platform/x86/amd/hsmp: Fix iomem handling (jsc#PED-7620).
- platform/x86/amd/hsmp: add support for metrics tbl (jsc#PED-7620).
- platform/x86/amd/hsmp: create plat specific struct (jsc#PED-7620).
- platform/x86/amd/hsmp: improve the error log (jsc#PED-7620).
- platform/x86: ISST: Reduce noise for missing numa information in logs (bsc#1219285).
- platform/x86: use PLATFORM_DEVID_NONE instead of -1 (jsc#PED-7620).
- power: supply: bq256xx: fix some problem in bq256xx_hw_init (git-fixes).
- power: supply: cw2015: correct time_to_empty units in sysfs (git-fixes).
- powerpc/fadump: reset dump area size if fadump memory reserve fails (bsc#1194869).
- powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729).
- powerpc/powernv: Add a null pointer check in opal_powercap_init() (bsc#1181674 ltc#189159 git-fixes).
- powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- powerpc/pseries/memhp: Fix access beyond end of drmem array (bsc#1065729).
- powerpc/pseries: fix possible memory leak in ibmebus_bus_init() (bsc#1194869).
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (bsc#1194869).
- powerpc/xive: Fix endian conversion size (bsc#1194869).
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (git-fixes).
- pwm: Fix out-of-bounds access in of_pwm_single_xlate() (git-fixes).
- pwm: jz4740: Do not use dev_err_probe() in .request() (git-fixes).
- pwm: stm32: Fix enable count for clk in .probe() (git-fixes).
- pwm: stm32: Use hweight32 in stm32_pwm_detect_channels (git-fixes).
- pwm: stm32: Use regmap_clear_bits and regmap_set_bits where applicable (git-fixes).
- r8152: add vendor/device ID pair for ASUS USB-C2500 (git-fixes).
- r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes).
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (git-fixes).
- ring-buffer/Documentation: Add documentation on buffer_percent file (git-fixes).
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (git-fixes).
- s390/dasd: fix double module refcount decrement (bsc#1141539).
- s390/pci: fix max size calculation in zpci_memcpy_toio() (git-fixes bsc#1219006).
- s390/vfio-ap: always filter entire AP matrix (git-fixes bsc#1219012).
- s390/vfio-ap: let on_scan_complete() callback filter matrix and update guest's APCB (git-fixes bsc#1219014).
- s390/vfio-ap: loop over the shadow APCB when filtering guest's AP configuration (git-fixes bsc#1219013).
- s390/vfio-ap: unpin pages on gisc registration failure (git-fixes bsc#1218723).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scripts/kernel-doc: restore warning for Excess struct/union (git-fixes).
- scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() (git-fixes).
- scsi: bnx2fc: Fix skb double free in bnx2fc_rcv() (git-fixes).
- scsi: core: Always send batch on reset or error handling command (git-fixes).
- scsi: fnic: Return error if vmalloc() failed (git-fixes).
- scsi: hisi_sas: Correct the number of global debugfs registers (git-fixes).
- scsi: hisi_sas: Fix normally completed I/O analysed as failed (git-fixes).
- scsi: hisi_sas: Fix warnings detected by sparse (git-fixes).
- scsi: hisi_sas: Modify v3 HW SATA completion error processing (git-fixes).
- scsi: hisi_sas: Modify v3 HW SSP underflow error processing (git-fixes).
- scsi: hisi_sas: Rename HISI_SAS_{RESET -> RESETTING}_BIT (git-fixes).
- scsi: hisi_sas: Replace with standard error code return value (git-fixes).
- scsi: hisi_sas: Rollback some operations if FLR failed (git-fixes).
- scsi: hisi_sas: Set debugfs_dir pointer to NULL after removing debugfs (git-fixes).
- scsi: ibmvfc: Fix erroneous use of rtas_busy_delay with hcall return code (git-fixes).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- scsi: iscsi: Rename iscsi_set_param() to iscsi_if_set_param() (git-fixes).
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (git-fixes).
- scsi: lpfc: Change VMID driver load time parameters to read only (bsc#1219582).
- scsi: lpfc: Move determination of vmid_flag after VMID reinitialization completes (bsc#1219582).
- scsi: lpfc: Reinitialize an NPIV's VMID data structures after FDISC (bsc#1219582).
- scsi: lpfc: Update lpfc version to 14.2.0.17 (bsc#1219582).
- scsi: megaraid_sas: Fix deadlock on firmware crashdump (git-fixes).
- scsi: megaraid_sas: Increase register read retry rount from 3 to 30 for selected registers (git-fixes).
- scsi: mpt3sas: Fix an outdated comment (git-fixes).
- scsi: mpt3sas: Fix in error path (git-fixes).
- scsi: mpt3sas: Fix loop logic (bsc#1219067).
- scsi: mpt3sas: Fix loop logic (git-fixes).
- scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command (git-fixes).
- scsi: pm80xx: Use phy-specific SAS address when sending PHY_START command (git-fixes).
- scsi: qla2xxx: Fix system crash due to bad pointer access (git-fixes).
- selftests/net: fix grep checking for fib_nexthop_multiprefix (git-fixes).
- serial: 8250: omap: Do not skip resource freeing if pm_runtime_resume_and_get() failed (git-fixes).
- serial: core: Fix atomicity violation in uart_tiocmget (git-fixes).
- serial: imx: Correct clock error message in function probe() (git-fixes).
- serial: imx: fix tx statemachine deadlock (git-fixes).
- serial: max310x: fail probe if clock crystal is unstable (git-fixes).
- serial: max310x: improve crystal stable clock detection (git-fixes).
- serial: max310x: set default value when reading clock ready bit (git-fixes).
- serial: sc16is7xx: add check for unsupported SPI modes during probe (git-fixes).
- serial: sc16is7xx: set safe default SPI clock frequency (git-fixes).
- serial: sccnxp: Improve error message if regulator_disable() fails (git-fixes).
- series.conf: the patch is not in git and breaks series_insert.py
- shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs (git-fixes).
- software node: Let args be NULL in software_node_get_reference_args (git-fixes).
- spi: spi-zynqmp-gqspi: fix driver kconfig dependencies (git-fixes).
- swiotlb-xen: provide the 'max_mapping_size' method (git-fixes).
- swiotlb: fix a braino in the alignment check fix (bsc#1216559).
- swiotlb: fix slot alignment checks (bsc#1216559).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes).
- tracing/trigger: Fix to return error if failed to alloc snapshot (git-fixes).
- tracing: Add size check when printing trace_marker output (git-fixes).
- tracing: Ensure visibility when inserting an element into tracing_map (git-fixes).
- tracing: Fix uaf issue when open the hist or hist_debug file (git-fixes).
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (git-fixes).
- tracing: Increase trace array ref count on enable and filter files (bsc#1219490).
- ubifs: Check @c->dirty_[n|p]n_cnt and @c->nroot state under @c->lp_mutex (git-fixes).
- ubifs: ubifs_link: Fix wrong name len calculating when UBIFS is encrypted (git-fixes).
- ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path (git-fixes).
- uio: Fix use-after-free in uio_open (git-fixes).
- usb: cdns3: Fix uvc fail when DMA cross 4k boundery since sg enabled (git-fixes).
- usb: cdns3: fix uvc failure work since sg support enabled (git-fixes).
- usb: chipidea: wait controller resume finished for wakeup irq (git-fixes).
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (git-fixes).
- usb: fsl-mph-dr-of: mark fsl_usb2_mpc5121_init() static (git-fixes).
- usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (git-fixes).
- usb: otg numberpad exception (bsc#1218527).
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (git-fixes).
- usb: typec: class: fix typec_altmode_put_partner to put plugs (git-fixes).
- usb: ucsi: Add missing ppm_lock (git-fixes).
- usb: ucsi_acpi: Fix command completion handling (git-fixes).
- usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer (git-fixes).
- usr/Kconfig: fix typos of 'its' (git-fixes).
- vfs: make freeze_super abort when sync_filesystem returns error (git-fixes).
- vhost: Allow null msg.size on VHOST_IOTLB_INVALIDATE (git-fixes).
- virtio-mmio: fix memory leak of vm_dev (git-fixes).
- virtio_balloon: Fix endless deflation and inflation on arm64 (git-fixes).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- vsock/virtio: Fix unsigned integer wrap around in virtio_transport_has_space() (git-fixes).
- watchdog/hpwdt: Only claim UNKNOWN NMI if from iLO (git-fixes).
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (git-fixes).
- watchdog: rti_wdt: Drop runtime pm reference count when watchdog is unused (git-fixes).
- watchdog: set cdev owner before adding (git-fixes).
- wifi: ath11k: Defer on rproc_get failure (git-fixes).
- wifi: cfg80211: lock wiphy mutex for rfkill poll (git-fixes).
- wifi: iwlwifi: mvm: send TX path flush in rfkill (git-fixes).
- wifi: iwlwifi: mvm: set siso/mimo chains to 1 in FW SMPS request (git-fixes).
- wifi: iwlwifi: pcie: avoid a NULL pointer dereference (git-fixes).
- wifi: libertas: stop selecting wext (git-fixes).
- wifi: mt76: fix broken precal loading from MTD for mt7915 (git-fixes).
- wifi: mt76: mt7921s: fix workqueue problem causes STA association fail (git-fixes).
- wifi: mwifiex: configure BSSID consistently when starting AP (git-fixes).
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (git-fixes).
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (git-fixes).
- wifi: rtlwifi: add calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (git-fixes).
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (git-fixes).
- wifi: rtw88: fix RX filter in FIF_ALLMULTI flag (git-fixes).
- x86/MCE/AMD, EDAC/mce_amd: Decode UMC_V2 ECC errors (jsc#PED-7616).
- x86/MCE/AMD: Add new MA_LLC, USR_DP, and USR_CP bank types (jsc#PED-7622).
- x86/MCE/AMD: Split amd_mce_is_memory_error() (jsc#PED-7623).
- x86/amd_nb: Add AMD Family MI300 PCI IDs (jsc#PED-7622).
- x86/amd_nb: Add MI200 PCI IDs (jsc#PED-7616).
- x86/cpu: Merge Intel and AMD ppin_init() functions (jsc#PED-7615).
- x86/cpu: Read/save PPIN MSR during initialization (jsc#PED-7615).
- x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285).
- x86/hyperv: Fix the detection of E820_TYPE_PRAM in a Gen2 VM (git-fixes).
- x86/hyperv: Use atomic_try_cmpxchg() to micro-optimize hv_nmi_unknown() (git-fixes).
- x86/mce: Cleanup mce_usable_address() (jsc#PED-7623).
- x86/mce: Define amd_mce_usable_address() (jsc#PED-7623).
- xen-pciback: Consider INTx disabled when MSI/MSI-X is enabled (git-fixes).
- xen/events: fix delayed eoi list handling (git-fixes).
- xhci: Add grace period after xHC start to prevent premature runtime suspend (git-fixes).
- xhci: cleanup xhci_hub_control port references (git-fixes).
- xhci: pass port pointer as parameter to xhci_set_port_power() (git-fixes).
- xhci: track port suspend state correctly in unsuccessful resume cases (git-fixes).
ImportantSUSE bug 1065729SUSE bug 1108281SUSE bug 1141539SUSE bug 1174649SUSE bug 1181674SUSE bug 1193285SUSE bug 1194869SUSE bug 1209834SUSE bug 1210443SUSE bug 1211515SUSE bug 1212091SUSE bug 1214377SUSE bug 1215275SUSE bug 1215885SUSE bug 1216441SUSE bug 1216559SUSE bug 1216702SUSE bug 1217895SUSE bug 1217987SUSE bug 1217988SUSE bug 1217989SUSE bug 1218005SUSE bug 1218447SUSE bug 1218527SUSE bug 1218659SUSE bug 1218689SUSE bug 1218713SUSE bug 1218723SUSE bug 1218730SUSE bug 1218752SUSE bug 1218757SUSE bug 1218768SUSE bug 1218778SUSE bug 1218779SUSE bug 1218804SUSE bug 1218832SUSE bug 1218836SUSE bug 1218916SUSE bug 1218948SUSE bug 1218958SUSE bug 1218968SUSE bug 1218997SUSE bug 1219006SUSE bug 1219012SUSE bug 1219013SUSE bug 1219014SUSE bug 1219053SUSE bug 1219067SUSE bug 1219120SUSE bug 1219128SUSE bug 1219136SUSE bug 1219285SUSE bug 1219349SUSE bug 1219412SUSE bug 1219429SUSE bug 1219434SUSE bug 1219490SUSE bug 1219512SUSE bug 1219568SUSE bug 1219582SUSE bug 1219608CVE-2021-33631 at SUSECVE-2021-33631 at NVDCVE-2023-46838 at SUSECVE-2023-46838 at NVDCVE-2023-47233 at SUSECVE-2023-47233 at NVDCVE-2023-4921 at SUSECVE-2023-4921 at NVDCVE-2023-51042 at SUSECVE-2023-51042 at NVDCVE-2023-51043 at SUSECVE-2023-51043 at NVDCVE-2023-51780 at SUSECVE-2023-51780 at NVDCVE-2023-51782 at SUSECVE-2023-51782 at NVDCVE-2023-6040 at SUSECVE-2023-6040 at NVDCVE-2023-6356 at SUSECVE-2023-6356 at NVDCVE-2023-6531 at SUSECVE-2023-6531 at NVDCVE-2023-6535 at SUSECVE-2023-6535 at NVDCVE-2023-6536 at SUSECVE-2023-6536 at NVDCVE-2023-6915 at SUSECVE-2023-6915 at NVDCVE-2024-0340 at SUSECVE-2024-0340 at NVDCVE-2024-0565 at SUSECVE-2024-0565 at NVDCVE-2024-0641 at SUSECVE-2024-0641 at NVDCVE-2024-0775 at SUSECVE-2024-0775 at NVDCVE-2024-1085 at SUSECVE-2024-1085 at NVDCVE-2024-1086 at SUSECVE-2024-1086 at NVDCVE-2024-24860 at SUSECVE-2024-24860 at NVDcpe:/o:opensuse:leap:15.5Security update for libaom (Moderate)openSUSE Leap 15.5
This update for libaom fixes the following issues:
- CVE-2023-6879: Fixed a heap buffer overflow when increasing the
video frame resolution (bsc#1218429).
ModerateSUSE bug 1218429CVE-2023-6879 at SUSECVE-2023-6879 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql13 (Important)openSUSE Leap 15.5
This update for postgresql13 fixes the following issues:
Upgrade to 13.14:
- CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679).
ImportantSUSE bug 1219679CVE-2024-0985 at SUSECVE-2024-0985 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql12 (Important)openSUSE Leap 15.5
This update for postgresql12 fixes the following issues:
Upgrade to 12.18:
- CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679).
ImportantSUSE bug 1219679CVE-2024-0985 at SUSECVE-2024-0985 at NVDcpe:/o:opensuse:leap:15.5Security update for dpdk (Important)openSUSE Leap 15.5
This update for dpdk fixes the following issues:
- Fixed a regression caused by incomplete fix for CVE-2022-2132 (bsc#1219187).
ImportantSUSE bug 1202903SUSE bug 1219187CVE-2022-2132 at SUSECVE-2022-2132 at NVDcpe:/o:opensuse:leap:15.5Security update for hdf5 (Moderate)openSUSE Leap 15.5
This update for hdf5 fixes the following issues:
Updated to version 1.10.11
* Changed the error handling for a not found path in the find
plugin process.
* Fixed CVE-2018-11202, a malformed file could result in chunk
index memory leaks.
* Fixed a file space allocation bug in the parallel library for
chunked datasets.
* Fixed an assertion failure in Parallel HDF5 when a file can't
be created due to an invalid library version bounds setting.
* Fixed an assertion in a previous fix for CVE-2016-4332.
* Fixed segfault on file close in h5debug which fails with a core
dump on a file that has an illegal file size in its cache image.
Fixes HDFFV-11052, CVE-2020-10812.
* Fixed memory leaks that could occur when reading a dataset from
a malformed file.
* Fixed a bug in H5Ocopy that could generate invalid HDF5 files
* Fixed potential heap buffer overflow in decoding of link info
message.
* Fixed potential buffer overrun issues in some object header
decode routines.
* Fixed a heap buffer overflow that occurs when reading from
a dataset with a compact layout within a malformed HDF5 file.
* Fixed CVE-2019-8396, malformed HDF5 files where content does
not match expected size.
* Fixed memory leak when running h5dump with proof of
vulnerability file.
* Added option --no-compact-subset to h5diff.
Fixes since 1.10.10:
* Fixed a memory corruption when reading from dataset using a
hyperslab selection in file dataspace and a point selection
memory dataspace.
* Fix CVE-2021-37501
* Fixed an issue with variable length attributes.
* Fixed an issue with hyperslab selections where an incorrect
combined selection was produced.
* Fixed an issue with attribute type conversion with compound
datatypes.
* Modified H5Fstart_swmr_write() to preserve DAPL properties.
* Converted an assertion on (possibly corrupt) file contents to
a normal error check.
* Fixed memory leak with variable-length fill value in
H5O_fill_convert().
* Fix h5repack to only print output when verbose option is
selected.
Fixes since 1.10.9:
* Several improvements to parallel compression feature,
including:
+ Improved support for collective I/O (for both writes and
reads).
+ Reduction of copying of application data buffers passed to
H5Dwrite.
+ Addition of support for incremental file space allocation
for filtered datasets created in parallel.
+ Addition of support for HDF5's 'don't filter partial edge
chunks' flag
+ Addition of proper support for HDF5 fill values with the
feature.
+ Addition of 'H5_HAVE_PARALLEL_FILTERED_WRITES' macro to
H5pubconf.h
so HDF5 applications can determine at compile-time whether
the feature is available.
+ Addition of simple examples
* h5repack added an optional verbose value for reporting R/W
timing.
* Fixed a metadata cache bug when resizing a pinned/protected
cache entry.
* Fixed a problem with the H5_VERS_RELEASE check in the
H5check_version function.
* Unified handling of collective metadata reads to correctly fix
old bugs.
* Fixed several potential MPI deadlocks in library failure
conditions.
* Fixed an issue with collective metadata reads being permanently
disabled after a dataset chunk lookup operation.
ModerateSUSE bug 1011205SUSE bug 1093641SUSE bug 1125882SUSE bug 1167400SUSE bug 1207973CVE-2016-4332 at SUSECVE-2016-4332 at NVDCVE-2018-11202 at SUSECVE-2018-11202 at NVDCVE-2019-8396 at SUSECVE-2019-8396 at NVDCVE-2020-10812 at SUSECVE-2020-10812 at NVDCVE-2021-37501 at SUSECVE-2021-37501 at NVDcpe:/o:opensuse:leap:15.5Security update for webkit2gtk3 (Important)openSUSE Leap 15.5
This update for webkit2gtk3 fixes the following issues:
Update to version 2.42.5 (bsc#1219604):
- CVE-2024-23222: Fixed processing maliciously crafted web content that may have led to arbitrary code execution (bsc#1219113).
- CVE-2024-23206: Fixed fingerprint user via maliciously crafted webpages (bsc#1219604).
- CVE-2024-23213: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604).
- CVE-2023-40414: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604).
- CVE-2014-1745: Fixed denial-of-service or potentially disclose memory contents while processing maliciously crafted files (bsc#1219604).
- CVE-2023-42833: Fixed processing web content that may have led to arbitrary code execution (bsc#1219604).
ImportantSUSE bug 1219113SUSE bug 1219604CVE-2014-1745 at SUSECVE-2014-1745 at NVDCVE-2023-40414 at SUSECVE-2023-40414 at NVDCVE-2023-42833 at SUSECVE-2023-42833 at NVDCVE-2024-23206 at SUSECVE-2024-23206 at NVDCVE-2024-23213 at SUSECVE-2024-23213 at NVDCVE-2024-23222 at SUSECVE-2024-23222 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_1 (Moderate)openSUSE Leap 15.5
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql16 (Important)openSUSE Leap 15.5
This update for postgresql16 fixes the following issues:
Upgrade to 16.2:
- CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679).
ImportantSUSE bug 1219679CVE-2024-0985 at SUSECVE-2024-0985 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql15 (Important)openSUSE Leap 15.5
This update for postgresql15 fixes the following issues:
Upgrade to 15.6:
- CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679).
ImportantSUSE bug 1219679CVE-2024-0985 at SUSECVE-2024-0985 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql14 (Important)openSUSE Leap 15.5
This update for postgresql14 fixes the following issues:
Upgrade to 14.11:
- CVE-2024-0985: Tighten security restrictions within REFRESH MATERIALIZED VIEW CONCURRENTLY (bsc#1219679).
ImportantSUSE bug 1219679CVE-2024-0985 at SUSECVE-2024-0985 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch (Important)openSUSE Leap 15.5
This update for openvswitch fixes the following issues:
- CVE-2024-22563: Fixed memory leak via the function xmalloc__ in /lib/util.c (bsc#1219059).
ImportantSUSE bug 1219059CVE-2024-22563 at SUSECVE-2024-22563 at NVDcpe:/o:opensuse:leap:15.5Security update for libxml2 (Moderate)openSUSE Leap 15.5
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
ModerateSUSE bug 1219576CVE-2024-25062 at SUSECVE-2024-25062 at NVDcpe:/o:opensuse:leap:15.5Security update for python-pycryptodomex (Moderate)openSUSE Leap 15.5
This update for python-pycryptodomex fixes the following issues:
- CVE-2023-52323: Fixed a side-channel in the OAEP decryption, exploitable by a Manger attack (bsc#1218564).
ModerateSUSE bug 1218564CVE-2023-52323 at SUSECVE-2023-52323 at NVDcpe:/o:opensuse:leap:15.5Security update for libssh2_org (Important)openSUSE Leap 15.5
This update for libssh2_org fixes the following issues:
- Always add the KEX pseudo-methods 'ext-info-c' and 'kex-strict-c-v00@openssh.com'
when configuring custom method list. [bsc#1218971, CVE-2023-48795]
* The strict-kex extension is announced in the list of available
KEX methods. However, when the default KEX method list is modified
or replaced, the extension is not added back automatically.
ImportantSUSE bug 1218971CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Recommended update for Java (Moderate)openSUSE Leap 15.5
This update for Java fixes the following issues:
plexus-archiver was updated from version 4.2.1 to 4.8.0:
- Changes of 4.8.0:
* Security issues fixed:
+ CVE-2023-37460: Avoid override target symlink by standard file in AbstractUnArchiver (bsc#1215973)
* New features and improvements:
+ Added tzst alias for tar.zst archiver/unarchived
* Bugs fixed:
+ Detect permissions for addFile
* Maintenance:
+ Removed public modifier from JUnit 5 tests
+ Use https in scm/url
+ Removed junit-jupiter-engine from project dependencies
+ Removed parent and reports menu from site
+ Cleanup after 'veryLargeJar' test
+ Override project.url
- Changes of 4.7.1:
* Bugs fixed:
+ Don't apply umask on unknown perms (Win)
- Changes of 4.7.0:
* New features and improvements:
+ add umask support and use 022 in RB mode
+ Use NIO Files for creating temporary files
+ Deprecate the JAR Index feature (JDK-8302819)
+ Added Archiver aliases for tar.*
* Maintenance:
+ Use JUnit TempDir to manage temporary files in tests
+ Override uId and gId for Tar in test
+ Bump maven-resources-plugin from 2.7 to 3.3.1
- Changes of 4.6.3:
* New features and improvements:
+ Fixed path traversal vulnerability
The vulnerability affects only directories whose name begins
with the same prefix as the destination directory. For example
malicious archive may extract file in /opt/directory instead
of /opt/dir.
- Changes of 4.6.2:
* Bugs fixed:
+ Fixed regression in handling symbolic links
- Changes of 4.6.1:
* Bugs fixed:
+ Normalize file separators before warning about equal archive entries
- Changes of 4.6.0:
* New features and improvements:
+ keep file/directory permissions in Reproducible Builds mode
- Changes of 4.5.0:
* New features and improvements:
+ Added zstd (un)archiver support
* Bugs fixed:
+ Fixed UnArchiver#isOverwrite not working as expected
- Changes of 4.4.0:
* New features and improvements:
+ Drop legacy plexus API and use only JSR330 components
- Changes of 4.3.0:
* New features and improvements:
+ Require Java 8
+ Refactor to use FileTime API
+ Rename setTime method to setZipEntryTime
+ Convert InputStreamSupplier to lambdas
* Bugs fixed:
+ Reproducible Builds not working when using modular jar
- Changes of 4.2.7:
* New features and improvements:
+ Respect order of META-INF/ and META-INF/MANIFEST.MF entries in a JAR file
- Changes of 4.2.6:
* New features and improvements:
+ FileInputStream, FileOutputStream, FileReader and FileWriter are no longer used
+ Code cleanup
- Changes of 4.2.5:
* New features and improvements:
+ Speed improvements
* Bugs fixed:
+ Fixed use of a mismatching Unicode path extra field in zip unarchiving
- Changes of 4.2.4:
* Bugs fixed:
+ Fixed unjustified warning about casing for directory entries
- Changes of 4.2.2:
* Bugs fixed:
+ DirectoryArchiver fails for symlinks if a parent directory doesn't exist
objectweb-asm was updated to version 9.6:
- Changes of version 9.6:
* New Opcodes.V22 constant for Java 22
* Bugs fixed:
+ Analyzer produces frames that have different locals than those detected by JRE bytecode verifier
+ Invalid stackmap generated when the instruction stream has new instruction after invokespecial to <init>
+ Analyzer can fail to catch thrown exceptions
+ `asm-analysis` Frame allocates an array unnecessarily inside `executeInvokeInsn`
+ Fixed bug in `CheckFrameAnalyzer` with static methods
- Changes of version 9.5:
* New Opcodes.V21 constant for Java 21
* New readBytecodeInstructionOffset hook in ClassReader
* Added more detailed exception messages
* Javadoc improvements and fixes
* Bugs fixed:
+ Silent removal of zero-valued entries from the line-number table
- Changes of version 9.4:
* Changes:
+ New Opcodes.V20 constant for Java 20
+ Added more checks in CheckClassAdapter
+ Javadoc improvements and fixes
+ `module-info` classes can be built without Gradle and Bnd
+ Parent POM updated to `org.ow2:ow2:1.5.1`
* Bugs fixed:
+`CheckClassAdapter` is no longer transparent for MAXLOCALS
+ Added public `getDelegate` method to all visitor classes
+ Analyzer does not compute optimal maxLocals for static methods
+ Fixed `SignatureWriter` when a generic type has a depth over 30
+ Skip remap inner class name if not changed in Remapper
maven-archiver was updated from version 3.5.0 to 3.6.1:
- Changes of 3.6.1:
* New Features:
+ Deprecated the JAR Index feature (JDK-8302819)
* Task:
+ Refreshed download page
+ Prefer JDK features over plexus-utils, plexus-io
- Changes of 3.6.0:
* Task:
+ Require Java 8
+ Drop m-shared-utils from deps
maven-assembly-plugin was updated from version 3.3.0 to 3.6.0:
- Changes of 3.6.0:
* Bugs fixed:
+ finalName as readonly parameter makes common usecases very complicated
+ Symbolic links get copied with absolute path
+ Warning if using Maven 3.9.1
+ Minimal default Manifest configuration of jar archiver should be respected
* New Features:
+ Support Zstandard compression format
* Improvements:
+ In RB mode, apply 022 umask to ignore environment group write umask
+ Added system requirements history
* Task:
+ Dropped deprecated repository element
+ Support running build on Java 20
+ Refresh download page
+ Cleanup declared dependencies
+ Avoid using deprecated methods of `plexus-archiver`
- Changes of 3.5.0:
* Bugs fixed:
+ File permissions removed during assembly:single since 3.2.0
- Changes of 3.4.2:
* Bugs fixed:
+ Fixed Excludes filtering
* Task:
+ Fixed examples to refer to https instead of http
- Changes of 3.4.1:
* Bugs fixed:
+ Fixed error build with shared assemblies
- Changes of 3.4.0:
* Bugs fixed:
+ dependencySet includes filter with classifier breaks include of artifacts without classifier
* Task:
+ Speed improvements
+ Update plugin (requires Maven 3.2.5+)
+ Assembly plugin resolves too much, even plugins used to build dependencies
+ Deprecated the repository element in assembly descriptor
+ Upgraded to Java 8, drop unused dependencies
maven-common-artifact-filters was updated from version 3.0.1 to 3.3.2:
- Changes of 3.3.2:
* Bugs fixed:
+ PatternIncludesArtifactFilters raising NPE for patterns w/ wildcards and artifactoid w/ null on any coordinate
- Changes of 3.3.1:
* Bugs fixed:
+ Pattern w/ 4 elements may be GATV or GATC
- Changes of 3.3.0:
* Bugs fixed:
+ null passed to DependencyFilter in EclipseAetherFilterTransformerTest
+ PatternIncludesArtifactFilter#include(Artifact)
+ Common Artifact Filters pattern parsing with classifier is broken
* Task:
+ Sanitized dependencies
+ Upgraded to Maven Parent 36, to Maven 3.2.5, to Java 8 and clean up dependencies
- Changes of 3.2.0:
* Improvements:
+ Big speed improvements for patterns that do not contain any wildcard
- Changes of 3.1.1:
* Bugs fixed:
+ Updated JIRA URL for maven-common-artifact-filters
* Improvements:
+ Made build Reproducible
- Changes of 3.1.0:
* Bugs fixed:
+ Several filters do not preserve order of artifacts filtered
maven-compiler-plugin was updated from version 3.10.1 to 3.11.0:
Changes of 3.11.0:
* New features and improvements:
+ Added a useModulePath switch to the testCompile mojo
+ Allow dependency exclusions for 'annotationProcessorPaths'
+ Use maven-resolver to resolve 'annotationProcessorPaths' dependencies
+ Upgrade plexus-compiler to improve compiling message
+ compileSourceRoots parameter should be writable
+ Change showWarnings to true by default
+ Warn about warn-config conflicting values
+ Update default source/target from 1.7 to 1.8
+ Display recompilation causes
+ Added some parameter to pattern from stale source calculation
+ Added dedicated option for implicit javac flag
* Bugs fixed:
+ Fixed incorrect detection of dependency change
+ Test with Maven 3.9.0 and fix the failing IT
+ Resolved all annotation processor dependencies together
+ Defining maven.compiler.release as empty string ends with NumberFormatException in testCompileMojo
+ Fixed missing dirs in createMissingPackageInfoClasses
+ Set Xcludes in config passed to actual compiler
maven-dependency-analyzer was updated from version 1.10 to 1.13.2:
- Changes of 1.13.2:
* Changes and bugs fixed:
+ Made mvn dependency:analyze work with OpenJDK 11
+ Fixed jdk8 incompatibility at runtime (NoSuchMethodError)
+ Upgraded asm to 8.0.1
+ Use try with resources to avoid leaks
+ dependency:analyze recommends test scope for test-only artifacts that have non-test scope
+ remove reference to deprecated public mutable field
+ Updated JIRA URL
+ dependency:analyze should recommend narrower scope where possible
+ Remove dependency on jmock
+ Inline deprecated field
+ Added more JavaDoc
+ Handle different classes from same artifact used by model and test code
+ Included class names in used undeclared dependencies
+ Check maximum allowed Maven version
+ Get rid of maven-plugin-testing-tools for IT test
+ Require Maven 3.2.5+
+ Analyze project classes only once
+ Fixed array parsing
+ CONSTANT_METHOD_TYPE should not add to classes
+ Inner classes are in same compilation unit as container class
+ Upgraded Parent to 36
+ Cleanup IT tests
+ Replace Codehaus Plexus utils with java.nio.file.Files and Apache Commons
+ Fixed bug with 'non-test scoped test only dependencies found'
+ Bump asm from 9.4 to 9.5
+ Refresh download page
+ Upgrade Parent to 39
+ Build on JDK 19, 20
+ Prefer JDK classes to Plexus utils
+ Replaced System.out by logger
+ Fixed java.lang.RuntimeException: Unknown constant pool type
+ Switched to JUnit 5
+ Dependency improvements
maven-dependency-plugin was updated from version 3.1.2 to 3.6.0:
- Changes in 3.6.0:
* Bugs fixed:
+ Obsolete example of -Dverbose on web page
+ Unsupported verbose option still appears in docs
+ dependency:go-offline does not use repositories from parent pom in reactor build
+ Fixed possible NPE
+ `dependency:analyze-only` goal fails on OpenJDK 14
+ FileWriter and FileReader should be replaced
+ Dependency Plugin go-offline doesn't respect artifact classifier
+ analyze-only failed: Unsupported class file major version 60 (Java 16)
+ analyze-only failed: Unsupported class file major version 61 (Java 17)
+ copy-dependencies fails when using excludeScope=test
+ mvn dependency:analyze detected wrong transitive dependency
+ dependency plugin does not work with JDK 16
+ skip dependency analyze in ear packaging
+ Non-test dependency reported as Non-test scoped test only dependency
+ 'Dependency not found' with 3.2.0 and Java-17 while analyzing
+ Tree plugin does not terminate with 3.2.0
+ Minor improvement - continue
+ analyze-only failed: PermittedSubclasses requires ASM9
+ Broken Link to 'Introduction to Dependency Mechanism Page'
+ Sealed classes not supported
+ Dependency tree in verbose mode for war is empty
+ Javadoc was not updated to reflect that :tree's verbose option is now ok
+ error dependency:list (caused by postgresql dependency)
+ :list-classes does not skip if skip is set
+ :list-classes does not use GAV parameters
* New Features:
+ Reintroduce the verbose option for dependency:tree
+ List classes in a given artifact
+ dependency:analyze should recommend narrower scope where possible
+ Added analyze parameter 'ignoreUnusedRuntime'
+ Allow ignoring non-test-scoped dependencies
+ Added a <stripType> option to unpack goals
+ Allow auto-ignore of all non-test scoped dependencies used only in test scope
* Improvements:
+ Unused method o.a.m.p.d.t.TreeMojo.containsVersion
+ Minor improvements
+ GitHub Action build improvement
+ dependency:analyze should list the classes that cause a used undeclared dependency
+ Improve documentation of analyze - Non-test scoped
+ Turn warnings into errors instead of failOnWarning
+ maven-dependency-plugin should leverage plexus-build-api to support IDEs
+ TestListClassesMojo logs too much
+ Use outputDirectory from AbstractMavenReport
+ Removed not used dependencies / Replace parts
+ list-repositories - improvements
+ warns about depending on plexus-container-default
+ Replace AnalyzeReportView with a new AnalyzeReportRenderer
* Task:
+ Removed no longer required exclusions
+ Java 1.8 as minimum
+ Explicitly start and end tables with Doxia Sinks in report renderers
+ Replace Maven shared StringUtils with Commons Lang3
+ Removed unused and ignored parameter - useJvmChmod
+ Removed custom plexus configuration
+ Code refactor - UnpackUtil
+ Refresh download page
maven-dependency-tree was updated from version 3.0.1 to 3.2.1:
- Changes in 3.2.1:
* Bugs fixed:
+ DependencyCollectorBuilder does not collect dependencies when artifact has 'war' packaging
+ Transitive provided dependencies are not removed from collected dependency graph
* New Features:
+ DependencyCollectorBuilder more configurable
* Improvements:
+ DependencyGraphBuilder does not provide verbose tree
+ DependencyGraphBuilders shouldn't need reactorProjects for resolving dependencies
+ Maven31DependencyGraphBuilder should not download dependencies other than the pom
+ Fixed `plexus-component-annotation` in line with `plexus-component-metadata`
+ Upgraded parent to 31
+ Added functionality to collect raw dependencies in Maven 3+
+ Annotate DependencyNodes with dependency management metadata
+ Require Java 8
+ Upgrade `org.eclipse.aether:aether-util` dependency in org.apache.maven.shared:maven-dependency-tree
+ Added Exclusions to DependencyNode
+ Made build Reproducible
+ Migrate plexus component to JSR-330
+ Drop maven 3.0 compatibility
* Dependency upgrade:
+ Upgrade shared-component to version 33
+ Upgrade Parent to 36
+ Bump maven-shared-components from 36 to 37
- Removed unnecessary dependency on xmvn tools and parent pom
maven-enforcer was updated to version 3.4.1:
- Update to version 3.4.1:
* Bugs fixed:
+ In a multi module project 'bannedDependencies' rule tries to resolve project artifacts from external repository
+ Require Release Dependencies ignorant about aggregator build
+ banDuplicatePomDependencyVersions does not check managementDependencies
+ Beanshell rule is not thread-safe
+ RequireSnapshotVersion not compatible with CI Friendly Versions (${revision})
+ NPE when using new <?m2e execute ?> syntax with maven-enforcer-plugin
+ Broken links on Maven Enforcer Plugin site
+ RequirePluginVersions not recognizing versions-from-properties
+ [REGRESSION] RequirePluginVersions fails when versions are inherited
+ requireFilesExist rule should be case sensitive
+ Broken Links on Project Home Page
+ TestRequireOS uses hamcrest via transitive dependency
+ plexus-container-default in enforcer-api is very outdated
+ classifier not included in output of failes RequireUpperBoundDeps test
+ Exclusions are not considered when looking at parent for requireReleaseDeps
+ requireUpperBoundDeps does not fail when packaging is 'war'
+ DependencyConvergence in 3.0.0 fails on provided scoped dependencies
+ NPE on requireReleaseDeps with non-matching includes
+ RequireUpperBoundDeps now follow scope provided transitive dependencies
+ Use currently build artifacts in IT tests
+ requireReleaseDeps does not support optional dependencies or runtime scope
+ Enforcer 3.0.0 breaks with Maven 3.8.4
+ Version 3.1.0 is not enforcing bannedDependencies rules
+ DependencyConvergence treats provided dependencies are runtime dependencies
+ Plugin shouldn't use NullPointerException for non-exceptional code flow
+ NPE in RequirePluginVersions
+ ReactorModuleConvergence not cached in reactor
+ RequireUpperBoundDeps fails on provided dependencies since 3.2.1
+ Problematic dependency resolution by new 'banDynamicVersions' rule
+ banTransitiveDependencies: failing if a transitive dependencies has another version than the resolved one
+ Filtering dependency tree by scope
+ Upgrading to 3.0.0 causes 'Could not build dependency tree' with repositories some unknown protocol
+ DependencyConvergence in 3.1.0 fails when using version ranges
+ Semantics of 'ignores' parameter of 'banDynamicVersions' is inverted
+ Omission of 'excludedScopes' parameter of 'banDynamicVersions' causes NPE
+ ENFORCER: plugin-info and mojo pages not found
* New Features:
+ requireUpperBounds deps should have includes
+ Introduce RequireTextFileChecksum with line separator normalization
+ allow no rules
+ show rules processed
+ DependencyConvergence should support including/excluding certain dependencies
+ Support declaring external banned dependencies in an external file/URL
+ Maven enforcer rule which checks that all dependencies have an explicit scope set
+ Maven enforcer rule which checks that all dependencies in dependencyManagement don't have an explicit scope set
+ Rule for no version ranges, version placeholders or SNAPSHOT versions
+ Allow one of many files in RequireFiles rules to pass
+ Skip specific rules
+ New Enforcer API
+ New Enforcer API - RuleConfigProvider
+ Move Built-In Rules to new API
* Improvements:
+ wildcard ignore in requireReleaseDeps
+ Improve documentation about writing own Enforcer Rule
+ RequireActiveProfile should respect inherited activated profiles
+ Upgrade maven-dependency-tree to 3.x
+ Improve dependency resolving in multiple modules project
+ requireUpperBoundDeps: add [<scope>] and colors to the output
+ Example for writing a custom rule should be upgraded
+ Along with JavaVersion, allow enforcement of the JavaVendor
+ Included Java vendor in display-info output
+ requireMavenVersion x.y.z is processed as (,x.y.z] instead of [x.y.z,)
+ Consistently format artifacts same as dependency:tree
+ Made build Reproducible
+ Added support for excludes/includes in requireJavaVendor rule
+ Introduce Maven Enforcer Extension
+ Extends RequirePluginVersions with banMavenDefaults
+ Shared GitHub Actions
+ Log at ERROR level when <fail> is set
+ Reuse getDependenciesToCheck results across rules
+ Violation messages can be really hard to find in a multi module project
+ Clarify class loading for custom Enforcer rules
+ Using junit jupiter bom instead of single artifacts.
+ Get rid of maven-dependency-tree dependency
+ Allow 8 as JDK version for requireJavaVersion
+ Improve error message for rule 'requireJavaVersion'
+ Include Java Home in Message for Java Rule Failures
+ Manage all Maven Core dependencies as provided
+ Mange rules configuration by plugin
+ Deprecate 'rules' property and introduce 'enforcer.rules' as a replacement
+ Change success message from executed to passed
+ EnforcerLogger: Provide isDebugEnabled(), isErrorEnabled(), isWarnEnabled() and isInfoEnabled()
+ Properly declare dependencies
* Test:
+ Regression test for dependency convergence problem fixed in 3.0.0
* Task:
+ Removed reference to travis or switch to travis.com
+ Fixed maven assembly links
+ Require Java 8
+ Verify working with Maven 4
+ Code cleanup
+ Refresh download page
+ Deprecate display-info mojo
+ Refresh site descriptors
+ Superfluous blanks in BanDuplicatePomDependencyVersions
+ Rename ResolveUtil to ResolverUtil
maven-plugin-tools was updated from version 3.6.0 to version 3.9.0:
- Changes of version 3.9.0:
* Bugs fixed:
+ Fixed *-mojo.xml (in PluginXdocGenerator) is overwritten when multiple locales are defined
+ Generated table by PluginXdocGenerator does not contain default attributes
* Improvements:
+ Omit empty line in generated help goal output if plugin description is empty
+ Use Plexus I18N rather than fiddling with
* Task:
+ Removed reporting from maven-plugin-plugin: create maven-plugin-report-plugin
* Dependency upgrade:
+ Upgrade plugins and components (in ITs)
- Changes of version 3.8.2:
* Improvements:
+ Used Resolver API, get rid of localRepository
* Dependency upgrade:
+ Bump httpcore from 4.4.15 to 4.4.16
+ Bump httpclient from 4.5.13 to 4.5.14
+ Bump antVersion from 1.10.12 to 1.10.13
+ Bump slf4jVersion from 1.7.5 to 1.7.36
+ Bump plexus-java from 1.1.1 to 1.1.2
+ Bump plexus-archiver from 4.6.1 to 4.6.3
+ Bump jsoup from 1.15.3 to 1.15.4
+ Bump asmVersion from 9.4 to 9.5
+ Bump assertj-core from 3.23.1 to 3.24.2
- Changes of version 3.8.1:
* Bugs fixed:
+ Javadoc reference containing a link label with spaces are not detected
+ JavadocLinkGenerator.createLink: Support nested binary class names
+ ERROR during build of m-plugin-report-p and m-plugin-p: Dependencies in wrong scope
+ 'Executes as an aggregator plugin' documentation: s/plugin/goal/
+ Maven scope warning should be logged at WARN level
+ Fixed Temporary File Information Disclosure Vulnerability
* New features:
+ Support mojos using the new maven v4 api
* Improvements:
+ Plugin descriptor should contain the requiredJavaVersion/requiredMavenVersion
+ Execute annotation only supports standard lifecycle phases due to use of enum
+ Clarify deprecation of all extractors but the maven-plugin-tools-annotations
* Dependency upgrade:
+ Update to Maven Parent POM 39
+ Bump junit-bom from 5.9.1 to 5.9.2
+ Bump plexus-archiver from 4.5.0 to 4.6.1
- Changes of version 3.7.1:
* Bugs fixed:
+ Maven scope warning should be logged at WARN level
- Changes of version 3.7.0:
* Bugs fixed:
+ The plugin descriptor generated by plugin:descriptor does not consider @ see javadoc taglets
+ Report-Mojo doesn't respect input encoding
+ Generating site reports for plugin results in
NoSuchMethodError
+ JDK Requirements in plugin-info.html: Consider property 'maven.compiler.release'
+ Parameters documentation inheriting @ since from Mojo can be confusing
+ Don't emit warning for missing javadoc URL of primitives
+ Don't emit warning for missing javadoc URI if no javadoc sources are configured
+ Parameter description should be taken from annotated item
* New Features:
+ Added link to javadoc in configuration description page for user defined types of Mojos.
+ Allow only @ Deprecated annotation without @ deprecated javadoc tag
+ add system requirements history section
+ report: allow to generate usage section in plugin-info.html with true
+ Allow @ Parameter on setters methods
+ Extract plugin report into its own plugin
+ report: Expose generics information of Collection and Map types
* Improvement:
+ plugin-info.html should contain a better Usage section
+ Do not overwrite generate files with no content change
+ Upgrade to JUnit 5 and @ Inject annotations
+ Support for java 20 - ASM 9.4
+ Don't print empty Memory, Disk Space in System Requirements
+ simplification in helpmojo build
+ Get rid of plexus-compiler-manager from tests
+ Use Maven core artifacts in provided scope
+ report and descriptor goal need to evaluate Javadoc comments differently
+ Allow to reference aggregator javadoc from plugin report
* Task:
+ Detect legacy/javadoc Mojo definitions, warn to use Java 5 annotations
+ Update level to Java 8
+ Deprecate scripting support for mojos
+ Deprecate requirements parameter in report Mojo
+ Removed duplicate code from PluginReport
+ Prepare for Doxia (Sitetools) 2.0.0
+ Fixed documentation for maven-plugin-report-plugin
+ Removed deprecated items from new maven-plugin-report-plugin
+ Improve site build
+ Improve dependency management
+ Plugin generator generation fails when the parent class comes from a different project
* Dependency upgrade:
+ Upgrade Maven Reporting API/Impl to 3.1.0
+ Upgrade Parent to 36
+ Upgrade project dependencies after JDK 1.8
+ Bump maven-parent from 36 to 37
+ Upgrade Maven Reporting API to 3.1.1/Maven Reporting Impl to 3.2.0
+ Upgrade plexus-utils to 3.5.0
- Changes of version 3.6.4:
* Restored compatibility with Maven 3 ecosystem
* Upgraded dependencies
- Changes of version 3.6.3:
* Added prerequisites to plugin pom
* Exclude dependency in provided scope from plugin descriptor
* Get rid of String.format use
* Fixed this logging as well
* Simplify documentation
* Exclude maven-archiver and maven-jxr from warning
- Changes of version 3.6.2:
* Deprecated unused requiresReports flag
* Check that Maven dependencies are provided scope
* Update ITs
* Use shared gh action
* Deprecate unsupported Mojo descriptor items
* Weed out ITs
* Upgrade to maven 3.x and avoid using deprecated API
* Drop legacy dependencies
* Use shared gh action - v1
* Fixed wording in javadoc
- Changes of version 3.6.1:
* What's Changed:
* Added missing @OverRide and make methods static
* Upgraded to JUnit 4.12
* Upgraded parent POM and other dependencies
* Updated plugins
* Upgraded Doxia Sitetools to 1.9.2 to remove dependency on Struts
* removed Maven 2 info
* Removed unneeded dependency
* Tighten the dependency tree
* Ignore .checkstyle
* Strict dependencies for maven-plugin-tools-annotations
* Improved @execute(goal...) docs
* Improve @execute(lifecycle...) docs
plexus-compiler was updated from version 2.11.1 to 2.14.2:
- Changes of 2.14.2:
* Removed:
+ Drop J2ObjC compiler
* New features and improvements:
+ Update AspectJ Compiler to 1.9.21 to support Java 21
+ Require JDK 17 for build
+ Improve locking on JavacCompiler
+ Include 'parameter' and 'preview' describe log
+ Switch to SISU annotations and plugin, fixes #217
+ Support jdk 21
+ Require Maven 3.5.4+
+ Require Java 11 for plexus-compiler-eclipse an
javac-errorprone and aspectj compilers
+ Added support to run its with Java 20
* Bugs fixed:
+ Fixed javac memory leak
+ Validate zip file names before extracting (Zip Slip)
+ Restore AbstractCompiler#getLogger() method
+ Return empty list for not existing source root location
+ Improve javac error output parsing
- Changes of 2.13.0:
* New features and improvements:
+ Fully ignore any possible jdk bug
+ MCOMPILER-402: Added implicitOption to CompilerConfiguration
+ Added a custom compile argument
replaceProcessorPathWithProcessorModulePath to force the
plugin replace processorPath with processormodulepath
+ describe compiler configuration on run
+ simplify 'Compiling' info message: display relative path
* Bugs fixed:
+ Respect CompilerConfiguration.sourceFiles in
EclipseJavaCompiler
+ Avoid NPE in AspectJCompilerTest on AspectJ 1.9.8+
* Dependency updates:
+ Bump maven-surefire-plugin from 3.0.0-M5 to 3.0.0-M6
+ Bump error_prone_core from 2.11.0 to 2.13.1
+ Bump github/codeql-action from 1 to 2
+ Bump ecj from 3.28.0 to 3.29.0
+ Bump release-drafter/release-drafter from 5.18.1 to 5.19.0
+ Bump ecj from 3.29.0 to 3.30.0
+ Bump maven-invoker-plugin from 3.2.2 to 3.3.0
+ Bump maven-enforcer-plugin from 3.0.0 to 3.1.0
+ Bump error_prone_core from 2.13.1 to 2.14.0
+ Bump maven-surefire-plugin from 3.0.0-M6 to 3.0.0-M7
+ Bump ecj from 3.31.0 to 3.32.0
+ Bump junit-bom from 5.9.0 to 5.9.1
+ Bump ecj from 3.30.0 to 3.31.0
+ Bump groovy from 3.0.12 to 3.0.13
+ Bump groovy-json from 3.0.12 to 3.0.13
+ Bump groovy-xml from 3.0.12 to 3.0.13
+ Bump animal-sniffer-maven-plugin from 1.21 to 1.22
+ Bump error_prone_core from 2.14.0 to 2.15.0
+ Bump junit-bom from 5.8.2 to 5.9.0
+ Bump groovy-xml from 3.0.11 to 3.0.12
+ Bump groovy-json from 3.0.11 to 3.0.12
+ Bump groovy from 3.0.11 to 3.0.12
* Maintenance:
+ Require Maven 3.2.5
ModerateSUSE bug 1215973CVE-2023-37460 at SUSECVE-2023-37460 at NVDcpe:/o:opensuse:leap:15.5Security update for eclipse-jgit, jsch (Important)openSUSE Leap 15.5
This update for eclipse-jgit, jsch fixes the following issues:
Security fix:
- CVE-2023-4759: Fixed an arbitrary file overwrite which might have occurred with a specially crafted git repository and a case-insensitive filesystem. (bsc#1215298)
Other fixes:
jsch was updated to version 0.2.9:
- Added support for various algorithms
- Migrated from `com.jcraft:jsch` to `com.github.mwiede:jsch` fork (bsc#1211955):
* Alias to the old artifact since the new one is drop-in
replacement
* Keep the old OSGi bundle symbolic name to avoid extensive
patching of eclipse stack
- Updated to version 0.2.9:
* For the full list of changes please consult the upstream changelogs below for each version updated:
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.9
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.8
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.7
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.6
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.5
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.4
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.3
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.2
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.1
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.2.0
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.71
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.70
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.69
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.68
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.67
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.66
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.65
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.64
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.63
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.62
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.61
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.60
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.59
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.58
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.57
+ https://github.com/mwiede/jsch/releases/tag/jsch-0.1.56
eclipse-jgit:
- Craft the jgit script from the real Main class of the jar file instead of using a jar launcher (bsc#1209646)
ImportantSUSE bug 1209646SUSE bug 1211955SUSE bug 1215298CVE-2023-4759 at SUSECVE-2023-4759 at NVDcpe:/o:opensuse:leap:15.5Security update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (Moderate)openSUSE Leap 15.5
This update for abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 fixes the following issues:
abseil-cpp was updated to:
Update to 20230802.1:
* Add StdcppWaiter to the end of the list of waiter implementations
Update to 20230802.0
What's New:
* Added the nullability library for designating the expected
nullability of pointers. Currently these serve as annotations
only, but it is expected that compilers will one day be able
to use these annotations for diagnostic purposes.
* Added the prefetch library as a portable layer for moving data
into caches before it is read.
* Abseil's hash tables now detect many more programming errors
in debug and sanitizer builds.
* Abseil's synchronization objects now differentiate absolute
waits (when passed an absl::Time) from relative waits (when
passed an absl::Duration) when the underlying platform supports
differentiating these cases. This only makes a difference when
system clocks are adjusted.
* Abseil's flag parsing library includes additional methods that
make it easier to use when another library also expects to be
able to parse flags.
* absl::string_view is now available as a smaller target,
@com_google_absl//absl/strings:string_view, so that users may
use this library without depending on the much larger
@com_google_absl//absl/strings target.
Update to 20230125.3
Details can be found on:
https://github.com/abseil/abseil-cpp/releases/tag/20230125.3
Update to 20230125.2
What's New:
The Abseil logging library has been released. This library
provides facilities for writing short text messages about the
status of a program to stderr, disk files, or other sinks
(via an extension API). See the logging library documentation
for more information.
An extension point, AbslStringify(), allows user-defined types
to seamlessly work with Abseil's string formatting functions
like absl::StrCat() and absl::StrFormat().
A library for computing CRC32C checksums has been added.
Floating-point parsing now uses the Eisel-Lemire algorithm,
which provides a significant speed improvement.
The flags library now provides suggestions for the closest
flag(s) in the case of misspelled flags.
Using CMake to install Abseil now makes the installed artifacts
(in particular absl/base/options.h) reflect the compiled ABI.
Breaking Changes:
Abseil now requires at least C++14 and follows Google's Foundational
C++ Support Policy. See this table for a list of currently supported
versions compilers, platforms, and build tools.
The legacy spellings of the thread annotation macros/functions
(e.g. GUARDED_BY()) have been removed by default in favor of the
ABSL_ prefixed versions (e.g. ABSL_GUARDED_BY()) due to clashes with
other libraries. The compatibility macro ABSL_LEGACY_THREAD_ANNOTATIONS
can be defined on the compile command-line to temporarily restore these
spellings, but this compatibility macro will be removed in the future.
Known Issues
The Abseil logging library in this release is not a feature-complete
replacement for glog yet. VLOG and DFATAL are examples of features
that have not yet been released.
Update to version 20220623.0
What's New:
* Added absl::AnyInvocable, a move-only function type.
* Added absl::CordBuffer, a type for buffering data for eventual inclusion an
absl::Cord, which is useful for writing zero-copy code.
* Added support for command-line flags of type absl::optional<T>.
Breaking Changes:
* CMake builds now use the flag ABSL_BUILD_TESTING (default: OFF) to control
whether or not unit tests are built.
* The ABSL_DEPRECATED macro now works with the GCC compiler. GCC users that
are experiencing new warnings can use -Wno-deprecated-declatations silence
the warnings or use -Wno-error=deprecated-declarations to see warnings but
not fail the build.
* ABSL_CONST_INIT uses the C++20 keyword constinit when available. Some
compilers are more strict about where this keyword must appear compared to
the pre-C++20 implementation.
* Bazel builds now depend on the bazelbuild/bazel-skylib repository.
See Abseil's WORKSPACE file for an example of how to add this dependency.
Other:
* This will be the last release to support C++11. Future releases will require at least C++14.
grpc was updated to 1.60:
Update to release 1.60
* Implemented dualstack IPv4 and IPv6 backend support, as per
draft gRFC A61. xDS support currently guarded by
GRPC_EXPERIMENTAL_XDS_DUALSTACK_ENDPOINTS env var.
* Support for setting proxy for addresses.
* Add v1 reflection.
update to 1.59.3:
* Security - Revocation: Crl backport to 1.59. (#34926)
Update to release 1.59.2
* Fixes for CVE-2023-44487
Update to version 1.59.1:
* C++: Fix MakeCordFromSlice memory bug (gh#grpc/grpc#34552).
Update to version 1.59.0:
* xds ssa: Remove environment variable protection for stateful
affinity (gh#grpc/grpc#34435).
* c-ares: fix spin loop bug when c-ares gives up on a socket
that still has data left in its read buffer
(gh#grpc/grpc#34185).
* Deps: Adding upb as a submodule (gh#grpc/grpc#34199).
* EventEngine: Update Cancel contract on closure deletion
timeline (gh#grpc/grpc#34167).
* csharp codegen: Handle empty base_namespace option value to
fix gh#grpc/grpc#34113 (gh#grpc/grpc#34137).
* Ruby:
- replace strdup with gpr_strdup (gh#grpc/grpc#34177).
- drop ruby 2.6 support (gh#grpc/grpc#34198).
Update to release 1.58.1
* Reintroduced c-ares 1.14 or later support
Update to release 1.58
* ruby extension: remove unnecessary background thread startup
wait logic that interferes with forking
Update to release 1.57 (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* EventEngine: Change GetDNSResolver to return
absl::StatusOr<std::unique_ptr<DNSResolver>>.
* Improve server handling of file descriptor exhaustion.
* Add a channel argument to set DSCP on streams.
Update to release 1.56.2
* Improve server handling of file descriptor exhaustion
Update to release 1.56.0 (CVE-2023-32731, bsc#1212180)
* core: Add support for vsock transport.
* EventEngine: Change TXT lookup result type to
std::vector<std::string>.
* C++/Authz: support customizable audit functionality for
authorization policy.
Update to release 1.54.1
* Bring declarations and definitions to be in sync
Update to release 1.54 (CVE-2023-32732, bsc#1212182)
* XDS: enable XDS federation by default
* TlsCreds: Support revocation of intermediate in chain
Update to release 1.51.1
* Only a macOS/aarch64-related change
Update to release 1.51
* c-ares DNS resolver: fix logical race between resolution
timeout/cancellation and fd readability.
* Remove support for pthread TLS
Update to release 1.50.0
* Core
- Derive EventEngine from std::enable_shared_from_this. (#31060)
- Revert 'Revert '[chttp2] fix stream leak with queued flow control
update and absence of writes (#30907)' (#30991)'. (#30992)
- [chttp2] fix stream leak with queued flow control update and absence of writes. (#30907)
- Remove gpr_codegen. (#30899)
- client_channel: allow LB policy to communicate update errors to resolver. (#30809)
- FaultInjection: Fix random number generation. (#30623)
* C++
- OpenCensus Plugin: Add measure and views for started RPCs. (#31034)
* C#
- Grpc.Tools: Parse warnings from libprotobuf (fix #27502). (#30371)
- Grpc.Tools add support for env variable GRPC_PROTOC_PLUGIN (fix #27099). (#30411)
- Grpc.Tools document AdditionalImportDirs. (#30405)
- Fix OutputOptions and GrpcOutputOptions (issue #25950). (#30410)
Update to release 1.49.1
* All
- Update protobuf to v21.6 on 1.49.x. (#31028)
* Ruby
- Backport 'Fix ruby windows ucrt build #31051' to 1.49.x. (#31053)
Update to release 1.49.0
* Core
- Backport: 'stabilize the C2P resolver URI scheme' to v1.49.x. (#30654)
- Bump core version. (#30588)
- Update OpenCensus to HEAD. (#30567)
- Update protobuf submodule to 3.21.5. (#30548)
- Update third_party/protobuf to 3.21.4. (#30377)
- [core] Remove GRPC_INITIAL_METADATA_CORKED flag. (#30443)
- HTTP2: Fix keepalive time throttling. (#30164)
- Use AnyInvocable in EventEngine APIs. (#30220)
* Python
- Add type stub generation support to grpcio-tools. (#30498)
Update to release 1.48.1
* Backport EventEngine Forkables
Update to release 1.48.0
* C++14 is now required
* xDS: Workaround to get gRPC clients working with istio
Update to release 1.46.3
* backport: xds: use federation env var to guard new-style
resource name parsing (#29725) #29727
Update to release 1.46
* Added HTTP/1.1 support in httpcli
* HTTP2: Add graceful goaway
Update to release 1.45.2
* Various fixes related to XDS
* HTTP2: Should not run cancelling logic on servers when
receiving GOAWAY
Update to release 1.45.1
* Switched to epoll1 as a default polling engine for Linux
Update to version 1.45.0:
* Core:
- Backport 'Include ADS stream error in XDS error updates
(#29014)' to 1.45.x [gh#grpc/grpc#29121].
- Bump core version to 23.0.0 for upcoming release
[gh#grpc/grpc#29026].
- Fix memory leak in HTTP request security handshake
cancellation [gh#grpc/grpc#28971].
- CompositeChannelCredentials: Comparator implementation
[gh#grpc/grpc#28902].
- Delete custom iomgr [gh#grpc/grpc#28816].
- Implement transparent retries [gh#grpc/grpc#28548].
- Uniquify channel args keys [gh#grpc/grpc#28799].
- Set trailing_metadata_available for recv_initial_metadata
ops when generating a fake status [gh#grpc/grpc#28827].
- Eliminate gRPC insecure build [gh#grpc/grpc#25586].
- Fix for a racy WorkSerializer shutdown [gh#grpc/grpc#28769].
- InsecureCredentials: singleton object [gh#grpc/grpc#28777].
- Add http cancel api [gh#grpc/grpc#28354].
- Memory leak fix on windows in grpc_tcp_create()
[gh#grpc/grpc#27457].
- xDS: Rbac filter updates [gh#grpc/grpc#28568].
* C++
- Bump the minimum gcc to 5 [gh#grpc/grpc#28786].
- Add experimental API for CRL checking support to gRPC C++
TlsCredentials [gh#grpc/grpc#28407].
Update to release 1.44.0
* Add a trace to list which filters are contained in a
channel stack.
* Remove grpc_httpcli_context.
* xDS: Add support for RBAC HTTP filter.
* API to cancel grpc_resolve_address.
Update to version 1.43.2:
* Fix google-c2p-experimental issue (gh#grpc/grpc#28692).
Changes from version 1.43.0:
* Core:
- Remove redundant work serializer usage in c-ares windows
code (gh#grpc/grpc#28016).
- Support RDS updates on the server (gh#grpc/grpc#27851).
- Use WorkSerializer in XdsClient to propagate updates in a
synchronized manner (gh#grpc/grpc#27975).
- Support Custom Post-handshake Verification in TlsCredentials
(gh#grpc/grpc#25631).
- Reintroduce the EventEngine default factory
(gh#grpc/grpc#27920).
- Assert Android API >= v21 (gh#grpc/grpc#27943).
- Add support for abstract unix domain sockets
(gh#grpc/grpc#27906).
* C++:
- OpenCensus: Move metadata storage to arena
(gh#grpc/grpc#27948).
* [C#] Add nullable type attributes to Grpc.Core.Api
(gh#grpc/grpc#27887).
- Update package name libgrpc++1 to libgrpc++1_43 in keeping with
updated so number.
Update to release 1.41.0
* xDS: Remove environmental variable guard for security.
* xDS Security: Use new way to fetch certificate provider
plugin instance config.
* xDS server serving status: Use a struct to allow more fields
to be added in the future.
Update to release 1.39.1
* Fix C# protoc plugin argument parsing on 1.39.x
Update to version 1.39.0:
* Core
- Initialize tcp_posix for CFStream when needed
(gh#grpc/grpc#26530).
- Update boringssl submodule (gh#grpc/grpc#26520).
- Fix backup poller races (gh#grpc/grpc#26446).
- Use default port 443 in HTTP CONNECT request
(gh#grpc/grpc#26331).
* C++
- New iomgr implementation backed by the EventEngine API
(gh#grpc/grpc#26026).
- async_unary_call: add a Destroy method, called by
std::default_delete (gh#grpc/grpc#26389).
- De-experimentalize C++ callback API (gh#grpc/grpc#25728).
* PHP: stop reading composer.json file just to read the version
string (gh#grpc/grpc#26156).
* Ruby: Set XDS user agent in ruby via macros
(gh#grpc/grpc#26268).
Update to release 1.38.0
* Invalidate ExecCtx now before computing timeouts in all
repeating timer events using a WorkSerializer or combiner.
* Fix use-after-unref bug in fault_injection_filter
* New gRPC EventEngine Interface
* Allow the AWS_DEFAULT_REGION environment variable
* s/OnServingStatusChange/OnServingStatusUpdate/
Update to release 1.37.1
* Use URI form of address for channelz listen node
* Implementation CSDS (xDS Config Dump)
* xDS status notifier
* Remove CAS loops in global subchannel pool and simplify
subchannel refcounting
Update to release 1.36.4
* A fix for DNS SRV lookups on Windows
Update to 1.36.1:
* Core:
* Remove unnecessary internal pollset set in c-ares DNS resolver
* Support Default Root Certs in Tls Credentials
* back-port: add env var protection for google-c2p resolver
* C++:
* Move third party identity C++ api out of experimental namespace
* refactor!: change error_details functions to templates
* Support ServerContext for callback API
* PHP:
* support for PSM security
* fixed segfault on reused call object
* fixed phpunit 8 warnings
* Python:
* Implement Python Client and Server xDS Creds
Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
* Backport 'do not use <PublicSign>true</PublicSign> on
non-windows' to 1.34.x (gh#grpc/grpc#24995).
Update to version 1.34.0:
* Core:
- Protect xds security code with the environment variable
'GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT'
(gh#grpc/grpc#24782).
- Add support for 'unix-abstract:' URIs to support abstract
unix domain sockets (gh#grpc/grpc#24500).
- Increment Index when parsing not plumbed SAN fields
(gh#grpc/grpc#24601).
- Revert 'Revert 'Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS''
(gh#grpc/grpc#24518).
- xds: Set status code to INVALID_ARGUMENT when NACKing
(gh#grpc/grpc#24516).
- Include stddef.h in address_sorting.h (gh#grpc/grpc#24514).
- xds: Add support for case_sensitive option in RouteMatch
(gh#grpc/grpc#24381).
* C++:
- Fix --define=grpc_no_xds=true builds (gh#grpc/grpc#24503).
- Experimental support and tests for
CreateCustomInsecureChannelWithInterceptorsFromFd
(gh#grpc/grpc#24362).
Update to release 1.33.2
* Deprecate GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS.
* Expose Cronet error message to the application layer.
* Remove grpc_channel_ping from surface API.
* Do not send BDP pings if there is no receive side activity.
Update to version 1.33.1
* Core
- Deprecate
GRPC_ARG_HTTP2_MIN_SENT_PING_INTERVAL_WITHOUT_DATA_MS
(gh#grpc/grpc#24063).
- Expose Cronet error message to the application layer
(gh#grpc/grpc#24083).
- Remove grpc_channel_ping from surface API
(gh#grpc/grpc#23894).
- Do not send BDP pings if there is no receive side activity
(gh#grpc/grpc#22997).
* C++
- Makefile: only support building deps from submodule
(gh#grpc/grpc#23957).
- Add new subpackages - libupb and upb-devel. Currently, grpc
sources include also upb sources. Before this change, libupb and
upb-devel used to be included in a separate package - upb.
Update to version 1.32.0:
* Core
- Remove stream from stalled lists on remove_stream
(gh#grpc/grpc#23984).
- Do not cancel RPC if send metadata size if larger than
peer's limit (gh#grpc/grpc#23806).
- Don't consider receiving non-OK status as an error for HTTP2
(gh#grpc/grpc#19545).
- Keepalive throttling (gh#grpc/grpc#23313).
- Include the target_uri in 'target uri is not valid' error
messages (gh#grpc/grpc#23782).
- Fix 'cannot send compressed message large than 1024B' in
cronet_transport (gh#grpc/grpc#23219).
- Receive SETTINGS frame on clients before declaring
subchannel READY (gh#grpc/grpc#23636).
- Enabled GPR_ABSEIL_SYNC (gh#grpc/grpc#23372).
- Experimental xDS v3 support (gh#grpc/grpc#23281).
* C++
- Upgrade bazel used for all tests to 2.2.0
(gh#grpc/grpc#23902).
- Remove test targets and test helper libraries from Makefile
(gh#grpc/grpc#23813).
- Fix repeated builds broken by re2's cmake
(gh#grpc/grpc#23587).
- Log the peer address of grpc_cli CallMethod RPCs to stderr
(gh#grpc/grpc#23557).
opencensus-proto was updated to 0.3.0+git.20200721:
- Update to version 0.3.0+git.20200721:
* Bump version to 0.3.0
* Generate Go types using protocolbuffers/protobuf-go (#218)
* Load proto_library() rule. (#216)
- Update to version 0.2.1+git.20190826:
* Remove grpc_java dependency and java_proto rules. (#214)
* Add C++ targets, especially for gRPC services. (#212)
* Upgrade bazel and dependencies to latest. (#211)
* Bring back bazel cache to make CI faster. (#210)
* Travis: don't require sudo for bazel installation. (#209)
- Update to version 0.2.1:
* Add grpc-gateway for metrics service. (#205)
* Pin bazel version in travis builds (#207)
* Update gen-go files (#199)
* Add Web JS as a LibraryInfo.Language option (#198)
* Set up Python packaging for PyPI release. (#197)
* Add tracestate to links. (#191)
* Python proto file generator and generated proto files (#196)
* Ruby proto file generator and generated proto files (#192)
* Add py_proto_library() rules for envoy/api. (#194)
* Gradle: Upgrade dependency versions. (#193)
* Update release versions for readme. (#189)
* Start 0.3.0 development cycle
* Update gen-go files. (#187)
* Revert 'Start 0.3.0 development cycle (#167)' (#183)
* Revert optimization for metric descriptor and bucket options for now. (#184)
* Constant sampler: add option to always follow the parent's decision. (#182)
* Document that all maximum values must be specified. (#181)
* Fix typo in bucket bounds. (#178)
* Restrict people who can approve reviews. This is to ensure code quality. (#177)
* Use bazel cache to make CI faster. (#176)
* Add grpc generated files to the idea plugin. (#175)
* Add Resource to Span (#174)
* time is required (#170)
* Upgrade protobuf dependency to v3.6.1.3. (#173)
* assume Ok Status when not set (#171)
* Minor comments fixes (#160)
* Start 0.3.0 development cycle (#167)
* Update gen-go files. (#162)
* Update releasing instruction. (#163)
* Fix Travis build. (#165)
* Add OpenApi doc for trace agent grpc-gateway (#157)
* Add command to generate OpenApi/Swagger doc for grpc-gateway (#156)
* Update gen-go files (#155)
* Add trace export grpc-gateway config (#77)
* Fix bazel build after bazel upgrade (#154)
* README: Add gitter, javadoc and godoc badge. (#151)
* Update release versions for README. (#150)
* Start 0.2.0 development cycle
* Add resource and metrics_service proto to mkgogen. Re-generate gen-go files. (#147)
* Add resource to protocol (#137)
* Fix generating the javadoc. (#144)
* Metrics/TimeSeries: start time should not be included while end time should. (#142)
* README: Add instructions on using opencensus_proto with Bazel. (#140)
* agent/README: update package info. (#138)
* Agent: Add metrics service. (#136)
* Tracing: Add default limits to TraceConfig. (#133)
* Remove a stale TODO. (#134)
* README: Add a note about go_proto_library rules. (#135)
* add golang bazel build support (#132)
* Remove exporter protos from mkgogen. (#128)
* Update README and RELEASING. (#130)
* Change histogram buckets definition to be OpenMetrics compatible. (#121)
* Remove exporter/v1 protos. (#124)
* Clean up the README for Agent proto. (#126)
* Change Quantiles to ValuesAtPercentile. (#122)
* Extend the TraceService service to support export/config for multiple Applications. (#119)
* Add specifications on Agent implementation details. (#112)
* Update gitignore (#118)
* Remove maven support. Not used. (#116)
* Add gauge distribution. (#117)
* Add support for Summary type and value. (#110)
* Add Maven status and instructions on adding dependencies. (#115)
* Bump version to 0.0.3-SNAPSHOT
* Bump version to 0.0.2
* Update gen-go files. (#114)
* Gradle: Add missing source and javadoc rules. (#113)
* Add support for float attributes. (#98)
* Change from mean to sum in distribution. (#109)
* Bump version to v0.0.2-SNAPSHOT
* Bump version to v0.0.1
* Add releasing instructions in RELEASING.md. (#106)
* Add Gradle build rules for generating gRPC service and releasing to Maven. (#102)
* Re-organize proto directory structure. (#103)
* Update gen-go files. (#101)
* Add a note about interceptors of other libraries. (#94)
* agent/common/v1: use exporter_version, core_library_version in LibraryInfo (#100)
* opencensus/proto: add default Agent port to README (#97)
* Update the message names for Config RPC. (#93)
* Add details about agent protocol in the README. (#88)
* Update gen-go files. (#92)
* agent/trace/v1: fix signature for Config and comments too (#91)
* Update gen-go files. (#86)
* Make tracestate a list instead of a map to preserve ordering. (#84)
* Allow MetricDescriptor to be sent only the first time. (#78)
* Update mkgogen.sh. (#85)
* Add agent trace service proto definitions. (#79)
* Update proto and gen-go package names. (#83)
* Add agent/common proto and BUILD. (#81)
* Add trace_config.proto. (#80)
* Build exporters with maven. (#76)
* Make clear that cumulative int/float can go only up. (#75)
* Add tracestate field to the Span proto. (#74)
* gradle wrapper --gradle-version 4.9 (#72)
* Change from multiple types of timeseries to have one. (#71)
* Move exemplars in the Bucket. (#70)
* Update gen-go files. (#69)
* Move metrics in the top level directory. (#68)
* Remove Range from Distribution. No backend supports this. (#67)
* Remove unused MetricSet message. (#66)
* Metrics: Add Exemplar to DistributionValue. (#62)
* Gauge vs Cumulative. (#65)
* Clarifying comment about bucket boundaries. (#64)
* Make MetricDescriptor.Type capture the type of the value as well. (#63)
* Regenerate the Go artifacts (#61)
* Add export service proto (#60)
- Initial version 20180523
protobuf was updated to 25.1:
update to 25.1:
* Raise warnings for deprecated python syntax usages
* Add support for extensions in CRuby, JRuby, and FFI Ruby
* Add support for options in CRuby, JRuby and FFI (#14594)
update to 25.0:
* Implement proto2/proto3 with editions
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Editions: Introduce functionality to protoc for generating
edition feature set defaults.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Editions: Refactor feature resolution to use an intermediate
message.
* Publish extension declarations with declaration
verifications.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Protoc: parser rejects explicit use of map_entry option
* Protoc: validate that reserved range start is before end
* Protoc: support identifiers as reserved names in addition to
string literals (only in editions)
* Drop support for Bazel 5.
* Allow code generators to specify whether or not they support
editions.
C++:
* Set `PROTOBUF_EXPORT` on
`InternalOutOfLineDeleteMessageLite()`
* Update stale checked-in files
* Apply PROTOBUF_NOINLINE to declarations of some functions
that want it.
* Implement proto2/proto3 with editions
* Make JSON UTF-8 boundary check inclusive of the largest
possible UTF-8 character.
* Reduce `Map::size_type` to 32-bits. Protobuf containers can't
have more than that
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Fix bug in reflection based Swap of map fields.
* Add utf8_validation feature back to the global feature set.
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Add prefetching to arena allocations.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
repeated and map field accessors.
* Editions: Migrate edition strings to enum in C++ code.
* Create a reflection helper for ExtensionIdentifier.
* Editions: Provide an API for C++ generators to specify their
features.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
string field accessors.
* Editions: Refactor feature resolution to use an intermediate
message.
* Fixes for 32-bit MSVC.
* Publish extension declarations with declaration
verifications.
* Export the constants in protobuf's any.h to support DLL
builds.
* Implement AbslStringify for the Descriptor family of types.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
message field accessors.
* Editions: Stop propagating partially resolved feature sets to
plugins.
* Editions: Migrate string_field_validation to a C++ feature
* Editions: Include defaults for any features in the generated
pool.
* Introduce C++ feature for UTF8 validation.
* Protoc: validate that reserved range start is before end
* Remove option to disable the table-driven parser in protoc.
* Lock down ctype=CORD in proto file.
* Support split repeated fields.
* In OSS mode omit some extern template specializations.
* Allow code generators to specify whether or not they support
editions.
Java:
* Implement proto2/proto3 with editions
* Remove synthetic oneofs from Java gencode field accessor
tables.
* Timestamps.parse: Add error handling for invalid
hours/minutes in the timezone offset.
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Add missing debugging version info to Protobuf Java gencode
when multiple files are generated.
* Fix a bad cast in putBuilderIfAbsent when already present due
to using the result of put() directly (which is null if it
currently has no value)
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Fix a NPE in putBuilderIfAbsent due to using the result of
put() directly (which is null if it currently has no value)
* Update Kotlin compiler to escape package names
* Add MapFieldBuilder and change codegen to generate it and the
put{field}BuilderIfAbsent method.
* Introduce recursion limit in Java text format parsing
* Consider the protobuf.Any invalid if typeUrl.split('/')
returns an empty array.
* Mark `FieldDescriptor.hasOptionalKeyword()` as deprecated.
* Fixed Python memory leak in map lookup.
* Loosen upb for json name conflict check in proto2 between
json name and field
* Defines Protobuf compiler version strings as macros and
separates out suffix string definition.
* Add `ABSL_ATTRIBUTE_LIFETIME_BOUND` attribute on generated
oneof accessors.
* Ensure Timestamp.ToDatetime(tz) has correct offset
* Do not check required field for upb python MergeFrom
* Setting up version updater to prepare for poison pills and
embedding version info into C++, Python and Java gencode.
* Merge the protobuf and upb Bazel repos
* Comparing a proto message with an object of unknown returns
NotImplemented
* Emit __slots__ in pyi output as a tuple rather than a list
for --pyi_out.
* Fix a bug that strips options from descriptor.proto in
Python.
* Raise warings for message.UnknownFields() usages and navigate
to the new add
* Add protobuf python keyword support in path for stub
generator.
* Add tuple support to set Struct
* ### Python C-Extension (Default)
* Comparing a proto message with an object of unknown returns
NotImplemented
* Check that ffi-compiler loads before using it to define
tasks.
UPB (Python/PHP/Ruby C-Extension):
* Include .inc files directly instead of through a filegroup
* Loosen upb for json name conflict check in proto2 between
json name and field
* Add utf8_validation feature back to the global feature set.
* Do not check required field for upb python MergeFrom
* Merge the protobuf and upb Bazel repos
* Added malloc_trim() calls to Python allocator so RSS will
decrease when memory is freed
* Upb: fix a Python memory leak in ByteSize()
* Support ASAN detection on clang
* Upb: bugfix for importing a proto3 enum from within a proto2
file
* Expose methods needed by Ruby FFI using UPB_API
* Fix `PyUpb_Message_MergeInternal` segfault
- Build with source and target levels 8
* fixes build with JDK21
- Install the pom file with the new %%mvn_install_pom macro
- Do not install the pom-only artifacts, since the %%mvn_install_pom
macro resolves the variables at the install time
update to 23.4:
* Add dllexport_decl for generated default instance.
* Deps: Update Guava to 32.0.1
update to 23.3:
C++:
* Regenerate stale files
* Use the same ABI for static and shared libraries on non-
Windows platforms
* Add a workaround for GCC constexpr bug
Objective-C:
* Regenerate stale files
UPB (Python/PHP/Ruby C-Extension)
* Fixed a bug in `upb_Map_Delete()` that caused crashes in
map.delete(k) for Ruby when string-keyed maps were in use.
Compiler:
* Add missing header to Objective-c generator
* Add a workaround for GCC constexpr bug
Java:
* Rollback of: Simplify protobuf Java message builder by
removing methods that calls the super class only.
Csharp:
* [C#] Replace regex that validates descriptor names
update to 22.5:
C++:
* Add missing cstdint header
* Fix: missing -DPROTOBUF_USE_DLLS in pkg-config (#12700)
* Avoid using string(JOIN..., which requires cmake 3.12
* Explicitly include GTest package in examples
* Bump Abseil submodule to 20230125.3 (#12660)
update to 22.4:
C++:
* Fix libprotoc: export useful symbols from .so
Python:
* Fix bug in _internal_copy_files where the rule would fail in
downstream repositories.
Other:
* Bump utf8_range to version with working pkg-config (#12584)
* Fix declared dependencies for pkg-config
* Update abseil dependency and reorder dependencies to ensure
we use the version specified in protobuf_deps.
* Turn off clang::musttail on i386
update to v22.3
UPB (Python/PHP/Ruby C-Extension):
* Remove src prefix from proto import
* Fix .gitmodules to use the correct absl branch
* Remove erroneous dependency on googletest
update to 22.2:
Java:
* Add version to intra proto dependencies and add kotlin stdlib
dependency
* Add $ back for osgi header
* Remove $ in pom files
update to 22.1:
* Add visibility of plugin.proto to python directory
* Strip 'src' from file name of plugin.proto
* Add OSGi headers to pom files.
* Remove errorprone dependency from kotlin protos.
* Version protoc according to the compiler version number.
- update to 22.0:
* This version includes breaking changes to: Cpp.
Please refer to the migration guide for information:
https://protobuf.dev/support/migration/#compiler-22
* [Cpp] Migrate to Abseil's logging library.
* [Cpp] `proto2::Map::value_type` changes to `std::pair`.
* [Cpp] Mark final ZeroCopyInputStream, ZeroCopyOutputStream,
and DefaultFieldComparator classes.
* [Cpp] Add a dependency on Abseil (#10416)
* [Cpp] Remove all autotools usage (#10132)
* [Cpp] Add C++20 reserved keywords
* [Cpp] Dropped C++11 Support
* [Cpp] Delete Arena::Init
* [Cpp] Replace JSON parser with new implementation
* [Cpp] Make RepeatedField::GetArena non-const in order to
support split RepeatedFields.
* long list of bindings specific fixes see
https://github.com/protocolbuffers/protobuf/releases/tag/v22.0
update to v21.12:
* Python:
* Fix broken enum ranges (#11171)
* Stop requiring extension fields to have a sythetic oneof (#11091)
* Python runtime 4.21.10 not works generated code can not load valid
proto.
update to 21.11:
* Python:
* Add license file to pypi wheels (#10936)
* Fix round-trip bug (#10158)
update to 21.10::
* Java:
* Use bit-field int values in buildPartial to skip work on unset groups of
fields. (#10960)
* Mark nested builder as clean after clear is called (#10984)
update to 21.9:
* Ruby:
* Replace libc strdup usage with internal impl to restore musl compat (#10818)
* Auto capitalize enums name in Ruby (#10454) (#10763)
* Other:
* Fix for grpc.tools #17995 & protobuf #7474 (handle UTF-8 paths in argumentfile) (#10721)
* C++:
* 21.x No longer define no_threadlocal on OpenBSD (#10743)
* Java:
* Mark default instance as immutable first to avoid race during static initialization of default instances (#10771)
* Refactoring java full runtime to reuse sub-message builders and prepare to
migrate parsing logic from parse constructor to builder.
* Move proto wireformat parsing functionality from the private 'parsing
constructor' to the Builder class.
* Change the Lite runtime to prefer merging from the wireformat into mutable
messages rather than building up a new immutable object before merging. This
way results in fewer allocations and copy operations.
* Make message-type extensions merge from wire-format instead of building up
instances and merging afterwards. This has much better performance.
* Fix TextFormat parser to build up recurring (but supposedly not repeated)
sub-messages directly from text rather than building a new sub-message and
merging the fully formed message into the existing field.
update to 21.6:
C++:
* Reduce memory consumption of MessageSet parsing
update to 21.5:
PHP:
* Added getContainingOneof and getRealContainingOneof to descriptor.
* fix PHP readonly legacy files for nested messages
Python:
* Fixed comparison of maps in Python.
- update to 21.4:
* Reduce the required alignment of ArenaString from 8 to 4
- update to 21.3:
* C++:
* Add header search paths to Protobuf-C++.podspec (#10024)
* Fixed Visual Studio constinit errors (#10232)
* Fix #9947: make the ABI compatible between debug and non-debug builds (#10271)
* UPB:
* Allow empty package names (fixes behavior regression in 4.21.0)
* Fix a SEGV bug when comparing a non-materialized sub-message (#10208)
* Fix several bugs in descriptor mapping containers (eg. descriptor.services_by_name)
* for x in mapping now yields keys rather than values, to match Python
conventions and the behavior of the old library.
* Lookup operations now correctly reject unhashable types as map keys.
* We implement repr() to use the same format as dict.
* Fix maps to use the ScalarMapContainer class when appropriate
* Fix bug when parsing an unknown value in a proto2 enum extension (protocolbuffers/upb#717)
* PHP:
* Add 'readonly' as a keyword for PHP and add previous classnames to descriptor pool (#10041)
* Python:
* Make //:protobuf_python and //:well_known_types_py_pb2 public (#10118)
* Bazel:
* Add back a filegroup for :well_known_protos (#10061)
Update to 21.2:
- C++:
- cmake: Call get_filename_component() with DIRECTORY mode instead of PATH mode (#9614)
- Escape GetObject macro inside protoc-generated code (#9739)
- Update CMake configuration to add a dependency on Abseil (#9793)
- Fix cmake install targets (#9822)
- Use __constinit only in GCC 12.2 and up (#9936)
- Java:
- Update protobuf_version.bzl to separate protoc and per-language java … (#9900)
- Python:
- Increment python major version to 4 in version.json for python upb (#9926)
- The C extension module for Python has been rewritten to use the upb library.
- This is expected to deliver significant performance benefits, especially when
parsing large payloads. There are some minor breaking changes, but these
should not impact most users. For more information see:
https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates
- PHP:
- [PHP] fix PHP build system (#9571)
- Fix building packaged PHP extension (#9727)
- fix: reserve 'ReadOnly' keyword for PHP 8.1 and add compatibility (#9633)
- fix: phpdoc syntax for repeatedfield parameters (#9784)
- fix: phpdoc for repeatedfield (#9783)
- Change enum string name for reserved words (#9780)
- chore: [PHP] fix phpdoc for MapField keys (#9536)
- Fixed PHP SEGV by not writing to shared memory for zend_class_entry. (#9996)
- Ruby:
- Allow pre-compiled binaries for ruby 3.1.0 (#9566)
- Implement respond_to? in RubyMessage (#9677)
- [Ruby] Fix RepeatedField#last, #first inconsistencies (#9722)
- Do not use range based UTF-8 validation in truffleruby (#9769)
- Improve range handling logic of RepeatedField (#9799)
- Other:
- Fix invalid dependency manifest when using descriptor_set_out (#9647)
- Remove duplicate java generated code (#9909)
- Update to 3.20.1:
- PHP:
- Fix building packaged PHP extension (#9727)
- Fixed composer.json to only advertise compatibility with
PHP 7.0+. (#9819)
- Ruby:
- Disable the aarch64 build on macOS until it can be fixed. (#9816)
- Other:
- Fix versioning issues in 3.20.0
- Update to 3.20.1:
- Ruby:
- Dropped Ruby 2.3 and 2.4 support for CI and releases.
(#9311)
- Added Ruby 3.1 support for CI and releases (#9566).
- Message.decode/encode: Add recursion_limit option
(#9218/#9486)
- Allocate with xrealloc()/xfree() so message allocation is
visible to the
- Ruby GC. In certain tests this leads to much lower memory
usage due to more
- frequent GC runs (#9586).
- Fix conversion of singleton classes in Ruby (#9342)
- Suppress warning for intentional circular require (#9556)
- JSON will now output shorter strings for double and float
fields when possible
- without losing precision.
- Encoding and decoding of binary format will now work
properly on big-endian
- systems.
- UTF-8 verification was fixed to properly reject surrogate
code points.
- Unknown enums for proto2 protos now properly implement
proto2's behavior of
- putting such values in unknown fields.
- Java:
- Revert 'Standardize on Array copyOf' (#9400)
- Resolve more java field accessor name conflicts (#8198)
- Fix parseFrom to only throw InvalidProtocolBufferException
- InvalidProtocolBufferException now allows arbitrary wrapped
Exception types.
- Fix bug in FieldSet.Builder.mergeFrom
- Flush CodedOutputStream also flushes underlying
OutputStream
- When oneof case is the same and the field type is Message,
merge the
- subfield. (previously it was replaced.)’
- Add @CheckReturnValue to some protobuf types
- Report original exceptions when parsing JSON
- Add more info to @deprecated javadoc for set/get/has
methods
- Fix initialization bug in doc comment line numbers
- Fix comments for message set wire format.
- Kotlin:
- Add test scope to kotlin-test for protobuf-kotlin-lite
(#9518)
- Add orNull extensions for optional message fields.
- Add orNull extensions to all proto3 message fields.
- Python:
- Dropped support for Python < 3.7 (#9480)
- Protoc is now able to generate python stubs (.pyi) with
--pyi_out
- Pin multibuild scripts to get manylinux1 wheels back
(#9216)
- Fix type annotations of some Duration and Timestamp
methods.
- Repeated field containers are now generic in field types
and could be used in type annotations.
- Protobuf python generated codes are simplified. Descriptors
and message classes' definitions are now dynamic created in
internal/builder.py.
- Insertion Points for messages classes are discarded.
- has_presence is added for FieldDescriptor in python
- Loosen indexing type requirements to allow valid index()
implementations rather than only PyLongObjects.
- Fix the deepcopy bug caused by not copying
message_listener.
- Added python JSON parse recursion limit (default 100)
- Path info is added for python JSON parse errors
- Pure python repeated scalar fields will not able to pickle.
Convert to list first.
- Timestamp.ToDatetime() now accepts an optional tzinfo
parameter. If specified, the function returns
a timezone-aware datetime in the given time zone. If
omitted or None, the function returns a timezone-naive UTC
datetime (as previously).
- Adds client_streaming and server_streaming fields to
MethodDescriptor.
- Add 'ensure_ascii' parameter to json_format.MessageToJson.
This allows smaller JSON serializations with UTF-8 or other
non-ASCII encodings.
- Added experimental support for directly assigning numpy
scalars and array.
- Improve the calculation of public_dependencies in
DescriptorPool.
- [Breaking Change] Disallow setting fields to numpy
singleton arrays or repeated fields to numpy
multi-dimensional arrays. Numpy arrays should be indexed or
flattened explicitly before assignment.
- Compiler:
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Rework allocations to power-of-two byte sizes.
- Migrate IsDefault(const std::string*) and
UnsafeSetDefault(const std::string*)
- Implement strong qualified tags for TaggedPtr
- Make TaggedPtr Set...() calls explicitly spell out the
content type.
- Check for parsing error before verifying UTF8.
- Enforce a maximum message nesting limit of 32 in the
descriptor builder to
- guard against stack overflows
- Fixed bugs in operators for RepeatedPtrIterator
- Assert a maximum map alignment for allocated values
- Fix proto1 group extension protodb parsing error
- Do not log/report the same descriptor symbol multiple
times if it contains
- more than one invalid character.
- Add UnknownFieldSet::SerializeToString and
SerializeToCodedStream.
- Remove explicit default pointers and deprecated API from
protocol compiler
- Arenas:
- Change Repeated*Field to reuse memory when using arenas.
- Implements pbarenaz for profiling proto arenas
- Introduce CreateString() and CreateArenaString() for
cleaner semantics
- Fix unreferenced parameter for MSVC builds
- Add UnsafeSetAllocated to be used for one-of string
fields.
- Make Arena::AllocateAligned() a public function.
- Determine if ArenaDtor related code generation is
necessary in one place.
- Implement on demand register ArenaDtor for
InlinedStringField
- C++:
- Enable testing via CTest (#8737)
- Add option to use external GTest in CMake (#8736)
- CMake: Set correct sonames for libprotobuf-lite.so and
libprotoc.so (#8635) (#9529)
- Add cmake option protobuf_INSTALL to not install files
(#7123)
- CMake: Allow custom plugin options e.g. to generate mocks
(#9105)
- CMake: Use linker version scripts (#9545)
- Manually *struct Cord fields to work better with arenas.
- Manually destruct map fields.
- Generate narrower code
- Fix #9378 by removing
- shadowed cached_size field
- Remove GetPointer() and explicit nullptr defaults.
- Add proto_h flag for speeding up large builds
- Add missing overload for reference wrapped fields.
- Add MergedDescriptorDatabase::FindAllFileNames()
- RepeatedField now defines an iterator type instead of
using a pointer.
- Remove obsolete macros GOOGLE_PROTOBUF_HAS_ONEOF and
GOOGLE_PROTOBUF_HAS_ARENAS.
- PHP:
- Fix: add missing reserved classnames (#9458)
- PHP 8.1 compatibility (#9370)
- C#:
- Fix trim warnings (#9182)
- Fixes NullReferenceException when accessing
FieldDescriptor.IsPacked (#9430)
- Add ToProto() method to all descriptor classes (#9426)
- Add an option to preserve proto names in JsonFormatter
(#6307)
- Objective-C:
- Add prefix_to_proto_package_mappings_path option. (#9498)
- Rename proto_package_to_prefix_mappings_path to
package_to_prefix_mappings_path. (#9552)
- Add a generation option to control use of forward
declarations in headers. (#9568)
- update to 3.19.4:
Python:
* Make libprotobuf symbols local on OSX to fix issue #9395 (#9435)
Ruby:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32
PHP:
* Fixed a data loss bug that could occur when the number of optional fields
in a message is an exact multiple of 32.
- Update to 3.19.3:
C++:
* Make proto2::Message::DiscardUnknownFields() non-virtual
* Separate RepeatedPtrField into its own header file
* For default floating point values of 0, consider all bits significant
* Fix shadowing warnings
* Fix for issue #8484, constant initialization doesn't compile in msvc clang-cl environment
Java:
* Improve performance characteristics of UnknownFieldSet parsing
* For default floating point values of 0, consider all bits significant
* Annotate //java/com/google/protobuf/util/... with nullness annotations
* Use ArrayList copy constructor
Bazel:
* Ensure that release archives contain everything needed for Bazel
* Align dependency handling with Bazel best practices
Javascript:
* Fix ReferenceError: window is not defined when getting the global object
Ruby:
* Fix memory leak in MessageClass.encode
* Override Map.clone to use Map's dup method
* Ruby: build extensions for arm64-darwin
* Add class method Timestamp.from_time to ruby well known types
* Adopt pure ruby DSL implementation for JRuby
* Add size to Map class
* Fix for descriptor_pb.rb: google/protobuf should be required first
Python:
* Proto2 DecodeError now includes message name in error message
* Make MessageToDict convert map keys to strings
* Add python-requires in setup.py
* Add python 3.10
- Update to 3.17.3:
C++
* Introduce FieldAccessListener.
* Stop emitting boilerplate {Copy/Merge}From in each ProtoBuf class
* Provide stable versions of SortAndUnique().
* Make sure to cache proto3 optional message fields when they are cleared.
* Expose UnsafeArena methods to Reflection.
* Use std::string::empty() rather than std::string::size() > 0.
* [Protoc] C++ Resolved an issue where NO_DESTROY and CONSTINIT are in incorrect order (#8296)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* Delete StringPiecePod (#8353)
* Create a CMake option to control whether or not RTTI is enabled (#8347)
* Make util::Status more similar to absl::Status (#8405)
* The ::pb namespace is no longer exposed due to conflicts.
* Allow MessageDifferencer::TreatAsSet() (and friends) to override previous
calls instead of crashing.
* Reduce the size of generated proto headers for protos with string or
bytes fields.
* Move arena() operation on uncommon path to out-of-line routine
* For iterator-pair function parameter types, take both iterators by value.
* Code-space savings and perhaps some modest performance improvements in
* RepeatedPtrField.
* Eliminate nullptr check from every tag parse.
* Remove unused _$name$cached_byte_size fields.
* Serialize extension ranges together when not broken by a proto field in the
middle.
* Do out-of-line allocation and deallocation of string object in ArenaString.
* Streamline ParseContext::ParseMessage to avoid code bloat and improve
performance.
* New member functions RepeatedField::Assign, RepeatedPtrField::{Add, Assign}.
on an error path.
* util::DefaultFieldComparator will be final in a future version of protobuf.
* Subclasses should inherit from SimpleFieldComparator instead.
Kotlin
* Introduce support for Kotlin protos (#8272)
* Restrict extension setter and getter operators to non-nullable T.
Java
* Fixed parser to check that we are at a proper limit when a sub-message has
finished parsing.
* updating GSON and Guava to more recent versions (#8524)
* Reduce the time spent evaluating isExtensionNumber by storing the extension
ranges in a TreeMap for faster queries. This is particularly relevant for
protos which define a large number of extension ranges, for example when
each tag is defined as an extension.
* Fix java bytecode estimation logic for optional fields.
* Optimize Descriptor.isExtensionNumber.
* deps: update JUnit and Truth (#8319)
* Detect invalid overflow of byteLimit and return InvalidProtocolBufferException as documented.
* Exceptions thrown while reading from an InputStream in parseFrom are now
included as causes.
* Support potentially more efficient proto parsing from RopeByteStrings.
* Clarify runtime of ByteString.Output.toStringBuffer().
* Added UnsafeByteOperations to protobuf-lite (#8426)
Python:
* Add MethodDescriptor.CopyToProto() (#8327)
* Remove unused python_protobuf.{cc,h} (#8513)
* Start publishing python aarch64 manylinux wheels normally (#8530)
* Fix constness issue detected by MSVC standard conforming mode (#8568)
* Make JSON parsing match C++ and Java when multiple fields from the same
oneof are present and all but one is null.
* Fix some constness / char literal issues being found by MSVC standard conforming mode (#8344)
* Switch on 'new' buffer API (#8339)
* Enable crosscompiling aarch64 python wheels under dockcross manylinux docker image (#8280)
* Fixed a bug in text format where a trailing colon was printed for repeated field.
* When TextFormat encounters a duplicate message map key, replace the current
one instead of merging.
Ruby:
* Add support for proto3 json_name in compiler and field definitions (#8356)
* Fixed memory leak of Ruby arena objects. (#8461)
* Fix source gem compilation (#8471)
* Fix various exceptions in Ruby on 64-bit Windows (#8563)
* Fix crash when calculating Message hash values on 64-bit Windows (#8565)
General:
* Support M1 (#8557)
Update to 3.15.8:
- Fixed memory leak of Ruby arena objects (#8461)
Update to 3.15.7:
C++:
* Remove the ::pb namespace (alias) (#8423)
Ruby:
* Fix unbounded memory growth for Ruby <2.7 (#8429)
* Fixed message equality in cases where the message type is different (#8434)
update to 3.15.6:
Ruby:
* Fixed bug in string comparison logic (#8386)
* Fixed quadratic memory use in array append (#8379)
* Fixed SEGV when users pass nil messages (#8363)
* Fixed quadratic memory usage when appending to arrays (#8364)
* Ruby <2.7 now uses WeakMap too, which prevents memory leaks. (#8341)
* Fix for FieldDescriptor.get(msg) (#8330)
* Bugfix for Message.[] for repeated or map fields (#8313)
PHP:
* read_property() handler is not supposed to return NULL (#8362)
Protocol Compiler
* Optional fields for proto3 are enabled by default, and no longer require
the --experimental_allow_proto3_optional flag.
C++:
* Do not disable RTTI by default in the CMake build (#8377)
* Create a CMake option to control whether or not RTTI is enabled (#8361)
* Fix PROTOBUF_CONSTINIT macro redefinition (#8323)
* MessageDifferencer: fixed bug when using custom ignore with multiple
unknown fields
* Use init_seg in MSVC to push initialization to an earlier phase.
* Runtime no longer triggers -Wsign-compare warnings.
* Fixed -Wtautological-constant-out-of-range-compare warning.
* DynamicCastToGenerated works for nullptr input for even if RTTI is disabled
* Arena is refactored and optimized.
* Clarified/specified that the exact value of Arena::SpaceAllocated() is an
implementation detail users must not rely on. It should not be used in
unit tests.
* Change the signature of Any::PackFrom() to return false on error.
* Add fast reflection getter API for strings.
* Constant initialize the global message instances
* Avoid potential for missed wakeup in UnknownFieldSet
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
C++.
* Bugfix for NVCC
* Return early in _InternalSerialize for empty maps.
* Adding functionality for outputting map key values in proto path logging
output (does not affect comparison logic) and stop printing 'value' in the
path. The modified print functionality is in the
MessageDifferencer::StreamReporter.
* Fixed https://github.com/protocolbuffers/protobuf/issues/8129
* Ensure that null char symbol, package and file names do not result in a
crash.
* Constant initialize the global message instances
* Pretty print 'max' instead of numeric values in reserved ranges.
* Removed remaining instances of std::is_pod, which is deprecated in C++20.
* Changes to reduce code size for unknown field handling by making uncommon
cases out of line.
* Fix std::is_pod deprecated in C++20 (#7180)
* Fix some -Wunused-parameter warnings (#8053)
* Fix detecting file as directory on zOS issue #8051 (#8052)
* Don't include sys/param.h for _BYTE_ORDER (#8106)
* remove CMAKE_THREAD_LIBS_INIT from pkgconfig CFLAGS (#8154)
* Fix TextFormatMapTest.DynamicMessage issue#5136 (#8159)
* Fix for compiler warning issue#8145 (#8160)
* fix: support deprecated enums for GCC < 6 (#8164)
* Fix some warning when compiling with Visual Studio 2019 on x64 target (#8125)
Python:
* Provided an override for the reverse() method that will reverse the internal
collection directly instead of using the other methods of the BaseContainer.
* MessageFactory.CreateProtoype can be overridden to customize class creation.
* Fix PyUnknownFields memory leak (#7928)
* Add macOS big sur compatibility (#8126)
JavaScript
* Generate `getDescriptor` methods with `*` as their `this` type.
* Enforce `let/const` for generated messages.
* js/binary/utils.js: Fix jspb.utils.joinUnsignedDecimalString to work with
negative bitsLow and low but non-zero bitsHigh parameter. (#8170)
PHP:
* Added support for PHP 8. (#8105)
* unregister INI entries and fix invalid read on shutdown (#8042)
* Fix PhpDoc comments for message accessors to include '|null'. (#8136)
* fix: convert native PHP floats to single precision (#8187)
* Fixed PHP to support field numbers >=2**28. (#8235)
* feat: add support for deprecated fields to PHP compiler (#8223)
* Protect against stack overflow if the user derives from Message. (#8248)
* Fixed clone for Message, RepeatedField, and MapField. (#8245)
* Updated upb to allow nonzero offset minutes in JSON timestamps. (#8258)
Ruby:
* Added support for Ruby 3. (#8184)
* Rewrote the data storage layer to be based on upb_msg objects from the
upb library. This should lead to much better parsing performance,
particularly for large messages. (#8184).
* Fill out JRuby support (#7923)
* [Ruby] Fix: (SIGSEGV) gRPC-Ruby issue on Windows. memory alloc infinite
recursion/run out of memory (#8195)
* Fix jruby support to handle messages nested more than 1 level deep (#8194)
Java:
* Avoid possible UnsupportedOperationException when using CodedInputSteam
with a direct ByteBuffer.
* Make Durations.comparator() and Timestamps.comparator() Serializable.
* Add more detailed error information for dynamic message field type
validation failure
* Removed declarations of functions declared in java_names.h from
java_helpers.h.
* Now Proto3 Oneof fields have 'has' methods for checking their presence in
Java.
* Annotates Java proto generated *_FIELD_NUMBER constants.
* Add -assumevalues to remove JvmMemoryAccessor on Android.
C#:
* Fix parsing negative Int32Value that crosses segment boundary (#8035)
* Change ByteString to use memory and support unsafe create without copy (#7645)
* Optimize MapField serialization by removing MessageAdapter (#8143)
* Allow FileDescriptors to be parsed with extension registries (#8220)
* Optimize writing small strings (#8149)
- Updated URL to https://github.com/protocolbuffers/protobuf
Update to v3.14.0
Protocol Compiler:
* The proto compiler no longer requires a .proto filename when it is not
generating code.
* Added flag `--deterministic_output` to `protoc --encode=...`.
* Fixed deadlock when using google.protobuf.Any embedded in aggregate options.
C++:
* Arenas are now unconditionally enabled. cc_enable_arenas no longer has
any effect.
* Removed inlined string support, which is incompatible with arenas.
* Fix a memory corruption bug in reflection when mixing optional and
non-optional fields.
* Make SpaceUsed() calculation more thorough for map fields.
* Add stack overflow protection for text format with unknown field values.
* FieldPath::FollowAll() now returns a bool to signal if an out-of-bounds
error was encountered.
* Performance improvements for Map.
* Minor formatting fix when dumping a descriptor to .proto format with
DebugString.
* UBSAN fix in RepeatedField
* When running under ASAN, skip a test that makes huge allocations.
* Fixed a crash that could happen when creating more than 256 extensions in
a single message.
* Fix a crash in BuildFile when passing in invalid descriptor proto.
* Parser security fix when operating with CodedInputStream.
* Warn against the use of AllowUnknownExtension.
* Migrated to C++11 for-range loops instead of index-based loops where
possible. This fixes a lot of warnings when compiling with -Wsign-compare.
* Fix segment fault for proto3 optional
* Adds a CMake option to build `libprotoc` separately
Java
* Bugfix in mergeFrom() when a oneof has multiple message fields.
* Fix RopeByteString.RopeInputStream.read() returning -1 when told to read
0 bytes when not at EOF.
* Redefine remove(Object) on primitive repeated field Lists to avoid
autoboxing.
* Support '\u' escapes in textformat string literals.
* Trailing empty spaces are no longer ignored for FieldMask.
* Fix FieldMaskUtil.subtract to recursively remove mask.
* Mark enums with `@java.lang.Deprecated` if the proto enum has option
`deprecated = true;`.
* Adding forgotten duration.proto to the lite library
Python:
* Print google.protobuf.NullValue as null instead of 'NULL_VALUE' when it is
used outside WKT Value/Struct.
* Fix bug occurring when attempting to deep copy an enum type in python 3.
* Add a setuptools extension for generating Python protobufs
* Remove uses of pkg_resources in non-namespace packages
* [bazel/py] Omit google/__init__.py from the Protobuf runtime
* Removed the unnecessary setuptools package dependency for Python package
* Fix PyUnknownFields memory leak
PHP:
* Added support for '==' to the PHP C extension
* Added `==` operators for Map and Array
* Native C well-known types
* Optimized away hex2bin() call in generated code
* New version of upb, and a new hash function wyhash in third_party
* add missing hasOneof method to check presence of oneof fields
Go:
* Update go_package options to reference google.golang.org/protobuf module.
C#:
* annotate ByteString.CopyFrom(ReadOnlySpan<byte>) as SecuritySafeCritical
* Fix C# optional field reflection when there are regular fields too
* Fix parsing negative Int32Value that crosses segment boundary
Javascript:
* JS: parse (un)packed fields conditionally
Update to version 3.13.0
PHP:
* The C extension is completely rewritten. The new C extension has significantly
better parsing performance and fixes a handful of conformance issues. It will
also make it easier to add support for more features like proto2 and proto3 presence.
* The new C extension does not support PHP 5.x. PHP 5.x users can still use pure-PHP.
C++:
* Removed deprecated unsafe arena string accessors
* Enabled heterogeneous lookup for std::string keys in maps.
* Removed implicit conversion from StringPiece to std::string
* Fix use-after-destroy bug when the Map is allocated in the arena.
* Improved the randomness of map ordering
* Added stack overflow protection for text format with unknown fields
* Use std::hash for proto maps to help with portability.
* Added more Windows macros to proto whitelist.
* Arena constructors for map entry messages are now marked 'explicit'
(for regular messages they were already explicit).
* Fix subtle aliasing bug in RepeatedField::Add
* Fix mismatch between MapEntry ByteSize and Serialize with respect to unset
fields.
Python:
* JSON format conformance fixes:
* Reject lowercase t for Timestamp json format.
* Print full_name directly for extensions (no camelCase).
* Reject boolean values for integer fields.
* Reject NaN, Infinity, -Infinity that is not quoted.
* Base64 fixes for bytes fields: accept URL-safe base64 and missing padding.
* Bugfix for fields/files named 'async' or 'await'.
* Improved the error message when AttributeError is returned from __getattr__
in EnumTypeWrapper.
Java:
* Fixed a bug where setting optional proto3 enums with setFooValue() would
not mark the value as present.
* Add Subtract function to FieldMaskUtil.
C#:
* Dropped support for netstandard1.0 (replaced by support for netstandard1.1).
This was required to modernize the parsing stack to use the `Span<byte>`
type internally
* Add `ParseFrom(ReadOnlySequence<byte>)` method to enable GC friendly
parsing with reduced allocations and buffer copies
* Add support for serialization directly to a `IBufferWriter<byte>` or
to a `Span<byte>` to enable GC friendly serialization.
The new API is available as extension methods on the `IMessage` type
* Add `GOOGLE_PROTOBUF_REFSTRUCT_COMPATIBILITY_MODE` define to make
generated code compatible with old C# compilers (pre-roslyn compilers
from .NET framework and old versions of mono) that do not support
ref structs. Users that are still on a legacy stack that does
not support C# 7.2 compiler might need to use the new define
in their projects to be able to build the newly generated code
* Due to the major overhaul of parsing and serialization internals,
it is recommended to regenerate your generated code to achieve the best
performance (the legacy generated code will still work, but might incur
a slight performance penalty).
Update to version 3.12.3; notable changes since 3.11.4:
Protocol Compiler:
* [experimental] Singular, non-message typed fields in proto3 now support
presence tracking. This is enabled by adding the 'optional' field label and
passing the --experimental_allow_proto3_optional flag to protoc.
* For usage info, see docs/field_presence.md.
* During this experimental phase, code generators should update to support
proto3 presence, see docs/implementing_proto3_presence.md for instructions.
* Allow duplicate symbol names when multiple descriptor sets are passed on
the command-line, to match the behavior when multiple .proto files are passed.
* Deterministic `protoc --descriptor_set_out` (#7175)
Objective-C:
* Tweak the union used for Extensions to support old generated code. #7573
* Fix for the :protobuf_objc target in the Bazel BUILD file. (#7538)
* [experimental] ObjC Proto3 optional support (#7421)
* Block subclassing of generated classes (#7124)
* Use references to Obj C classes instead of names in descriptors. (#7026)
* Revisit how the WKTs are bundled with ObjC. (#7173)
C++:
* Simplified the template export macros to fix the build for mingw32. (#7539)
* [experimental] Added proto3 presence support.
* New descriptor APIs to support proto3 presence.
* Enable Arenas by default on all .proto files.
* Documented that users are not allowed to subclass Message or MessageLite.
* Mark generated classes as final; inheriting from protos is strongly discouraged.
* Add stack overflow protection for text format with unknown fields.
* Add accessors for map key and value FieldDescriptors.
* Add FieldMaskUtil::FromFieldNumbers().
* MessageDifferencer: use ParsePartial() on Any fields so the diff does not
fail when there are missing required fields.
* ReflectionOps::Merge(): lookup messages in the right factory, if it can.
* Added Descriptor::WellKnownTypes enum and Descriptor::well_known_type()
accessor as an easier way of determining if a message is a Well-Known Type.
* Optimized RepeatedField::Add() when it is used in a loop.
* Made proto move/swap more efficient.
* De-virtualize the GetArena() method in MessageLite.
* Improves performance of json_stream_parser.cc by factor 1000 (#7230)
* bug: #7076 undefine Windows OUT and OPTIONAL macros (#7087)
* Fixed a bug in FieldDescriptor::DebugString() that would erroneously print
an 'optional' label for a field in a oneof.
* Fix bug in parsing bool extensions that assumed they are always 1 byte.
* Fix off-by-one error in FieldOptions::ByteSize() when extensions are present.
* Clarified the comments to show an example of the difference between
Descriptor::extension and DescriptorPool::FindAllExtensions.
* Add a compiler option 'code_size' to force optimize_for=code_size on all
protos where this is possible.
Ruby:
* Re-add binary gems for Ruby 2.3 and 2.4. These are EOL upstream, however
many people still use them and dropping support will require more
coordination.
* [experimental] Implemented proto3 presence for Ruby. (#7406)
* Stop building binary gems for ruby <2.5 (#7453)
* Fix for wrappers with a zero value (#7195)
* Fix for JSON serialization of 0/empty-valued wrapper types (#7198)
* Call 'Class#new' over rb_class_new_instance in decoding (#7352)
* Build extensions for Ruby 2.7 (#7027)
* assigning 'nil' to submessage should clear the field. (#7397)
Java:
* [experimental] Added proto3 presence support.
* Mark java enum _VALUE constants as @Deprecated if the enum field is deprecated
* reduce <clinit> size for enums with allow_alias set to true.
* Sort map fields alphabetically by the field's key when printing textproto.
* Fixed a bug in map sorting that appeared in -rc1 and -rc2 (#7508).
* TextFormat.merge() handles Any as top level type.
* Throw a descriptive IllegalArgumentException when calling
getValueDescriptor() on enum special value UNRECOGNIZED instead of
ArrayIndexOutOfBoundsException.
* Fixed an issue with JsonFormat.printer() where setting printingEnumsAsInts()
would override the configuration passed into includingDefaultValueFields().
* Implement overrides of indexOf() and contains() on primitive lists returned
for repeated fields to avoid autoboxing the list contents.
* Add overload to FieldMaskUtil.fromStringList that accepts a descriptor.
* [bazel] Move Java runtime/toolchains into //java (#7190)
Python:
* [experimental] Added proto3 presence support.
* [experimental] fast import protobuf module, only works with cpp generated code linked in.
* Truncate 'float' fields to 4 bytes of precision in setters for pure-Python
implementation (C++ extension was already doing this).
* Fixed a memory leak in C++ bindings.
* Added a deprecation warning when code tries to create Descriptor objects
directly.
* Fix unintended comparison between bytes and string in descriptor.py.
* Avoid printing excess digits for float fields in TextFormat.
* Remove Python 2.5 syntax compatibility from the proto compiler generated _pb2.py module code.
* Drop 3.3, 3.4 and use single version docker images for all python tests (#7396)
JavaScript:
* Fix js message pivot selection (#6813)
PHP:
* Persistent Descriptor Pool (#6899)
* Implement lazy loading of php class for proto messages (#6911)
* Correct @return in Any.unpack docblock (#7089)
* Ignore unknown enum value when ignore_unknown specified (#7455)
C#:
* [experimental] Add support for proto3 presence fields in C# (#7382)
* Mark GetOption API as obsolete and expose the 'GetOptions()' method on descriptors instead (#7491)
* Remove Has/Clear members for C# message fields in proto2 (#7429)
* Enforce recursion depth checking for unknown fields (#7132)
* Fix conformance test failures for Google.Protobuf (#6910)
* Cleanup various bits of Google.Protobuf (#6674)
* Fix latest ArgumentException for C# extensions (#6938)
* Remove unnecessary branch from ReadTag (#7289)
Other:
* Add a proto_lang_toolchain for javalite (#6882)
* [bazel] Update gtest and deprecate //external:{gtest,gtest_main} (#7237)
* Add application note for explicit presence tracking. (#7390)
* Howto doc for implementing proto3 presence in a code generator. (#7407)
Update to version 3.11.4; notable changes since 3.9.2:
* C++: Make serialization method naming consistent
* C++: Moved ShutdownProtobufLibrary() to message_lite.h. For
backward compatibility a declaration is still available
in stubs/common.h, but users should prefer message_lite.h
* C++: Removed non-namespace macro EXPECT_OK()
* C++: Removed mathlimits.h from stubs in favor of using
std::numeric_limits from C++11
* C++: Support direct pickling of nested messages
* C++: Disable extension code gen for C#
* C++: Switch the proto parser to the faster MOMI parser
* C++: Unused imports of files defining descriptor extensions
will now be reported
* C++: Add proto2::util::RemoveSubranges to remove multiple
subranges in linear time
* C++: Support 32 bit values for ProtoStreamObjectWriter to Struct
* C++: Removed the internal-only header coded_stream_inl.h and
the internal-only methods defined there
* C++: Enforced no SWIG wrapping of descriptor_database.h
(other headers already had this restriction)
* C++: Implementation of the equivalent of the MOMI parser for
serialization. This removes one of the two serialization
routines, by making the fast array serialization routine
completely general. SerializeToCodedStream can now be
implemented in terms of the much much faster array
serialization. The array serialization regresses slightly,
but when array serialization is not possible this wins big
* C++: Add move constructor for Reflection's SetString
* Java: Remove the usage of MethodHandle, so that Android users
prior to API version 26 can use protobuf-java
* Java: Publish ProGuard config for javalite
* Java: Include unknown fields when merging proto3 messages in
Java lite builders
* Java: Have oneof enums implement a separate interface (other
than EnumLite) for clarity
* Java: Opensource Android Memory Accessors
* Java: Change ProtobufArrayList to use Object[] instead of
ArrayList for 5-10% faster parsing
* Java: Make a copy of JsonFormat.TypeRegistry at the protobuf
top level package. This will eventually replace
JsonFormat.TypeRegistry
* Java: Add Automatic-Module-Name entries to the Manifest
* Python: Add float_precision option in json format printer
* Python: Optionally print bytes fields as messages in unknown
fields, if possible
* Python: Experimental code gen (fast import protobuf module)
which only work with cpp generated code linked in
* Python: Add descriptor methods in descriptor_pool are deprecated
* Python: Added delitem for Python extension dict
* JavaScript: Remove guard for Symbol iterator for jspb.Map
* JavaScript: Remove deprecated boolean option to getResultBase64String()
* JavaScript: Change the parameter types of binaryReaderFn in
ExtensionFieldBinaryInfo to (number, ?, ?)
* JavaScript: Create dates.ts and time_of_days.ts to mirror Java
versions. This is a near-identical conversion of
c.g.type.util.{Dates,TimeOfDays} respectively
* JavaScript: Migrate moneys to TypeScript
* PHP: Increase php7.4 compatibility
* PHP: Implement lazy loading of php class for proto messages
* Ruby: Support hashes for struct initializers
* C#: Experimental proto2 support is now officially available
* C#: Change _Extensions property to normal body rather than expression
* Objective C: Remove OSReadLittle* due to alignment requirements
* Other: Override CocoaPods module to lowercase
* further bugfixes and optimisations
- Install LICENSE
- Drop protobuf-libs as it is just workaround for rpmlint issue
* python bindings now require recent python-google-apputils
* Released memory allocated by InitializeDefaultRepeatedFields()
and GetEmptyString(). Some memory sanitizers reported them
* Updated DynamicMessage.setField() to handle repeated enum
* Fixed a bug that caused NullPointerException to be thrown when
converting manually constructed FileDescriptorProto to
* Added oneofs(unions) feature. Fields in the same oneof will
* Files, services, enums, messages, methods and enum values
* Added Support for list values, including lists of mesaages,
* Added SwapFields() in reflection API to swap a subset of
* Repeated primitive extensions are now packable. The
it is possible to switch a repeated extension field to
* writeTo() method in ByteString can now write a substring to
* java_generate_equals_and_hash can now be used with the
* A new C++-backed extension module (aka 'cpp api v2') that
replaces the old ('cpp api v1') one. Much faster than the
pure Python code. This one resolves many bugs and is
mosh reqires it
python-abseil was udpated:
version update to 1.4.0
New:
(testing) Added @flagsaver.as_parsed: this allows saving/restoring flags
using string values as if parsed from the command line and will also reflect
other flag states after command line parsing, e.g. .present is set.
Changed:
(logging) If no log dir is specified logging.find_log_dir() now falls back
to tempfile.gettempdir() instead of /tmp/.
Fixed:
(flags) Additional kwargs (e.g. short_name=) to DEFINE_multi_enum_class
are now correctly passed to the underlying Flag object.
version update to 1.2.0
* Fixed a crash in Python 3.11 when `TempFileCleanup.SUCCESS` is used.
* `Flag` instances now raise an error if used in a bool context. This prevents
the occasional mistake of testing an instance for truthiness rather than
testing `flag.value`.
* `absl-py` no longer depends on `six`.
Update to version 1.0.0
* absl-py no longer supports Python 2.7, 3.4, 3.5. All versions
have reached end-of-life for more than a year now.
* New releases will be tagged as vX.Y.Z instead of pypi-vX.Y.Z in
the git repo going forward.
- Release notes for 0.15.0
* (testing) #128: When running bazel with its --test_filter=
flag, it now treats the filters as unittest's -k flag in Python
3.7+.
- Release notes for 0.14.1
* Top-level LICENSE file is now exported in bazel.
- Release notes for 0.14.0
* #171: Creating argparse_flags.ArgumentParser with
argument_default= no longer raises an exception when other
absl.flags flags are defined.
* #173: absltest now correctly sets up test filtering and fail
fast flags when an explicit argv= parameter is passed to
absltest.main.
- Release notes for 0.13.0
* (app) Type annotations for public app interfaces.
* (testing) Added new decorator @absltest.skipThisClass to
indicate a class contains shared functionality to be used as a
base class for other TestCases, and therefore should be
skipped.
* (app) Annotated the flag_parser paramteter of run as
keyword-only. This keyword-only constraint will be enforced at
runtime in a future release.
* (app, flags) Flag validations now include all errors from
disjoint flag sets, instead of fail fast upon first error from
all validators. Multiple validators on the same flag still
fails fast.
- Release notes for 0.12.0
* (flags) Made EnumClassSerializer and EnumClassListSerializer
public.
* (flags) Added a required: Optional[bool] = False parameter to
DEFINE_* functions.
* (testing) flagsaver overrides can now be specified in terms of
FlagHolder.
* (testing) parameterized.product: Allows testing a method over
cartesian product of parameters values, specified as a
sequences of values for each parameter or as kwargs-like dicts
of parameter values.
* (testing) Added public flag holders for --test_srcdir and
--test_tmpdir. Users should use absltest.TEST_SRCDIR.value and
absltest.TEST_TMPDIR.value instead of FLAGS.test_srcdir and
FLAGS.test_tmpdir.
* (flags) Made CsvListSerializer respect its delimiter argument.
- Add Provides python-absl-py
python-grpcuio was updated:
- Update to version 1.60.0:
* No python specfic changes.
- Update to version 1.59.2:
* No python specific changes.
- Update to version 1.59.0:
* [Python 3.12] Support Python 3.12 (gh#grpc/grpc#34398).
* [Python 3.12] Deprecate distutil (gh#grpc/grpc#34186).
- Update to version 1.58.0:
* [Bazel] Enable grpcio-reflection to be used via Bazel
(gh#grpc/grpc#31013).
* [packaging] Publish xds-protos as part of the standard package
pipeline (gh#grpc/grpc#33797).
- Update to version 1.57.0: (CVE-2023-4785, bsc#1215334, CVE-2023-33953, bsc#1214148)
* [posix] Enable systemd sockets for libsystemd>=233
(gh#grpc/grpc#32671).
* [python O11Y] Initial Implementation (gh#grpc/grpc#32974).
- Build with LTO (don't set _lto_cflags to %nil).
- No need to pass '-std=c++17' to build CFLAGS.
- Update to version 1.56.2:
* [WRR] backport (gh#grpc/grpc#33694) to 1.56
(gh#grpc/grpc#33698)
* [backport][iomgr][EventEngine] Improve server handling of
file descriptor exhaustion (gh#grpc/grpc#33667)
- Switch build to pip/wheel.
- Use system abseil with '-std=c++17' to prevent undefined symbol
eg. with python-grpcio-tools (_ZN3re23RE213GlobalReplaceEPNSt7__
cxx1112basic_stringIcSt11char_traitsIcESaIcEEERKS0_N4absl12lts_
2023012511string_viewE)
- Upstream only supports python >= 3.7, so adjust BuildRequires
accordingly.
- Add %{?sle15_python_module_pythons}
- Update to version 1.56.0: (CVE-2023-32731, bsc#1212180)
* [aio types] Fix some grpc.aio python types
(gh#grpc/grpc#32475).
- Update to version 1.55.0:
* [EventEngine] Disable EventEngine polling in gRPC Python
(gh#grpc/grpc#33279) (gh#grpc/grpc#33320).
* [Bazel Python3.11] Update Bazel dependencies for Python 3.11
(gh#grpc/grpc#33318) (gh#grpc/grpc#33319).
- Drop Requires: python-six; not required any more.
- Switch Suggests to Recommends.
- Update to version 1.54.0: (CVE-2023-32732, bsc#1212182)
* Fix DeprecationWarning when calling asyncio.get_event_loop()
(gh#grpc/grpc#32533).
* Remove references to deprecated syntax field
(gh#grpc/grpc#32497).
- Update to version 1.51.1:
* No Linux specific changes.
- Changes from version 1.51.0:
* Fix lack of cooldown between poll attempts
(gh#grpc/grpc#31550).
* Remove enum and future (gh#grpc/grpc#31381).
* [Remove Six] Remove dependency on six (gh#grpc/grpc#31340).
* Update xds-protos package to pull in protobuf 4.X
(gh#grpc/grpc#31113).
- Update to version 1.50.0:
* Support Python 3.11. [gh#grpc/grpc#30818].
- Update to version 1.49.1
* Support Python 3.11. (#30818)
* Add type stub generation support to grpcio-tools. (#30498)
- Update to version 1.48.0:
* [Aio] Ensure Core channel closes when deallocated
[gh#grpc/grpc#29797].
* [Aio] Fix the wait_for_termination return value
[gh#grpc/grpc#29795].
- update to 1.46.3:
* backport: xds: use federation env var to guard new-style resource name parsing
* This release contains refinements, improvements, and bug fixes.
- Update to version 1.46.0:
* Add Python GCF Distribtest [gh#grpc/grpc#29303].
* Add Python Reflection Client [gh#grpc/grpc#29085].
* Revert 'Fix prefork handler register's default behavior'
[gh#grpc/grpc#29229].
* Fix prefork handler register's default behavior
[gh#grpc/grpc#29103].
* Fix fetching CXX variable in setup.py [gh#grpc/grpc#28873].
- Update to version 1.45.0:
* Reimplement Gevent Integration [gh#grpc/grpc#28276].
* Support musllinux binary wheels on x64 and x86
[gh#grpc/grpc#28092].
* Increase the Python protobuf requirement to >=3.12.0
[gh#grpc/grpc#28604].
- Build with system re2; add BuildRequires: pkgconfig(re2).
- Update to version 1.44.0:
* Add python async example for hellostreamingworld using
generator (gh#grpc/grpc#27343).
* Disable __wrap_memcpy hack for Python builds
(gh#grpc/grpc#28410).
* Bump Bazel Python Cython dependency to 0.29.26
(gh#grpc/grpc#28398).
* Fix libatomic linking on Raspberry Pi OS Bullseye
(gh#grpc/grpc#28041).
* Allow generated proto sources in remote repositories for
py_proto_library (gh#grpc/grpc#28103).
- Update to version 1.43.0:
* [Aio] Validate the input type for set_trailing_metadata and
abort (gh#grpc/grpc#27958).
- update to 1.41.1:
* This is release 1.41.0 (goat) of gRPC Core.
- Update to version 1.41.0:
* Add Python 3.10 support and drop 3.5 (gh#grpc/grpc#26074).
* [Aio] Remove custom IO manager support (gh#grpc/grpc#27090).
- Update to version 1.39.0:
* Python AIO: Match continuation typing on Interceptors
(gh#grpc/grpc#26500).
* Workaround #26279 by publishing manylinux_2_24 wheels instead
of manylinux2014 on aarch64 (gh#grpc/grpc#26430).
* Fix zlib unistd.h import problem (gh#grpc/grpc#26374).
* Handle gevent exception in gevent poller (gh#grpc/grpc#26058).
- Update to version 1.38.1:
* Backport gh#grpc/grpc#26430 and gh#grpc/grpc#26435 to v1.38.x
(gh#grpc/grpc#26436).
- Update to version 1.38.0:
* Add grpcio-admin Python package (gh#grpc/grpc#26166).
* Add CSDS API to Python (gh#grpc/grpc#26114).
* Expose code and details from context on the server side
(gh#grpc/grpc#25457).
* Explicitly import importlib.abc; required on Python 3.10.
Fixes #26062 (gh#grpc/grpc#26083).
* Fix potential deadlock on the GIL in AuthMetdataPlugin
(gh#grpc/grpc#26009).
* Introduce new Python package 'xds_protos'
(gh#grpc/grpc#25975).
* Remove async mark for set_trailing_metadata interface
(gh#grpc/grpc#25814).
- Update to version 1.37.1:
* No user visible changes.
- Changes from version 1.37.0:
* Clarify Guarantees about grpc.Future Interface
(gh#grpc/grpc#25383).
* [Aio] Add time_remaining method to ServicerContext
(gh#grpc/grpc#25719).
* Standardize all environment variable boolean configuration in
python's setup.py (gh#grpc/grpc#25444).
* Fix Signal Safety Issue (gh#grpc/grpc#25394).
- Update to version 1.36.1:
* Core: back-port: add env var protection for google-c2p
resolver (gh#grpc/grpc#25569).
- Update to version 1.35.0:
* Implement Python Client and Server xDS Creds.
(gh#grpc/grpc#25365)
* Add %define _lto_cflags %{nil} (bsc#1182659) (rh#1893533)
* Link roots.pem to ca-bundle.pem from ca-certificates package
- Update to version 1.34.1:
* Backport 'Lazily import grpc_tools when using runtime
stub/message generation' to 1.34.x (gh#grpc/grpc#25011).
- Update to version 1.34.0:
* Incur setuptools as an dependency for grpcio_tools
(gh#grpc/grpc#24752).
* Stop the spamming log generated by ctrl-c for AsyncIO server
(gh#grpc/grpc#24718).
* [gRPC Easy] Make Well-Known Types Available to Runtime Protos
(gh#grpc/grpc#24478).
* Bump MACOSX_DEPLOYMENT_TARGET to 10.10 for Python
(gh#grpc/grpc#24480).
* Make Python 2 an optional dependency for Bazel build
(gh#grpc/grpc#24407).
* [Linux] [macOS] Support pre-compiled Python 3.9 wheels
(gh#grpc/grpc#24356).
- Update to version 1.33.2:
* [Backport] Implement grpc.Future interface in
SingleThreadedRendezvous (gh#grpc/grpc#24574).
- Update to version 1.33.1:
* [Backport] Make Python 2 an optional dependency for Bazel
build (gh#grpc/grpc#24452).
* Allow asyncio API to be imported as grpc.aio.
(gh#grpc/grpc#24289).
* [gRPC Easy] Fix import errors on Windows (gh#grpc/grpc#24124).
* Make version check for importlib.abc in grpcio-tools more
stringent (gh#grpc/grpc#24098).
Added re2 package in version 2024-02-01.
ModerateSUSE bug 1133277SUSE bug 1182659SUSE bug 1203378SUSE bug 1208794SUSE bug 1212180SUSE bug 1212182SUSE bug 1214148SUSE bug 1215334CVE-2023-32731 at SUSECVE-2023-32731 at NVDCVE-2023-32732 at SUSECVE-2023-32732 at NVDCVE-2023-33953 at SUSECVE-2023-33953 at NVDCVE-2023-44487 at SUSECVE-2023-44487 at NVDCVE-2023-4785 at SUSECVE-2023-4785 at NVDcpe:/o:opensuse:leap:15.5Security update for bind (Important)openSUSE Leap 15.5
This update for bind fixes the following issues:
Update to release 9.16.48:
- CVE-2023-50387: Fixed a denial-of-service caused by DNS messages containing a lot of DNSSEC signatures (bsc#1219823).
- CVE-2023-50868: Fixed a denial-of-service caused by NSEC3 closest encloser proof (bsc#1219826).
- CVE-2023-4408: Fixed a denial-of-service caused by DNS messages with many different names (bsc#1219851).
- CVE-2023-5517: Fixed a possible crash when nxdomain-redirect was enabled (bsc#1219852).
- CVE-2023-5679: Fixed a possible crash when bad interaction between DNS64 and serve-stale, when both of these features are enabled (bsc#1219853).
- CVE-2023-6516: Fixed excessive memory consumption when continuously trigger the cache database maintenance (bsc#1219854).
ImportantSUSE bug 1219823SUSE bug 1219826SUSE bug 1219851SUSE bug 1219852SUSE bug 1219853SUSE bug 1219854CVE-2023-4408 at SUSECVE-2023-4408 at NVDCVE-2023-50387 at SUSECVE-2023-50387 at NVDCVE-2023-50868 at SUSECVE-2023-50868 at NVDCVE-2023-5517 at SUSECVE-2023-5517 at NVDCVE-2023-5679 at SUSECVE-2023-5679 at NVDCVE-2023-6516 at SUSECVE-2023-6516 at NVDcpe:/o:opensuse:leap:15.5Security update for python-aiohttp, python-time-machine (Important)openSUSE Leap 15.5
This update for python-aiohttp, python-time-machine fixes the following issues:
python-aiohttp was updated to version 3.9.3:
* Fixed backwards compatibility breakage (in 3.9.2) of ``ssl`` parameter
when set outside of ``ClientSession`` (e.g. directly in ``TCPConnector``)
* Improved test suite handling of paths and temp files to consistently
use pathlib and pytest fixtures.
From version 3.9.2 (bsc#1219341, CVE-2024-23334, bsc#1219342, CVE-2024-23829):
* Fixed server-side websocket connection leak.
* Fixed ``web.FileResponse`` doing blocking I/O in the event loop.
* Fixed double compress when compression enabled and compressed file
exists in server file responses.
* Added runtime type check for ``ClientSession`` ``timeout`` parameter.
* Fixed an unhandled exception in the Python HTTP parser on header lines
starting with a colon.
* Improved validation of paths for static resources requests to the server.
* Added support for passing :py:data:`True` to ``ssl`` parameter in
``ClientSession`` while deprecating :py:data:`None`.
* Fixed an unhandled exception in the Python HTTP parser on header lines
starting with a colon.
* Fixed examples of ``fallback_charset_resolver`` function in the
:doc:`client_advanced` document.
* The Sphinx setup was updated to avoid showing the empty
changelog draft section in the tagged release documentation
builds on Read The Docs.
* The changelog categorization was made clearer. The contributors can
now mark their fragment files more accurately.
* Updated :ref:`contributing/Tests coverage <aiohttp-contributing>`
section to show how we use ``codecov``.
* Replaced all ``tmpdir`` fixtures with ``tmp_path`` in test suite.
- Disable broken tests with openssl 3.2 and python < 3.11 bsc#1217782
update to 3.9.1:
* Fixed importing aiohttp under PyPy on Windows.
* Fixed async concurrency safety in websocket compressor.
* Fixed ``ClientResponse.close()`` releasing the connection
instead of closing.
* Fixed a regression where connection may get closed during
upgrade. -- by :user:`Dreamsorcerer`
* Fixed messages being reported as upgraded without an Upgrade
header in Python parser. -- by :user:`Dreamsorcerer`
update to 3.9.0: (bsc#1217684, CVE-2023-49081, bsc#1217682, CVE-2023-49082)
* Introduced ``AppKey`` for static typing support of
``Application`` storage.
* Added a graceful shutdown period which allows pending tasks
to complete before the application's cleanup is called.
* Added `handler_cancellation`_ parameter to cancel web handler on
client disconnection.
* This (optionally) reintroduces a feature removed in a
previous release.
* Recommended for those looking for an extra level of
protection against denial-of-service attacks.
* Added support for setting response header parameters
``max_line_size`` and ``max_field_size``.
* Added ``auto_decompress`` parameter to
``ClientSession.request`` to override
``ClientSession._auto_decompress``.
* Changed ``raise_for_status`` to allow a coroutine.
* Added client brotli compression support (optional with
runtime check).
* Added ``client_max_size`` to ``BaseRequest.clone()`` to allow
overriding the request body size. -- :user:`anesabml`.
* Added a middleware type alias
``aiohttp.typedefs.Middleware``.
* Exported ``HTTPMove`` which can be used to catch any
redirection request that has a location -- :user:`dreamsorcerer`.
* Changed the ``path`` parameter in ``web.run_app()`` to accept
a ``pathlib.Path`` object.
* Performance: Skipped filtering ``CookieJar`` when the jar is
empty or all cookies have expired.
* Performance: Only check origin if insecure scheme and there
are origins to treat as secure, in
``CookieJar.filter_cookies()``.
* Performance: Used timestamp instead of ``datetime`` to
achieve faster cookie expiration in ``CookieJar``.
* Added support for passing a custom server name parameter to
HTTPS connection.
* Added support for using Basic Auth credentials from
:file:`.netrc` file when making HTTP requests with the
* :py:class:`~aiohttp.ClientSession` ``trust_env`` argument is
set to ``True``. -- by :user:`yuvipanda`.
* Turned access log into no-op when the logger is disabled.
* Added typing information to ``RawResponseMessage``. -- by
:user:`Gobot1234`
* Removed ``async-timeout`` for Python 3.11+ (replaced with
``asyncio.timeout()`` on newer releases).
* Added support for ``brotlicffi`` as an alternative to
``brotli`` (fixing Brotli support on PyPy).
* Added ``WebSocketResponse.get_extra_info()`` to access a
protocol transport's extra info.
* Allow ``link`` argument to be set to None/empty in HTTP 451
exception.
* Fixed client timeout not working when incoming data is always
available without waiting. -- by :user:`Dreamsorcerer`.
* Fixed ``readuntil`` to work with a delimiter of more than one
character.
* Added ``__repr__`` to ``EmptyStreamReader`` to avoid
``AttributeError``.
* Fixed bug when using ``TCPConnector`` with
``ttl_dns_cache=0``.
* Fixed response returned from expect handler being thrown
away. -- by :user:`Dreamsorcerer`
* Avoided raising ``UnicodeDecodeError`` in multipart and in
HTTP headers parsing.
* Changed ``sock_read`` timeout to start after writing has
finished, avoiding read timeouts caused by an unfinished
write. -- by :user:`dtrifiro`
* Fixed missing query in tracing method URLs when using
``yarl`` 1.9+.
* Changed max 32-bit timestamp to an aware datetime object, for
consistency with the non-32-bit one, and to avoid a
``DeprecationWarning`` on Python 3.12.
* Fixed ``EmptyStreamReader.iter_chunks()`` never ending.
* Fixed a rare ``RuntimeError: await wasn't used with future``
exception.
* Fixed issue with insufficient HTTP method and version
validation.
* Added check to validate that absolute URIs have schemes.
* Fixed unhandled exception when Python HTTP parser encounters
unpaired Unicode surrogates.
* Updated parser to disallow invalid characters in header field
names and stop accepting LF as a request line separator.
* Fixed Python HTTP parser not treating 204/304/1xx as an empty
body.
* Ensure empty body response for 1xx/204/304 per RFC 9112 sec
6.3.
* Fixed an issue when a client request is closed before
completing a chunked payload. -- by :user:`Dreamsorcerer`
* Edge Case Handling for ResponseParser for missing reason
value.
* Fixed ``ClientWebSocketResponse.close_code`` being
erroneously set to ``None`` when there are concurrent async
tasks receiving data and closing the connection.
* Added HTTP method validation.
* Fixed arbitrary sequence types being allowed to inject values
via version parameter. -- by :user:`Dreamsorcerer`
* Performance: Fixed increase in latency with small messages
from websocket compression changes.
* Improved Documentation
* Fixed the `ClientResponse.release`'s type in the doc. Changed
from `comethod` to `method`.
* Added information on behavior of base_url parameter in
`ClientSession`.
* Completed ``trust_env`` parameter description to honor
``wss_proxy``, ``ws_proxy`` or ``no_proxy`` env.
* Dropped Python 3.6 support.
* Dropped Python 3.7 support. -- by :user:`Dreamsorcerer`
* Removed support for abandoned ``tokio`` event loop.
* Made ``print`` argument in ``run_app()`` optional.
* Improved performance of ``ceil_timeout`` in some cases.
* Changed importing Gunicorn to happen on-demand, decreasing
import time by ~53%. -- :user:`Dreamsorcerer`
* Improved import time by replacing ``http.server`` with
``http.HTTPStatus``.
* Fixed annotation of ``ssl`` parameter to disallow ``True``.
update to 3.8.6 (bsc#1217181, CVE-2023-47627):
* Security bugfixes
* https://github.com/aio-libs/aiohttp/security/advisories/GHSA-
pjjw-qhg8-p2p9.
* https://github.com/aio-libs/aiohttp/security/advisories/GHSA-
gfw2-4jvh-wgfg.
* Added ``fallback_charset_resolver`` parameter in
``ClientSession`` to allow a user-supplied
character set detection function.
Character set detection will no longer be included in 3.9 as
a default. If this feature is needed,
please use `fallback_charset_resolver
the client
* Fixed ``PermissionError`` when ``.netrc`` is unreadable due
to permissions.
* Fixed output of parsing errors
* Fixed sorting in ``filter_cookies`` to use cookie with
longest path.
Release 3.8.0 (2021-10-31) (bsc#1217174, CVE-2023-47641)
ImportantSUSE bug 1217174SUSE bug 1217181SUSE bug 1217782SUSE bug 1219341SUSE bug 1219342CVE-2023-47627 at SUSECVE-2023-47627 at NVDCVE-2023-47641 at SUSECVE-2023-47641 at NVDCVE-2024-23334 at SUSECVE-2024-23334 at NVDCVE-2024-23829 at SUSECVE-2024-23829 at NVDcpe:/o:opensuse:leap:15.5Security update for wireshark (Important)openSUSE Leap 15.5
This update for wireshark fixes the following issues:
- Updated to Wireshark 3.6.20:
- CVE-2024-0208: Fixed a crash in the GVCP dissector (bsc#1218504).
- CVE-2024-0209: Fixed a crash in the IEEE 1609.2 dissector (bsc#1218505).
ImportantSUSE bug 1218504SUSE bug 1218505CVE-2024-0208 at SUSECVE-2024-0208 at NVDCVE-2024-0209 at SUSECVE-2024-0209 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Moderate)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638).
ModerateSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:opensuse:leap:15.5Security update for docker (Important)openSUSE Leap 15.5
This update for docker fixes the following issues:
Vendor latest buildkit v0.11 including bugfixes for the following:
* CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438).
* CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268).
* CVE-2024-23651: Fixed race condition in mount (bsc#1219267).
ImportantSUSE bug 1219267SUSE bug 1219268SUSE bug 1219438CVE-2024-23651 at SUSECVE-2024-23651 at NVDCVE-2024-23652 at SUSECVE-2024-23652 at NVDCVE-2024-23653 at SUSECVE-2024-23653 at NVDcpe:/o:opensuse:leap:15.5Security update for python-uamqp (Important)openSUSE Leap 15.5
This update for python-uamqp fixes the following issues:
- CVE-2024-25110: Fixed a use-after-free in open_get_offered_capabilities() (bsc#1219867).
ImportantSUSE bug 1219867CVE-2024-25110 at SUSECVE-2024-25110 at NVDcpe:/o:opensuse:leap:15.5Security update for php-composer2 (Important)openSUSE Leap 15.5
This update for php-composer2 fixes the following issues:
- CVE-2024-24821: Fixed potential arbitrary code execution when Composer is invoked within a directory with tampered files (bsc#1219757).
ImportantSUSE bug 1219757CVE-2024-24821 at SUSECVE-2024-24821 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Moderate)openSUSE Leap 15.5
This update for tiff fixes the following issues:
- CVE-2023-52356: Fixed segfault in TIFFReadRGBATileExt() (bsc#1219213).
ModerateSUSE bug 1219213CVE-2023-52356 at SUSECVE-2023-52356 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2023-27043: Fixed incorrectly parser of e-mail addresses which contain a special character (bsc#1210638).
ImportantSUSE bug 1210638CVE-2023-27043 at SUSECVE-2023-27043 at NVDcpe:/o:opensuse:leap:15.5Security update for openssh (Important)openSUSE Leap 15.5
This update for openssh fixes the following issues:
- CVE-2023-51385: Limit the use of shell metacharacters in host- and
user names to avoid command injection. (bsc#1218215)
ImportantSUSE bug 1218215CVE-2023-51385 at SUSECVE-2023-51385 at NVDcpe:/o:opensuse:leap:15.5Security update for mozilla-nss (Important)openSUSE Leap 15.5
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
ImportantSUSE bug 1216198CVE-2023-5388 at SUSECVE-2023-5388 at NVDcpe:/o:opensuse:leap:15.5Security update for libssh2_org (Moderate)openSUSE Leap 15.5
This update for libssh2_org fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (Terrapin Attack) (bsc#1218127).
ModerateSUSE bug 1218127CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for python-pycryptodome (Moderate)openSUSE Leap 15.5
This update for python-pycryptodome fixes the following issues:
- CVE-2023-52323: Fixed side-channel leakage in RSA decryption by using constant-time (faster) padding decoding for OAEP (bsc#1218564).
ModerateSUSE bug 1218564CVE-2023-52323 at SUSECVE-2023-52323 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaFirefox (Important)openSUSE Leap 15.5
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 115.8.0 ESR (MFSA 2024-06) (bsc#1220048):
- CVE-2024-1546: Out-of-bounds memory read in networking channels
- CVE-2024-1547: Alert dialog could have been spoofed on another site
- CVE-2024-1548: Fullscreen Notification could have been hidden by select element
- CVE-2024-1549: Custom cursor could obscure the permission dialog
- CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
- CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts
- CVE-2024-1552: Incorrect code generation on 32-bit ARM devices
- CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
- Recommend libfido2-udev on codestreams that exist, in order to try
to get security keys (e.g. Yubikeys) work out of the box. (bsc#1184272)
ImportantSUSE bug 1184272SUSE bug 1220048CVE-2024-1546 at SUSECVE-2024-1546 at NVDCVE-2024-1547 at SUSECVE-2024-1547 at NVDCVE-2024-1548 at SUSECVE-2024-1548 at NVDCVE-2024-1549 at SUSECVE-2024-1549 at NVDCVE-2024-1550 at SUSECVE-2024-1550 at NVDCVE-2024-1551 at SUSECVE-2024-1551 at NVDCVE-2024-1552 at SUSECVE-2024-1552 at NVDCVE-2024-1553 at SUSECVE-2024-1553 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Mozilla Thunderbird 115.8 (bsc#1220048):
- CVE-2024-1546: Out-of-bounds memory read in networking channels
- CVE-2024-1547: Alert dialog could have been spoofed on another site
- CVE-2024-1548: Fullscreen Notification could have been hidden by select element
- CVE-2024-1549: Custom cursor could obscure the permission dialog
- CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants
- CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts
- CVE-2024-1552: Incorrect code generation on 32-bit ARM devices
- CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8
ImportantSUSE bug 1220048CVE-2024-1546 at SUSECVE-2024-1546 at NVDCVE-2024-1547 at SUSECVE-2024-1547 at NVDCVE-2024-1548 at SUSECVE-2024-1548 at NVDCVE-2024-1549 at SUSECVE-2024-1549 at NVDCVE-2024-1550 at SUSECVE-2024-1550 at NVDCVE-2024-1551 at SUSECVE-2024-1551 at NVDCVE-2024-1552 at SUSECVE-2024-1552 at NVDCVE-2024-1553 at SUSECVE-2024-1553 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-ibm (Important)openSUSE Leap 15.5
This update for java-1_8_0-ibm fixes the following issues:
Update to Java 8.0 Service Refresh 8 Fix Pack 20: [bsc#1219843]
Security fixes:
- CVE-2023-33850: Fixed information disclosure vulnerability due to the consumed GSKit library (bsc#1219843).
- CVE-2024-20932: Fixed incorrect handling of ZIP files with duplicate entries (bsc#1218908).
- CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (bsc#1218911).
- CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (bsc#1218907).
- CVE-2024-20921: Fixed range check loop optimization issue (bsc#1218905).
- CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified bytecode execution (bsc#1218903).
- CVE-2024-20926: Fixed arbitrary Java code execution in Nashorn (bsc#1218906).
- CVE-2024-20945: Fixed logging of digital signature private keys (bsc#1218909).
ImportantSUSE bug 1218903SUSE bug 1218905SUSE bug 1218906SUSE bug 1218907SUSE bug 1218908SUSE bug 1218909SUSE bug 1218911SUSE bug 1219843CVE-2023-33850 at SUSECVE-2023-33850 at NVDCVE-2024-20918 at SUSECVE-2024-20918 at NVDCVE-2024-20919 at SUSECVE-2024-20919 at NVDCVE-2024-20921 at SUSECVE-2024-20921 at NVDCVE-2024-20926 at SUSECVE-2024-20926 at NVDCVE-2024-20932 at SUSECVE-2024-20932 at NVDCVE-2024-20945 at SUSECVE-2024-20945 at NVDCVE-2024-20952 at SUSECVE-2024-20952 at NVDcpe:/o:opensuse:leap:15.5Security update for qt6-base (Important)openSUSE Leap 15.5
This update for qt6-base fixes the following issues:
- CVE-2023-51714: Fixed an incorrect integer overflow check (bsc#1218413).
ImportantSUSE bug 1218413CVE-2023-51714 at SUSECVE-2023-51714 at NVDcpe:/o:opensuse:leap:15.5Security update for gnutls (Moderate)openSUSE Leap 15.5
This update for gnutls fixes the following issues:
- CVE-2024-0567: Fixed an incorrect rejection of certificate chains
with distributed trust (bsc#1218862).
- CVE-2024-0553: Fixed a timing attack against the RSA-PSK key
exchange, which could lead to the leakage of sensitive data
(bsc#1218865).
ModerateSUSE bug 1218862SUSE bug 1218865CVE-2024-0553 at SUSECVE-2024-0553 at NVDCVE-2024-0567 at SUSECVE-2024-0567 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs20 (Important)openSUSE Leap 15.5
This update for nodejs20 fixes the following issues:
Update to 20.11.1: (security updates)
* CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992).
* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).
* CVE-2024-21896: Path traversal by monkey-patching Buffer internals (bsc#1219994).j
* CVE-2024-22017: setuid() does not drop all privileges due to io_uring (bsc#1219995).
* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
* CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization (bsc#1219998).
* CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (bsc#1219999).
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).
* CVE-2024-24758: undici version 5.28.3 (bsc#1220017).
* CVE-2024-24806: libuv version 1.48.0 (bsc#1219724).
Update to 20.11.0:
* esm: add import.meta.dirname and import.meta.filename
* fs: add c++ fast path for writeFileSync utf8
* module: remove useCustomLoadersIfPresent flag
* module: bootstrap module loaders in shadow realm
* src: add --disable-warning option
* src: create per isolate proxy env template
* src: make process binding data weak
* stream: use Array for Readable buffer
* stream: optimize creation
* test_runner: adds built in lcov reporter
* test_runner: add Date to the supported mock APIs
* test_runner, cli: add --test-timeout flag
Update to 20.10.0:
* --experimental-default-type flag to flip module defaults
* The new flag --experimental-detect-module can be used to automatically run ES modules when their syntax can be detected.
* Added flush option in file system functions for fs.writeFile functions
* Added experimental WebSocket client
* vm: fix V8 compilation cache support for vm.Script. This fixes performance regression since v16.x when support for importModuleDynamically was added to vm.Script
ImportantSUSE bug 1219152SUSE bug 1219724SUSE bug 1219992SUSE bug 1219993SUSE bug 1219994SUSE bug 1219995SUSE bug 1219997SUSE bug 1219998SUSE bug 1219999SUSE bug 1220014SUSE bug 1220017CVE-2023-46809 at SUSECVE-2023-46809 at NVDCVE-2024-21890 at SUSECVE-2024-21890 at NVDCVE-2024-21891 at SUSECVE-2024-21891 at NVDCVE-2024-21892 at SUSECVE-2024-21892 at NVDCVE-2024-21896 at SUSECVE-2024-21896 at NVDCVE-2024-22017 at SUSECVE-2024-22017 at NVDCVE-2024-22019 at SUSECVE-2024-22019 at NVDCVE-2024-22025 at SUSECVE-2024-22025 at NVDCVE-2024-24758 at SUSECVE-2024-24758 at NVDCVE-2024-24806 at SUSECVE-2024-24806 at NVDcpe:/o:opensuse:leap:15.5Security update for freerdp (Important)openSUSE Leap 15.5
This update for freerdp fixes the following issues:
- CVE-2024-22211: Fixed am integer overflow in freerdp_bitmap_planar_context_reset() (bsc#1219049).
ImportantSUSE bug 1219049CVE-2024-22211 at SUSECVE-2024-22211 at NVDcpe:/o:opensuse:leap:15.5Security update for rear27a (Important)openSUSE Leap 15.5
This update for rear27a fixes the following issues:
- CVE-2024-23301: Fixed world-readable initrd with GRUB_RESCUE=Y (bsc#1218728).
Bug fixes:
- Fix mkinitrd dependency issue by installing dracut-mkinitrd-deprecated (see bsc#1202352).
ImportantSUSE bug 1202352SUSE bug 1218728CVE-2024-23301 at SUSECVE-2024-23301 at NVDcpe:/o:opensuse:leap:15.5Security update for tar (Low)openSUSE Leap 15.5
This update for tar fixes the following issues:
- CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969).
LowSUSE bug 1217969CVE-2023-39804 at SUSECVE-2023-39804 at NVDcpe:/o:opensuse:leap:15.5Security update for Java (Important)openSUSE Leap 15.5
This update for Java fixes the following issues:
apache-commons-codec was updated to version 1.16.1:
- Changes in version 1.16.1:
* New features:
+ Added Maven property project.build.outputTimestamp for build reproducibility
* Bugs fixed:
+ Correct error in Base64 Javadoc
+ Added minimum Java version in changes.xml
+ Documentation update for the org.apache.commons.codec.digest.* package
+ Precompile regular expression in UnixCrypt.crypt(byte[], String)
+ Fixed possible IndexOutOfBoundException in PhoneticEngine.encode method
+ Fixed possible ArrayIndexOutOfBoundsException in QuotedPrintableCodec.encodeQuotedPrintable() method
+ Fixed possible StringIndexOutOfBoundException in MatchRatingApproachEncoder.encode() method
+ Fixed possible ArrayIndexOutOfBoundException in RefinedSoundex.getMappingCode()
+ Fixed possible IndexOutOfBoundsException in PercentCodec.insertAlwaysEncodeChars() method
+ Deprecated UnixCrypt 0-argument constructor
+ Deprecated Md5Crypt 0-argument constructor
+ Deprecated Crypt 0-argument constructor
+ Deprecated StringUtils 0-argument constructor
+ Deprecated Resources 0-argument constructor
+ Deprecated Charsets 0-argument constructor
+ Deprecated CharEncoding 0-argument constructor
- Changes in version 1.16.0:
* Remove duplicated words from Javadocs
* Use Standard Charset object
* Use String.contains() functions
* Avoid use toString() or substring() in favor of a simplified expression
* Fixed byte-skipping in Base16 decoding
* Fixed several typos, improve writing in some javadocs
* BaseNCodecOutputStream.eof() should not throw IOException.
* Javadoc improvements and cleanups.
* Deprecated BaseNCodec.isWhiteSpace(byte) and use Character.isWhitespace(int).
* Added support for Blake3 family of hashes
* Added github/codeql-action
* Bump actions/cache from v2 to v3.0.10
* Bump actions/setup-java from v1.4.1 to 3.5.1
* Bump actions/checkout from 2.3.2 to 3.1.0
* Bump commons-parent from 52 to 58
* Bump junit from 4.13.1 to 5.9.1
* Bump Java 7 to 8.
* Bump japicmp-maven-plugin from 0.14.3 to 0.17.1.
* Bump jacoco-maven-plugin from 0.8.5 to 0.8.8 (Fixes Java 15 builds).
* Bump maven-surefire-plugin from 2.22.2 to 3.0.0-M7
* Bump maven-javadoc-plugin from 3.2.0 to 3.4.1.
* Bump animal-sniffer-maven-plugin from 1.19 to 1.22.
* Bump maven-pmd-plugin from 3.13.0 to 3.19.0
* Bump pmd from 6.47.0 to 6.52.0.
* Bump maven-checkstyle-plugin from 2.17 to 3.2.0
* Bump checkstyle from 8.45.1 to 9.3
* Bump taglist-maven-plugin from 2.4 to 3.0.0
* Bump jacoco-maven-plugin from 0.8.7 to 0.8.8.
apache-commons-compress was updated to version 1.26:
- Changes in version 1.26:
* Security issues fixed:
+ CVE-2024-26308: Fixed allocation of Resources Without Limits or Throttling vulnerability in
Apache Commons Compress (bsc#1220068)
+ CVE-2024-25710: Fixed loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in
Apache Commons Compress (bsc#1220070)
* New Features:
+ Added and use ZipFile.builder(), ZipFile.Builder, and deprecate constructors
+ Added and use SevenZFile.builder(), SevenZFile.Builder, and deprecate constructors
+ Added and use ArchiveInputStream.getCharset()
+ Added and use ArchiveEntry.resolveIn(Path)
+ Added Maven property project.build.outputTimestamp for build reproducibility
* Bugs fixed:
+ Check for invalid PAX values in TarArchiveEntry
+ Fixed zero size headers in ArjInputStream
+ Fixes and tests for ArInputStream
+ Fixes for dump file parsing
+ Improved CPIO exception detection and handling
+ Deprecated SkipShieldingInputStream without replacement (nolonger used)
+ Reuse commons-codec, don't duplicate class PureJavaCrc32C (removed package-private class)
+ Reuse commons-codec, don't duplicate class XXHash32 (deprecated class)
+ Reuse commons-io, don't duplicate class Charsets (deprecated class)
+ Reuse commons-io, don't duplicate class IOUtils (deprecated methods)
+ Reuse commons-io, don't duplicate class BoundedInputStream (deprecated class)
+ Reuse commons-io, don't duplicate class FileTimes (deprecated TimeUtils methods)
+ Reuse Arrays.equals(byte[], byte[]) and deprecate ArchiveUtils.isEqual(byte[], byte[])
+ Added a null-check for the class loader of OsgiUtils
+ Added a null-check in Pack200.newInstance(String, String)
+ Deprecated ChecksumCalculatingInputStream in favor of java.util.zip.CheckedInputStream
+ Deprecated CRC32VerifyingInputStream.CRC32VerifyingInputStream(InputStream, long, int)
+ FramedSnappyCompressorOutputStream produces incorrect output when writing a large buffer
+ Fixed TAR directory entries being misinterpreted as files
+ Deprecated unused method FileNameUtils.getBaseName(String)
+ Deprecated unused method FileNameUtils.getExtension(String)
+ ArchiveInputStream.BoundedInputStream.read() incorrectly adds 1 for EOF to the bytes read count
+ Deprecated IOUtils.read(File, byte[])
+ Deprecated IOUtils.copyRange(InputStream, long, OutputStream, int)
+ ZipArchiveOutputStream multi archive updates metadata in incorrect file
+ Deprecated ByteUtils.InputStreamByteSupplier
+ Deprecated ByteUtils.fromLittleEndian(InputStream, int)
+ Deprecated ByteUtils.toLittleEndian(DataOutput, long, int)
+ Reduce duplication by having ArchiveInputStream extend FilterInputStream
+ Support preamble garbage in ZipArchiveInputStream
+ Fixed formatting the lowest expressable DOS time
+ Dropped reflection from ExtraFieldUtils static initialization
+ Preserve exception causation in ExtraFieldUtils.register(Class)
- Changes in version 1.25:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-compress/changes-report.html#a1.25.0
- Changes in version 1.24:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0
- Changes in version 1.23:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-compress/changes-report.html#a1.23.0
- Changes in version 1.22:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-compress/changes-report.html#a1.22
apache-commons-io was updated to version 2.15.1:
- Changes in version 2.15.1:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.1
- Changes in version 2.15.0:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-io/changes-report.html#a2.15.0
- Changes in version 2.14.0:
* For the full list of changes please consult:
https://commons.apache.org/proper/commons-io/changes-report.html#a2.14.0
javapackages-meta:
- Syncing the version with javapackages-tools 6.2.0
- Remove unnecessary dependencies
maven was updated to version 3.9.6:
- Changes in version 3.9.6:
* Bugs fixed:
+ Error message when modelVersion is 4.0 is confusing
* Improvements:
+ Colorize transfer messages
+ Support ${project.basedir} in file profile activation
+ Allow to exclude plugins from validation
* Tasks:
+ Maven Resolver Provider classes ctor change
+ Undeprecate wrongly deprecated repository metadata
+ Deprecated `org.apache.maven.repository.internal.MavenResolverModule`
+ maven-resolver-provider: introduce NAME constants.
* Dependency upgrade:
+ Updated to Resolver 1.9.16
+ Upgraded Sisu version to 0.9.0.M2
+ Upgraded Resolver version to 1.9.18
+ Upgraded to parent POM 41
+ Upgraded default plugin bindings
maven-assembly-plugin:
- Explicitely require commons-io:commons-io and commons-codec:common-codes artifacts that are optional in
apache-commons-compress
maven-doxia was updated to version 1.12.0:
* Changes in version 1.12.0:
+ Upgraded to FOP 2.2
+ Fixed rendering links and paragraphs inside tables
+ Rewrite .md and .markdown links to .html
+ Upgraded HttpComponents: httpclient to 4.5.8 and httpcore to 4.4.11
+ Escape links to xml based figureGraphics image elements
+ SECURITY: Use HTTPS to resolve dependencies in Maven Build
+ Removed old Maven 1 and 2 info
+ Updated commons-lang to 3.8.1
+ Dropped dependency to outdated Log4j
+ Fixed Java 7 compatibility that was broken
+ Import tests from maven-site-plugin
+ Fixed crosslinks starting with a dot in markdown files
+ Replace deprecated class from commons-lang
+ Fill in some generic types
maven-doxia-sitetools was updated to version 1.11.1:
- Changes in version 1.11.1:
* Bugs fixed:
+ CLIRR can't find previous version
* Improvements:
+ Removed all   in default-site-macros.vm and replace by a space
+ Improved documentation on site.xml inheritance vs interpolation
* Tasks:
+ Deprecated Doxia Sitetools Doc Renderer
* Dependency upgrade:
+ Fixed javadoc issues with JDK 8 when generating documentation
+ Wrong coordinates for jai_core: hyphen should be underscore
+ Use latest JUnit version 4.13.2
+ Upgraded Plexus Utils to 3.3.0
+ Upgraded Plexus Interpolation to 1.26
+ Upgraded Maven Doxia to 1.10
+ Upgraded Maven Doxia to 1.11.1
maven-jar-plugin was updated to version 3.3.0:
- Changes in version 3.3.0:
* Bugs fixed:
+ outputTimestamp not applied to module-info; breaks reproducible builds
* Task:
+ Updated plugin (requires Maven 3.2.5+)
+ Java 8 as minimum
* Dependency upgrade:
+ Upgraded Plexus Utils to 3.3.1
+ Removed override for Plexus Archiver to fix order of META-INF/ and META-INF/MANIFEST.MF entries
+ Upgraded Parent to 36
+ Updated Plexus Utils to 3.4.2
+ Upgraded Parent to 37
maven-jar-plugin was updated to version 3.6.0:
- Changes from version 3.6.0:
* Bugs fixed:
+ Setting maven.javadoc.isoffline seems to have no effect
+ javadoc site is broken for projects that contain modules
+ Alternative doclet page points to an SEO spammy page
+ [REGRESSION] Transitive dependencies of docletArtifact missing
+ Unresolvable link in javadoc tag with value ResourcesBundleMojo#getAttachmentClassifier() found in
ResourcesBundleMojo
+ IOException --> NullPointerException in JavadocUtil.copyResource
+ JavadocReportTest.testExceptions is broken
+ javadoc creates invalid --patch-module statements
+ javadoc plugin can not deal with transitive filename based modules
* Improvements:
+ Clean up deprecated and unpreferred methods in JavadocUtil
+ Cleanup dependency declarations as best possible
+ Allow building javadoc 'the old fashioned way' after Java 8
* Tasks:
+ Dropped use of deprecated localRepository mojo
parameter
+ Make build pass with Java 20
+ Refresh download page
* Dependency upgrade:
+ Updated to commons-io 2.13.0
+ Updated plexus-archiver from 4.7.1 to 4.8.0
+ Upgraded Parent to 40
- Changes from version 3.5.0:
* Bugs fixed:
+ Invalid anchors in Javadoc and plugin mojo
+ Plugin duplicates classes in Java 8 all-classes lists
+ javadoc site creation ignores configuration parameters
* Improvements:
+ Deprecated parameter 'stylesheet'
+ Parse stderr output and suppress informational lines
+ Link to Javadoc references from JDK 17
+ Migrate components to JSR 330, get rid of maven-artifact-transfer, update to parent 37
* Tasks:
+ Removed remains of org.codehaus.doxia.sink.Sink
* Dependency upgrades:
+ Upgraded plugins in ITs
+ Upgraded to Maven 3.2.5
+ Updated Maven Archiver to 3.6.0
+ Upgraded Maven Reporting API to 3.1.1/Complete
with Maven Reporting Impl 3.2.0
+ Upgraded commons-text to 1.10.0
+ Upgraded Parent to 39
+ Upgraded plugins and components
maven-reporting-api was updated to version 3.1.1:
- Restore binary compat for MavenReport
maven-reporting-impl was updated to version 3.2.0:
- Changes in version 3.2.0:
* Improvement:
+ Render with a skin when report is run in standalone mode
* Dependency upgrades:
+ Upgraded Maven Reporting API to 3.1.1
+ Upgraded plugins and components in project and ITs
maven-resolver was updated to version 1.9.18:
- Changes in version 1.9.18:
* Bugs fixed:
+ Sporadic AccessDeniedEx on Windows
+ Undo FileUtils changes that altered non-Windows execution path
* Improvements:
+ Native transport should retry on HTTP 429 (Retry-After)
* Task:
+ Deprecated Guice modules
+ Get rid of component name string literals, make them constants and reusable
+ Expose configuration for inhibiting Expect-Continue handshake in 1.x
+ Refresh download page
+ Resolver should not override given HTTP transport default use of expect-continue handshake
maven-resources-plugin was updated to version 3.3.1:
- Changes in version 3.3.1:
* Bugs fixed:
+ Resource plugin's handling of symbolic links changed in 3.0.x, broke existing behavior
+ Resource copying not using specified encoding
+ java.nio.charset.MalformedInputException: Input length = 1
+ Filtering of Maven properties with long names is not working after transition from 2.6 to 3.2.0
+ Valid location for directory parameter is always required
+ Symlinks cause copying resources to fail
+ FileUtils.copyFile() fails with source file having `lastModified = 0`
* New Features:
+ Added ability to flatten folder structure into target directory when copying resources
* Improvements:
+ Make tests jar reproducible
+ Describe from and to in 'Copying xresources' info message
* Task:
+ Dropped plexus legacy
+ Updated to parent POM 39, reformat sources
+ Updated plugin (requires Maven 3.2.5+)
+ Require Java 8
* Dependency upgrade:
+ Upgraded maven-plugin parent to 36
+ Upgraded Maven Filtering to 3.3.0
+ Upgraded plexus-utils to 3.5.1
+ Upgraded to maven-filtering 3.3.1
sbt:
- Fixed RPM package build with maven 3.9.6 and maven-resolver 1.9.18
xmvn:
- Modify the xmvn-install script to work with new apache-commons-compress
- Recompiling RPM package to resolve package building issues with maven-lib
ImportantSUSE bug 1220068SUSE bug 1220070CVE-2024-25710 at SUSECVE-2024-25710 at NVDCVE-2024-26308 at SUSECVE-2024-26308 at NVDcpe:/o:opensuse:leap:15.5Security update for nodejs18 (Important)openSUSE Leap 15.5
This update for nodejs18 fixes the following issues:
Update to 18.19.1: (security updates)
* CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992).
* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).
* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).
* CVE-2024-24758: undici version 5.28.3 (bsc#1220017).
* CVE-2024-24806: libuv version 1.48.0 (bsc#1219724).
Update to LTS version 18.19.0
* deps: npm updates to 10.x
* esm:
+ Leverage loaders when resolving subsequent loaders
+ import.meta.resolve unflagged
+ --experimental-default-type flag to flip module defaults
ImportantSUSE bug 1219724SUSE bug 1219992SUSE bug 1219993SUSE bug 1219997SUSE bug 1220014SUSE bug 1220017CVE-2023-46809 at SUSECVE-2023-46809 at NVDCVE-2024-21892 at SUSECVE-2024-21892 at NVDCVE-2024-22019 at SUSECVE-2024-22019 at NVDCVE-2024-22025 at SUSECVE-2024-22025 at NVDCVE-2024-24758 at SUSECVE-2024-24758 at NVDCVE-2024-24806 at SUSECVE-2024-24806 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch3 (Important)openSUSE Leap 15.5
This update for openvswitch3 fixes the following issues:
- CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc#1219465).
ImportantSUSE bug 1219465CVE-2023-3966 at SUSECVE-2023-3966 at NVDcpe:/o:opensuse:leap:15.5Security update for sendmail (Moderate)openSUSE Leap 15.5
This update for sendmail fixes the following issues:
- CVE-2023-51765: Fixed new SMTP smuggling attack. (bsc#1218351)
ModerateSUSE bug 1218351CVE-2023-51765 at SUSECVE-2023-51765 at NVDcpe:/o:opensuse:leap:15.5Security update for apache2-mod_auth_openidc (Important)openSUSE Leap 15.5
This update for apache2-mod_auth_openidc fixes the following issues:
- CVE-2024-24814: Fixed a denial of service when using `OIDCSessionType client-cookie` and manipulating cookies (bsc#1219911).
ImportantSUSE bug 1219911CVE-2024-24814 at SUSECVE-2024-24814 at NVDcpe:/o:opensuse:leap:15.5Security update for hawk2 (Moderate)openSUSE Leap 15.5
This update for hawk2 fixes the following issues:
- Fixed HttpOnly secure flag by default (bsc#1216508).
- Fixed CSRF in errors_controller.rb protection (bsc#1216571).
Update to version 2.6.4+git.1702030539.5fb7d91b:
- Fix mime type issue in MS windows (bsc#1215438)
- Parametrize CORS Access-Control-Allow-Origin header (bsc#1213454)
- Tests: upgrate tests for ruby3.2 (tumbleweed) (bsc#1215976)
- Upgrade for ruby3.2 (tumbleweed) (bsc#1215976)
- Forbid special symbols in the category (bsc#1206217)
- Fix the sass-rails version on ~5.0 (bsc#1208533)
- Don't delete the private key if the public key is missing (bsc#1207930)
- make-sle155-compatible.patch . No bsc, it's for backwards compatibility.
ModerateSUSE bug 1206217SUSE bug 1207930SUSE bug 1208533SUSE bug 1213454SUSE bug 1215438SUSE bug 1215976SUSE bug 1216508SUSE bug 1216571cpe:/o:opensuse:leap:15.5Security update for python-cryptography (Moderate)openSUSE Leap 15.5
This update for python-cryptography fixes the following issues:
- CVE-2024-26130: Fixed NULL pointer dereference in pkcs12.serialize_key_and_certificates() (bsc#1220210).
ModerateSUSE bug 1220210CVE-2024-26130 at SUSECVE-2024-26130 at NVDcpe:/o:opensuse:leap:15.5Security update for wpa_supplicant (Important)openSUSE Leap 15.5
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
ImportantSUSE bug 1219975CVE-2023-52160 at SUSECVE-2023-52160 at NVDcpe:/o:opensuse:leap:15.5Security update for rubygem-rack (Important)openSUSE Leap 15.5
This update for rubygem-rack fixes the following issues:
- CVE-2024-25126: Fixed a denial-of-service vulnerability in Rack Content-Type parsing (bsc#1220239).
- CVE-2024-26141: Fixed a denial-of-service vulnerability in Range request header parsing (bsc#1220242).
- CVE-2024-26146: Fixed a denial-of-service vulnerability in Rack headers parsing routine (bsc#1220248).
ImportantSUSE bug 1220239SUSE bug 1220242SUSE bug 1220248CVE-2024-25126 at SUSECVE-2024-25126 at NVDCVE-2024-26141 at SUSECVE-2024-26141 at NVDCVE-2024-26146 at SUSECVE-2024-26146 at NVDcpe:/o:opensuse:leap:15.5Security update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed (Important)openSUSE Leap 15.5
This update for kernel-firmware-nvidia-gspx-G06, nvidia-open-driver-G06-signed fixes the following issues:
Update to 550.54.14:
* Added vGPU Host and vGPU Guest support. For vGPU Host, please
refer to the README.vgpu packaged in the vGPU Host Package for
more details.
Security issues fixed:
* CVE-2024-0074: A user could trigger a NULL ptr dereference.
* CVE-2024-0075: A user could overwrite the end of a buffer, leading to crashes or code execution.
* CVE-2022-42265: A unprivileged user could trigger an integer overflow which could lead to crashes or code execution.
- create /run/udev/static_node-tags/uaccess/nvidia${devid} symlinks
also during modprobing the nvidia module; this changes the issue
of not having access to /dev/nvidia${devid}, when gfxcard has
been replaced by a different gfx card after installing the driver
- provide nvidia-open-driver-G06-kmp (jsc#PED-7117)
This makes it easy to replace the package from nVidia's
CUDA repository with this presigned package
ImportantSUSE bug 1220552CVE-2022-42265 at SUSECVE-2022-42265 at NVDCVE-2024-0074 at SUSECVE-2024-0074 at NVDCVE-2024-0075 at SUSECVE-2024-0075 at NVDcpe:/o:opensuse:leap:15.5Security update for postgresql-jdbc (Critical)openSUSE Leap 15.5
This update for postgresql-jdbc fixes the following issues:
- CVE-2024-1597: Fixed SQL Injection via line comment generation (bsc#1220644).
CriticalSUSE bug 1220644CVE-2024-1597 at SUSECVE-2024-1597 at NVDcpe:/o:opensuse:leap:15.5Security update for python311 (Important)openSUSE Leap 15.5
This update for python311 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638).
- CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015).
ImportantSUSE bug 1196025SUSE bug 1210638SUSE bug 1219666CVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2023-27043 at SUSECVE-2023-27043 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:opensuse:leap:15.5Security update for python39 (Important)openSUSE Leap 15.5
This update for python39 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2023-27043: Fixed incorrect e-mqil parsing (bsc#1210638).
- CVE-2023-40217: Fixed a ssl.SSLSocket TLS bypass vulnerability where data is sent unencrypted (bsc#1214692).
- CVE-2022-25236: Fixed an expat vulnerability by supporting expat >= 2.4.4 (bsc#1212015).
ImportantSUSE bug 1196025SUSE bug 1210638SUSE bug 1212015SUSE bug 1214692SUSE bug 1215454SUSE bug 1219666CVE-2022-25236 at SUSECVE-2022-25236 at NVDCVE-2023-27043 at SUSECVE-2023-27043 at NVDCVE-2023-40217 at SUSECVE-2023-40217 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:opensuse:leap:15.5Security update for giflib (Important)openSUSE Leap 15.5
This update for giflib fixes the following issues:
Update to version 5.2.2
* Fixes for CVE-2023-48161 (bsc#1217390), CVE-2022-28506 (bsc#1198880)
* #138 Documentation for obsolete utilities still installed
* #139: Typo in 'LZW image data' page ('110_2 = 4_10')
* #140: Typo in 'LZW image data' page ('LWZ')
* #141: Typo in 'Bits and bytes' page ('filed')
* Note as already fixed SF issue #143: cannot compile under mingw
* #144: giflib-5.2.1 cannot be build on windows and other platforms using c89
* #145: Remove manual pages installation for binaries that are not installed too
* #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7
* #147 [PATCH] Fixes to doc/whatsinagif/ content
* #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB
* Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1
* Declared Won't-fix on SF issue 149: Out of source builds no longer possible
* #151: A heap-buffer-overflow in gif2rgb.c:294:45
* #152: Fix some typos on the html documentation and man pages
* #153: Fix segmentation faults due to non correct checking for args
* #154: Recover the giffilter manual page
* #155: Add gifsponge docs
* #157: An OutofMemory-Exception or Memory Leak in gif2rgb
* #158: There is a null pointer problem in gif2rgb
* #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45
* #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c
* #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c
* #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c
* #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c
ImportantSUSE bug 1198880SUSE bug 1200551SUSE bug 1217390CVE-2021-40633 at SUSECVE-2021-40633 at NVDCVE-2022-28506 at SUSECVE-2022-28506 at NVDCVE-2023-48161 at SUSECVE-2023-48161 at NVDcpe:/o:opensuse:leap:15.5Security update for google-oauth-java-client (Important)openSUSE Leap 15.5
This update for google-oauth-java-client fixes the following issues:
- CVE-2021-22573: Fixed token signature not verified (bsc#1199188).
ImportantSUSE bug 1199188CVE-2021-22573 at SUSECVE-2021-22573 at NVDcpe:/o:opensuse:leap:15.5Security update for xmlgraphics-batik (Important)openSUSE Leap 15.5
This update for xmlgraphics-batik fixes the following issues:
- CVE-2022-41704: Fixed information disclosure vulnerability in Apache Batik (bsc#1204704).
- CVE-2022-42890: Fixed information disclosure vulnerability in Apache Batik (bsc#1204709).
- CVE-2022-44730: Fixed Server-Side Request Forgery.
- CVE-2022-44729: Fixed Server-Side Request Forgery.
Upgrade to version 1.17.
ImportantSUSE bug 1204704SUSE bug 1204709CVE-2022-41704 at SUSECVE-2022-41704 at NVDCVE-2022-42890 at SUSECVE-2022-42890 at NVDCVE-2022-44729 at SUSECVE-2022-44729 at NVDCVE-2022-44730 at SUSECVE-2022-44730 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.21 (Important)openSUSE Leap 15.5
This update for go1.21 fixes the following issues:
- Upgrade go to version 1.21.8
- CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000)
- CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001)
- CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999)
- CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002)
- CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003)
ImportantSUSE bug 1212475SUSE bug 1219988SUSE bug 1220999SUSE bug 1221000SUSE bug 1221001SUSE bug 1221002SUSE bug 1221003CVE-2023-45289 at SUSECVE-2023-45289 at NVDCVE-2023-45290 at SUSECVE-2023-45290 at NVDCVE-2024-24783 at SUSECVE-2024-24783 at NVDCVE-2024-24784 at SUSECVE-2024-24784 at NVDCVE-2024-24785 at SUSECVE-2024-24785 at NVDcpe:/o:opensuse:leap:15.5Security update for go1.22 (Important)openSUSE Leap 15.5
This update for go1.22 fixes the following issues:
- Upgrade go to version 1.22.1
- CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000)
- CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001)
- CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999)
- CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002)
- CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003)
ImportantSUSE bug 1218424SUSE bug 1219988SUSE bug 1220999SUSE bug 1221000SUSE bug 1221001SUSE bug 1221002SUSE bug 1221003CVE-2023-45289 at SUSECVE-2023-45289 at NVDCVE-2023-45290 at SUSECVE-2023-45290 at NVDCVE-2024-24783 at SUSECVE-2024-24783 at NVDCVE-2024-24784 at SUSECVE-2024-24784 at NVDCVE-2024-24785 at SUSECVE-2024-24785 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-3 (Moderate)openSUSE Leap 15.5
This update for openssl-3 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:opensuse:leap:15.5Security update for jetty-minimal (Important)openSUSE Leap 15.5
This update for jetty-minimal fixes the following issues:
- CVE-2024-22201: Fixed denial-of-service via HTTP/2 connection leak (bsc#1220437).
ImportantSUSE bug 1220437CVE-2024-22201 at SUSECVE-2024-22201 at NVDcpe:/o:opensuse:leap:15.5Security update for python310 (Important)openSUSE Leap 15.5
This update for python310 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
ImportantSUSE bug 1219666CVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:opensuse:leap:15.5Security update for xen (Moderate)openSUSE Leap 15.5
This update for xen fixes the following issues:
- CVE-2023-46839: Fixed memory access through PCI device with phantom functions (XSA-449) (bsc#1218851).
- CVE-2023-46840: Fixed Failure to quarantine devices in !HVM builds (XSA-450) (bsc#1219080).
- CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885).
ModerateSUSE bug 1027519SUSE bug 1218851SUSE bug 1219080SUSE bug 1219885CVE-2023-46839 at SUSECVE-2023-46839 at NVDCVE-2023-46840 at SUSECVE-2023-46840 at NVDCVE-2023-46841 at SUSECVE-2023-46841 at NVDcpe:/o:opensuse:leap:15.5Security update for openssl-1_0_0 (Moderate)openSUSE Leap 15.5
This update for openssl-1_0_0 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
ModerateSUSE bug 1219243CVE-2024-0727 at SUSECVE-2024-0727 at NVDcpe:/o:opensuse:leap:15.5Security update for java-1_8_0-openjdk (Important)openSUSE Leap 15.5
This update for java-1_8_0-openjdk fixes the following issues:
- CVE-2024-20952: Fixed RSA padding issue and timing side-channel attack against TLS (8317547) (bsc#1218911).
- CVE-2024-20921: Fixed range check loop optimization issue (8314307) (bsc#1218905).
- CVE-2024-20926: Fixed rbitrary Java code execution in Nashorn (8314284) (bsc#1218906).
- CVE-2024-20919: Fixed JVM class file verifier flaw allows unverified byte code execution (8314295) (bsc#1218903).
- CVE-2024-20918: Fixed array out-of-bounds access due to missing range check in C1 compiler (8314468) (bsc#1218907).
- CVE-2024-20945: Fixed logging of digital signature private keys (8316976) (bsc#1218909).
Update to version jdk8u402 (icedtea-3.30.0).
ImportantSUSE bug 1218903SUSE bug 1218905SUSE bug 1218906SUSE bug 1218907SUSE bug 1218909SUSE bug 1218911CVE-2024-20918 at SUSECVE-2024-20918 at NVDCVE-2024-20919 at SUSECVE-2024-20919 at NVDCVE-2024-20921 at SUSECVE-2024-20921 at NVDCVE-2024-20926 at SUSECVE-2024-20926 at NVDCVE-2024-20945 at SUSECVE-2024-20945 at NVDCVE-2024-20952 at SUSECVE-2024-20952 at NVDcpe:/o:opensuse:leap:15.5Security update for axis (Moderate)openSUSE Leap 15.5
This update for axis fixes the following issues:
- CVE-2023-51441: Fixed SSRF when untrusted input is passed to the service admin HTTP API (bsc#1218605).
ModerateSUSE bug 1218605CVE-2023-51441 at SUSECVE-2023-51441 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-6270: Fixed a use-after-free bug in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-52462: Fixed a security check for attempt to corrupt spilled pointer (bsc#1220325).
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
The following non-security bugs were fixed:
- ACPI: APEI: set memory failure flags as MF_ACTION_REQUIRED on synchronous events (git-fixes).
- ACPI: button: Add lid disable DMI quirk for Nextbook Ares 8A (git-fixes).
- ACPI: extlog: fix NULL pointer dereference check (git-fixes).
- ACPI: resource: Add ASUS model S5402ZA to quirks (git-fixes).
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (git-fixes).
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac11,3 (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Apple iMac12,1 and iMac12,2 (git-fixes).
- ACPI: video: Add backlight=native DMI quirk for Lenovo ThinkPad X131e (3371 AMD version) (git-fixes).
- ACPI: video: Add quirk for the Colorful X15 AT 23 Laptop (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: Hide silly-rename files from userspace (git-fixes).
- afs: Increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- ALSA: Drop leftover snd-rtctimer stuff from Makefile (git-fixes).
- ALSA: firewire-lib: fix to check cycle continuity (git-fixes).
- ALSA: hda/conexant: Add quirk for SWS JS201D (git-fixes).
- ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix device ID / model name (git-fixes).
- ALSA: hda/realtek: cs35l41: Fix order and duplicates in quirks table (git-fixes).
- ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL (git-fixes).
- ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED For HP mt645 (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power (git-fixes).
- ALSA: hda/realtek: Fix the external mic not being recognised for Acer Swift 1 SF114-32 (git-fixes).
- ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter (git-fixes).
- ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision (git-fixes).
- ALSA: usb-audio: add quirk for RODE NT-USB+ (git-fixes).
- ALSA: usb-audio: Check presence of valid altsetting control (git-fixes).
- ALSA: usb-audio: Ignore clock selector errors for single connection (git-fixes).
- ALSA: usb-audio: More relaxed check of MIDI jack names (git-fixes).
- ALSA: usb-audio: Sort quirk table entries (git-fixes).
- arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD (bsc#1219443)
- arm64: entry: Preserve/restore X29 even for compat tasks (bsc#1219443)
- arm64: entry: Simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: Add Cortex-A510 speculative unprivileged load (bsc#1219443) Enable workaround.
- arm64: errata: Add Cortex-A520 speculative unprivileged load (bsc#1219443) Enable workaround without kABI break.
- arm64: errata: Mitigate Ampere1 erratum AC03_CPU_38 at stage-2 (git-fixes) Enable AMPERE_ERRATUM_AC03_CPU_38 workaround without kABI break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for VMAP stack (git-fixes)
- arm64: Rename ARM64_WORKAROUND_2966298 (bsc#1219443)
- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (git-fixes)
- ASoC: doc: Fix undefined SND_SOC_DAPM_NOPM argument (git-fixes).
- ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() (git-fixes).
- ASoC: SOF: IPC3: fix message bounds on ipc ops (git-fixes).
- ASoC: sunxi: sun4i-spdif: Add support for Allwinner H616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- Bluetooth: Avoid potential use-after-free in hci_error_reset (git-fixes).
- Bluetooth: Enforce validation on max value of connection interval (git-fixes).
- Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST (git-fixes).
- Bluetooth: hci_event: Fix wrongly recorded wakeup BD_ADDR (git-fixes).
- Bluetooth: hci_sync: Check the correct flag before starting a scan (git-fixes).
- Bluetooth: hci_sync: Fix accept_list when attempting to suspend (git-fixes).
- Bluetooth: L2CAP: Fix possible multiple reject send (git-fixes).
- Bluetooth: qca: Fix wrong event type for patch config command (git-fixes).
- bpf: Fix verification of indirect var-off stack access (git-fixes).
- bpf: Fix verification of indirect var-off stack access (git-fixes).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Guard stack limits against 32bit overflow (git-fixes).
- bpf: Minor logging improvement (bsc#1220257).
- bus: moxtet: Add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (git-fixes).
- crypto: api - Disallow identical driver names (git-fixes).
- crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - Fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA (git-fixes).
- dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent DMA masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: Add some null pointer checks to the edma_probe (git-fixes).
- driver core: Fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: Fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: Fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: Fix possible NULL dereference on device remove/driver unload (git-fixes).
- drm/amd/display: Increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: Preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program GFXDEC registers for suspend abort (git-fixes).
- drm/amdgpu/display: Initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: Fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case (git-fixes).
- drm/prime: Support page array >= 4GB (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when WAIT_AVAILABLE flag is set (git-fixes).
- drm/ttm: Fix an invalid freeing on already freed page in error path (git-fixes).
- efi: Do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: Fix potential overflow of soft-reserved region size (git-fixes).
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: Error out if pixclock equals zero (git-fixes).
- fbdev: sis: Error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with CONFIG_IPV6 disabled (git-fixes).
- fs: JFS: UBSAN: array-index-out-of-bounds in dbAdjTree (git-fixes).
- gpio: 74x164: Enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 (git-fixes).
- gpiolib: Fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- HID: apple: Add 2021 magic keyboard FN key mapping (git-fixes).
- HID: apple: Add support for the 2021 Magic Keyboard (git-fixes).
- HID: wacom: Do not register input devices until after hid_hw_start (git-fixes).
- HID: wacom: generic: Avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) Enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) Fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) Fix out-of-bounds memory access (git-fixes).
- i2c: i801: Fix block process call transactions (git-fixes).
- i2c: i801: Remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: Add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: Update maximum prescaler value for i2c clock (git-fixes).
- IB/hfi1: Fix a memleak in init_credit_return (git-fixes)
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: Fix a compilation problem (git-fixes).
- iio: adc: ad7091r: Set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: Return 0 for HID_USAGE_SENSOR_TIME_TIMESTAMP (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC (git-fixes).
- Input: i8042 - add Fujitsu Lifebook E5411 to i8042 quirk table (git-fixes).
- Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table (git-fixes).
- Input: i8042 - add quirk for Fujitsu Lifebook A574/H (git-fixes).
- Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU (git-fixes).
- Input: iqs269a - switch to DEFINE_SIMPLE_DEV_PM_OPS() and pm_sleep_ptr() (git-fixes).
- Input: pm8941-powerkey - fix debounce on gen2+ PMICs (git-fixes).
- Input: pm8941-pwrkey - add software key press debouncing support (git-fixes).
- Input: pm8941-pwrkey - add support for PON GEN3 base addresses (git-fixes).
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- Input: xpad - add Lenovo Legion Go controllers (git-fixes).
- irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: Add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: fix array-index-out-of-bounds in diNewExt (git-fixes).
- jfs: fix slab-out-of-bounds Read in dtSearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: Fix changing ELF file type for output of gen_btf for big endian (git-fixes).
- KVM: s390: fix cc for successful PQAP (git-fixes bsc#1219839).
- KVM: s390: fix setting of fpc register (git-fixes bsc#1220392).
- KVM: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes).
- KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes).
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-commit).
- lan78xx: enable auto speed configuration for LAN7850 if no EEPROM is detected (git-fixes).
- leds: trigger: panic: Do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-PED#7423).
- lib/stackdepot: add refcount for records (jsc-PED#7423).
- lib/stackdepot: Fix first entry having a 0-handle (jsc-PED#7423).
- lib/stackdepot: Move stack_record struct definition into the header (jsc-PED#7423).
- libsubcmd: Fix memory leak in uniq() (git-fixes).
- md: Do not ignore suspended array in md_check_recovery() (git-fixes).
- md: do not leave 'MD_RECOVERY_FROZEN' in error path of md_set_readonly() (git-fixes).
- md: introduce md_ro_state (git-fixes).
- md: Make sure md_do_sync() will set MD_RECOVERY_DONE (git-fixes).
- md: Whenassemble the array, consult the superblock of the freshest device (git-fixes).
- md/raid10: check slab-out-of-bounds in md_bitmap_get_counter (git-fixes).
- md/raid5: release batch_last before waiting for another stripe_head (git-fixes).
- md/raid6: use valid sector values to determine if an I/O should wait on the reshape (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for RGB formats (git-fixes).
- media: stk1160: Fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: Fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: Display all stacks and their count (jsc-PED#7423).
- mm,page_owner: Filter out stacks by a threshold (jsc-PED#7423).
- mm,page_owner: Implement the tracking of the stacks count (jsc-PED#7423).
- mm,page_owner: Maintain own list of stack_records structs (jsc-PED#7423).
- mm,page_owner: Update Documentation regarding page_owner_stacks (jsc-PED#7423).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove MF_MSG_BUDDY_2ND and MF_MSG_POISONED_HUGE (bsc#1218663).
- mmc: core: Fix eMMC initialization with 1-bit bus connection (git-fixes).
- mmc: core: Use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom DMA mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for PHY init complete (git-fixes).
- mmc: sdhci-xenon: fix PHY init clock stability (git-fixes).
- mmc: slot-gpio: Allow non-sleeping GPIO ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: Fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: Prevent Oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace WARN_ONs for invalid DAT metadata block requests (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- ntfs: check overflow when iterating ATTR_RECORDs (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix I/O connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- PCI: Add no PM reset quirk for NVIDIA Spectrum devices (git-fixes).
- PCI: Add PCI_HEADER_TYPE_MFD definition (bsc#1220021).
- PCI: Fix 64GT/s effective data rate calculation (git-fixes).
- PCI: Only override AMD USB controller if required (git-fixes).
- PCI: switchtec: Fix stdev_release() crash after surprise hot remove (git-fixes).
- PCI/AER: Decode Requester ID when no error info found (git-fixes).
- platform/x86: thinkpad_acpi: Only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names (git-fixes).
- PM: core: Remove unnecessary (void *) conversions (git-fixes).
- PM: runtime: Have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- PNP: ACPI: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: Do not free non existing IRQ (git-fixes).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: Do not include lppaca.h in paca.h (bsc#1194869).
- powerpc/64: Set task pt_regs->link to the LR value on scv entry (bsc#1194869).
- powerpc/powernv: Fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: Add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT (bsc#1194869).
- powerpc/pseries: Set CPU_FTR_DBELL according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: Disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: Annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: Disable preemption in thread_change_pc() (bsc#1194869).
- pstore/ram: Fix crash when setting number of cpus to an odd number (git-fixes).
- RAS: Introduce a FRU memory poison manager (jsc#PED-7618).
- RAS/AMD/ATL: Add MI300 row retirement support (jsc#PED-7618).
- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- RDMA/bnxt_re: Add a missing check in bnxt_qplib_query_srq (git-fixes)
- RDMA/bnxt_re: Return error for SRQ resize (git-fixes)
- RDMA/core: Fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- RDMA/core: Get IB width and speed from netdev (bsc#1219934).
- RDMA/irdma: Add AE for too many RNRS (git-fixes)
- RDMA/irdma: Fix KASAN issue with tasklet (git-fixes)
- RDMA/irdma: Set the CQ read threshold for GEN 1 (git-fixes)
- RDMA/irdma: Validate max_send_wr and max_recv_wr (git-fixes)
- RDMA/qedr: Fix qedr_create_user_qp error flow (git-fixes)
- RDMA/srpt: fix function pointer cast warnings (git-fixes)
- RDMA/srpt: Support specifying the srpt_service_guid parameter (git-fixes)
- regulator: core: Only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: Add validity checks in continuous .get_voltage (git-fixes).
- Revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes).
- Revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes).
- Revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes).
- ring-buffer: Clean ring_buffer_poll_wait() error return (git-fixes).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- s390/qeth: Fix potential loss of L3-IP@ in case of network issues (git-fixes bsc#1219840).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler (git-fixes).
- scsi: core: Move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: Move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: Prevent parallel FLR and controller reset (git-fixes).
- scsi: ibmvfc: Limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: Open-code reset loop for target reset (bsc#1220106).
- scsi: isci: Fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: Add condition to delete ndlp object after sending BLS_RJT to an ABTS (bsc#1220021).
- scsi: lpfc: Allow lpfc_plogi_confirm_nport() logic to execute for Fabric nodes (bsc#1220021).
- scsi: lpfc: Change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: Change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: Change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: Copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: Fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: Initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: Move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: Protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: Remove D_ID swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: Remove NLP_RCV_PLOGI early return during RSCN processing for ndlps (bsc#1220021).
- scsi: lpfc: Remove shost_lock protection for fc_host_port shost APIs (bsc#1220021).
- scsi: lpfc: Replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: Save FPIN frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: Update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: Use PCI_HEADER_TYPE_MFD instead of literal (bsc#1220021).
- scsi: lpfc: Use sg_dma_len() API to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: Refresh sdev queue depth after controller reset (git-fixes).
- scsi: Revert 'scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141).
- serial: 8250: Remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: Fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected (git-fixes).
- spi: ppc4xx: Drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix UAF write bug in tomoyo_write_control() (git-fixes).
- topology: Fix up build warning in topology_is_visible() (jsc#PED-7618).
- topology/sysfs: Add format parameter to macro defining 'show' functions for proc (jsc#PED-7618).
- topology/sysfs: Add PPIN in sysfs under cpu topology (jsc#PED-7618).
- topology/sysfs: Hide PPIN on systems that do not support it (jsc#PED-7618).
- tracing: Fix wasted memory in saved_cmdlines logic (git-fixes).
- tracing: Inform kmemleak of saved_cmdlines allocation (git-fixes).
- tracing/probes: Fix to show a parse error for bad type for $comm (git-fixes).
- tty: allow TIOCSLCKTRMIOS with CAP_CHECKPOINT_RESTORE (git-fixes).
- UBSAN: array-index-out-of-bounds in dtSplitRoot (git-fixes).
- usb: cdns: readd old API (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: Modify the return value of cdns_set_active () to void when CONFIG_PM_SLEEP is disabled (git-fixes).
- usb: cdns3: Put the cdns set active part outside the spin lock (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting CDNSP family controllers (git-fixes).
- usb: dwc3: gadget: Do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: Handle EP0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: Ignore End Transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: Queue PM runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: Refactor EP0 forced stall/restart into a separate API (git-fixes).
- usb: dwc3: gadget: Submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: Add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: Gadget: core: Help prevent panic during UVC unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: Fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: Fix use-after-free Read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs (git-fixes).
- usb: gadget: udc: core: Offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: Prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: Handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling A_ALT_HNP_SUPPORT (bsc#1218527).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: hub: Replace hardcoded quirk value with BIT() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix NULL pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add ID for IMST iM871A-USB (git-fixes).
- usb: serial: option: add Fibocom FM101-GL variant (git-fixes).
- usb: serial: qcserial: add new usb-id for Dell Wireless DW5826e (git-fixes).
- watchdog: it87_wdt: Keep WDTCTRL bit 3 unmodified for IT8784/IT8786 (git-fixes).
- wifi: ath11k: fix registration of 6Ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: fix RCU dereference in __cfg80211_bss_update (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden BSS (git-fixes).
- wifi: iwlwifi: Fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh ID change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: Add additional USB IDs for RTL8192EU devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: Fix -Wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: Add asm helpers for executing VERW (git-fixes).
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add mds_user_clear to kABI severities since it's strictly mitigation related so should be low risk.
- x86/cpu: X86_FEATURE_INTEL_PPIN finally had a CPUID bit (jsc#PED-7618).
- x86/entry_32: Add VERW just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
- x86/mm: Fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1206453SUSE bug 1209412SUSE bug 1216776SUSE bug 1217927SUSE bug 1218195SUSE bug 1218216SUSE bug 1218450SUSE bug 1218527SUSE bug 1218562SUSE bug 1218663SUSE bug 1218915SUSE bug 1219126SUSE bug 1219127SUSE bug 1219141SUSE bug 1219146SUSE bug 1219295SUSE bug 1219443SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219839SUSE bug 1219840SUSE bug 1219934SUSE bug 1220003SUSE bug 1220009SUSE bug 1220021SUSE bug 1220030SUSE bug 1220106SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220267SUSE bug 1220277SUSE bug 1220317SUSE bug 1220325SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220348SUSE bug 1220350SUSE bug 1220364SUSE bug 1220392SUSE bug 1220393SUSE bug 1220398SUSE bug 1220409SUSE bug 1220433SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220469SUSE bug 1220649SUSE bug 1220735SUSE bug 1220736SUSE bug 1220796SUSE bug 1220825SUSE bug 1220845SUSE bug 1220848SUSE bug 1220917SUSE bug 1220930SUSE bug 1220931SUSE bug 1220933CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2021-46934 at SUSECVE-2021-46934 at NVDCVE-2021-47083 at SUSECVE-2021-47083 at NVDCVE-2022-48627 at SUSECVE-2022-48627 at NVDCVE-2022-48628 at SUSECVE-2022-48628 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52462 at SUSECVE-2023-52462 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52467 at SUSECVE-2023-52467 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-52482 at SUSECVE-2023-52482 at NVDCVE-2023-52530 at SUSECVE-2023-52530 at NVDCVE-2023-52531 at SUSECVE-2023-52531 at NVDCVE-2023-52559 at SUSECVE-2023-52559 at NVDCVE-2023-6270 at SUSECVE-2023-6270 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-25744 at SUSECVE-2024-25744 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26607 at SUSECVE-2024-26607 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
- acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
- acpi: extlog: fix null pointer dereference check (git-fixes).
- acpi: resource: add asus model s5402za to quirks (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
- acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
- acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
- acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
- add reference to recently released cve
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: hide silly-rename files from userspace (git-fixes).
- afs: increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
- alsa: firewire-lib: fix to check cycle continuity (git-fixes).
- alsa: hda/conexant: add quirk for sws js201d (git-fixes).
- alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
- alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
- alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
- alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
- alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
- alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
- alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
- alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
- alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
- alsa: usb-audio: check presence of valid altsetting control (git-fixes).
- alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
- alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
- alsa: usb-audio: sort quirk table entries (git-fixes).
- arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
- arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
- arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
- arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
- arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for vmap stack (git-fixes)
- arm64: rename arm64_workaround_2966298 (bsc#1219443)
- arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
- asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
- asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
- asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
- asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
- bluetooth: enforce validation on max value of connection interval (git-fixes).
- bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
- bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
- bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
- bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
- bluetooth: l2cap: fix possible multiple reject send (git-fixes).
- bluetooth: qca: fix wrong event type for patch config command (git-fixes).
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- bpf: minor logging improvement (bsc#1220257).
- bus: moxtet: add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
- crypto: api - disallow identical driver names (git-fixes).
- crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
- dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent dma masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
- driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
- drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
- drm/prime: support page array >= 4gb (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
- drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
- drop bcm5974 input patch causing a regression (bsc#1220030)
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- efi: do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: error out if pixclock equals zero (git-fixes).
- fbdev: sis: error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with config_ipv6 disabled (git-fixes).
- fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
- gpio: 74x164: enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
- gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
- hid: apple: add support for the 2021 magic keyboard (git-fixes).
- hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
- hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
- i2c: i801: fix block process call transactions (git-fixes).
- i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
- ib/hfi1: fix a memleak in init_credit_return (git-fixes)
- ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: fix a compilation problem (git-fixes).
- iio: adc: ad7091r: set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
- input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
- input: xpad - add lenovo legion go controllers (git-fixes).
- irqchip/gic-v3-its: fix gicv4.1 vpe affinity update (git-fixes).
- irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
- jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
- jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
- kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
- kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
- leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
- lib/stackdepot: add refcount for records (jsc-ped#7423).
- lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
- lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
- libsubcmd: fix memory leak in uniq() (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
- media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: display all stacks and their count (jsc-ped#7423).
- mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
- mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
- mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
- mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
- mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
- mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
- mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- ntfs: check overflow when iterating attr_records (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix i/o connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- pci/aer: decode requester id when no error info found (git-fixes).
- pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
- pci: add pci_header_type_mfd definition (bsc#1220021).
- pci: fix 64gt/s effective data rate calculation (git-fixes).
- pci: only override amd usb controller if required (git-fixes).
- pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
- platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
- pm: core: remove unnecessary (void *) conversions (git-fixes).
- pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- pnp: acpi: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
- powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
- powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
- powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: do not include lppaca.h in paca.h (bsc#1194869).
- pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
- ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
- ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- ras: introduce a fru memory poison manager (jsc#ped-7618).
- rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
- rdma/bnxt_re: return error for srq resize (git-fixes)
- rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- rdma/core: get ib width and speed from netdev (bsc#1219934).
- rdma/irdma: add ae for too many rnrs (git-fixes)
- rdma/irdma: fix kasan issue with tasklet (git-fixes)
- rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
- rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
- rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
- rdma/srpt: fix function pointer cast warnings (git-fixes)
- rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
- refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io (bsc#1216776, bsc#1220277)
- regulator: core: only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
- revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes).
- revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes).
- revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes).
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
- scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
- scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
- scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
- scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
- scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
- scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
- scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
- scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141).
- serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
- spi: ppc4xx: drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
- topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618).
- topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
- tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
- ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
- usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
- usb: cdns: readd old api (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
- usb: dwc3: gadget: do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
- usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix null pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
- usb: serial: option: add fibocom fm101-gl variant (git-fixes).
- usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
- watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
- wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
- wifi: iwlwifi: fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh id change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
- x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: add verw just before userspace transition (git-fixes).
- x86/mm: fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1206453SUSE bug 1209412SUSE bug 1213456SUSE bug 1216776SUSE bug 1217927SUSE bug 1218195SUSE bug 1218216SUSE bug 1218450SUSE bug 1218527SUSE bug 1218663SUSE bug 1218915SUSE bug 1219126SUSE bug 1219127SUSE bug 1219141SUSE bug 1219146SUSE bug 1219295SUSE bug 1219443SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219839SUSE bug 1219840SUSE bug 1219934SUSE bug 1220003SUSE bug 1220009SUSE bug 1220021SUSE bug 1220030SUSE bug 1220106SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220267SUSE bug 1220277SUSE bug 1220317SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220348SUSE bug 1220350SUSE bug 1220364SUSE bug 1220392SUSE bug 1220393SUSE bug 1220398SUSE bug 1220409SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220649SUSE bug 1220796SUSE bug 1220825CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-25744 at SUSECVE-2024-25744 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:opensuse:leap:15.5Security update for fontforge (Important)openSUSE Leap 15.5
This update for fontforge fixes the following issues:
- CVE-2024-25081: Fixed command injection via crafted filenames (bsc#1220404).
- CVE-2024-25082: Fixed command injection via crafted archives or compressed files (bsc#1220405).
ImportantSUSE bug 1220404SUSE bug 1220405CVE-2024-25081 at SUSECVE-2024-25081 at NVDCVE-2024-25082 at SUSECVE-2024-25082 at NVDcpe:/o:opensuse:leap:15.5Security update for glibc (Moderate)openSUSE Leap 15.5
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
ModerateSUSE bug 1217445SUSE bug 1217589SUSE bug 1218866cpe:/o:opensuse:leap:15.5Security update for sudo (Important)openSUSE Leap 15.5
This update for sudo fixes the following issues:
- CVE-2023-42465: Fixed issues introduced by first patches (bsc#1221151, bsc#1221134).
ImportantSUSE bug 1221134SUSE bug 1221151CVE-2023-42465 at SUSECVE-2023-42465 at NVDcpe:/o:opensuse:leap:15.5Security update for spectre-meltdown-checker (Moderate)openSUSE Leap 15.5
This update for spectre-meltdown-checker fixes the following issues:
- updated to 0.46
This release mainly focuses on the detection of the new Zenbleed
(CVE-2023-20593) vulnerability, among few other changes that were in
line waiting for a release:
- feat: detect the vulnerability and mitigation of Zenbleed (CVE-2023-20593)
- feat: add the linux-firmware repository as another source for CPU microcode versions
- feat: arm: add Neoverse-N2, Neoverse-V1 and Neoverse-V2
- fix: docker: adding missing utils (#433)
- feat: add support for Guix System kernel
- fix: rewrite SQL to be sqlite3 >= 3.41 compatible (#443)
- fix: a /devnull file was mistakenly created on the filesystem
- fix: fwdb: ignore MCEdb versions where an official Intel version exists (fixes #430)
- updated to 0.45
- arm64: phytium: Add CPU Implementer Phytium
- arm64: variant 4: detect ssbd mitigation from kernel img, system.map or kconfig
- chore: ensure vars are set before being dereferenced (set -u compat)
- chore: fix indentation
- chore: fwdb: update to v220+i20220208
- chore: only attempt to load msr and cpuid module once
- chore: read_cpuid: use named constants
- chore: readme: framapic is gone, host the screenshots on GitHub
- chore: replace 'Vulnerable to' by 'Affected by' in the hw section
- chore: speculative execution -> transient execution
- chore: update fwdb to v222+i20220208
- chore: update Intel Family 6 models
- chore: wording: model not vulnerable -> model not affected
- doc: add an FAQ entry about CVE support
- doc: add an FAQ.md and update the README.md accordingly
- doc: more FAQ and README
- doc: readme: make the FAQ entry more visible
- feat: add --allow-msr-write, no longer write by default (#385), detect when writing is denied
- feat: add --cpu, apply changes to (read|write)_msr, update fwdb to v221+i20220208
- feat: add subleaf != 0 support for read_cpuid
- feat: arm: add Cortex A77 and Neoverse-N1 (fixes #371)
- feat: bsd: for unimplemented CVEs, at least report when CPU is not affected
- feat: hw check: add IPRED, RRSBA, BHI features check
- feat: implement detection for MCEPSC under BSD
- feat: set default TMPDIR for Android (#415)
- fix: extract_kernel: don't overwrite kernel_err if already set
- fix: has_vmm false positive with pcp
- fix: is_ucode_blacklisted: fix some model names
- fix: mcedb: v191 changed the MCE table format
- fix: refuse to run under MacOS and ESXi
- fix: retpoline: detection on 5.15.28+ (#420)
- fix: variant4: added case where prctl ssbd status is tagged as 'unknown'
ModerateCVE-2023-20593 at SUSECVE-2023-20593 at NVDcpe:/o:opensuse:leap:15.5Security update for MozillaThunderbird (Important)openSUSE Leap 15.5
This update for MozillaThunderbird fixes the following issues:
Security Vulnerabilities fixed in Thunderbird 115.8.1 (bsc#1221054):
- CVE-2024-1936: Fixed leaking of encrypted email subjects to other conversations (MFSA 2024-11) (bsc#1221054).
ImportantSUSE bug 1221054CVE-2024-1936 at SUSECVE-2024-1936 at NVDcpe:/o:opensuse:leap:15.5Security update for gdb (Moderate)openSUSE Leap 15.5
This update for gdb fixes the following issues:
- Drop libdebuginfod1 BuildRequires/Recommends. The former isn't
needed because there's a build requirement on libdebuginfod-devel
already, which will pull the shared library. And the latter,
because it's bogus since RPM auto generated dependency will take
care of that requirement.
gdb was released in 13.2:
* This version of GDB includes the following changes and enhancements:
* Support for the following new targets has been added in both GDB and GDBserver:
* GNU/Linux/LoongArch (gdbserver) loongarch*-*-linux*
* GNU/Linux/CSKY (gdbserver) csky*-*linux*
* The Windows native target now supports target async.
* Floating-point support has now been added on LoongArch GNU/Linux.
* New commands:
* set print nibbles [on|off]
* show print nibbles
* This controls whether the 'print/t' command will display binary values in groups of four bits, known as 'nibbles'. The default is 'off'.
Various styling-related commands. See the gdb/NEWS file for more details.
Various maintenance commands. These are normally aimed at GDB experts or developers. See the gdb/NEWS file for more details.
* Python API improvements:
* New Python API for instruction disassembly.
* The new attribute 'locations' of gdb.Breakpoint returns a list of gdb.BreakpointLocation objects specifying the locations where the breakpoint is inserted into the debuggee.
* New Python type gdb.BreakpointLocation.
* New function gdb.format_address(ADDRESS, PROGSPACE, ARCHITECTURE) that formats ADDRESS as 'address '
* New function gdb.current_language that returns the name of the current language. Unlike gdb.parameter('language'), this will never return 'auto'.
* New function gdb.print_options that returns a dictionary of the prevailing print options, in the form accepted by gdb.Value.format_string.
* New method gdb.Frame.language that returns the name of the frame's language.
* gdb.Value.format_string now uses the format provided by 'print', if it is called during a 'print' or other similar operation.
* gdb.Value.format_string now accepts the 'summary' keyword. This can be used to request a shorter representation of a value, the way that 'set print frame-arguments scalars' does.
* The gdb.register_window_type method now restricts the set of acceptable window names. The first character of a window's name must start with a character in the set [a-zA-Z], every subsequent character of a window's name must be in the set [-_.a-zA-Z0-9].
* GDB/MI changes:
* MI version 1 is deprecated, and will be removed in GDB 14.
* The async record stating the stopped reason 'breakpoint-hit' now contains an optional field locno.
* Miscellaneous improvements:
* gdb now supports zstd compressed debug sections (ELFCOMPRESS_ZSTD) for ELF.
* New convenience variable $_inferior_thread_count contains the number of live threads in the current inferior.
* New convenience variables $_hit_bpnum and $_hit_locno, set to the breakpoint number and the breakpoint location number of the breakpoint last hit.
* The 'info breakpoints' now displays enabled breakpoint locations of disabled breakpoints as in the 'y-' state.
* The format of 'disassemble /r' and 'record instruction-history /r' has changed to match the layout of GNU objdump when disassembling.
* A new format '/b' has been introduce to provide the old behavior of '/r'.
* The TUI no longer styles the source and assembly code highlighted by the current position indicator by default. You can however re-enable styling using the new 'set style tui-current-position' command.
* It is now possible to use the 'document' command to document user-defined commands.
* Support for memory tag data for AArch64 MTE.
* Support Removal notices:
* DBX mode has been removed.
* Support for building against Python version 2 has been removed. It is now only possible to build GDB against Python 3.
* Support for the following commands has been removed:
* set debug aix-solib on|off
* show debug aix-solib
* set debug solib-frv on|off
* show debug solib-frv
* Use the 'set/show debug solib' commands instead.
See the NEWS file for a more complete and detailed list of what this release includes.
ModerateSUSE bug 1068950SUSE bug 1081527SUSE bug 1211052CVE-2017-16829 at SUSECVE-2017-16829 at NVDCVE-2018-7208 at SUSECVE-2018-7208 at NVDCVE-2022-48064 at SUSECVE-2022-48064 at NVDcpe:/o:opensuse:leap:15.5Security update for python3 (Important)openSUSE Leap 15.5
This update for python3 fixes the following issues:
- CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666).
- CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691).
ImportantSUSE bug 1214691SUSE bug 1219666CVE-2022-48566 at SUSECVE-2022-48566 at NVDCVE-2023-6597 at SUSECVE-2023-6597 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Django (Important)openSUSE Leap 15.5
This update for python-Django fixes the following issues:
- CVE-2024-27351: Fixed a regular expression DoS in django.utils.text.Truncator.words (bsc#1220358)
ImportantSUSE bug 1220358CVE-2024-27351 at SUSECVE-2024-27351 at NVDcpe:/o:opensuse:leap:15.5Security update for 389-ds (Moderate)openSUSE Leap 15.5
This update for 389-ds fixes the following issues:
- CVE-2024-1062: Fixed possible denial of service when audit logging is enabled (bsc#1219836).
ModerateSUSE bug 1219836CVE-2024-1062 at SUSECVE-2024-1062 at NVDcpe:/o:opensuse:leap:15.5Security update for the Linux Kernel (Important)openSUSE Leap 15.5
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big” packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-25744: Fixed Security issue with int 80 interrupt vector (bsc#1217927).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- acpi: apei: set memory failure flags as mf_action_required on synchronous events (git-fixes).
- acpi: button: add lid disable dmi quirk for nextbook ares 8a (git-fixes).
- acpi: extlog: fix null pointer dereference check (git-fixes).
- acpi: resource: add asus model s5402za to quirks (git-fixes).
- acpi: resource: skip irq override on asus expertbook b1502cba (git-fixes).
- acpi: resource: skip irq override on asus expertbook b2402cba (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac11,3 (git-fixes).
- acpi: video: add backlight=native dmi quirk for apple imac12,1 and imac12,2 (git-fixes).
- acpi: video: add backlight=native dmi quirk for lenovo thinkpad x131e (3371 amd version) (git-fixes).
- acpi: video: add quirk for the colorful x15 at 23 laptop (git-fixes).
- add reference to recently released cve
- afs: fix the usage of read_seqbegin_or_lock() in afs_find_server*() (git-fixes).
- afs: fix the usage of read_seqbegin_or_lock() in afs_lookup_volume_rcu() (git-fixes).
- afs: hide silly-rename files from userspace (git-fixes).
- afs: increase buffer size in afs_update_volume_status() (git-fixes).
- ahci: asm1166: correct count of reported ports (git-fixes).
- alsa: drop leftover snd-rtctimer stuff from makefile (git-fixes).
- alsa: firewire-lib: fix to check cycle continuity (git-fixes).
- alsa: hda/conexant: add quirk for sws js201d (git-fixes).
- alsa: hda/realtek: apply headset jack quirk for non-bass alc287 thinkpads (git-fixes).
- alsa: hda/realtek: cs35l41: fix device id / model name (git-fixes).
- alsa: hda/realtek: cs35l41: fix order and duplicates in quirks table (git-fixes).
- alsa: hda/realtek: enable headset mic on vaio vjfe-adl (git-fixes).
- alsa: hda/realtek: enable mute led on hp laptop 14-fq0xxx (git-fixes).
- alsa: hda/realtek: fix mute/micmute led for hp mt645 (git-fixes).
- alsa: hda/realtek: fix mute/micmute leds for hp zbook power (git-fixes).
- alsa: hda/realtek: fix the external mic not being recognised for acer swift 1 sf114-32 (git-fixes).
- alsa: usb-audio: add a quirk for yamaha yit-w12tx transmitter (git-fixes).
- alsa: usb-audio: add delay quirk for motu m series 2nd revision (git-fixes).
- alsa: usb-audio: add quirk for rode nt-usb+ (git-fixes).
- alsa: usb-audio: check presence of valid altsetting control (git-fixes).
- alsa: usb-audio: ignore clock selector errors for single connection (git-fixes).
- alsa: usb-audio: more relaxed check of midi jack names (git-fixes).
- alsa: usb-audio: sort quirk table entries (git-fixes).
- arm64: entry: fix arm64_workaround_speculative_unpriv_load (bsc#1219443)
- arm64: entry: preserve/restore x29 even for compat tasks (bsc#1219443)
- arm64: entry: simplify tramp_alias macro and tramp_exit routine (bsc#1219443)
- arm64: errata: add cortex-a510 speculative unprivileged load (bsc#1219443) enable workaround.
- arm64: errata: add cortex-a520 speculative unprivileged load (bsc#1219443) enable workaround without kabi break.
- arm64: errata: mitigate ampere1 erratum ac03_cpu_38 at stage-2 (git-fixes) enable ampere_erratum_ac03_cpu_38 workaround without kabi break
- arm64: irq: set the correct node for shadow call stack (git-fixes)
- arm64: irq: set the correct node for vmap stack (git-fixes)
- arm64: rename arm64_workaround_2966298 (bsc#1219443)
- arm64: subscribe microsoft azure cobalt 100 to arm neoverse n2 errata (git-fixes)
- asoc: doc: fix undefined snd_soc_dapm_nopm argument (git-fixes).
- asoc: rt5645: fix deadlock in rt5645_jack_detect_work() (git-fixes).
- asoc: sof: ipc3: fix message bounds on ipc ops (git-fixes).
- asoc: sunxi: sun4i-spdif: add support for allwinner h616 (git-fixes).
- atm: idt77252: fix a memleak in open_card_ubr0 (git-fixes).
- bluetooth: avoid potential use-after-free in hci_error_reset (git-fixes).
- bluetooth: enforce validation on max value of connection interval (git-fixes).
- bluetooth: hci_event: fix handling of hci_ev_io_capa_request (git-fixes).
- bluetooth: hci_event: fix wrongly recorded wakeup bd_addr (git-fixes).
- bluetooth: hci_sync: check the correct flag before starting a scan (git-fixes).
- bluetooth: hci_sync: fix accept_list when attempting to suspend (git-fixes).
- bluetooth: l2cap: fix possible multiple reject send (git-fixes).
- bluetooth: qca: fix wrong event type for patch config command (git-fixes).
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- bpf: minor logging improvement (bsc#1220257).
- bus: moxtet: add spi device table (git-fixes).
- cachefiles: fix memory leak in cachefiles_add_cache() (bsc#1220267).
- can: j1939: fix uaf in j1939_sk_match_filter during setsockopt(so_j1939_filter) (git-fixes).
- crypto: api - disallow identical driver names (git-fixes).
- crypto: ccp - fix null pointer dereference in __sev_platform_shutdown_locked (git-fixes).
- crypto: octeontx2 - fix cptvf driver cleanup (git-fixes).
- crypto: stm32/crc32 - fix parsing list of devices (git-fixes).
- dmaengine: fsl-qdma: fix a memory leak related to the queue command dma (git-fixes).
- dmaengine: fsl-qdma: fix soc may hang on 16 byte unaligned read (git-fixes).
- dmaengine: fsl-qdma: increase size of 'irq_name' (git-fixes).
- dmaengine: fsl-qdma: init irq after reg initialization (git-fixes).
- dmaengine: ptdma: use consistent dma masks (git-fixes).
- dmaengine: shdma: increase size of 'dev_id' (git-fixes).
- dmaengine: ti: edma: add some null pointer checks to the edma_probe (git-fixes).
- driver core: fix device_link_flag_is_sync_state_only() (git-fixes).
- drm/amd/display: fix memory leak in dm_sw_fini() (git-fixes).
- drm/amd/display: fix possible buffer overflow in 'find_dcfclk_for_voltage()' (git-fixes).
- drm/amd/display: fix possible null dereference on device remove/driver unload (git-fixes).
- drm/amd/display: increase frame-larger-than for all display_mode_vba files (git-fixes).
- drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz (git-fixes).
- drm/amd/display: preserve original aspect ratio in create stream (git-fixes).
- drm/amdgpu/display: initialize gamma correction mode variable in dcn30_get_gamcor_current() (git-fixes).
- drm/amdgpu: reset gpu for s3 suspend abort case (git-fixes).
- drm/amdgpu: skip to program gfxdec registers for suspend abort (git-fixes).
- drm/buddy: fix range bias (git-fixes).
- drm/crtc: fix uninitialized variable use even harder (git-fixes).
- drm/i915/gvt: fix uninitialized variable in handle_mmio() (git-fixes).
- drm/msm/dp: return correct colorimetry for dp_test_dynamic_range_cea case (git-fixes).
- drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup (git-fixes).
- drm/msms/dp: fixed link clock divider bits be over written in bpc unknown case (git-fixes).
- drm/prime: support page array >= 4gb (git-fixes).
- drm/syncobj: call drm_syncobj_fence_add_wait when wait_available flag is set (git-fixes).
- drm/ttm: fix an invalid freeing on already freed page in error path (git-fixes).
- drop bcm5974 input patch causing a regression (bsc#1220030)
- efi/capsule-loader: fix incorrect allocation size (git-fixes).
- efi: do not add memblocks for soft-reserved memory (git-fixes).
- efi: runtime: fix potential overflow of soft-reserved region size (git-fixes).
- fbcon: always restore the old font data in fbcon_do_set_font() (git-fixes).
- fbdev: savage: error out if pixclock equals zero (git-fixes).
- fbdev: sis: error out if pixclock equals zero (git-fixes).
- firewire: core: send bus reset promptly on gap count error (git-fixes).
- fs: dlm: fix build with config_ipv6 disabled (git-fixes).
- fs:jfs:ubsan:array-index-out-of-bounds in dbadjtree (git-fixes).
- gpio: 74x164: enable output pins after registers are reset (git-fixes).
- gpio: fix resource unwinding order in error path (git-fixes).
- gpiolib: acpi: ignore touchpad wakeup on gpd g1619-04 (git-fixes).
- gpiolib: fix the error path order in gpiochip_add_data_with_key() (git-fixes).
- hid: apple: add 2021 magic keyboard fn key mapping (git-fixes).
- hid: apple: add support for the 2021 magic keyboard (git-fixes).
- hid: wacom: do not register input devices until after hid_hw_start (git-fixes).
- hid: wacom: generic: avoid reporting a serial of '0' to userspace (git-fixes).
- hwmon: (aspeed-pwm-tacho) mutex for tach reading (git-fixes).
- hwmon: (coretemp) enlarge per package core count limit (git-fixes).
- hwmon: (coretemp) fix bogus core_id to attr name mapping (git-fixes).
- hwmon: (coretemp) fix out-of-bounds memory access (git-fixes).
- i2c: i801: fix block process call transactions (git-fixes).
- i2c: i801: remove i801_set_block_buffer_mode (git-fixes).
- i2c: imx: add timer for handling the stop condition (git-fixes).
- i2c: imx: when being a target, mark the last read as processed (git-fixes).
- i3c: master: cdns: update maximum prescaler value for i2c clock (git-fixes).
- ib/hfi1: fix a memleak in init_credit_return (git-fixes)
- ib/hfi1: fix sdma.h tx->num_descs off-by-one error (git-fixes)
- iio: accel: bma400: fix a compilation problem (git-fixes).
- iio: adc: ad7091r: set alert bit in config register (git-fixes).
- iio: core: fix memleak in iio_device_register_sysfs (git-fixes).
- iio: hid-sensor-als: return 0 for hid_usage_sensor_time_timestamp (git-fixes).
- iio: magnetometer: rm3100: add boundary check for the value read from rm3100_reg_tmrc (git-fixes).
- input: iqs269a - switch to define_simple_dev_pm_ops() and pm_sleep_ptr() (git-fixes).
- input: xpad - add lenovo legion go controllers (git-fixes).
- irqchip/irq-brcmstb-l2: add write memory barrier before exit (git-fixes).
- jfs: fix array-index-out-of-bounds in dbadjtree (git-fixes).
- jfs: fix array-index-out-of-bounds in dinewext (git-fixes).
- jfs: fix slab-out-of-bounds read in dtsearch (git-fixes).
- jfs: fix uaf in jfs_evict_inode (git-fixes).
- kbuild: fix changing elf file type for output of gen_btf for big endian (git-fixes).
- kvm: s390: fix cc for successful pqap (git-fixes bsc#1219839).
- kvm: s390: fix setting of fpc register (git-fixes bsc#1220392).
- kvm: s390: vsie: fix race during shadow creation (git-fixes bsc#1220393).
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- lan78xx: enable auto speed configuration for lan7850 if no eeprom is detected (git-fixes).
- leds: trigger: panic: do not register panic notifier if creating the trigger failed (git-fixes).
- lib/stackdepot: add depot_fetch_stack helper (jsc-ped#7423).
- lib/stackdepot: add refcount for records (jsc-ped#7423).
- lib/stackdepot: fix first entry having a 0-handle (jsc-ped#7423).
- lib/stackdepot: move stack_record struct definition into the header (jsc-ped#7423).
- libsubcmd: fix memory leak in uniq() (git-fixes).
- media: ddbridge: fix an error code problem in ddb_probe (git-fixes).
- media: ir_toy: fix a memleak in irtoy_tx (git-fixes).
- media: rc: bpf attach/detach requires write permission (git-fixes).
- media: rockchip: rga: fix swizzling for rgb formats (git-fixes).
- media: stk1160: fixed high volume of stk1160_dbg messages (git-fixes).
- mfd: syscon: fix null pointer dereference in of_syscon_register() (git-fixes).
- mm,page_owner: display all stacks and their count (jsc-ped#7423).
- mm,page_owner: filter out stacks by a threshold (jsc-ped#7423).
- mm,page_owner: implement the tracking of the stacks count (jsc-ped#7423).
- mm,page_owner: maintain own list of stack_records structs (jsc-ped#7423).
- mm,page_owner: update documentation regarding page_owner_stacks (jsc-ped#7423).
- mm/hwpoison: fix unpoison_memory() (bsc#1218663).
- mm/hwpoison: mf_mutex for soft offline and unpoison (bsc#1218663).
- mm/hwpoison: remove mf_msg_buddy_2nd and mf_msg_poisoned_huge (bsc#1218663).
- mm: memory-failure: fix potential unexpected return value from unpoison_memory() (git-fixes).
- mmc: core: fix emmc initialization with 1-bit bus connection (git-fixes).
- mmc: core: use mrq.sbc in close-ended ffu (git-fixes).
- mmc: mmc_spi: remove custom dma mapped buffers (git-fixes).
- mmc: sdhci-xenon: add timeout for phy init complete (git-fixes).
- mmc: sdhci-xenon: fix phy init clock stability (git-fixes).
- mmc: slot-gpio: allow non-sleeping gpio ro (git-fixes).
- modpost: trim leading spaces when processing source files list (git-fixes).
- mtd: spinand: gigadevice: fix the get ecc status issue (git-fixes).
- net: usb: dm9601: fix wrong return value in dm9601_mdio_read (git-fixes).
- netfs, fscache: prevent oops in fscache_put_cache() (bsc#1220003).
- nilfs2: fix data corruption in dsync block recovery for small block sizes (git-fixes).
- nilfs2: replace warn_ons for invalid dat metadata block requests (git-fixes).
- nouveau/svm: fix kvcalloc() argument order (git-fixes).
- nouveau: fix function cast warnings (git-fixes).
- ntfs: check overflow when iterating attr_records (git-fixes).
- ntfs: fix use-after-free in ntfs_attr_find() (git-fixes).
- nvme-fabrics: fix i/o connect error handling (git-fixes).
- nvme-host: fix the updating of the firmware version (git-fixes).
- pci/aer: decode requester id when no error info found (git-fixes).
- pci: add no pm reset quirk for nvidia spectrum devices (git-fixes).
- pci: add pci_header_type_mfd definition (bsc#1220021).
- pci: fix 64gt/s effective data rate calculation (git-fixes).
- pci: only override amd usb controller if required (git-fixes).
- pci: switchtec: fix stdev_release() crash after surprise hot remove (git-fixes).
- platform/x86: thinkpad_acpi: only update profile if successfully converted (git-fixes).
- platform/x86: touchscreen_dmi: add info for the teclast x16 plus tablet (git-fixes).
- platform/x86: touchscreen_dmi: allow partial (prefix) matches for acpi names (git-fixes).
- pm: core: remove unnecessary (void *) conversions (git-fixes).
- pm: runtime: have devm_pm_runtime_enable() handle pm_runtime_dont_use_autosuspend() (git-fixes).
- pnp: acpi: fix fortify warning (git-fixes).
- power: supply: bq27xxx-i2c: do not free non existing irq (git-fixes).
- powerpc/64: set task pt_regs->link to the lr value on scv entry (bsc#1194869).
- powerpc/powernv: fix fortify source warnings in opal-prd.c (bsc#1194869).
- powerpc/pseries: add a clear modifier to ibm,pa/pi-features parser (bsc#1220348).
- powerpc/pseries: rework lppaca_shared_proc() to avoid debug_preempt (bsc#1194869).
- powerpc/pseries: set cpu_ftr_dbell according to ibm,pi-features (bsc#1220348).
- powerpc/watchpoint: disable pagefaults when getting user instruction (bsc#1194869).
- powerpc/watchpoints: annotate atomic context in more places (bsc#1194869).
- powerpc/watchpoints: disable preemption in thread_change_pc() (bsc#1194869).
- powerpc: add crtsavres.o to always-y instead of extra-y (bsc#1194869).
- powerpc: do not include lppaca.h in paca.h (bsc#1194869).
- pstore/ram: fix crash when setting number of cpus to an odd number (git-fixes).
- ras/amd/atl: add mi300 row retirement support (jsc#ped-7618).
- ras/amd/atl: fix bit overflow in denorm_addr_df4_np2() (git-fixes).
- ras: introduce a fru memory poison manager (jsc#ped-7618).
- rdma/bnxt_re: add a missing check in bnxt_qplib_query_srq (git-fixes)
- rdma/bnxt_re: return error for srq resize (git-fixes)
- rdma/core: fix uninit-value access in ib_get_eth_speed() (bsc#1219934).
- rdma/core: get ib width and speed from netdev (bsc#1219934).
- rdma/irdma: add ae for too many rnrs (git-fixes)
- rdma/irdma: fix kasan issue with tasklet (git-fixes)
- rdma/irdma: set the cq read threshold for gen 1 (git-fixes)
- rdma/irdma: validate max_send_wr and max_recv_wr (git-fixes)
- rdma/qedr: fix qedr_create_user_qp error flow (git-fixes)
- rdma/srpt: fix function pointer cast warnings (git-fixes)
- rdma/srpt: support specifying the srpt_service_guid parameter (git-fixes)
- refresh patches.suse/dm_blk_ioctl-implement-path-failover-for-sg_io. (bsc#1216776, bsc#1220277)
- regulator: core: only increment use_count when enable_count changes (git-fixes).
- regulator: pwm-regulator: add validity checks in continuous .get_voltage (git-fixes).
- revert 'drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz' (git-fixes).
- revert 'drm/amd/pm: resolve reboot exception for si oland' (git-fixes).
- revert 'drm/amd: flush any delayed gfxoff on suspend entry' (git-fixes).
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- s390/qeth: fix potential loss of l3-ip@ in case of network issues (git-fixes bsc#1219840).
- s390: use the correct count for __iowrite64_copy() (git-fixes bsc#1220317).
- sched/membarrier: reduce the ability to hammer on sys_membarrier (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock for waking up eh handler (git-fixes).
- scsi: core: move scsi_host_busy() out of host lock if it is for per-command (git-fixes).
- scsi: fnic: move fnic_fnic_flush_tx() to a work queue (git-fixes bsc#1219141).
- scsi: hisi_sas: prevent parallel flr and controller reset (git-fixes).
- scsi: ibmvfc: limit max hw queues by num_online_cpus() (bsc#1220106).
- scsi: ibmvfc: open-code reset loop for target reset (bsc#1220106).
- scsi: isci: fix an error code problem in isci_io_request_build() (git-fixes).
- scsi: lpfc: add condition to delete ndlp object after sending bls_rjt to an abts (bsc#1220021).
- scsi: lpfc: allow lpfc_plogi_confirm_nport() logic to execute for fabric nodes (bsc#1220021).
- scsi: lpfc: change lpfc_vport fc_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change lpfc_vport load_flag member into a bitmask (bsc#1220021).
- scsi: lpfc: change nlp state statistic counters into atomic_t (bsc#1220021).
- scsi: lpfc: copyright updates for 14.4.0.0 patches (bsc#1220021).
- scsi: lpfc: fix failure to delete vports when discovery is in progress (bsc#1220021).
- scsi: lpfc: fix possible memory leak in lpfc_rcv_padisc() (bsc#1220021).
- scsi: lpfc: initialize status local variable in lpfc_sli4_repost_sgl_list() (bsc#1220021).
- scsi: lpfc: move handling of reset congestion statistics events (bsc#1220021).
- scsi: lpfc: protect vport fc_nodes list with an explicit spin lock (bsc#1220021).
- scsi: lpfc: remove d_id swap log message from trace event logger (bsc#1220021).
- scsi: lpfc: remove nlp_rcv_plogi early return during rscn processing for ndlps (bsc#1220021).
- scsi: lpfc: remove shost_lock protection for fc_host_port shost apis (bsc#1220021).
- scsi: lpfc: replace deprecated strncpy() with strscpy() (bsc#1220021).
- scsi: lpfc: save fpin frequency statistics upon receipt of peer cgn notifications (bsc#1220021).
- scsi: lpfc: update lpfc version to 14.4.0.0 (bsc#1220021).
- scsi: lpfc: use pci_header_type_mfd instead of literal (bsc#1220021).
- scsi: lpfc: use sg_dma_len() api to get struct scatterlist's length (bsc#1220021).
- scsi: mpi3mr: refresh sdev queue depth after controller reset (git-fixes).
- scsi: revert 'scsi: fcoe: fix potential deadlock on &fip->ctlr_lock' (git-fixes bsc#1219141).
- serial: 8250: remove serial_rs485 sanitization from em485 (git-fixes).
- spi-mxs: fix chipselect glitch (git-fixes).
- spi: hisi-sfc-v3xx: return irq_none if no interrupts were detected (git-fixes).
- spi: ppc4xx: drop write-only variable (git-fixes).
- spi: sh-msiof: avoid integer overflow in constants (git-fixes).
- staging: iio: ad5933: fix type mismatch regression (git-fixes).
- supported.conf: remove external flag from ibm supported modules. (bsc#1209412)
- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (bsc#1218450).
- tomoyo: fix uaf write bug in tomoyo_write_control() (git-fixes).
- topology/sysfs: add format parameter to macro defining 'show' functions for proc (jsc#ped-7618).
- topology/sysfs: add ppin in sysfs under cpu topology (jsc#ped-7618).
- tty: allow tiocslcktrmios with cap_checkpoint_restore (git-fixes).
- ubsan: array-index-out-of-bounds in dtsplitroot (git-fixes).
- usb: cdns3: fix memory double free when handle zero packet (git-fixes).
- usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() (git-fixes).
- usb: cdns3: modify the return value of cdns_set_active () to void when config_pm_sleep is disabled (git-fixes).
- usb: cdns3: put the cdns set active part outside the spin lock (git-fixes).
- usb: cdns: readd old api (git-fixes).
- usb: cdnsp: blocked some cdns3 specific code (git-fixes).
- usb: cdnsp: fixed issue with incorrect detecting cdnsp family controllers (git-fixes).
- usb: dwc3: gadget: do not disconnect if not started (git-fixes).
- usb: dwc3: gadget: handle ep0 request dequeuing properly (git-fixes).
- usb: dwc3: gadget: ignore end transfer delay on teardown (git-fixes).
- usb: dwc3: gadget: queue pm runtime idle on disconnect event (git-fixes).
- usb: dwc3: gadget: refactor ep0 forced stall/restart into a separate api (git-fixes).
- usb: dwc3: gadget: submit endxfer command if delayed during disconnect (git-fixes).
- usb: dwc3: host: set xhci_sg_trb_cache_size_quirk (git-fixes).
- usb: f_mass_storage: forbid async queue when shutdown happen (git-fixes).
- usb: gadget: core: add missing kerneldoc for vbus_work (git-fixes).
- usb: gadget: core: adjust uevent timing on gadget unbind (git-fixes).
- usb: gadget: core: help prevent panic during uvc unconfigure (git-fixes).
- usb: gadget: core: remove unbalanced mutex_unlock in usb_gadget_activate (git-fixes).
- usb: gadget: f_hid: fix report descriptor allocation (git-fixes).
- usb: gadget: fix obscure lockdep violation for udc_mutex (git-fixes).
- usb: gadget: fix use-after-free read in usb_udc_uevent() (git-fixes).
- usb: gadget: fsl_qe_udc: validate endpoint index for ch9 udc (git-fixes).
- usb: gadget: ncm: avoid dropping datagrams of properly parsed ntbs (git-fixes).
- usb: gadget: udc: core: offload usb_udc_vbus_handler processing (git-fixes).
- usb: gadget: udc: core: prevent soft_connect_store() race (git-fixes).
- usb: gadget: udc: handle gadget_connect failure during bind operation (git-fixes).
- usb: hub: check for alternate port before enabling a_alt_hnp_support (bsc#1218527).
- usb: hub: replace hardcoded quirk value with bit() macro (git-fixes).
- usb: roles: do not get/set_role() when usb_role_switch is unregistered (git-fixes).
- usb: roles: fix null pointer issue when put module's reference (git-fixes).
- usb: serial: cp210x: add id for imst im871a-usb (git-fixes).
- usb: serial: option: add fibocom fm101-gl variant (git-fixes).
- usb: serial: qcserial: add new usb-id for dell wireless dw5826e (git-fixes).
- watchdog: it87_wdt: keep wdtctrl bit 3 unmodified for it8784/it8786 (git-fixes).
- wifi: ath11k: fix registration of 6ghz-only phy without the full channel range (git-fixes).
- wifi: ath9k: fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() (git-fixes).
- wifi: cfg80211: fix missing interfaces when dumping (git-fixes).
- wifi: cfg80211: fix rcu dereference in __cfg80211_bss_update (git-fixes).
- wifi: cfg80211: free beacon_ies when overridden from hidden bss (git-fixes).
- wifi: iwlwifi: fix some error codes (git-fixes).
- wifi: iwlwifi: mvm: avoid baid size integer overflow (git-fixes).
- wifi: iwlwifi: uninitialized variable in iwl_acpi_get_ppag_table() (git-fixes).
- wifi: mac80211: adding missing drv_mgd_complete_tx() call (git-fixes).
- wifi: mac80211: fix race condition on enabling fast-xmit (git-fixes).
- wifi: nl80211: reject iftype change with mesh id change (git-fixes).
- wifi: rt2x00: restart beacon queue when hardware reset (git-fixes).
- wifi: rtl8xxxu: add additional usb ids for rtl8192eu devices (git-fixes).
- wifi: rtlwifi: rtl8723{be,ae}: using calculate_bit_shift() (git-fixes).
- wifi: wext-core: fix -wstringop-overflow warning in ioctl_standard_iw_point() (git-fixes).
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add mds_user_clear to kabi severities since it's strictly mitigation related so should be low risk.
- x86/cpu: x86_feature_intel_ppin finally had a cpuid bit (jsc#ped-7618).
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: add verw just before userspace transition (git-fixes).
- x86/mm: fix memory encryption features advertisement (bsc#1206453).
- xfs: remove unused fields from struct xbtree_ifakeroot (git-fixes).
- xfs: short circuit xfs_growfs_data_private() if delta is zero (git-fixes).
ImportantSUSE bug 1194869SUSE bug 1206453SUSE bug 1209412SUSE bug 1213456SUSE bug 1216776SUSE bug 1217927SUSE bug 1218195SUSE bug 1218216SUSE bug 1218450SUSE bug 1218527SUSE bug 1218663SUSE bug 1218915SUSE bug 1219126SUSE bug 1219127SUSE bug 1219141SUSE bug 1219146SUSE bug 1219295SUSE bug 1219443SUSE bug 1219653SUSE bug 1219827SUSE bug 1219835SUSE bug 1219839SUSE bug 1219840SUSE bug 1219934SUSE bug 1220003SUSE bug 1220009SUSE bug 1220021SUSE bug 1220030SUSE bug 1220106SUSE bug 1220140SUSE bug 1220187SUSE bug 1220238SUSE bug 1220240SUSE bug 1220241SUSE bug 1220243SUSE bug 1220250SUSE bug 1220251SUSE bug 1220253SUSE bug 1220254SUSE bug 1220255SUSE bug 1220257SUSE bug 1220267SUSE bug 1220277SUSE bug 1220317SUSE bug 1220326SUSE bug 1220328SUSE bug 1220330SUSE bug 1220335SUSE bug 1220344SUSE bug 1220348SUSE bug 1220350SUSE bug 1220364SUSE bug 1220392SUSE bug 1220393SUSE bug 1220398SUSE bug 1220409SUSE bug 1220444SUSE bug 1220457SUSE bug 1220459SUSE bug 1220649SUSE bug 1220796SUSE bug 1220825CVE-2019-25162 at SUSECVE-2019-25162 at NVDCVE-2021-46923 at SUSECVE-2021-46923 at NVDCVE-2021-46924 at SUSECVE-2021-46924 at NVDCVE-2021-46932 at SUSECVE-2021-46932 at NVDCVE-2023-28746 at SUSECVE-2023-28746 at NVDCVE-2023-5197 at SUSECVE-2023-5197 at NVDCVE-2023-52340 at SUSECVE-2023-52340 at NVDCVE-2023-52429 at SUSECVE-2023-52429 at NVDCVE-2023-52439 at SUSECVE-2023-52439 at NVDCVE-2023-52443 at SUSECVE-2023-52443 at NVDCVE-2023-52445 at SUSECVE-2023-52445 at NVDCVE-2023-52447 at SUSECVE-2023-52447 at NVDCVE-2023-52448 at SUSECVE-2023-52448 at NVDCVE-2023-52449 at SUSECVE-2023-52449 at NVDCVE-2023-52451 at SUSECVE-2023-52451 at NVDCVE-2023-52452 at SUSECVE-2023-52452 at NVDCVE-2023-52456 at SUSECVE-2023-52456 at NVDCVE-2023-52457 at SUSECVE-2023-52457 at NVDCVE-2023-52463 at SUSECVE-2023-52463 at NVDCVE-2023-52464 at SUSECVE-2023-52464 at NVDCVE-2023-52475 at SUSECVE-2023-52475 at NVDCVE-2023-52478 at SUSECVE-2023-52478 at NVDCVE-2023-6817 at SUSECVE-2023-6817 at NVDCVE-2024-0607 at SUSECVE-2024-0607 at NVDCVE-2024-1151 at SUSECVE-2024-1151 at NVDCVE-2024-23849 at SUSECVE-2024-23849 at NVDCVE-2024-23850 at SUSECVE-2024-23850 at NVDCVE-2024-23851 at SUSECVE-2024-23851 at NVDCVE-2024-25744 at SUSECVE-2024-25744 at NVDCVE-2024-26585 at SUSECVE-2024-26585 at NVDCVE-2024-26586 at SUSECVE-2024-26586 at NVDCVE-2024-26589 at SUSECVE-2024-26589 at NVDCVE-2024-26591 at SUSECVE-2024-26591 at NVDCVE-2024-26593 at SUSECVE-2024-26593 at NVDCVE-2024-26595 at SUSECVE-2024-26595 at NVDCVE-2024-26598 at SUSECVE-2024-26598 at NVDCVE-2024-26602 at SUSECVE-2024-26602 at NVDCVE-2024-26603 at SUSECVE-2024-26603 at NVDCVE-2024-26622 at SUSECVE-2024-26622 at NVDcpe:/o:opensuse:leap:15.5Security update for ghostscript (Moderate)openSUSE Leap 15.5
This update for ghostscript fixes the following issues:
- Fixed segfaults in gs_heap_free_object() — ref:_00D1igLOd._500Tr4BRgx:ref (bsc#1219357).
Previously fixed security issue:
- CVE-2020-36773: Fixed out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) (bsc#1219554).
ModerateSUSE bug 1219357SUSE bug 1219554CVE-2020-36773 at SUSECVE-2020-36773 at NVDcpe:/o:opensuse:leap:15.5Security update for openvswitch (Important)openSUSE Leap 15.5
This update for openvswitch fixes the following issues:
- CVE-2023-3966: Fixed invalid memory access in Geneve with HW offload (bsc#1219465).
ImportantSUSE bug 1219465CVE-2023-3966 at SUSECVE-2023-3966 at NVDcpe:/o:opensuse:leap:15.5Security update for python-uamqp (Important)openSUSE Leap 15.5
This update for python-uamqp fixes the following issues:
- CVE-2024-27099: Fixed potential double-free in link_frame_received() (bsc#1220535).
Bug fixes:
- Fixed compatibility with OpenSSL 3.x (bsc#1217782)
ImportantSUSE bug 1217782SUSE bug 1220535CVE-2024-27099 at SUSECVE-2024-27099 at NVDcpe:/o:opensuse:leap:15.5Security update for dav1d (Moderate)openSUSE Leap 15.5
This update for dav1d fixes the following issues:
- CVE-2024-1580: Fixed tile_start_off calculations for extremely large frame sizes (bsc#1220100).
ModerateSUSE bug 1220100CVE-2024-1580 at SUSECVE-2024-1580 at NVDcpe:/o:opensuse:leap:15.5Security update for indent (Moderate)openSUSE Leap 15.5
This update for indent fixes the following issues:
- CVE-2024-0911: Fixed heap-based buffer overflow in set_buf_break() (bsc#1219210).
ModerateSUSE bug 1219210CVE-2024-0911 at SUSECVE-2024-0911 at NVDcpe:/o:opensuse:leap:15.5Security update for zziplib (Moderate)openSUSE Leap 15.5
This update for zziplib fixes the following issues:
Security issue fixed:
- CVE-2020-18442: Fixed infinite loop in zzip_file_read() as used in unzzip_cat_file() (bsc#1187526).
- CVE-2020-18770: Fixed denial-of-service in function zzip_disk_entry_to_file_header in mmapped.c (bsc#1214577).
Non-security issue fixed:
- Implement an error message with a condition by checking the return value of a function call. (bsc#1154002)
ModerateSUSE bug 1154002SUSE bug 1187526SUSE bug 1214577CVE-2020-18442 at SUSECVE-2020-18442 at NVDCVE-2020-18770 at SUSECVE-2020-18770 at NVDcpe:/o:opensuse:leap:15.5Security update for jbcrypt, trilead-ssh2 (Moderate)openSUSE Leap 15.5
This update for jbcrypt, trilead-ssh2 fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218198).
ModerateSUSE bug 1218198CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for tiff (Moderate)openSUSE Leap 15.5
This update for tiff fixes the following issues:
- CVE-2023-41175: Fixed potential integer overflow in raw2tiff.c (bsc#1214686).
- CVE-2023-38288: Fixed potential integer overflow in raw2tiff.c (bsc#1213590).
- CVE-2023-40745: Fixed integer overflow in tiffcp.c (bsc#1214687).
ModerateSUSE bug 1213590SUSE bug 1214686SUSE bug 1214687SUSE bug 1221187CVE-2023-38288 at SUSECVE-2023-38288 at NVDCVE-2023-40745 at SUSECVE-2023-40745 at NVDCVE-2023-41175 at SUSECVE-2023-41175 at NVDcpe:/o:opensuse:leap:15.5Security update for jsch-agent-proxy (Moderate)openSUSE Leap 15.5
This update for jsch-agent-proxy fixes the following issues:
- CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity aka Terrapin Attack (bsc#1218198).
ModerateSUSE bug 1218198CVE-2023-48795 at SUSECVE-2023-48795 at NVDcpe:/o:opensuse:leap:15.5Security update for krb5 (Important)openSUSE Leap 15.5
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
- CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772).
ImportantSUSE bug 1220770SUSE bug 1220771SUSE bug 1220772CVE-2024-26458 at SUSECVE-2024-26458 at NVDCVE-2024-26461 at SUSECVE-2024-26461 at NVDCVE-2024-26462 at SUSECVE-2024-26462 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Jinja2 (Important)openSUSE Leap 15.5
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234809CVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:opensuse:leap:15.5Security update for python-Jinja2 (Important)openSUSE Leap 15.5
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808)
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
ImportantSUSE bug 1234808SUSE bug 1234809CVE-2024-56201 at SUSECVE-2024-56201 at NVDCVE-2024-56326 at SUSECVE-2024-56326 at NVDcpe:/o:opensuse:leap:15.5operaopenSUSE-releasechromedriverchromiumsyncthingsyncthing-relaysrvgifsiclelibjxl-devellibjxl-toolslibjxl0_8libjxl0_8-64bitxonoticxonotic-dataxonotic-serverkeepasscaja-extension-nextcloudcloudproviders-extension-nextcloudlibnextcloudsync-devellibnextcloudsync0nautilus-extension-nextcloudnemo-extension-nextcloudnextcloud-desktopnextcloud-desktop-docnextcloud-desktop-dolphinnextcloud-desktop-langpython3-Django1zabbix-agentzabbix-java-gatewayzabbix-phpfrontendzabbix-proxyzabbix-proxy-mysqlzabbix-proxy-postgresqlzabbix-proxy-sqlitezabbix-serverzabbix-server-mysqlzabbix-server-postgresqllibredwg-devellibredwg-toolslibredwg0amandatrytondpython3-virtualboxvirtualboxvirtualbox-develvirtualbox-guest-desktop-iconsvirtualbox-guest-sourcevirtualbox-guest-toolsvirtualbox-host-sourcevirtualbox-kmp-defaultvirtualbox-qtvirtualbox-vncvirtualbox-websrvperl-Net-Netmaskkittykitty-shell-integrationkitty-terminfoopensuse-welcomeopensuse-welcome-langperl-HTTP-Tinyperl-Cpanel-JSON-XSpython3-mitmproxyrenderdocrenderdoc-devellibmodsecurity3libmodsecurity3-32bitlibmodsecurity3-64bitmodsecuritymodsecurity-develpython3-GitPythonpython3-CairoSVGtcpreplaycacticacti-spineseamonkeyseamonkey-dom-inspectorseamonkey-ircroundcubemaileximeximoneximstats-htmlrxvt-unicodebluetuithgpplibsox3soxsox-develpython3-bugzillaruby2.5-rubygem-railties-5.2ruby2.5-rubygem-railties-doc-5.2ruby2.5-rubygem-activesupport-5.2ruby2.5-rubygem-activesupport-doc-5.2tormupdfmupdf-devel-staticlibvlc5libvlccore9vlcvlc-codec-gstreamervlc-develvlc-jackvlc-langvlc-noXvlc-opencvvlc-qtvlc-vdpaugnconnmanconnman-clientconnman-develconnman-docconnman-nmcompatconnman-plugin-hh2serial-gpsconnman-plugin-iospmconnman-plugin-l2tpconnman-plugin-openvpnconnman-plugin-polkitconnman-plugin-pptpconnman-plugin-tistconnman-plugin-vpncconnman-plugin-wireguardconnman-testjheadpython311-yt-dlpyt-dlpyt-dlp-bash-completionyt-dlp-fish-completionyt-dlp-zsh-completiongstreamer-plugins-badgstreamer-plugins-bad-32bitgstreamer-plugins-bad-64bitgstreamer-plugins-bad-chromaprintgstreamer-plugins-bad-chromaprint-32bitgstreamer-plugins-bad-chromaprint-64bitgstreamer-plugins-bad-develgstreamer-plugins-bad-fluidsynthgstreamer-plugins-bad-fluidsynth-32bitgstreamer-plugins-bad-fluidsynth-64bitgstreamer-plugins-bad-langgstreamer-transcodergstreamer-transcoder-devellibgstadaptivedemux-1_0-0libgstadaptivedemux-1_0-0-32bitlibgstadaptivedemux-1_0-0-64bitlibgstbadaudio-1_0-0libgstbadaudio-1_0-0-32bitlibgstbadaudio-1_0-0-64bitlibgstbasecamerabinsrc-1_0-0libgstbasecamerabinsrc-1_0-0-32bitlibgstbasecamerabinsrc-1_0-0-64bitlibgstcodecparsers-1_0-0libgstcodecparsers-1_0-0-32bitlibgstcodecparsers-1_0-0-64bitlibgstcodecs-1_0-0libgstcodecs-1_0-0-32bitlibgstcodecs-1_0-0-64bitlibgstcuda-1_0-0libgstcuda-1_0-0-32bitlibgstcuda-1_0-0-64bitlibgstinsertbin-1_0-0libgstinsertbin-1_0-0-32bitlibgstinsertbin-1_0-0-64bitlibgstisoff-1_0-0libgstisoff-1_0-0-32bitlibgstisoff-1_0-0-64bitlibgstmpegts-1_0-0libgstmpegts-1_0-0-32bitlibgstmpegts-1_0-0-64bitlibgstphotography-1_0-0libgstphotography-1_0-0-32bitlibgstphotography-1_0-0-64bitlibgstplay-1_0-0libgstplay-1_0-0-32bitlibgstplay-1_0-0-64bitlibgstplayer-1_0-0libgstplayer-1_0-0-32bitlibgstplayer-1_0-0-64bitlibgstsctp-1_0-0libgstsctp-1_0-0-32bitlibgstsctp-1_0-0-64bitlibgsttranscoder-1_0-0libgsturidownloader-1_0-0libgsturidownloader-1_0-0-32bitlibgsturidownloader-1_0-0-64bitlibgstva-1_0-0libgstva-1_0-0-32bitlibgstva-1_0-0-64bitlibgstvulkan-1_0-0libgstvulkan-1_0-0-32bitlibgstvulkan-1_0-0-64bitlibgstwayland-1_0-0libgstwayland-1_0-0-32bitlibgstwayland-1_0-0-64bitlibgstwebrtc-1_0-0libgstwebrtc-1_0-0-32bitlibgstwebrtc-1_0-0-64bitlibgstwebrtcnice-1_0-0libgstwebrtcnice-1_0-0-32bitlibgstwebrtcnice-1_0-0-64bittypelib-1_0-CudaGst-1_0typelib-1_0-GstBadAudio-1_0typelib-1_0-GstCodecs-1_0typelib-1_0-GstCuda-1_0typelib-1_0-GstInsertBin-1_0typelib-1_0-GstMpegts-1_0typelib-1_0-GstPlay-1_0typelib-1_0-GstPlayer-1_0typelib-1_0-GstTranscoder-1_0typelib-1_0-GstVa-1_0typelib-1_0-GstVulkan-1_0typelib-1_0-GstVulkanWayland-1_0typelib-1_0-GstVulkanXCB-1_0typelib-1_0-GstWebRTC-1_0optipnglibtorrent-rasterbar-devellibtorrent-rasterbar-doclibtorrent-rasterbar2_0python3-libtorrent-rasterbarqbittorrentqbittorrent-noxfishfish-develputtycppcheckcppcheck-guiproftpdproftpd-develproftpd-docproftpd-langproftpd-ldapproftpd-mysqlproftpd-pgsqlproftpd-radiusproftpd-sqlitedeepin-compressordeepin-compressor-langsngrepperl-CryptXdcmtkdcmtk-devellibdcmtk18pdns-recursorapache2-mod_php81php81php81-bcmathphp81-bz2php81-calendarphp81-cliphp81-ctypephp81-curlphp81-dbaphp81-develphp81-domphp81-embedphp81-enchantphp81-exifphp81-fastcgiphp81-ffiphp81-fileinfophp81-fpmphp81-fpm-apachephp81-ftpphp81-gdphp81-gettextphp81-gmpphp81-iconvphp81-intlphp81-ldapphp81-mbstringphp81-mysqlphp81-odbcphp81-opcachephp81-opensslphp81-pcntlphp81-pdophp81-pgsqlphp81-pharphp81-posixphp81-readlinephp81-shmopphp81-snmpphp81-soapphp81-socketsphp81-sodiumphp81-sqlitephp81-sysvmsgphp81-sysvsemphp81-sysvshmphp81-testphp81-tidyphp81-tokenizerphp81-xmlreaderphp81-xmlwriterphp81-xslphp81-zipphp81-zlibpython3-python-josetinyproxypython3-Pillowpython3-Pillow-tklibopusfile0opusfile-develgit-cliffgit-cliff-bash-completiongit-cliff-fish-completiongit-cliff-zsh-completiongituilibQt6NetworkAuth6qt6-networkauth-develqt6-networkauth-docs-htmlqt6-networkauth-docs-qchqt6-networkauth-examplesqt6-networkauth-private-develcJSON-devellibcjson1libQt5NetworkAuth5libQt5NetworkAuth5-32bitlibQt5NetworkAuth5-64bitlibqt5-qtnetworkauth-devellibqt5-qtnetworkauth-devel-32bitlibqt5-qtnetworkauth-devel-64bitlibqt5-qtnetworkauth-exampleslibqt5-qtnetworkauth-private-headers-devellibhtp-devellibhtp2gmenudbusmenuproxyplasma5-sessionplasma5-session-waylandplasma5-workspaceplasma5-workspace-develplasma5-workspace-langplasma5-workspace-libsxembedsniproxynanonano-langgdcmgdcm-applicationsgdcm-develgdcm-exampleslibgdcm3_0libsocketxx1_2python3-gdcmpython3-django-grappellipython3-Js2Pykbfskbfs-gitkbfs-toolkeybase-clientobs-service-download_urlBotanBotan-doclibbotan-2-19libbotan-2-19-32bitlibbotan-2-19-64bitlibbotan-devellibbotan-devel-32bitlibbotan-devel-64bitpython3-botanperl-Spreadsheet-ParseXLSXglobalcaddycaddy-bash-completioncaddy-fish-completioncaddy-zsh-completionpython3-sentry-sdkpython3-nltkassimp-devellibassimp5ghgh-bash-completiongh-fish-completiongh-zsh-completionlibuev-devellibuev3jupyter-notebookjupyter-notebook-docjupyter-notebook-langjupyter-notebook-latexpython3-notebookpython3-notebook-langpython3-aiosmtpdapptainerapptainer-leapapptainer-sle15_5apptainer-sle15_6libsquashfuse0squashfusesquashfuse-develsquashfuse-toolslibtsk19sleuthkitsleuthkit-develrust-bindgentrivyhtmldocntpd-rsntpd-rs-commonliblxc-develliblxc1lxclxc-bash-completionlxc-ja-doclxc-ko-docpam_cgfsxsdxsd-doclibmosquitto1libmosquittopp1mosquittomosquitto-clientsmosquitto-develpython3-mysql-connector-pythonjupyter-jupyterlabpython3-jupyterlabkmail-account-wizardkmail-account-wizard-langtinysshpython3-PyPDF2libmbedcrypto7libmbedcrypto7-32bitlibmbedcrypto7-64bitlibmbedtls14libmbedtls14-32bitlibmbedtls14-64bitlibmbedx509-1libmbedx509-1-32bitlibmbedx509-1-64bitmbedtls-develicinga2icinga2-binicinga2-commonicinga2-docicinga2-ido-mysqlicinga2-ido-pgsqlnano-icinga2vim-icinga2cobblercobbler-testscobbler-tests-containersradare2radare2-develradare2-zsh-completionlibQt6Pdf6libQt6PdfQuick6libQt6PdfWidgets6libQt6WebEngineCore6libQt6WebEngineQuick6libQt6WebEngineWidgets6qt6-pdf-develqt6-pdf-importsqt6-pdf-private-develqt6-pdfquick-develqt6-pdfquick-private-develqt6-pdfwidgets-develqt6-pdfwidgets-private-develqt6-webengineqt6-webengine-docs-htmlqt6-webengine-docs-qchqt6-webengine-examplesqt6-webengine-importsqt6-webenginecore-develqt6-webenginecore-private-develqt6-webenginequick-develqt6-webenginequick-private-develqt6-webenginewidgets-develqt6-webenginewidgets-private-develpython3-python-sqlpython311-python-sqlpython3-xhtml2pdfhuginbitcoin-qt5bitcoin-testbitcoin-utilsbitcoindlibbitcoinconsensus-devellibbitcoinconsensus0python3-rpycclang17clang17-develclang17-doclibLLVM17libLLVM17-32bitlibLLVM17-64bitlibLTO17libclang-cpp17libclang-cpp17-32bitlibclang-cpp17-64bitliblldb17libomp17-devellld17lldb17lldb17-develllvm17llvm17-develllvm17-docllvm17-goldllvm17-libc++-develllvm17-libc++1llvm17-libc++abi-develllvm17-libc++abi1llvm17-libclang13llvm17-opt-viewerllvm17-pollyllvm17-polly-develllvm17-vim-pluginspython3-clang17python3-lldb17minidlnakanidmkanidm-clientskanidm-docskanidm-serverkanidm-unixd-clientsruby2.5-rubygem-aes_key_wrapruby2.5-rubygem-aes_key_wrap-docruby2.5-rubygem-json-jwtruby2.5-rubygem-json-jwt-docpython311-django-ckeditornet-snmpnet-snmp-develnet-snmp-devel-32bitperl-SNMPpython3-net-snmpsnmp-mibsnettynetty-javadocnetty-pomsnetty-tcnativenetty-tcnative-javadocgdk-pixbuf-loader-libheiflibheif-devellibheif1libheif1-32bitcurllibcurl-devellibcurl-devel-32bitlibcurl4libcurl4-32bitcups-filterscups-filters-develjava-1_8_0-openjdkjava-1_8_0-openjdk-accessibilityjava-1_8_0-openjdk-demojava-1_8_0-openjdk-develjava-1_8_0-openjdk-headlessjava-1_8_0-openjdk-javadocjava-1_8_0-openjdk-srcucode-intellibopenvswitch-2_14-0libovn-20_06-0openvswitchopenvswitch-developenvswitch-docopenvswitch-ipsecopenvswitch-pkiopenvswitch-testopenvswitch-vtepovnovn-centralovn-develovn-docovn-dockerovn-hostovn-vteppython3-ovsterraform-provider-awsterraform-provider-nullpython3-Flaskpython3-Flask-docgeoipupdategeoipupdate-legacylibkpathsea6libptexenc1libsynctex2libtexlua53-5libtexluajit2perl-bibertexlivetexlive-a2ping-bintexlive-accfonts-bintexlive-adhocfilelist-bintexlive-afm2pl-bintexlive-albatross-bintexlive-aleph-bintexlive-amstex-bintexlive-arara-bintexlive-asymptote-bintexlive-attachfile2-bintexlive-authorindex-bintexlive-autosp-bintexlive-axodraw2-bintexlive-bib2gls-bintexlive-biber-bintexlive-bibexport-bintexlive-bibtex-bintexlive-bibtex8-bintexlive-bibtexu-bintexlive-bin-develtexlive-bundledoc-bintexlive-cachepic-bintexlive-checkcites-bintexlive-checklistings-bintexlive-chklref-bintexlive-chktex-bintexlive-cjk-gs-integrate-bintexlive-cjkutils-bintexlive-clojure-pamphlet-bintexlive-cluttex-bintexlive-context-bintexlive-convbkmk-bintexlive-crossrefware-bintexlive-cslatex-bintexlive-csplain-bintexlive-ctan-o-mat-bintexlive-ctanbib-bintexlive-ctanify-bintexlive-ctanupload-bintexlive-ctie-bintexlive-cweb-bintexlive-cyrillic-bin-bintexlive-de-macro-bintexlive-detex-bintexlive-diadia-bintexlive-dosepsbin-bintexlive-dtl-bintexlive-dtxgen-bintexlive-dviasm-bintexlive-dvicopy-bintexlive-dvidvi-bintexlive-dviinfox-bintexlive-dviljk-bintexlive-dviout-util-bintexlive-dvipdfmx-bintexlive-dvipng-bintexlive-dvipos-bintexlive-dvips-bintexlive-dvisvgm-bintexlive-eplain-bintexlive-epspdf-bintexlive-epstopdf-bintexlive-exceltex-bintexlive-fig4latex-bintexlive-findhyph-bintexlive-fontinst-bintexlive-fontools-bintexlive-fontware-bintexlive-fragmaster-bintexlive-getmap-bintexlive-git-latexdiff-bintexlive-glossaries-bintexlive-gregoriotex-bintexlive-gsftopk-bintexlive-hyperxmp-bintexlive-jadetex-bintexlive-jfmutil-bintexlive-ketcindy-bintexlive-kotex-utils-bintexlive-kpathsea-bintexlive-kpathsea-develtexlive-l3build-bintexlive-lacheck-bintexlive-latex-bin-bintexlive-latex-bin-dev-bintexlive-latex-git-log-bintexlive-latex-papersize-bintexlive-latex2man-bintexlive-latex2nemeth-bintexlive-latexdiff-bintexlive-latexfileversion-bintexlive-latexindent-bintexlive-latexmk-bintexlive-latexpand-bintexlive-lcdftypetools-bintexlive-light-latex-make-bintexlive-lilyglyphs-bintexlive-listbib-bintexlive-listings-ext-bintexlive-lollipop-bintexlive-ltxfileinfo-bintexlive-ltximg-bintexlive-luahbtex-bintexlive-luajittex-bintexlive-luaotfload-bintexlive-luatex-bintexlive-lwarp-bintexlive-m-tx-bintexlive-make4ht-bintexlive-makedtx-bintexlive-makeindex-bintexlive-match_parens-bintexlive-mathspic-bintexlive-metafont-bintexlive-metapost-bintexlive-mex-bintexlive-mf2pt1-bintexlive-mflua-bintexlive-mfware-bintexlive-mkgrkindex-bintexlive-mkjobtexmf-bintexlive-mkpic-bintexlive-mltex-bintexlive-mptopdf-bintexlive-multibibliography-bintexlive-musixtex-bintexlive-musixtnt-bintexlive-omegaware-bintexlive-optex-bintexlive-patgen-bintexlive-pax-bintexlive-pdfbook2-bintexlive-pdfcrop-bintexlive-pdfjam-bintexlive-pdflatexpicscale-bintexlive-pdftex-bintexlive-pdftex-quiet-bintexlive-pdftosrc-bintexlive-pdfxup-bintexlive-pedigree-perl-bintexlive-perltex-bintexlive-petri-nets-bintexlive-pfarrei-bintexlive-pkfix-bintexlive-pkfix-helper-bintexlive-platex-bintexlive-pmx-bintexlive-pmxchords-bintexlive-ps2eps-bintexlive-ps2pk-bintexlive-pst-pdf-bintexlive-pst2pdf-bintexlive-ptex-bintexlive-ptex-fontmaps-bintexlive-ptex2pdf-bintexlive-ptexenc-develtexlive-purifyeps-bintexlive-pygmentex-bintexlive-pythontex-bintexlive-rubik-bintexlive-scripts-bintexlive-scripts-extra-bintexlive-seetexk-bintexlive-spix-bintexlive-splitindex-bintexlive-srcredact-bintexlive-sty2dtx-bintexlive-svn-multi-bintexlive-synctex-bintexlive-synctex-develtexlive-tex-bintexlive-tex4ebook-bintexlive-tex4ht-bintexlive-texcount-bintexlive-texdef-bintexlive-texdiff-bintexlive-texdirflatten-bintexlive-texdoc-bintexlive-texdoctk-bintexlive-texfot-bintexlive-texliveonfly-bintexlive-texloganalyser-bintexlive-texlua-develtexlive-texluajit-develtexlive-texosquery-bintexlive-texplate-bintexlive-texsis-bintexlive-texware-bintexlive-thumbpdf-bintexlive-tie-bintexlive-tikztosvg-bintexlive-tpic2pdftex-bintexlive-ttfutils-bintexlive-typeoutfileinfo-bintexlive-ulqda-bintexlive-uplatex-bintexlive-uptex-bintexlive-urlbst-bintexlive-velthuis-bintexlive-vlna-bintexlive-vpe-bintexlive-web-bintexlive-webquiz-bintexlive-wordcount-bintexlive-xdvi-bintexlive-xelatex-dev-bintexlive-xetex-bintexlive-xindex-bintexlive-xml2pmx-bintexlive-xmltex-bintexlive-xpdfopen-bintexlive-yplan-bingolang-github-vpenso-prometheus_slurm_exporterdistribution-registrygo1.18-opensslgo1.18-openssl-docgo1.18-openssl-racec-ares-develc-ares-utilslibcares2libcares2-32bitlibwireshark15libwiretap12libwsutil13wiresharkwireshark-develwireshark-ui-qtlibopenssl-1_0_0-devellibopenssl-1_0_0-devel-32bitlibopenssl10libopenssl1_0_0libopenssl1_0_0-32bitlibopenssl1_0_0-hmaclibopenssl1_0_0-hmac-32bitlibopenssl1_0_0-steamlibopenssl1_0_0-steam-32bitopenssl-1_0_0openssl-1_0_0-cavsopenssl-1_0_0-doclibtiff-devellibtiff-devel-32bitlibtiff5libtiff5-32bittiffImageMagickImageMagick-config-7-SUSEImageMagick-config-7-upstreamImageMagick-develImageMagick-devel-32bitImageMagick-docImageMagick-extralibMagick++-7_Q16HDRI5libMagick++-7_Q16HDRI5-32bitlibMagick++-devellibMagick++-devel-32bitlibMagickCore-7_Q16HDRI10libMagickCore-7_Q16HDRI10-32bitlibMagickWand-7_Q16HDRI10libMagickWand-7_Q16HDRI10-32bitperl-PerlMagickcupscups-clientcups-configcups-ddkcups-develcups-devel-32bitlibcups2libcups2-32bitlibcupscgi1libcupscgi1-32bitlibcupsimage2libcupsimage2-32bitlibcupsmime1libcupsmime1-32bitlibcupsppdc1libcupsppdc1-32bitapache-commons-fileuploadapache-commons-fileupload-javadocgoogle-cloud-sap-agentlibpython3_10-1_0libpython3_10-1_0-32bitpython310python310-32bitpython310-basepython310-base-32bitpython310-cursespython310-dbmpython310-develpython310-docpython310-doc-devhelppython310-idlepython310-testsuitepython310-tkpython310-toolslibwebp-devellibwebp-devel-32bitlibwebp-toolslibwebp7libwebp7-32bitlibwebpdecoder3libwebpdecoder3-32bitlibwebpdemux2libwebpdemux2-32bitlibwebpmux3libwebpmux3-32bitlibmariadbd-devellibmariadbd19mariadbmariadb-benchmariadb-clientmariadb-errormessagesmariadb-galeramariadb-rpm-macrosmariadb-testmariadb-toolslibldap-2_4-2libldap-2_4-2-32bitlibldap-dataopenldap2openldap2-back-metaopenldap2-back-perlopenldap2-back-sockopenldap2-back-sqlopenldap2-clientopenldap2-contribopenldap2-developenldap2-devel-32bitopenldap2-devel-staticopenldap2-docopenldap2-ppolicy-check-passwordMozillaFirefoxMozillaFirefox-branding-upstreamMozillaFirefox-develMozillaFirefox-translations-commonMozillaFirefox-translations-otherjava-1_8_0-ibmjava-1_8_0-ibm-32bitjava-1_8_0-ibm-alsajava-1_8_0-ibm-demojava-1_8_0-ibm-develjava-1_8_0-ibm-devel-32bitjava-1_8_0-ibm-pluginjava-1_8_0-ibm-srctomcattomcat-admin-webappstomcat-docs-webapptomcat-el-3_0-apitomcat-embedtomcat-javadoctomcat-jsp-2_3-apitomcat-jsvctomcat-libtomcat-servlet-4_0-apitomcat-webappsrekoropenscopensc-32bitlibpython3_6m1_0libpython3_6m1_0-32bitpython3python3-basepython3-cursespython3-dbmpython3-develpython3-docpython3-doc-devhelppython3-idlepython3-testsuitepython3-tkpython3-toolsfrrfrr-devellibfrr0libfrr_pb0libfrrcares0libfrrfpm_pb0libfrrospfapiclient0libfrrsnmp0libfrrzmq0libmlag_pb0go1.19go1.19-docgo1.19-racego1.20go1.20-docgo1.20-racekernel-vanillakernel-vanilla-basekernel-vanilla-develkernel-vanilla-livepatch-develxenxen-develxen-doc-htmlxen-libsxen-libs-32bitxen-toolsxen-tools-domUxen-tools-xendomains-wait-disklibopenvswitch-3_1-0libovn-23_03-0openvswitch3openvswitch3-developenvswitch3-docopenvswitch3-ipsecopenvswitch3-pkiopenvswitch3-testopenvswitch3-vtepovn3ovn3-centralovn3-develovn3-docovn3-dockerovn3-hostovn3-vteppython3-ovs3jetty-annotationsjetty-antjetty-cdijetty-clientjetty-continuationjetty-deployjetty-fcgijetty-httpjetty-http-spijetty-iojetty-jaasjetty-jmxjetty-jndijetty-jspjetty-minimal-javadocjetty-openidjetty-plusjetty-proxyjetty-quickstartjetty-rewritejetty-securityjetty-serverjetty-servletjetty-servletsjetty-startjetty-utiljetty-util-ajaxjetty-webappjetty-xmlkubernetes1.18-clientkubernetes1.18-client-commonkubernetes1.23-apiserverkubernetes1.23-clientkubernetes1.23-client-bash-completionkubernetes1.23-client-commonkubernetes1.23-client-fish-completionkubernetes1.23-controller-managerkubernetes1.23-kubeadmkubernetes1.23-kubeletkubernetes1.23-kubelet-commonkubernetes1.23-proxykubernetes1.23-schedulerkubernetes1.24-apiserverkubernetes1.24-clientkubernetes1.24-client-bash-completionkubernetes1.24-client-commonkubernetes1.24-client-fish-completionkubernetes1.24-controller-managerkubernetes1.24-kubeadmkubernetes1.24-kubeletkubernetes1.24-kubelet-commonkubernetes1.24-proxykubernetes1.24-schedulerbluezbluez-auto-enable-devicesbluez-cupsbluez-deprecatedbluez-develbluez-devel-32bitbluez-obexdbluez-testbluez-zsh-completionlibbluetooth3libbluetooth3-32bitpython3-reportlabpython-ply-docpython3-jmespathpython3-plypython3-simplejsongrafanadracut-saltbootspacecmdwirepython3-pyzmqpython3-pyzmq-develfirewalld-prometheus-configgolang-github-prometheus-prometheusrustuplibvmtools-devellibvmtools0open-vm-toolsopen-vm-tools-desktopopen-vm-tools-salt-minionopen-vm-tools-sdmpntpntp-docapache2-mod_php8php8php8-bcmathphp8-bz2php8-calendarphp8-cliphp8-ctypephp8-curlphp8-dbaphp8-develphp8-domphp8-embedphp8-enchantphp8-exifphp8-fastcgiphp8-fileinfophp8-fpmphp8-ftpphp8-gdphp8-gettextphp8-gmpphp8-iconvphp8-intlphp8-ldapphp8-mbstringphp8-mysqlphp8-odbcphp8-opcachephp8-opensslphp8-pcntlphp8-pdophp8-pgsqlphp8-pharphp8-posixphp8-readlinephp8-shmopphp8-snmpphp8-soapphp8-socketsphp8-sodiumphp8-sqlitephp8-sysvmsgphp8-sysvsemphp8-sysvshmphp8-testphp8-tidyphp8-tokenizerphp8-xmlreaderphp8-xmlwriterphp8-xslphp8-zipphp8-zlibMozillaThunderbirdMozillaThunderbird-translations-commonMozillaThunderbird-translations-otherlibX11-6libX11-6-32bitlibX11-datalibX11-devellibX11-devel-32bitlibX11-xcb1libX11-xcb1-32bitdav1ddav1d-devellibdav1d6libdav1d6-32bitpython3-sqlparselibopenssl-3-devellibopenssl-3-devel-32bitlibopenssl3libopenssl3-32bitopenssl-3openssl-3-doccloud-initcloud-init-config-susecloud-init-doclibpython3_9-1_0libpython3_9-1_0-32bitpython39python39-32bitpython39-basepython39-base-32bitpython39-cursespython39-dbmpython39-develpython39-docpython39-doc-devhelppython39-idlepython39-testsuitepython39-tkpython39-toolscluster-md-kmp-azuredlm-kmp-azuregfs2-kmp-azurekernel-azurekernel-azure-develkernel-azure-extrakernel-azure-livepatch-develkernel-azure-optionalkernel-azure-vdsokernel-devel-azurekernel-source-azurekernel-syms-azurekselftests-kmp-azureocfs2-kmp-azurereiserfs-kmp-azureWebKit2GTK-4.0-langWebKit2GTK-4.1-langWebKit2GTK-5.0-langlibjavascriptcoregtk-4_0-18libjavascriptcoregtk-4_0-18-32bitlibjavascriptcoregtk-4_1-0libjavascriptcoregtk-4_1-0-32bitlibjavascriptcoregtk-5_0-0libwebkit2gtk-4_0-37libwebkit2gtk-4_0-37-32bitlibwebkit2gtk-4_1-0libwebkit2gtk-4_1-0-32bitlibwebkit2gtk-5_0-0typelib-1_0-JavaScriptCore-4_0typelib-1_0-JavaScriptCore-4_1typelib-1_0-JavaScriptCore-5_0typelib-1_0-WebKit2-4_0typelib-1_0-WebKit2-4_1typelib-1_0-WebKit2-5_0typelib-1_0-WebKit2WebExtension-4_0typelib-1_0-WebKit2WebExtension-4_1typelib-1_0-WebKit2WebExtension-5_0webkit-jsc-4webkit-jsc-4.1webkit-jsc-5.0webkit2gtk-4_0-injected-bundleswebkit2gtk-4_1-injected-bundleswebkit2gtk-5_0-injected-bundleswebkit2gtk3-develwebkit2gtk3-minibrowserwebkit2gtk3-soup2-develwebkit2gtk3-soup2-minibrowserwebkit2gtk4-develwebkit2gtk4-minibrowseramazon-ssm-agentlibvirtlibvirt-clientlibvirt-client-qemulibvirt-daemonlibvirt-daemon-config-networklibvirt-daemon-config-nwfilterlibvirt-daemon-driver-interfacelibvirt-daemon-driver-libxllibvirt-daemon-driver-lxclibvirt-daemon-driver-networklibvirt-daemon-driver-nodedevlibvirt-daemon-driver-nwfilterlibvirt-daemon-driver-qemulibvirt-daemon-driver-secretlibvirt-daemon-driver-storagelibvirt-daemon-driver-storage-corelibvirt-daemon-driver-storage-disklibvirt-daemon-driver-storage-glusterlibvirt-daemon-driver-storage-iscsilibvirt-daemon-driver-storage-iscsi-directlibvirt-daemon-driver-storage-logicallibvirt-daemon-driver-storage-mpathlibvirt-daemon-driver-storage-rbdlibvirt-daemon-driver-storage-scsilibvirt-daemon-hookslibvirt-daemon-lxclibvirt-daemon-qemulibvirt-daemon-xenlibvirt-devellibvirt-devel-32bitlibvirt-doclibvirt-libslibvirt-lock-sanlocklibvirt-nsswireshark-plugin-libvirtcosigncorepack18nodejs18nodejs18-develnodejs18-docsnpm18libiniparser-devellibiniparser1libiniparser1-32bitterraform-provider-helmdnsdistlibluajit-5_1-2libluajit-5_1-2-32bitluajitluajit-develamazon-ecs-initlibcap-devellibcap-progslibcap2libcap2-32bitlibpsx2libpsx2-32bitlibpython3_11-1_0libpython3_11-1_0-32bitpython311python311-32bitpython311-basepython311-base-32bitpython311-cursespython311-dbmpython311-develpython311-docpython311-doc-devhelppython311-idlepython311-testsuitepython311-tkpython311-toolslibQt6Concurrent6libQt6Core6libQt6DBus6libQt6Gui6libQt6Network6libQt6OpenGL6libQt6OpenGLWidgets6libQt6PrintSupport6libQt6Sql6libQt6Test6libQt6Widgets6libQt6Xml6qt6-base-common-develqt6-base-develqt6-base-docs-htmlqt6-base-docs-qchqt6-base-examplesqt6-base-private-develqt6-concurrent-develqt6-core-develqt6-core-private-develqt6-dbus-develqt6-dbus-private-develqt6-docs-commonqt6-gui-develqt6-gui-private-develqt6-kmssupport-devel-staticqt6-kmssupport-private-develqt6-network-develqt6-network-private-develqt6-network-tlsqt6-networkinformation-glibqt6-networkinformation-nmqt6-opengl-develqt6-opengl-private-develqt6-openglwidgets-develqt6-platformsupport-devel-staticqt6-platformsupport-private-develqt6-platformtheme-gtk3qt6-platformtheme-xdgdesktopportalqt6-printsupport-cupsqt6-printsupport-develqt6-printsupport-private-develqt6-sql-develqt6-sql-mysqlqt6-sql-postgresqlqt6-sql-private-develqt6-sql-sqliteqt6-sql-unixODBCqt6-test-develqt6-test-private-develqt6-widgets-develqt6-widgets-private-develqt6-xml-develqt6-xml-private-develrmt-serverrmt-server-configrmt-server-pubcloudlibdwarf-devellibdwarf-devel-staticlibdwarf-doclibdwarf-toolslibdwarf1prometheus-sap_host_exporterprometheus-ha_cluster_exportercluster-md-kmp-rtdlm-kmp-rtgfs2-kmp-rtkernel-devel-rtkernel-rtkernel-rt-develkernel-rt-extrakernel-rt-livepatchkernel-rt-livepatch-develkernel-rt-optionalkernel-rt-vdsokernel-rt_debugkernel-rt_debug-develkernel-rt_debug-livepatch-develkernel-rt_debug-vdsokernel-source-rtkernel-syms-rtkselftests-kmp-rtocfs2-kmp-rtreiserfs-kmp-rtlibrabbitmq-devellibrabbitmq4rabbitmq-c-toolslibQt5Bootstrap-devel-staticlibQt5Bootstrap-devel-static-32bitlibQt5Concurrent-devellibQt5Concurrent-devel-32bitlibQt5Concurrent5libQt5Concurrent5-32bitlibQt5Core-devellibQt5Core-devel-32bitlibQt5Core-private-headers-devellibQt5Core5libQt5Core5-32bitlibQt5DBus-devellibQt5DBus-devel-32bitlibQt5DBus-private-headers-devellibQt5DBus5libQt5DBus5-32bitlibQt5Gui-devellibQt5Gui-devel-32bitlibQt5Gui-private-headers-devellibQt5Gui5libQt5Gui5-32bitlibQt5KmsSupport-devel-staticlibQt5KmsSupport-private-headers-devellibQt5Network-devellibQt5Network-devel-32bitlibQt5Network-private-headers-devellibQt5Network5libQt5Network5-32bitlibQt5OpenGL-devellibQt5OpenGL-devel-32bitlibQt5OpenGL-private-headers-devellibQt5OpenGL5libQt5OpenGL5-32bitlibQt5OpenGLExtensions-devel-staticlibQt5OpenGLExtensions-devel-static-32bitlibQt5PlatformHeaders-devellibQt5PlatformSupport-devel-staticlibQt5PlatformSupport-devel-static-32bitlibQt5PlatformSupport-private-headers-devellibQt5PrintSupport-devellibQt5PrintSupport-devel-32bitlibQt5PrintSupport-private-headers-devellibQt5PrintSupport5libQt5PrintSupport5-32bitlibQt5Sql-devellibQt5Sql-devel-32bitlibQt5Sql-private-headers-devellibQt5Sql5libQt5Sql5-32bitlibQt5Sql5-mysqllibQt5Sql5-mysql-32bitlibQt5Sql5-postgresqllibQt5Sql5-postgresql-32bitlibQt5Sql5-sqlitelibQt5Sql5-sqlite-32bitlibQt5Sql5-unixODBClibQt5Sql5-unixODBC-32bitlibQt5Test-devellibQt5Test-devel-32bitlibQt5Test-private-headers-devellibQt5Test5libQt5Test5-32bitlibQt5Widgets-devellibQt5Widgets-devel-32bitlibQt5Widgets-private-headers-devellibQt5Widgets5libQt5Widgets5-32bitlibQt5Xml-devellibQt5Xml-devel-32bitlibQt5Xml5libQt5Xml5-32bitlibqt5-qtbase-common-devellibqt5-qtbase-devellibqt5-qtbase-exampleslibqt5-qtbase-examples-32bitlibqt5-qtbase-platformtheme-gtk3libqt5-qtbase-platformtheme-xdgdesktopportallibqt5-qtbase-private-headers-develapache2-mod_php7php7php7-bcmathphp7-bz2php7-calendarphp7-cliphp7-ctypephp7-curlphp7-dbaphp7-develphp7-domphp7-embedphp7-enchantphp7-exifphp7-fastcgiphp7-fileinfophp7-fpmphp7-ftpphp7-gdphp7-gettextphp7-gmpphp7-iconvphp7-intlphp7-jsonphp7-ldapphp7-mbstringphp7-mysqlphp7-odbcphp7-opcachephp7-opensslphp7-pcntlphp7-pdophp7-pgsqlphp7-pharphp7-posixphp7-readlinephp7-shmopphp7-snmpphp7-soapphp7-socketsphp7-sodiumphp7-sqlitephp7-sysvmsgphp7-sysvsemphp7-sysvshmphp7-testphp7-tidyphp7-tokenizerphp7-xmlreaderphp7-xmlrpcphp7-xmlwriterphp7-xslphp7-zipphp7-zlibghostscriptghostscript-develghostscript-x11bindbind-docbind-utilspython3-bindpython3-Djangobouncycastlebouncycastle-javadocbouncycastle-jmailbouncycastle-mailbouncycastle-pgbouncycastle-pkixbouncycastle-tlsbouncycastle-utilpython3-requestscluster-md-kmp-64kbcluster-md-kmp-defaultdlm-kmp-64kbdlm-kmp-defaultdtb-allwinnerdtb-alteradtb-amazondtb-amddtb-amlogicdtb-apmdtb-appledtb-armdtb-broadcomdtb-caviumdtb-exynosdtb-freescaledtb-hisilicondtb-lgdtb-marvelldtb-mediatekdtb-nvidiadtb-qcomdtb-renesasdtb-rockchipdtb-socionextdtb-sprddtb-xilinxgfs2-kmp-64kbgfs2-kmp-defaultkernel-64kbkernel-64kb-develkernel-64kb-extrakernel-64kb-livepatch-develkernel-64kb-optionalkernel-debugkernel-debug-develkernel-debug-livepatch-develkernel-debug-vdsokernel-defaultkernel-default-basekernel-default-base-rebuildkernel-default-develkernel-default-extrakernel-default-livepatchkernel-default-livepatch-develkernel-default-optionalkernel-default-vdsokernel-develkernel-docskernel-docs-htmlkernel-kvmsmallkernel-kvmsmall-develkernel-kvmsmall-livepatch-develkernel-kvmsmall-vdsokernel-macroskernel-obs-buildkernel-obs-qakernel-sourcekernel-source-vanillakernel-symskernel-zfcpdumpkselftests-kmp-64kbkselftests-kmp-defaultocfs2-kmp-64kbocfs2-kmp-defaultreiserfs-kmp-64kbreiserfs-kmp-defaultdbus-1dbus-1-develdbus-1-devel-32bitdbus-1-devel-docdbus-1-x11libdbus-1-3libdbus-1-3-32bitperlperl-32bitperl-baseperl-base-32bitperl-core-DB_Fileperl-core-DB_File-32bitperl-docMozillaFirefox-branding-SLEpython3-azure-corepython3-azure-storage-bloblibopenssl-1_1-devellibopenssl-1_1-devel-32bitlibopenssl1_1libopenssl1_1-32bitlibopenssl1_1-hmaclibopenssl1_1-hmac-32bitopenssl-1_1openssl-1_1-docredisredis7ctdbctdb-pcp-pmdalibsamba-policy-devellibsamba-policy-python3-devellibsamba-policy0-python3libsamba-policy0-python3-32bitsambasamba-cephsamba-clientsamba-client-32bitsamba-client-libssamba-client-libs-32bitsamba-develsamba-devel-32bitsamba-docsamba-gpupdatesamba-ldb-ldapsamba-libssamba-libs-32bitsamba-libs-python3samba-libs-python3-32bitsamba-python3samba-testsamba-toolsamba-winbindsamba-winbind-libssamba-winbind-libs-32bitpython311-pipopensshopenssh-askpass-gnomeopenssh-cavsopenssh-clientsopenssh-commonopenssh-fipsopenssh-helpersopenssh-serverlibQt5Svg5libQt5Svg5-32bitlibqt5-qtsvg-devellibqt5-qtsvg-devel-32bitlibqt5-qtsvg-exampleslibqt5-qtsvg-private-headers-develpython3-scipy_1_2_0-gnu-hpcmysql-connector-javaiperfiperf-devellibiperf0conmongo1.20-opensslgo1.20-openssl-docgo1.20-openssl-racekernel-firmwarekernel-firmware-allkernel-firmware-amdgpukernel-firmware-ath10kkernel-firmware-ath11kkernel-firmware-atheroskernel-firmware-bluetoothkernel-firmware-bnx2kernel-firmware-brcmkernel-firmware-chelsiokernel-firmware-dpaa2kernel-firmware-i915kernel-firmware-intelkernel-firmware-iwlwifikernel-firmware-liquidiokernel-firmware-marvellkernel-firmware-mediakernel-firmware-mediatekkernel-firmware-mellanoxkernel-firmware-mwifiexkernel-firmware-networkkernel-firmware-nfpkernel-firmware-nvidiakernel-firmware-platformkernel-firmware-presterakernel-firmware-qcomkernel-firmware-qlogickernel-firmware-radeonkernel-firmware-realtekkernel-firmware-serialkernel-firmware-soundkernel-firmware-tikernel-firmware-ueaglekernel-firmware-usb-networkucode-amdgdk-pixbuf-loader-rsvggdk-pixbuf-loader-rsvg-32bitlibrsvg-2-2librsvg-2-2-32bitlibrsvg-develrsvg-convertrsvg-thumbnailertypelib-1_0-Rsvg-2_0java-17-openjdkjava-17-openjdk-demojava-17-openjdk-develjava-17-openjdk-headlessjava-17-openjdk-javadocjava-17-openjdk-jmodsjava-17-openjdk-srcqemuqemu-SLOFqemu-accel-qtestqemu-accel-tcg-x86qemu-armqemu-audio-alsaqemu-audio-dbusqemu-audio-jackqemu-audio-paqemu-audio-spiceqemu-block-curlqemu-block-dmgqemu-block-glusterqemu-block-iscsiqemu-block-nfsqemu-block-rbdqemu-block-sshqemu-chardev-baumqemu-chardev-spiceqemu-extraqemu-guest-agentqemu-hw-display-qxlqemu-hw-display-virtio-gpuqemu-hw-display-virtio-gpu-pciqemu-hw-display-virtio-vgaqemu-hw-s390x-virtio-gpu-ccwqemu-hw-usb-hostqemu-hw-usb-redirectqemu-hw-usb-smartcardqemu-ipxeqemu-ivshmem-toolsqemu-ksmqemu-kvmqemu-langqemu-microvmqemu-ppcqemu-s390xqemu-seabiosqemu-sgabiosqemu-skibootqemu-toolsqemu-ui-cursesqemu-ui-dbusqemu-ui-gtkqemu-ui-openglqemu-ui-spice-appqemu-ui-spice-coreqemu-vgabiosqemu-vhost-user-gpuqemu-x86libxmltooling-devellibxmltooling-lite9libxmltooling9xmltooling-schemasguavaguava-javadocguava-testlibpython3-saltsaltsalt-apisalt-bash-completionsalt-cloudsalt-docsalt-fish-completionsalt-mastersalt-minionsalt-proxysalt-sshsalt-standalone-formulas-configurationsalt-syndicsalt-testssalt-transactional-updatesalt-zsh-completionprometheus-blackbox_exporterpython3-tornadosystem-user-prometheusjtidyjtidy-javadocjtidy-scriptsxtransruby2.5-rubygem-actionpack-5_1ruby2.5-rubygem-actionpack-doc-5_1libcjose-devellibcjose0keylime-agentkeylime-configkeylime-firewalldkeylime-logrotatekeylime-registrarkeylime-tpm_cert_storekeylime-verifierpython3-keylimegstreamer-plugins-uglygstreamer-plugins-ugly-32bitgstreamer-plugins-ugly-langgstreamer-plugins-goodgstreamer-plugins-good-32bitgstreamer-plugins-good-extragstreamer-plugins-good-extra-32bitgstreamer-plugins-good-gtkgstreamer-plugins-good-jackgstreamer-plugins-good-jack-32bitgstreamer-plugins-good-langgstreamer-plugins-good-qtqmlgstreamer-plugins-basegstreamer-plugins-base-32bitgstreamer-plugins-base-develgstreamer-plugins-base-devel-32bitgstreamer-plugins-base-langlibgstallocators-1_0-0libgstallocators-1_0-0-32bitlibgstapp-1_0-0libgstapp-1_0-0-32bitlibgstaudio-1_0-0libgstaudio-1_0-0-32bitlibgstfft-1_0-0libgstfft-1_0-0-32bitlibgstgl-1_0-0libgstgl-1_0-0-32bitlibgstpbutils-1_0-0libgstpbutils-1_0-0-32bitlibgstriff-1_0-0libgstriff-1_0-0-32bitlibgstrtp-1_0-0libgstrtp-1_0-0-32bitlibgstrtsp-1_0-0libgstrtsp-1_0-0-32bitlibgstsdp-1_0-0libgstsdp-1_0-0-32bitlibgsttag-1_0-0libgsttag-1_0-0-32bitlibgstvideo-1_0-0libgstvideo-1_0-0-32bittypelib-1_0-GstAllocators-1_0typelib-1_0-GstApp-1_0typelib-1_0-GstAudio-1_0typelib-1_0-GstGL-1_0typelib-1_0-GstGLEGL-1_0typelib-1_0-GstGLWayland-1_0typelib-1_0-GstGLX11-1_0typelib-1_0-GstPbutils-1_0typelib-1_0-GstRtp-1_0typelib-1_0-GstRtsp-1_0typelib-1_0-GstSdp-1_0typelib-1_0-GstTag-1_0typelib-1_0-GstVideo-1_0cargo1.71rust1.71gstreamer-plugin-pipewirelibpipewire-0_3-0libpipewire-0_3-0-32bitpipewirepipewire-alsapipewire-alsa-32bitpipewire-develpipewire-docpipewire-langpipewire-libjack-0_3pipewire-libjack-0_3-32bitpipewire-libjack-0_3-develpipewire-module-x11-0_3pipewire-modules-0_3pipewire-modules-0_3-32bitpipewire-pulseaudiopipewire-spa-plugins-0_2pipewire-spa-plugins-0_2-32bitpipewire-spa-toolspipewire-toolspython3-scipypython3-scipy-gnu-hpcpython3-scipy_1_3_3-gnu-hpcjava-11-openjdkjava-11-openjdk-demojava-11-openjdk-develjava-11-openjdk-headlessjava-11-openjdk-javadocjava-11-openjdk-jmodsjava-11-openjdk-srclibyajl-devellibyajl-devel-32bitlibyajl-devel-staticlibyajl2libyajl2-32bityajljava-1_8_0-openj9java-1_8_0-openj9-accessibilityjava-1_8_0-openj9-demojava-1_8_0-openj9-develjava-1_8_0-openj9-headlessjava-1_8_0-openj9-javadocjava-1_8_0-openj9-srckrb5krb5-32bitkrb5-clientkrb5-develkrb5-devel-32bitkrb5-plugin-kdb-ldapkrb5-plugin-preauth-otpkrb5-plugin-preauth-pkinitkrb5-plugin-preauth-spakekrb5-serverlibpcre2-16-0libpcre2-16-0-32bitlibpcre2-32-0libpcre2-32-0-32bitlibpcre2-8-0libpcre2-8-0-32bitlibpcre2-posix2libpcre2-posix2-32bitpcre2-develpcre2-devel-staticpcre2-docpcre2-toolspostgresql13postgresql13-contribpostgresql13-develpostgresql13-docspostgresql13-llvmjitpostgresql13-llvmjit-develpostgresql13-plperlpostgresql13-plpythonpostgresql13-pltclpostgresql13-serverpostgresql13-server-develpostgresql13-testlibecpg6libecpg6-32bitlibpq5libpq5-32bitpostgresql15postgresql15-contribpostgresql15-develpostgresql15-docspostgresql15-llvmjitpostgresql15-llvmjit-develpostgresql15-plperlpostgresql15-plpythonpostgresql15-pltclpostgresql15-serverpostgresql15-server-develpostgresql15-testpostgresql14postgresql14-contribpostgresql14-develpostgresql14-docspostgresql14-llvmjitpostgresql14-llvmjit-develpostgresql14-plperlpostgresql14-plpythonpostgresql14-pltclpostgresql14-serverpostgresql14-server-develpostgresql14-testre2cpython3-configobjpostgresql12postgresql12-contribpostgresql12-develpostgresql12-docspostgresql12-llvmjitpostgresql12-llvmjit-develpostgresql12-plperlpostgresql12-plpythonpostgresql12-pltclpostgresql12-serverpostgresql12-server-develpostgresql12-testcommons-compilercommons-compiler-jdkjaninojanino-javadocpostfixpostfix-bdbpostfix-bdb-lmdbpostfix-develpostfix-docpostfix-ldappostfix-mysqlpostfix-postgresqlerlangerlang-debuggererlang-debugger-srcerlang-dialyzererlang-dialyzer-srcerlang-diametererlang-diameter-srcerlang-docerlang-epmderlang-eterlang-et-srcerlang-jinterfaceerlang-jinterface-srcerlang-observererlang-observer-srcerlang-reltoolerlang-reltool-srcerlang-srcerlang-wxerlang-wx-srclibreofficelibreoffice-baselibreoffice-base-drivers-postgresqllibreoffice-branding-upstreamlibreoffice-calclibreoffice-calc-extensionslibreoffice-drawlibreoffice-filters-optionallibreoffice-gdb-pretty-printerslibreoffice-gladelibreoffice-gnomelibreoffice-gtk3libreoffice-icon-themeslibreoffice-impresslibreoffice-l10n-aflibreoffice-l10n-amlibreoffice-l10n-arlibreoffice-l10n-aslibreoffice-l10n-astlibreoffice-l10n-belibreoffice-l10n-bglibreoffice-l10n-bnlibreoffice-l10n-bn_INlibreoffice-l10n-bolibreoffice-l10n-brlibreoffice-l10n-brxlibreoffice-l10n-bslibreoffice-l10n-calibreoffice-l10n-ca_valencialibreoffice-l10n-ckblibreoffice-l10n-cslibreoffice-l10n-cylibreoffice-l10n-dalibreoffice-l10n-delibreoffice-l10n-dgolibreoffice-l10n-dsblibreoffice-l10n-dzlibreoffice-l10n-ellibreoffice-l10n-enlibreoffice-l10n-en_GBlibreoffice-l10n-en_ZAlibreoffice-l10n-eolibreoffice-l10n-eslibreoffice-l10n-etlibreoffice-l10n-eulibreoffice-l10n-falibreoffice-l10n-filibreoffice-l10n-frlibreoffice-l10n-furlibreoffice-l10n-fylibreoffice-l10n-galibreoffice-l10n-gdlibreoffice-l10n-gllibreoffice-l10n-gulibreoffice-l10n-guglibreoffice-l10n-helibreoffice-l10n-hilibreoffice-l10n-hrlibreoffice-l10n-hsblibreoffice-l10n-hulibreoffice-l10n-idlibreoffice-l10n-islibreoffice-l10n-itlibreoffice-l10n-jalibreoffice-l10n-kalibreoffice-l10n-kablibreoffice-l10n-kklibreoffice-l10n-kmlibreoffice-l10n-kmr_Latnlibreoffice-l10n-knlibreoffice-l10n-kolibreoffice-l10n-koklibreoffice-l10n-kslibreoffice-l10n-lblibreoffice-l10n-lolibreoffice-l10n-ltlibreoffice-l10n-lvlibreoffice-l10n-mailibreoffice-l10n-mklibreoffice-l10n-mllibreoffice-l10n-mnlibreoffice-l10n-mnilibreoffice-l10n-mrlibreoffice-l10n-mylibreoffice-l10n-nblibreoffice-l10n-nelibreoffice-l10n-nllibreoffice-l10n-nnlibreoffice-l10n-nrlibreoffice-l10n-nsolibreoffice-l10n-oclibreoffice-l10n-omlibreoffice-l10n-orlibreoffice-l10n-palibreoffice-l10n-pllibreoffice-l10n-pt_BRlibreoffice-l10n-pt_PTlibreoffice-l10n-rolibreoffice-l10n-rulibreoffice-l10n-rwlibreoffice-l10n-sa_INlibreoffice-l10n-satlibreoffice-l10n-sdlibreoffice-l10n-silibreoffice-l10n-sidlibreoffice-l10n-sklibreoffice-l10n-sllibreoffice-l10n-sqlibreoffice-l10n-srlibreoffice-l10n-sslibreoffice-l10n-stlibreoffice-l10n-svlibreoffice-l10n-sw_TZlibreoffice-l10n-szllibreoffice-l10n-talibreoffice-l10n-telibreoffice-l10n-tglibreoffice-l10n-thlibreoffice-l10n-tnlibreoffice-l10n-trlibreoffice-l10n-tslibreoffice-l10n-ttlibreoffice-l10n-uglibreoffice-l10n-uklibreoffice-l10n-uzlibreoffice-l10n-velibreoffice-l10n-veclibreoffice-l10n-vilibreoffice-l10n-xhlibreoffice-l10n-zh_CNlibreoffice-l10n-zh_TWlibreoffice-l10n-zulibreoffice-librelogolibreoffice-mailmergelibreoffice-mathlibreoffice-officebeanlibreoffice-pyunolibreoffice-qt5libreoffice-sdklibreoffice-sdk-doclibreoffice-writerlibreoffice-writer-extensionslibreofficekitlibreofficekit-devellibxmlsec1-1libxmlsec1-gcrypt1libxmlsec1-gnutls1libxmlsec1-nss1libxmlsec1-openssl1xmlsec1xmlsec1-develxmlsec1-gcrypt-develxmlsec1-gnutls-develxmlsec1-nss-develxmlsec1-openssl-develWebKitGTK-4.0-langWebKitGTK-4.1-langWebKitGTK-6.0-langlibjavascriptcoregtk-4_0-18-64bitlibjavascriptcoregtk-4_1-0-64bitlibjavascriptcoregtk-6_0-1libwebkit2gtk-4_0-37-64bitlibwebkit2gtk-4_1-0-64bitlibwebkitgtk-6_0-4typelib-1_0-JavaScriptCore-6_0typelib-1_0-WebKit-6_0typelib-1_0-WebKitWebProcessExtension-6_0webkit-jsc-6.0webkitgtk-6_0-injected-bundlesindentgawkca-certificates-mozillaca-certificates-mozilla-prebuiltclamavclamav-devellibclamav9libfreshclam2freetype2-develfreetype2-devel-32bitfreetype2-profile-tti35ft2demosftbenchftdiffftdumpftgammaftgridftinspectftlintftmultiftstringftvalidftviewlibfreetype6libfreetype6-32bithaproxylibprocps7procpsprocps-develgvimvimvim-datavim-data-commonvim-smallopen-vm-tools-containerinfoexempi-toolslibexempi-devellibexempi3libexempi3-32bitdjvulibredjvulibre-doclibdjvulibre-devellibdjvulibre21sccachegsl_2_4-gnu-hpcgsl_2_4-gnu-hpc-develgsl_2_4-gnu-hpc-docgsl_2_4-gnu-hpc-examplesgsl_2_4-gnu-hpc-modulelibgsl_2_4-gnu-hpclibgslcblas_2_4-gnu-hpcbusybox-adduserbusybox-attrbusybox-bcbusybox-bind-utilsbusybox-bzip2busybox-coreutilsbusybox-cpiobusybox-diffutilsbusybox-dos2unixbusybox-edbusybox-findutilsbusybox-gawkbusybox-grepbusybox-gzipbusybox-hostnamebusybox-iproute2busybox-iputilsbusybox-kbdbusybox-kmodbusybox-lessbusybox-linksbusybox-manbusybox-miscbusybox-ncurses-utilsbusybox-net-toolsbusybox-netcatbusybox-patchbusybox-policycoreutilsbusybox-procpsbusybox-psmiscbusybox-sedbusybox-selinux-toolsbusybox-sendmailbusybox-shbusybox-sharutilsbusybox-syslogdbusybox-sysvinit-toolsbusybox-tarbusybox-telnetbusybox-tftpbusybox-timebusybox-traceroutebusybox-tunctlbusybox-unzipbusybox-util-linuxbusybox-vibusybox-vlanbusybox-wgetbusybox-whichbusybox-whoisbusybox-xzdockerdocker-bash-completiondocker-fish-completiondocker-zsh-completionlibssh2-1libssh2-1-32bitlibssh2-develskopeoicu73_2libicu73_2libicu73_2-bedatalibicu73_2-devellibicu73_2-doclibicu73_2-ledataflacflac-develflac-devel-32bitflac-doclibFLAC++6libFLAC++6-32bitlibFLAC8libFLAC8-32bitcpp12cross-aarch64-gcc12-bootstrapcross-arm-gcc12cross-arm-gcc12-icecream-backendcross-arm-none-gcc12-bootstrapcross-avr-gcc12-bootstrapcross-epiphany-gcc12-bootstrapcross-hppa-gcc12cross-hppa-gcc12-bootstrapcross-hppa-gcc12-icecream-backendcross-m68k-gcc12cross-m68k-gcc12-icecream-backendcross-mips-gcc12cross-mips-gcc12-icecream-backendcross-nvptx-gcc12cross-nvptx-newlib12-develcross-ppc64-gcc12cross-ppc64-gcc12-icecream-backendcross-ppc64le-gcc12cross-ppc64le-gcc12-icecream-backendcross-riscv64-elf-gcc12-bootstrapcross-riscv64-gcc12-bootstrapcross-rx-gcc12-bootstrapcross-s390x-gcc12cross-s390x-gcc12-icecream-backendcross-sparc-gcc12cross-sparc64-gcc12cross-sparc64-gcc12-icecream-backendcross-sparcv9-gcc12-icecream-backendcross-x86_64-gcc12cross-x86_64-gcc12-icecream-backendgcc12gcc12-32bitgcc12-PIEgcc12-adagcc12-ada-32bitgcc12-c++gcc12-c++-32bitgcc12-dgcc12-d-32bitgcc12-fortrangcc12-fortran-32bitgcc12-gogcc12-go-32bitgcc12-infogcc12-localegcc12-obj-c++gcc12-obj-c++-32bitgcc12-objcgcc12-objc-32bitgcc12-testresultslibada12libada12-32bitlibasan8libasan8-32bitlibatomic1libatomic1-32bitlibgcc_s1libgcc_s1-32bitlibgdruntime3libgdruntime3-32bitlibgfortran5libgfortran5-32bitlibgo21libgo21-32bitlibgomp1libgomp1-32bitlibgphobos3libgphobos3-32bitlibhwasan0libitm1libitm1-32bitliblsan0libobjc4libobjc4-32bitlibquadmath0libquadmath0-32bitlibstdc++6libstdc++6-32bitlibstdc++6-devel-gcc12libstdc++6-devel-gcc12-32bitlibstdc++6-localelibstdc++6-pplibstdc++6-pp-32bitlibtsan2libubsan1libubsan1-32bitlibxml2-2libxml2-2-32bitlibxml2-devellibxml2-devel-32bitlibxml2-doclibxml2-toolspython3-libxml2python311-libxml2cpp7cross-aarch64-gcc7cross-aarch64-gcc7-icecream-backendcross-arm-gcc7cross-arm-none-gcc7-bootstrapcross-avr-gcc7-bootstrapcross-epiphany-gcc7-bootstrapcross-hppa-gcc7cross-hppa-gcc7-icecream-backendcross-i386-gcc7cross-i386-gcc7-icecream-backendcross-m68k-gcc7cross-m68k-gcc7-icecream-backendcross-mips-gcc7cross-mips-gcc7-icecream-backendcross-nvptx-gcc7cross-nvptx-newlib7-develcross-ppc64-gcc7cross-ppc64-gcc7-icecream-backendcross-ppc64le-gcc7cross-ppc64le-gcc7-icecream-backendcross-rx-gcc7-bootstrapcross-s390x-gcc7cross-s390x-gcc7-icecream-backendcross-sparc-gcc7cross-sparc64-gcc7cross-sparc64-gcc7-icecream-backendcross-sparcv9-gcc7-icecream-backendcross-x86_64-gcc7cross-x86_64-gcc7-icecream-backendgcc7gcc7-32bitgcc7-adagcc7-ada-32bitgcc7-c++gcc7-c++-32bitgcc7-fortrangcc7-fortran-32bitgcc7-gogcc7-go-32bitgcc7-infogcc7-localegcc7-obj-c++gcc7-obj-c++-32bitgcc7-objcgcc7-objc-32bitgcc7-testresultslibada7libada7-32bitlibasan4libasan4-32bitlibatomic1-gcc7libatomic1-gcc7-32bitlibcilkrts5libcilkrts5-32bitlibgcc_s1-gcc7libgcc_s1-gcc7-32bitlibgfortran4libgfortran4-32bitlibgo11libgo11-32bitlibgomp1-gcc7libgomp1-gcc7-32bitlibitm1-gcc7libitm1-gcc7-32bitliblsan0-gcc7libmpx2-gcc7libmpx2-gcc7-32bitlibmpxwrappers2-gcc7libmpxwrappers2-gcc7-32bitlibobjc4-gcc7libobjc4-gcc7-32bitlibquadmath0-gcc7libquadmath0-gcc7-32bitlibstdc++6-devel-gcc7libstdc++6-devel-gcc7-32bitlibstdc++6-gcc7libstdc++6-gcc7-32bitlibstdc++6-gcc7-localelibtsan0-gcc7libubsan0libubsan0-32bitpython3-libxml2-pythongo1.21go1.21-docgo1.21-raceruby2.5-rubygem-rails-html-sanitizerruby2.5-rubygem-rails-html-sanitizer-docruby2.5-rubygem-rails-html-sanitizer-testsuitecargocargo1.72rustrust1.72ruby2.5-rubygem-actionview-5_1ruby2.5-rubygem-actionview-doc-5_1containerdcontainerd-ctrcontainerd-develffmpegffmpeg-private-devellibavcodec-devellibavcodec57libavcodec57-32bitlibavdevice-devellibavdevice57libavdevice57-32bitlibavfilter-devellibavfilter6libavfilter6-32bitlibavformat-devellibavformat57libavformat57-32bitlibavresample-devellibavresample3libavresample3-32bitlibavutil-devellibavutil55libavutil55-32bitlibpostproc-devellibpostproc54libpostproc54-32bitlibswresample-devellibswresample2libswresample2-32bitlibswscale-devellibswscale4libswscale4-32bitbusybox-staticbusybox-testsuitebusybox-warewulf3supportutilsbinutilsbinutils-develbinutils-devel-32bitbinutils-goldcross-aarch64-binutilscross-arm-binutilscross-avr-binutilscross-epiphany-binutilscross-hppa-binutilscross-hppa64-binutilscross-i386-binutilscross-ia64-binutilscross-m68k-binutilscross-mips-binutilscross-ppc-binutilscross-ppc64-binutilscross-ppc64le-binutilscross-riscv64-binutilscross-rx-binutilscross-s390-binutilscross-s390x-binutilscross-sparc-binutilscross-sparc64-binutilscross-spu-binutilscross-x86_64-binutilscross-xtensa-binutilslibctf-nobfd0libctf0muttmutt-docmutt-langpython3-brotlipylibpainter0librfxencode0xrdpxrdp-devellibfpm_pb0libospf0libospfapiclient0libquagga_pb0libzebra1quaggaquagga-develgo1.19-opensslgo1.19-openssl-docgo1.19-openssl-racegslgsl-develgsl-docgsl-examplesgsl-gnu-hpcgsl-gnu-hpc-develgsl-gnu-hpc-docgsl_2_6-gnu-hpcgsl_2_6-gnu-hpc-develgsl_2_6-gnu-hpc-docgsl_2_6-gnu-hpc-examplesgsl_2_6-gnu-hpc-modulelibgsl-gnu-hpclibgsl25libgsl_2_6-gnu-hpclibgslcblas-gnu-hpclibgslcblas0libgslcblas_2_6-gnu-hpclibmca_common_dstore1libpmix2pmixpmix-develpmix-headerspmix-mca-paramspmix-plugin-mungepmix-pluginspmix-testgolang-github-QubitProducts-exporter_exportergolang-github-lusitaniae-apache_exporterprometheus-postgres_exportersupportutils-plugin-susemanager-clientgolang-github-prometheus-alertmanagergolang-github-prometheus-node_exporterdoxygen2manlibqb-devellibqb-devel-32bitlibqb-testslibqb-toolslibqb100libqb100-32bitlibpython2_7-1_0libpython2_7-1_0-32bitpythonpython-32bitpython-basepython-base-32bitpython-cursespython-demopython-develpython-docpython-doc-pdfpython-gdbmpython-idlepython-tkpython-xmllibvpx-devellibvpx7libvpx7-32bitvpx-toolsrunclibeconf-devellibeconf-utilslibeconf0libeconf0-32bitruby2.5-rubygem-pumaruby2.5-rubygem-puma-doclibXpm-devellibXpm-devel-32bitlibXpm-toolslibXpm4libXpm4-32bitlibraw-devellibraw-devel-staticlibraw-toolslibraw20libraw20-32bitlibnghttp2-14libnghttp2-14-32bitlibnghttp2-devellibnghttp2_asio-devellibnghttp2_asio1libnghttp2_asio1-32bitnghttp2python3-nghttp2yqyq-bash-completionyq-fish-completionyq-zsh-completionlogin_defsshadowphp-composer2rage-encryptionrage-encryption-bash-completioncni-pluginscnilibcue-devellibcue2python-gevent-docpython3-geventbuildahpython3-urllib3glibcglibc-32bitglibc-develglibc-devel-32bitglibc-devel-staticglibc-devel-static-32bitglibc-extraglibc-htmlglibc-i18ndataglibc-infoglibc-langglibc-localeglibc-locale-baseglibc-locale-base-32bitglibc-profileglibc-profile-32bitglibc-utilsglibc-utils-32bitnscdlibnss_slurm2_20_02libpmi0_20_02perl-slurm_20_02slurm_20_02slurm_20_02-auth-noneslurm_20_02-configslurm_20_02-config-manslurm_20_02-crayslurm_20_02-develslurm_20_02-docslurm_20_02-hdf5slurm_20_02-luaslurm_20_02-mungeslurm_20_02-nodeslurm_20_02-openlavaslurm_20_02-pam_slurmslurm_20_02-pluginsslurm_20_02-restslurm_20_02-seffslurm_20_02-sjstatslurm_20_02-slurmdbdslurm_20_02-sqlslurm_20_02-sviewslurm_20_02-testsuiteslurm_20_02-torqueslurm_20_02-webdochelmhelm-bash-completionhelm-fish-completionhelm-zsh-completionsuse-module-toolssuse-module-tools-legacygrub2grub2-arm64-efigrub2-arm64-efi-debuggrub2-arm64-efi-extrasgrub2-branding-upstreamgrub2-i386-pcgrub2-i386-pc-debuggrub2-i386-pc-extrasgrub2-powerpc-ieee1275grub2-powerpc-ieee1275-debuggrub2-powerpc-ieee1275-extrasgrub2-s390x-emugrub2-s390x-emu-debuggrub2-s390x-emu-extrasgrub2-snapper-plugingrub2-systemd-sleep-plugingrub2-x86_64-efigrub2-x86_64-efi-debuggrub2-x86_64-efi-extrasgrub2-x86_64-xengrub2-x86_64-xen-extrascpp13cross-nvptx-gcc13cross-nvptx-newlib13-develgcc13gcc13-32bitgcc13-PIEgcc13-adagcc13-ada-32bitgcc13-c++gcc13-c++-32bitgcc13-dgcc13-d-32bitgcc13-fortrangcc13-fortran-32bitgcc13-gogcc13-go-32bitgcc13-infogcc13-localegcc13-m2gcc13-m2-32bitgcc13-obj-c++gcc13-obj-c++-32bitgcc13-objcgcc13-objc-32bitlibada13libada13-32bitlibgdruntime4libgdruntime4-32bitlibgo22libgo22-32bitlibgphobos4libgphobos4-32bitlibm2cor18libm2cor18-32bitlibm2iso18libm2iso18-32bitlibm2log18libm2log18-32bitlibm2min18libm2min18-32bitlibm2pim18libm2pim18-32bitlibstdc++6-devel-gcc13libstdc++6-devel-gcc13-32bitlibruby2_5-2_5ruby2.5ruby2.5-develruby2.5-devel-extraruby2.5-docruby2.5-doc-riruby2.5-stdliblibminizip1libminizip1-32bitlibz1libz1-32bitminizip-develzlib-develzlib-devel-32bitzlib-devel-staticzlib-devel-static-32bitzlib-testsuitelibnbdlibnbd-bash-completionlibnbd-devellibnbd0nbdfusepython3-libnbdlibzck-devellibzck1zchunkvorbis-toolsvorbis-tools-langxorg-x11-serverxorg-x11-server-Xvfbxorg-x11-server-extraxorg-x11-server-sdkxorg-x11-server-sourcepython311-Werkzeuglibpoppler-cpp0libpoppler-cpp0-32bitlibpoppler-devellibpoppler-glib-devellibpoppler-glib8libpoppler-glib8-32bitlibpoppler-qt5-1libpoppler-qt5-1-32bitlibpoppler-qt5-devellibpoppler-qt6-3libpoppler-qt6-devellibpoppler126libpoppler126-32bitpoppler-toolstypelib-1_0-Poppler-0_18xwaylandxwayland-devellibnss_slurm2_20_11libpmi0_20_11perl-slurm_20_11slurm_20_11slurm_20_11-auth-noneslurm_20_11-configslurm_20_11-config-manslurm_20_11-crayslurm_20_11-develslurm_20_11-docslurm_20_11-hdf5slurm_20_11-luaslurm_20_11-mungeslurm_20_11-nodeslurm_20_11-openlavaslurm_20_11-pam_slurmslurm_20_11-pluginsslurm_20_11-restslurm_20_11-seffslurm_20_11-sjstatslurm_20_11-slurmdbdslurm_20_11-sqlslurm_20_11-sviewslurm_20_11-torqueslurm_20_11-webdoclibsndfile-devellibsndfile-progslibsndfile1libsndfile1-32bitlibnss_slurm2libpmi0libslurm39perl-slurmslurmslurm-auth-noneslurm-configslurm-config-manslurm-crayslurm-develslurm-docslurm-hdf5slurm-luaslurm-mungeslurm-nodeslurm-openlavaslurm-pam_slurmslurm-plugin-ext-sensors-rrdslurm-pluginsslurm-restslurm-seffslurm-sjstatslurm-slurmdbdslurm-sqlslurm-sviewslurm-testsuiteslurm-torqueslurm-webdocapache-ivyapache-ivy-javadocsquidkernel-firmware-nvidia-gspx-G06nvidia-open-driver-G06-signed-64kb-develnvidia-open-driver-G06-signed-azure-develnvidia-open-driver-G06-signed-default-develnvidia-open-driver-G06-signed-kmp-64kbnvidia-open-driver-G06-signed-kmp-azurenvidia-open-driver-G06-signed-kmp-defaultapache2apache2-develapache2-docapache2-eventapache2-example-pagesapache2-preforkapache2-utilsapache2-workerxtermxterm-binw3mw3m-inline-imageexfatprogsgo1.21-opensslgo1.21-openssl-docgo1.21-openssl-racepostgresqlpostgresql-contribpostgresql-develpostgresql-docspostgresql-llvmjitpostgresql-llvmjit-develpostgresql-plperlpostgresql-plpythonpostgresql-pltclpostgresql-serverpostgresql-server-develpostgresql-testpostgresql16postgresql16-contribpostgresql16-develpostgresql16-devel-minipostgresql16-docspostgresql16-llvmjitpostgresql16-llvmjit-develpostgresql16-plperlpostgresql16-plpythonpostgresql16-pltclpostgresql16-serverpostgresql16-server-develpostgresql16-testfrozen-devellibixion-0_18-0libixion-devellibixion-toolsliborcus-0_18-0liborcus-develliborcus-toolsmdds-2_1-develpython3-libixionpython3-liborcusavahiavahi-autoipdavahi-compat-howl-develavahi-compat-mDNSResponder-develavahi-langavahi-utilsavahi-utils-gtklibavahi-client3libavahi-client3-32bitlibavahi-common3libavahi-common3-32bitlibavahi-core7libavahi-devellibavahi-glib-devellibavahi-glib1libavahi-glib1-32bitlibavahi-gobject-devellibavahi-gobject0libavahi-libevent1libavahi-qt5-1libavahi-qt5-devellibavahi-ui-gtk3-0libdns_sdlibdns_sd-32bitlibhowl0python3-avahipython3-avahi-gtktypelib-1_0-Avahi-0_6apache2-mod_jkpython3-setuptoolspython3-setuptools-testpython3-setuptools-wheelmavenmaven-javadocmaven-libmaven-resolvermaven-resolver-apimaven-resolver-connector-basicmaven-resolver-implmaven-resolver-javadocmaven-resolver-named-locksmaven-resolver-spimaven-resolver-test-utilmaven-resolver-transport-classpathmaven-resolver-transport-filemaven-resolver-transport-httpmaven-resolver-transport-wagonmaven-resolver-utilsbtsbt-bootstrapxmvnxmvn-apixmvn-connectorxmvn-connector-javadocxmvn-corexmvn-installxmvn-minimalxmvn-mojoxmvn-mojo-javadocxmvn-parentxmvn-resolvexmvn-substxmvn-tools-javadocpython311-Pillowpython311-Pillow-tkstrongswanstrongswan-docstrongswan-hmacstrongswan-ipsecstrongswan-libs0strongswan-mysqlstrongswan-nmstrongswan-sqlitelibnss_slurm2_22_05libpmi0_22_05libslurm38perl-slurm_22_05slurm_22_05slurm_22_05-auth-noneslurm_22_05-configslurm_22_05-config-manslurm_22_05-crayslurm_22_05-develslurm_22_05-docslurm_22_05-hdf5slurm_22_05-luaslurm_22_05-mungeslurm_22_05-nodeslurm_22_05-openlavaslurm_22_05-pam_slurmslurm_22_05-pluginsslurm_22_05-restslurm_22_05-seffslurm_22_05-sjstatslurm_22_05-slurmdbdslurm_22_05-sqlslurm_22_05-sviewslurm_22_05-testsuiteslurm_22_05-torqueslurm_22_05-webdoclibxerces-c-3_2libxerces-c-3_2-32bitlibxerces-c-develxerces-cxerces-c-docsquashfspython3-Twistedpython311-Twistedpython311-Twisted-all_non_platformpython311-Twisted-conchpython311-Twisted-conch_naclpython311-Twisted-contextvarspython311-Twisted-http2python311-Twisted-serialpython311-Twisted-tlslibsqlite3-0libsqlite3-0-32bitsqlite3sqlite3-develsqlite3-docsqlite3-tcltraceroutekubevirt-container-diskkubevirt-manifestskubevirt-testskubevirt-virt-apikubevirt-virt-controllerkubevirt-virt-exportproxykubevirt-virt-exportserverkubevirt-virt-handlerkubevirt-virt-launcherkubevirt-virt-operatorkubevirt-virtctlobs-service-kubevirt_containers_metacontainerized-data-importer-apicontainerized-data-importer-clonercontainerized-data-importer-controllercontainerized-data-importer-importercontainerized-data-importer-manifestscontainerized-data-importer-operatorcontainerized-data-importer-uploadproxycontainerized-data-importer-uploadserverobs-service-cdi_containers_metasuse-build-keygimpgimp-develgimp-langgimp-plugin-aalibgimp-2_0-0libgimp-2_0-0-32bitlibgimpui-2_0-0libgimpui-2_0-0-32bithpliphplip-develhplip-hpijshplip-sanehplip-scan-utilspython311-cryptographypython3-cryptographytracker-miner-filestracker-minerstracker-miners-langlibncurses5libncurses5-32bitlibncurses6libncurses6-32bitncurses-develncurses-devel-32bitncurses-utilsncurses5-develncurses5-devel-32bittackterminfoterminfo-baseterminfo-itermterminfo-screenfreerdpfreerdp-develfreerdp-proxyfreerdp-serverfreerdp-waylandlibfreerdp2libuwac0-0libwinpr2uwac0-0-develwinpr2-devellibsass-3_6_5-1libsass-develpython-aiohttp-docpython3-aiohttpdocker-rootless-extrasrootlesskiterlang-rabbitmq-clientrabbitmq-serverrabbitmq-server-pluginslibzbar-devellibzbar0libzbar0-32bitlibzbarqt-devellibzbarqt0libzbarqt0-32bitzbarlibtinyxml0tinyxml-develtinyxml-docspppppp-develppp-modemjbigkitlibjbig-devellibjbig-devel-32bitlibjbig2libjbig2-32bitgnutlsgnutls-guilelibgnutls-devellibgnutls-devel-32bitlibgnutls30libgnutls30-32bitlibgnutls30-hmaclibgnutls30-hmac-32bitlibgnutlsxx-devellibgnutlsxx28PackageKitPackageKit-backend-dnfPackageKit-backend-zyppPackageKit-branding-upstreamPackageKit-develPackageKit-gstreamer-pluginPackageKit-gtk3-modulePackageKit-langlibpackagekit-glib2-18libpackagekit-glib2-18-32bitlibpackagekit-glib2-devellibpackagekit-glib2-devel-32bittypelib-1_0-PackageKitGlib-1_0python3-python-qpid-protonqpid-proton-develqpid-proton-devel-docperl-DBD-SQLitegpars-bootstrapgradlegradle-bootstrapgroovy-bootstrapgo1.22go1.22-docgo1.22-raceexpatlibexpat-devellibexpat-devel-32bitlibexpat1libexpat1-32bitpodmanpodman-dockerpodman-remotepodmanshkubernetes1.25-clientkubernetes1.25-client-commonkubernetes1.26-clientkubernetes1.26-client-commonlibblkid-devellibblkid-devel-32bitlibblkid-devel-staticlibblkid1libblkid1-32bitlibfdisk-devellibfdisk-devel-32bitlibfdisk-devel-staticlibfdisk1libfdisk1-32bitlibmount-devellibmount-devel-32bitlibmount-devel-staticlibmount1libmount1-32bitlibsmartcols-devellibsmartcols-devel-32bitlibsmartcols-devel-staticlibsmartcols1libsmartcols1-32bitlibuuid-devellibuuid-devel-32bitlibuuid-devel-staticlibuuid1libuuid1-32bitpython3-libmountutil-linuxutil-linux-langutil-linux-systemduuiddlesstomcat10tomcat10-admin-webappstomcat10-docs-webapptomcat10-el-5_0-apitomcat10-embedtomcat10-jsp-3_1-apitomcat10-jsvctomcat10-libtomcat10-servlet-6_0-apitomcat10-webappsperl-Net-CIDR-Liteemacsemacs-elemacs-infoemacs-noxemacs-x11etagscorepack20nodejs20nodejs20-develnodejs20-docsnpm20eclipse-contributor-toolseclipse-emf-coreeclipse-emf-core-bootstrapeclipse-emf-runtimeeclipse-emf-sdkeclipse-emf-xsdeclipse-equinox-osgieclipse-equinox-osgi-bootstrapeclipse-jdteclipse-jdt-bootstrapeclipse-p2-discoveryeclipse-p2-discovery-bootstrapeclipse-pdeeclipse-pde-bootstrapeclipse-platformeclipse-platform-bootstrapeclipse-swteclipse-swt-bootstrapmaven-failsafe-pluginmaven-failsafe-plugin-bootstrapmaven-surefiremaven-surefire-javadocmaven-surefire-pluginmaven-surefire-plugin-bootstrapmaven-surefire-plugins-javadocmaven-surefire-provider-junitmaven-surefire-provider-junit5maven-surefire-provider-junit5-javadocmaven-surefire-provider-testngmaven-surefire-report-parsermaven-surefire-report-pluginmaven-surefire-report-plugin-bootstraptychotycho-bootstraptycho-javadocpgadmin4pgadmin4-docpgadmin4-webpgadmin4-web-uwsgiapache-commons-daemonapache-commons-daemon-javadocapache-commons-daemon-jsvcapache-commons-dbcpapache-commons-dbcp-javadocapache-commons-pool2apache-commons-pool2-javadocgeronimo-annotation-1_0-apigeronimo-commonj-1_1-apisgeronimo-corba-1_0-apisgeronimo-corba-2_3-apisgeronimo-ejb-2_1-apigeronimo-ejb-3_0-apigeronimo-el-1_0-apigeronimo-interceptor-3_0-apigeronimo-j2ee-1_4-apisgeronimo-j2ee-connector-1_5-apigeronimo-j2ee-deployment-1_1-apigeronimo-j2ee-management-1_0-apigeronimo-j2ee-management-1_1-apigeronimo-jacc-1_0-apigeronimo-jacc-1_1-apigeronimo-jaf-1_0_2-apigeronimo-jaf-1_1-apigeronimo-javaee-deployment-1_1-apigeronimo-javamail-1_3_1-apigeronimo-javamail-1_4-apigeronimo-jaxr-1_0-apigeronimo-jaxrpc-1_1-apigeronimo-jms-1_1-apigeronimo-jpa-3_0-apigeronimo-jsp-2_0-apigeronimo-jsp-2_1-apigeronimo-jta-1_0_1B-apigeronimo-jta-1_1-apigeronimo-qname-1_1-apigeronimo-saaj-1_1-apigeronimo-servlet-2_4-apigeronimo-servlet-2_5-apigeronimo-stax-1_0-apigeronimo-ws-metadata-2_0-apijakarta-taglibs-standardjakarta-taglibs-standard-javadocgraphvizgraphviz-develgraphviz-docgraphviz-gdgraphviz-gnomegraphviz-guilegraphviz-gveditgraphviz-javagraphviz-luagraphviz-perlgraphviz-phpgraphviz-plugins-coregraphviz-rubygraphviz-smyrnagraphviz-tclgraphviz-webpgraphviz-x11libgraphviz6python3-gvpampam-32bitpam-develpam-devel-32bitpam-docpam-extrapam-extra-32bitapache-commons-configuration2apache-commons-configuration2-javadocshimlibpolkit-agent-1-0libpolkit-agent-1-0-32bitlibpolkit-gobject-1-0libpolkit-gobject-1-0-32bitpkexecpolkitpolkit-develpolkit-doctypelib-1_0-Polkit-1_0apache-commons-configurationapache-commons-configuration-javadoclibssh-configlibssh-devellibssh4libssh4-32bitpython3-idnapython311-gunicornopenCryptokiopenCryptoki-64bitopenCryptoki-develpython-M2Crypto-docpython311-M2Cryptojasperlibjasper-devellibjasper4libjasper4-32bitffmpeg-4ffmpeg-4-libavcodec-develffmpeg-4-libavdevice-develffmpeg-4-libavfilter-develffmpeg-4-libavformat-develffmpeg-4-libavresample-develffmpeg-4-libavutil-develffmpeg-4-libpostproc-develffmpeg-4-libswresample-develffmpeg-4-libswscale-develffmpeg-4-private-devellibavcodec58_134libavcodec58_134-32bitlibavdevice58_13libavdevice58_13-32bitlibavfilter7_110libavfilter7_110-32bitlibavformat58_76libavformat58_76-32bitlibavresample4_0libavresample4_0-32bitlibavutil56_70libavutil56_70-32bitlibpostproc55_9libpostproc55_9-32bitlibswresample3_9libswresample3_9-32bitlibswscale5_9libswscale5_9-32bitPOS_Image-Graphical7POS_Image-JeOS7ansibleansible-docansible-testgolang-github-prometheus-promumybatismybatis-javadocflatpakflatpak-develflatpak-remote-flathubflatpak-zsh-completionlibflatpak0system-user-flatpaktypelib-1_0-Flatpak-1_0python3-rpmpython311-rpmrpmrpm-32bitrpm-buildrpm-develrpm-ndbrpm-ndb-32bitlibcryptopp-devellibcryptopp8_6_0libcryptopp8_6_0-32bitpython3-pymongolibipa_hbac-devellibipa_hbac0libnfsidmap-ssslibsss_certmap-devellibsss_certmap0libsss_idmap-devellibsss_idmap0libsss_nss_idmap-devellibsss_nss_idmap0libsss_simpleifp-devellibsss_simpleifp0python3-ipa_hbacpython3-sss-murmurpython3-sss_nss_idmappython3-sssd-configsssdsssd-adsssd-commonsssd-common-32bitsssd-dbussssd-ipasssd-kcmsssd-krb5sssd-krb5-commonsssd-ldapsssd-proxysssd-toolssssd-winbind-idmapperl-Spreadsheet-ParseExcelpython-Werkzeug-docpython3-Werkzeuglibtss2-esys0libtss2-esys0-32bitlibtss2-fapi1libtss2-fapi1-32bitlibtss2-mu0libtss2-mu0-32bitlibtss2-rc0libtss2-rc0-32bitlibtss2-sys1libtss2-sys1-32bitlibtss2-tcti-cmd0libtss2-tcti-cmd0-32bitlibtss2-tcti-device0libtss2-tcti-device0-32bitlibtss2-tcti-mssim0libtss2-tcti-mssim0-32bitlibtss2-tcti-pcap0libtss2-tcti-swtpm0libtss2-tcti-swtpm0-32bitlibtss2-tctildr0libtss2-tctildr0-32bittpm2-0-tsstpm2-0-tss-develtpm2.0-toolslibcrc32c-devellibcrc32c1libprotobuf-lite25_1_0libprotobuf-lite25_1_0-32bitlibprotobuf25_1_0-32bitlibprotoc25_1_0libprotoc25_1_0-32bitprotobuf-develprotobuf-javapython311-apipkgpython311-cachetoolspython311-certifipython311-cffipython311-charset-normalizerpython311-google-api-corepython311-google-authpython311-google-cloud-appengine-loggingpython311-google-cloud-artifact-registrypython311-google-cloud-audit-logpython311-google-cloud-buildpython311-google-cloud-computepython311-google-cloud-corepython311-google-cloud-dnspython311-google-cloud-domainspython311-google-cloud-iampython311-google-cloud-kmspython311-google-cloud-kms-inventorypython311-google-cloud-loggingpython311-google-cloud-runpython311-google-cloud-secret-managerpython311-google-cloud-service-directorypython311-google-cloud-spannerpython311-google-cloud-storagepython311-google-cloud-vpc-accesspython311-google-crc32cpython311-google-resumable-mediapython311-googleapis-common-protospython311-grpc-google-iam-v1python311-grpciopython311-grpcio-statuspython311-idnapython311-iniconfigpython311-proto-pluspython311-protobufpython311-pypython311-pyOpenSSLpython311-pyasn1python311-pyasn1-modulespython311-pycparserpython311-pytzpython311-requestspython311-rsapython311-setuptoolspython311-sqlparsepython311-urllib3python-paramiko-docpython-tqdm-bash-completionpython311-Automatpython311-Deprecatedpython311-Fabricpython311-PyGithubpython311-PyJWTpython311-Pygmentspython311-aiohttppython311-aiosignalpython311-antlr4-python3-runtimepython311-argcompletepython311-asgirefpython311-async_timeoutpython311-avropython311-blinkerpython311-chardetpython311-constantlypython311-decoratorpython311-distropython311-dockerpython311-fakeredispython311-fixedintpython311-fluidity-smpython311-frozenlistpython311-httplib2python311-httprettypython311-humanfriendlypython311-hyperlinkpython311-importlib-metadatapython311-incrementalpython311-invokepython311-isodatepython311-javapropertiespython311-jsondiffpython311-knackpython311-lexiconpython311-marshmallowpython311-multidictpython311-oauthlibpython311-opencensuspython311-opencensus-contextpython311-opencensus-ext-threadingpython311-opentelemetry-apipython311-opentelemetry-sdkpython311-opentelemetry-semantic-conventionspython311-opentelemetry-test-utilspython311-paramikopython311-pathspecpython311-pkginfopython311-portalockerpython311-psutilpython311-pycomposefilepython311-pydashpython311-pyparsingpython311-redispython311-requests-oauthlibpython311-retryingpython311-scppython311-semverpython311-service_identitypython311-sortedcontainerspython311-sshtunnelpython311-strictyamlpython311-surepython311-tabulatepython311-tqdmpython311-typing_extensionspython311-vcrpypython311-websocket-clientpython311-wheelpython311-wraptpython311-xmltodictpython311-yarlpython311-zipppython311-zope.interfacecairo-develcairo-devel-32bitcairo-toolslibcairo-gobject2libcairo-gobject2-32bitlibcairo-script-interpreter2libcairo-script-interpreter2-32bitlibcairo2libcairo2-32bitxdg-desktop-portalxdg-desktop-portal-develxdg-desktop-portal-langgitgit-archgit-coregit-credential-gnome-keyringgit-credential-libsecretgit-cvsgit-daemongit-docgit-emailgit-guigit-p4git-svngit-webgitkperl-Gitgio-branding-upstreamglib2-develglib2-devel-32bitglib2-devel-staticglib2-docglib2-langglib2-tests-develglib2-toolsglib2-tools-32bitlibgio-2_0-0libgio-2_0-0-32bitlibglib-2_0-0libglib-2_0-0-32bitlibgmodule-2_0-0libgmodule-2_0-0-32bitlibgobject-2_0-0libgobject-2_0-0-32bitlibgthread-2_0-0libgthread-2_0-0-32bitwarewulf4warewulf4-manwarewulf4-overlaywarewulf4-overlay-slurmtmuxpython3-PyMySQLliburiparser1liburiparser1-32bituriparseruriparser-develpython-Jinja2-emacspython-Jinja2-vimpython3-Jinja2python311-Jinja2fwupdatefwupdate-develfwupdate-efilibfwup1apiguardianapiguardian-javadocassertj-corebyte-buddydom4jdom4j-demodom4j-javadochamcresthamcrest-javadocjaxenjdomjopt-simplejopt-simple-javadocjunitjunit-javadocjunit-manualjunit5junit5-bomjunit5-guidejunit5-javadocjunit5-minimalobjectweb-asmobjectweb-asm-javadocopen-test-reporting-eventsopen-test-reporting-schemasaxpathxompython3-dockerpython3-Brotliaws-nitro-enclaves-binaryblobs-upstreamaws-nitro-enclaves-clisystem-group-nelibunbound8unboundunbound-anchorunbound-develunbound-muninunbound-pythonpython3-scikit-learnaom-toolslibaom-devellibaom-devel-doclibaom3libaom3-32bitboothbooth-testgdk-pixbuf-develgdk-pixbuf-devel-32bitgdk-pixbuf-langgdk-pixbuf-query-loadersgdk-pixbuf-query-loaders-32bitgdk-pixbuf-thumbnailerlibgdk_pixbuf-2_0-0libgdk_pixbuf-2_0-0-32bittypelib-1_0-GdkPixbuf-2_0typelib-1_0-GdkPixdata-2_0libopencc2openccopencc-dataopencc-devellibpodofo-devellibpodofo0_9_6podofognome-settings-daemongnome-settings-daemon-develgnome-settings-daemon-langbsdtarlibarchive-devellibarchive13libarchive13-32bitwgetwget-langglade-catalog-vtelibvte-2_91-0typelib-1_0-Vte-2.91vte-develvte-langvte-toolslibntfs-3g-devellibntfs-3g87ntfs-3gntfsprogsntfsprogs-extrahdf5-gnu-hpchdf5-gnu-hpc-develhdf5-gnu-mpich-hpchdf5-gnu-mpich-hpc-develhdf5-gnu-mvapich2-hpchdf5-gnu-mvapich2-hpc-develhdf5-gnu-openmpi3-hpchdf5-gnu-openmpi3-hpc-develhdf5-gnu-openmpi4-hpchdf5-gnu-openmpi4-hpc-develhdf5-hpc-exampleshdf5_1_10_11-gnu-hpchdf5_1_10_11-gnu-hpc-develhdf5_1_10_11-gnu-hpc-devel-statichdf5_1_10_11-gnu-hpc-modulehdf5_1_10_11-gnu-mpich-hpchdf5_1_10_11-gnu-mpich-hpc-develhdf5_1_10_11-gnu-mpich-hpc-devel-statichdf5_1_10_11-gnu-mpich-hpc-modulehdf5_1_10_11-gnu-mvapich2-hpchdf5_1_10_11-gnu-mvapich2-hpc-develhdf5_1_10_11-gnu-mvapich2-hpc-devel-statichdf5_1_10_11-gnu-mvapich2-hpc-modulehdf5_1_10_11-gnu-openmpi3-hpchdf5_1_10_11-gnu-openmpi3-hpc-develhdf5_1_10_11-gnu-openmpi3-hpc-devel-statichdf5_1_10_11-gnu-openmpi3-hpc-modulehdf5_1_10_11-gnu-openmpi4-hpchdf5_1_10_11-gnu-openmpi4-hpc-develhdf5_1_10_11-gnu-openmpi4-hpc-devel-statichdf5_1_10_11-gnu-openmpi4-hpc-modulehdf5_1_10_11-hpc-exampleslibhdf5-gnu-hpclibhdf5-gnu-mpich-hpclibhdf5-gnu-mvapich2-hpclibhdf5-gnu-openmpi3-hpclibhdf5-gnu-openmpi4-hpclibhdf5_1_10_11-gnu-hpclibhdf5_1_10_11-gnu-mpich-hpclibhdf5_1_10_11-gnu-mvapich2-hpclibhdf5_1_10_11-gnu-openmpi3-hpclibhdf5_1_10_11-gnu-openmpi4-hpclibhdf5_cpp-gnu-hpclibhdf5_cpp-gnu-mpich-hpclibhdf5_cpp-gnu-mvapich2-hpclibhdf5_cpp-gnu-openmpi3-hpclibhdf5_cpp-gnu-openmpi4-hpclibhdf5_cpp_1_10_11-gnu-hpclibhdf5_cpp_1_10_11-gnu-mpich-hpclibhdf5_cpp_1_10_11-gnu-mvapich2-hpclibhdf5_cpp_1_10_11-gnu-openmpi3-hpclibhdf5_cpp_1_10_11-gnu-openmpi4-hpclibhdf5_fortran-gnu-hpclibhdf5_fortran-gnu-mpich-hpclibhdf5_fortran-gnu-mvapich2-hpclibhdf5_fortran-gnu-openmpi3-hpclibhdf5_fortran-gnu-openmpi4-hpclibhdf5_fortran_1_10_11-gnu-hpclibhdf5_fortran_1_10_11-gnu-mpich-hpclibhdf5_fortran_1_10_11-gnu-mvapich2-hpclibhdf5_fortran_1_10_11-gnu-openmpi3-hpclibhdf5_fortran_1_10_11-gnu-openmpi4-hpclibhdf5_hl-gnu-hpclibhdf5_hl-gnu-mpich-hpclibhdf5_hl-gnu-mvapich2-hpclibhdf5_hl-gnu-openmpi3-hpclibhdf5_hl-gnu-openmpi4-hpclibhdf5_hl_1_10_11-gnu-hpclibhdf5_hl_1_10_11-gnu-mpich-hpclibhdf5_hl_1_10_11-gnu-mvapich2-hpclibhdf5_hl_1_10_11-gnu-openmpi3-hpclibhdf5_hl_1_10_11-gnu-openmpi4-hpclibhdf5_hl_cpp-gnu-hpclibhdf5_hl_cpp-gnu-mpich-hpclibhdf5_hl_cpp-gnu-mvapich2-hpclibhdf5_hl_cpp-gnu-openmpi3-hpclibhdf5_hl_cpp-gnu-openmpi4-hpclibhdf5_hl_cpp_1_10_11-gnu-hpclibhdf5_hl_cpp_1_10_11-gnu-mpich-hpclibhdf5_hl_cpp_1_10_11-gnu-mvapich2-hpclibhdf5_hl_cpp_1_10_11-gnu-openmpi3-hpclibhdf5_hl_cpp_1_10_11-gnu-openmpi4-hpclibhdf5_hl_fortran-gnu-hpclibhdf5_hl_fortran-gnu-mpich-hpclibhdf5_hl_fortran-gnu-mvapich2-hpclibhdf5_hl_fortran-gnu-openmpi3-hpclibhdf5_hl_fortran-gnu-openmpi4-hpclibhdf5hl_fortran_1_10_11-gnu-hpclibhdf5hl_fortran_1_10_11-gnu-mpich-hpclibhdf5hl_fortran_1_10_11-gnu-mvapich2-hpclibhdf5hl_fortran_1_10_11-gnu-openmpi3-hpclibhdf5hl_fortran_1_10_11-gnu-openmpi4-hpclibopenmpi4-gnu-hpclibopenmpi_4_1_4-gnu-hpclua51-luaposixlua51-luatermlua53-luaposixlua53-luatermluaposix-docmpichmpich-develmpich-gnu-hpcmpich-gnu-hpc-develmpich-gnu-hpc-devel-staticmpich-gnu-hpc-macros-develmpich-ofimpich-ofi-develmpich-ofi-gnu-hpcmpich-ofi-gnu-hpc-develmpich-ofi-gnu-hpc-devel-staticmpich-ofi-gnu-hpc-macros-develmpich-ofi_4_0_2-gnu-hpcmpich-ofi_4_0_2-gnu-hpc-develmpich-ofi_4_0_2-gnu-hpc-devel-staticmpich-ofi_4_0_2-gnu-hpc-macros-develmpich_4_0_2-gnu-hpcmpich_4_0_2-gnu-hpc-develmpich_4_0_2-gnu-hpc-devel-staticmpich_4_0_2-gnu-hpc-macros-develmvapich2mvapich2-develmvapich2-devel-staticmvapich2-docmvapich2-gnu-hpcmvapich2-gnu-hpc-develmvapich2-gnu-hpc-docmvapich2-gnu-hpc-macros-develmvapich2-psmmvapich2-psm-develmvapich2-psm-devel-staticmvapich2-psm-docmvapich2-psm-gnu-hpcmvapich2-psm-gnu-hpc-develmvapich2-psm-gnu-hpc-docmvapich2-psm-gnu-hpc-macros-develmvapich2-psm2mvapich2-psm2-develmvapich2-psm2-devel-staticmvapich2-psm2-docmvapich2-psm2-gnu-hpcmvapich2-psm2-gnu-hpc-develmvapich2-psm2-gnu-hpc-docmvapich2-psm2-gnu-hpc-macros-develmvapich2-psm2_2_3_7-gnu-hpcmvapich2-psm2_2_3_7-gnu-hpc-develmvapich2-psm2_2_3_7-gnu-hpc-devel-staticmvapich2-psm2_2_3_7-gnu-hpc-docmvapich2-psm2_2_3_7-gnu-hpc-macros-develmvapich2-psm_2_3_7-gnu-hpcmvapich2-psm_2_3_7-gnu-hpc-develmvapich2-psm_2_3_7-gnu-hpc-devel-staticmvapich2-psm_2_3_7-gnu-hpc-docmvapich2-psm_2_3_7-gnu-hpc-macros-develmvapich2_2_3_7-gnu-hpcmvapich2_2_3_7-gnu-hpc-develmvapich2_2_3_7-gnu-hpc-devel-staticmvapich2_2_3_7-gnu-hpc-docmvapich2_2_3_7-gnu-hpc-macros-developenmpi4openmpi4-configopenmpi4-developenmpi4-docsopenmpi4-gnu-hpcopenmpi4-gnu-hpc-developenmpi4-gnu-hpc-devel-staticopenmpi4-gnu-hpc-docsopenmpi4-gnu-hpc-macros-developenmpi4-libsopenmpi4-libs-32bitopenmpi4-macros-developenmpi4-testsuiteopenmpi_4_1_4-gnu-hpcopenmpi_4_1_4-gnu-hpc-developenmpi_4_1_4-gnu-hpc-devel-staticopenmpi_4_1_4-gnu-hpc-docsopenmpi_4_1_4-gnu-hpc-macros-developenmpi_4_1_4-gnu-hpc-testsuiteapache-parentapache-sshdapache-sshd-javadoclibndplibndp-devellibndp0netty3netty3-javadocfreeradius-serverfreeradius-server-develfreeradius-server-docfreeradius-server-krb5freeradius-server-ldapfreeradius-server-ldap-schemasfreeradius-server-libsfreeradius-server-mysqlfreeradius-server-perlfreeradius-server-postgresqlfreeradius-server-python3freeradius-server-sqlitefreeradius-server-utilscpiocpio-langcpio-mtlibonig4oniguruma-develrear23asevctlmockitomockito-javadocsnakeyamlsnakeyaml-javadoctestngtestng-javadocgnome-extensionsgnome-shellgnome-shell-calendargnome-shell-develgnome-shell-langlibgit2-1_3libgit2-1_3-32bitlibgit2-develp7zipp7zip-docp7zip-fullpython311-dnspythonespeak-ngespeak-ng-compatespeak-ng-compat-develespeak-ng-devellibespeak-ng1python3-dnspythongtk2-branding-upstreamgtk2-datagtk2-develgtk2-devel-32bitgtk2-immodule-amharicgtk2-immodule-amharic-32bitgtk2-immodule-inuktitutgtk2-immodule-inuktitut-32bitgtk2-immodule-multipressgtk2-immodule-multipress-32bitgtk2-immodule-thaigtk2-immodule-thai-32bitgtk2-immodule-tigrignagtk2-immodule-tigrigna-32bitgtk2-immodule-vietnamesegtk2-immodule-vietnamese-32bitgtk2-immodule-ximgtk2-immodule-xim-32bitgtk2-langgtk2-toolsgtk2-tools-32bitlibgtk-2_0-0libgtk-2_0-0-32bittypelib-1_0-Gtk-2_0gettext-its-gtk3gtk3-branding-upstreamgtk3-datagtk3-develgtk3-devel-32bitgtk3-devel-docgtk3-immodule-amharicgtk3-immodule-amharic-32bitgtk3-immodule-broadwaygtk3-immodule-inuktitutgtk3-immodule-inuktitut-32bitgtk3-immodule-multipressgtk3-immodule-multipress-32bitgtk3-immodule-thaigtk3-immodule-thai-32bitgtk3-immodule-tigrignagtk3-immodule-tigrigna-32bitgtk3-immodule-vietnamesegtk3-immodule-vietnamese-32bitgtk3-immodule-waylandgtk3-immodule-wayland-32bitgtk3-immodule-ximgtk3-immodule-xim-32bitgtk3-langgtk3-schemagtk3-toolsgtk3-tools-32bitlibgtk-3-0libgtk-3-0-32bittypelib-1_0-Gtk-3_0liborc-0_4-0liborc-0_4-0-32bitorcorc-doclibfreebl3libfreebl3-32bitlibsoftokn3libsoftokn3-32bitmozilla-nssmozilla-nss-32bitmozilla-nss-certsmozilla-nss-certs-32bitmozilla-nss-develmozilla-nss-sysinitmozilla-nss-sysinit-32bitmozilla-nss-toolsdri3proto-develpatchpython-gunicorn-docpython3-gunicornpython39-setuptoolspython310-setuptoolsosclibQt5Quick3D5libQt5Quick3DAssetImport5libqt5-qtquick3d-devellibqt5-qtquick3d-exampleslibqt5-qtquick3d-importslibqt5-qtquick3d-private-headers-devellibqt5-qtquick3d-toolslibQt53DAnimation-devellibQt53DAnimation5libQt53DCore-devellibQt53DCore5libQt53DExtras-devellibQt53DExtras5libQt53DInput-devellibQt53DInput5libQt53DLogic-devellibQt53DLogic5libQt53DQuick-devellibQt53DQuick5libQt53DQuickAnimation-devellibQt53DQuickAnimation5libQt53DQuickExtras-devellibQt53DQuickExtras5libQt53DQuickInput-devellibQt53DQuickInput5libQt53DQuickRender-devellibQt53DQuickRender5libQt53DQuickScene2D-devellibQt53DQuickScene2D5libQt53DRender-devellibQt53DRender5libqt5-qt3d-devellibqt5-qt3d-exampleslibqt5-qt3d-importslibqt5-qt3d-private-headers-devellibqt5-qt3d-tools389-ds389-ds-devel389-ds-snmplib389libsvrcore0libzzip-0-13libzzip-0-13-32bitzziplib-develzziplib-devel-32bitkubernetes1.28-clientkubernetes1.28-client-commonkubernetes1.27-clientkubernetes1.27-client-commonbubblewrapbubblewrap-zsh-completionpython-WebOb-docpython3-WebObdovecot23dovecot23-backend-mysqldovecot23-backend-pgsqldovecot23-backend-sqlitedovecot23-develdovecot23-ftsdovecot23-fts-lucenedovecot23-fts-solrdovecot23-fts-squatlibsystemd0libsystemd0-32bitlibudev1libudev1-32bitnss-myhostnamenss-myhostname-32bitnss-systemdsystemdsystemd-32bitsystemd-containersystemd-coredumpsystemd-develsystemd-docsystemd-experimentalsystemd-journal-remotesystemd-langsystemd-networksystemd-portablesystemd-sysvinitsystemd-testsuiteudevliboath-develliboath0libopenconnect5libpskc-devellibpskc0libstoken1oath-toolkitoath-toolkit-xmlopenconnectopenconnect-developenconnect-docopenconnect-langpam_oathstokenstoken-develstoken-guilibpcap-devellibpcap-devel-32bitlibpcap-devel-staticlibpcap1libpcap1-32bitgo1.23go1.23-docgo1.23-racepython3-uamqpjschjsch-demojsch-javadoclibvpllibvpl-devellibvpl2libmfxlibmfx1python311-azure-identityapr-devellibapr1jenkins-json-libjson-libjson-lib-javadocMesaMesa-32bitMesa-KHR-develMesa-develMesa-driMesa-dri-32bitMesa-dri-develMesa-dri-nouveauMesa-dri-nouveau-32bitMesa-dri-vc4Mesa-galliumMesa-gallium-32bitMesa-libEGL-develMesa-libEGL-devel-32bitMesa-libEGL1Mesa-libEGL1-32bitMesa-libGL-develMesa-libGL-devel-32bitMesa-libGL1Mesa-libGL1-32bitMesa-libGLESv1_CM-develMesa-libGLESv1_CM-devel-32bitMesa-libGLESv2-develMesa-libGLESv2-devel-32bitMesa-libGLESv3-develMesa-libOpenCLMesa-libd3dMesa-libd3d-32bitMesa-libd3d-develMesa-libd3d-devel-32bitMesa-libglapi-develMesa-libglapi-devel-32bitMesa-libglapi0Mesa-libglapi0-32bitMesa-libvaMesa-vulkan-device-selectMesa-vulkan-device-select-32bitMesa-vulkan-overlayMesa-vulkan-overlay-32bitlibOSMesa-devellibOSMesa-devel-32bitlibOSMesa8libOSMesa8-32bitlibgbm-devellibgbm-devel-32bitlibgbm1libgbm1-32bitlibvdpau_nouveaulibvdpau_nouveau-32bitlibvdpau_r300libvdpau_r300-32bitlibvdpau_r600libvdpau_r600-32bitlibvdpau_radeonsilibvdpau_radeonsi-32bitlibvdpau_virtio_gpulibvdpau_virtio_gpu-32bitlibvulkan_broadcomlibvulkan_freedrenolibvulkan_intellibvulkan_intel-32bitlibvulkan_lvplibvulkan_radeonlibvulkan_radeon-32bitlibxatracker-devellibxatracker2libmozjs-78-0mozjs78mozjs78-devellibreoffice-base-drivers-firebirdOpenIPMIOpenIPMI-develOpenIPMI-python3libOpenIPMI0keepalivedetcdetcdctllibprotobuf25_1_0go1.22-opensslgo1.22-openssl-docgo1.22-openssl-racego1.23-opensslgo1.23-openssl-docgo1.23-openssl-racelibpcp-devellibpcp3libpcp_gui2libpcp_import1libpcp_mmv1libpcp_trace2libpcp_web1pcppcp-confpcp-develpcp-docpcp-export-pcp2elasticsearchpcp-export-pcp2graphitepcp-export-pcp2influxdbpcp-export-pcp2jsonpcp-export-pcp2sparkpcp-export-pcp2xmlpcp-export-pcp2zabbixpcp-guipcp-import-collectl2pcppcp-import-ganglia2pcppcp-import-iostat2pcppcp-import-mrtg2pcppcp-import-sar2pcppcp-pmda-activemqpcp-pmda-apachepcp-pmda-bashpcp-pmda-bondingpcp-pmda-cifspcp-pmda-ciscopcp-pmda-dbpingpcp-pmda-dmpcp-pmda-dockerpcp-pmda-ds389pcp-pmda-ds389logpcp-pmda-elasticsearchpcp-pmda-gfs2pcp-pmda-glusterpcp-pmda-gpfspcp-pmda-gpsdpcp-pmda-haclusterpcp-pmda-haproxypcp-pmda-infinibandpcp-pmda-jsonpcp-pmda-lmsensorspcp-pmda-loggerpcp-pmda-lustrepcp-pmda-lustrecommpcp-pmda-mailqpcp-pmda-memcachepcp-pmda-micpcp-pmda-mountspcp-pmda-mysqlpcp-pmda-namedpcp-pmda-netcheckpcp-pmda-netfilterpcp-pmda-newspcp-pmda-nfsclientpcp-pmda-nginxpcp-pmda-nutcrackerpcp-pmda-nvidia-gpupcp-pmda-openmetricspcp-pmda-openvswitchpcp-pmda-oraclepcp-pmda-pdnspcp-pmda-perfeventpcp-pmda-postfixpcp-pmda-rabbitmqpcp-pmda-redispcp-pmda-roomtemppcp-pmda-rsyslogpcp-pmda-sambapcp-pmda-sendmailpcp-pmda-shpingpcp-pmda-slurmpcp-pmda-smartpcp-pmda-snmppcp-pmda-socketspcp-pmda-summarypcp-pmda-systemdpcp-pmda-tracepcp-pmda-unboundpcp-pmda-weblogpcp-pmda-zimbrapcp-pmda-zswappcp-system-toolspcp-testsuitepcp-zeroconfperl-PCP-LogImportperl-PCP-LogSummaryperl-PCP-MMVperl-PCP-PMDApython3-pcpgovulncheck-vulndbapache2-mod_uwsgiuwsgiuwsgi-emperor_pguwsgi-emperor_zeromquwsgi-geventuwsgi-glusterfsuwsgi-greenletuwsgi-jvmuwsgi-ldapuwsgi-libffiuwsgi-logzmquwsgi-luauwsgi-pamuwsgi-php7uwsgi-psgiuwsgi-pypyuwsgi-python3uwsgi-sqlite3uwsgi-xsltruby2.5-rubygem-bundlerruby2.5-rubygem-bundler-docpython311-waitresspython311-waitress-docruby2.5-rubygem-actionmailer-5_1ruby2.5-rubygem-actionmailer-doc-5_1gsf-office-thumbnailerlibgsf-1-114libgsf-1-114-32bitlibgsf-devellibgsf-langlibgsf-toolstypelib-1_0-Gsf-1apache-commons-lang3apache-commons-lang3-javadocbcelmojo-parentxalan-j2xalan-j2-demoxalan-j2-manualxalan-j2-xsltcxerces-j2xerces-j2-demoxerces-j2-javadocpython3-wxPythonpython3-wxPython-langhttpcomponents-clienthttpcomponents-client-cachehttpcomponents-client-javadochttpcomponents-corehttpcomponents-core-javadocbea-staxbea-stax-apixstreamxstream-benchmarkxstream-javadocxstream-parentjavapackages-filesystemjavapackages-gradlejavapackages-ivyjavapackages-localjavapackages-toolspython3-javapackagesxmlgraphics-batikxmlgraphics-batik-cssxmlgraphics-batik-demoxmlgraphics-batik-javadocxmlgraphics-batik-rasterizerxmlgraphics-batik-slideshowxmlgraphics-batik-squigglexmlgraphics-batik-svgppxmlgraphics-batik-ttf2svgxmlgraphics-commonsxmlgraphics-commons-javadocxmlgraphics-fopovmfovmf-toolsqemu-ovmf-ia32qemu-ovmf-x86_64qemu-ovmf-x86_64-debugqemu-uefi-aarch32qemu-uefi-aarch64python311-virtualenvpython3-waitresslibuv-devellibuv1libuv1-32bitpython311-tornado6postgresql17postgresql17-contribpostgresql17-develpostgresql17-docspostgresql17-llvmjitpostgresql17-llvmjit-develpostgresql17-plperlpostgresql17-plpythonpostgresql17-pltclpostgresql17-serverpostgresql17-server-develpostgresql17-testdocker-stabledocker-stable-bash-completiondocker-stable-fish-completiondocker-stable-rootless-extrasdocker-stable-zsh-completionobs-scm-bridgeavif-toolsgdk-pixbuf-loader-libaviflibavif-devellibavif13libavif13-32bitsocataws-iam-authenticatorlibyuv-devellibyuv-toolslibyuv0libyuv0-32bitlibsoup-2_4-1libsoup-2_4-1-32bitlibsoup2-devellibsoup2-devel-32bitlibsoup2-langtypelib-1_0-Soup-2_4libnetpbm-devellibnetpbm11libnetpbm11-32bitnetpbmnetpbm-vulnerablelibsoup-3_0-0libsoup-3_0-0-32bitlibsoup-devellibsoup-devel-32bitlibsoup-langtypelib-1_0-Soup-3_0libsvn_auth_gnome_keyring-1-0libsvn_auth_kwallet-1-0subversionsubversion-bash-completionsubversion-develsubversion-perlsubversion-pythonsubversion-rubysubversion-serversubversion-toolsjctoolsjctools-channelsjctools-experimentaljctools-javadocgdbgdb-testresultsgdbservergrpc-develgrpc-sourcelibgrpc++1_60libgrpc1_60libgrpc37libupb37upb-develdpdkdpdk-develdpdk-docdpdk-examplesdpdk-kmp-defaultdpdk-thunderxdpdk-thunderx-develdpdk-thunderx-docdpdk-thunderx-examplesdpdk-thunderx-kmp-defaultdpdk-thunderx-toolsdpdk-toolslibdpdk-20_0python3-pycryptodomexmaven-archivermaven-archiver-javadocmaven-assembly-pluginmaven-assembly-plugin-javadocmaven-common-artifact-filtersmaven-common-artifact-filters-javadocmaven-compiler-pluginmaven-compiler-plugin-bootstrapmaven-compiler-plugin-javadocmaven-dependency-analyzermaven-dependency-analyzer-javadocmaven-dependency-pluginmaven-dependency-plugin-javadocmaven-dependency-treemaven-dependency-tree-javadocmaven-enforcermaven-enforcer-apimaven-enforcer-javadocmaven-enforcer-pluginmaven-enforcer-rulesmaven-plugin-annotationsmaven-plugin-pluginmaven-plugin-plugin-bootstrapmaven-plugin-plugin-javadocmaven-plugin-tools-annotationsmaven-plugin-tools-antmaven-plugin-tools-apimaven-plugin-tools-beanshellmaven-plugin-tools-generatorsmaven-plugin-tools-javamaven-plugin-tools-javadocmaven-plugin-tools-modelmaven-script-antmaven-script-beanshellplexus-archiverplexus-archiver-javadocplexus-compilerplexus-compiler-extrasplexus-compiler-javadoceclipse-jgitabseil-cpp-devellibabsl2308_0_0libabsl2308_0_0-32bitlibre2-11libre2-11-32bitopencensus-proto-sourcepython311-abseilre2-develpython3-pycryptodomerear27atartar-backup-scriptstar-doctar-langtar-rmttar-testsapache-commons-codecapache-commons-codec-javadocapache-commons-compressapache-commons-compress-javadocapache-commons-ioapache-commons-io-javadocgradle-localivy-localmaven-doxia-coremaven-doxia-javadocmaven-doxia-logging-apimaven-doxia-module-aptmaven-doxia-module-confluencemaven-doxia-module-docbook-simplemaven-doxia-module-fmlmaven-doxia-module-fomaven-doxia-module-latexmaven-doxia-module-rtfmaven-doxia-module-twikimaven-doxia-module-xdocmaven-doxia-module-xhtmlmaven-doxia-module-xhtml5maven-doxia-sink-apimaven-doxia-sitetoolsmaven-doxia-sitetools-javadocmaven-doxia-test-docsmaven-jar-pluginmaven-jar-plugin-bootstrapmaven-jar-plugin-javadocmaven-javadoc-pluginmaven-javadoc-plugin-bootstrapmaven-javadoc-plugin-javadocmaven-localmaven-reporting-apimaven-reporting-api-javadocmaven-reporting-implmaven-reporting-impl-javadocmaven-resources-pluginmaven-resources-plugin-bootstrapmaven-resources-plugin-javadoclibmilter-doclibmilter1_0rmailsendmailsendmail-develsendmail-starttlsapache2-mod_auth_openidchawk2wpa_supplicantwpa_supplicant-guiruby2.5-rubygem-rackruby2.5-rubygem-rack-docruby2.5-rubygem-rack-testsuitepostgresql-jdbcpostgresql-jdbc-javadocgiflib-develgiflib-devel-32bitgiflib-progslibgif7libgif7-32bitgoogle-oauth-java-clientgoogle-oauth-java-client-java6google-oauth-java-client-javadocgoogle-oauth-java-client-parentgoogle-oauth-java-client-servletaxisaxis-manualfontforgefontforge-develfontforge-docsudosudo-develsudo-plugin-pythonsudo-testspectre-meltdown-checkertrilead-ssh2trilead-ssh2-javadocjsch-agent-proxy-connector-factoryjsch-agent-proxy-corejsch-agent-proxy-javadocjsch-agent-proxy-jschjsch-agent-proxy-pageantjsch-agent-proxy-sshagentjsch-agent-proxy-usocket-jnajsch-agent-proxy-usocket-nc(x86_64)0:90.0.4480.84-lp155.3.3.115.5(x86_64)0:99.0.4788.13-lp155.3.6.1(aarch64|x86_64)0:114.0.5735.106-bp155.2.4.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.23.5-bp155.2.3.1(aarch64|x86_64)0:114.0.5735.133-bp155.2.7.1(aarch64|x86_64)0:114.0.5735.198-bp155.2.10.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.94-bp155.3.3.1(aarch64|s390x|x86_64)0:0.8.2-bp155.2.3.1(aarch64_ilp32)0:0.8.2-bp155.2.3.1(aarch64|ppc64le|s390x|x86_64)0:0.8.6-bp155.2.3.1(noarch)0:0.8.6-bp155.2.3.1(noarch)0:2.54-bp155.2.3.1(noarch)0:3.8.0-bp155.2.3.1(aarch64|x86_64)0:3.8.0-bp155.2.3.1(noarch)0:1.11.29-bp155.4.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.0.47-bp155.3.3.1(aarch64|x86_64)0:115.0.5790.102-bp155.2.13.1(aarch64|i586|x86_64)0:0.12.5.5907-bp155.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.5.2-bp155.2.3.1(noarch)0:6.0.34-bp155.2.6.1(x86_64)0:7.0.10-lp155.2.5.1(noarch)0:7.0.10-lp155.2.5.1(x86_64)0:7.0.10_k5.14.21_150500.55.7-lp155.2.5.1(aarch64|x86_64)0:115.0.5790.170-bp155.2.16.1(noarch)0:1.9022-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.29.2-bp155.3.3.2(noarch)0:0.29.2-bp155.3.3.2(aarch64|x86_64)0:0.1.9+git.35.4b9444a-bp155.2.3.1(noarch)0:0.1.9+git.35.4b9444a-bp155.2.3.1(noarch)0:0.086-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.36-bp155.2.3.1(noarch)0:3.0.4-bp155.3.3.1(aarch64|x86_64)0:116.0.5845.96-bp155.2.19.1(x86_64)0:116.0.5845.110-bp155.2.22.1(aarch64|x86_64)0:116.0.5845.140-bp155.2.25.1(aarch64|x86_64)0:116.0.5845.179-bp155.2.28.1(aarch64|x86_64)0:116.0.5845.187-bp155.2.31.1(aarch64|x86_64)0:116.0.5845.187-bp155.2.34.1(aarch64|x86_64)0:117.0.5938.88-bp155.2.37.1(x86_64)0:102.0.4880.40-lp155.3.9.1(aarch64|i586|x86_64)0:1.24-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:3.0.10-bp155.3.3.1(x86_64)0:3.0.10-bp155.3.3.1(aarch64_ilp32)0:3.0.10-bp155.3.3.1(noarch)0:3.1.12.1610074031.f653af66-bp155.3.3.1(noarch)0:2.5.2-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.4.4-bp155.2.3.1(noarch)0:1.2.25-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.2.25-bp155.2.3.1(aarch64|x86_64)0:117.0.5938.132-bp155.2.40.1(aarch64|x86_64)0:2.53.17.1-bp155.2.3.1(noarch)0:1.6.3-bp155.2.3.1(aarch64|x86_64)0:117.0.5938.149-bp155.2.43.1(aarch64|ppc64le|s390x|x86_64)0:4.94.2-bp155.5.3.1(x86_64)0:103.0.4928.16-lp155.3.12.1(aarch64|x86_64)0:118.0.5993.70-bp155.2.46.1(aarch64|ppc64le|s390x|x86_64)0:4.94.2-bp155.5.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:9.31-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.1.7-bp155.2.3.1(aarch64|x86_64)0:118.0.5993.88-bp155.2.49.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.28-bp155.3.3.1(aarch64|x86_64)0:118.0.5993.117-bp155.2.52.1(aarch64|i586|ppc64le|s390x|x86_64)0:14.4.2-bp155.3.3.1(noarch)0:3.2.0-bp155.2.3.1(x86_64)0:104.0.4944.23-lp155.3.15.1(noarch)0:1.6.4-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:5.2.3-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:5.2.3-bp155.3.5.1(x86_64)0:7.0.12-lp155.2.13.1(noarch)0:7.0.12-lp155.2.13.1(x86_64)0:7.0.12_k5.14.21_150500.55.31-lp155.2.13.1(x86_64)0:104.0.4944.36-lp155.3.18.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.4.8.8-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.21.1-bp155.3.3.1(aarch64|ppc64le|x86_64)0:3.0.20-bp155.2.3.1(noarch)0:3.0.20-bp155.2.3.1(aarch64|x86_64)0:119.0.6045.123-bp155.2.55.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.20231023-bp155.5.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.42-bp155.4.3.1(aarch64|i586|s390x|x86_64)0:1.42-bp155.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.42-bp155.4.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:3.06.0.1-bp155.5.3.1(aarch64|x86_64)0:119.0.6045.159-bp155.2.58.1(noarch)0:2023.11.14-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.22.0-lp155.3.4.1(x86_64)0:1.22.0-lp155.3.4.1(aarch64_ilp32)0:1.22.0-lp155.3.4.1(noarch)0:1.22.0-lp155.3.4.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.7.8-bp155.5.5.1(x86_64)0:105.0.4970.21-lp155.3.21.1(aarch64|x86_64)0:119.0.6045.199-bp155.2.61.1(noarch)0:1.11.29-bp155.4.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.0.9-bp155.2.3.1(noarch)0:2.0.9-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.6.2-bp155.2.3.1(x86_64)0:105.0.4970.34-lp155.3.24.1(aarch64|i586|ppc64le|s390x|x86_64)0:3.3.1-bp155.4.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.22.0-lp155.3.7.1(x86_64)0:1.22.0-lp155.3.7.1(aarch64_ilp32)0:1.22.0-lp155.3.7.1(noarch)0:1.22.0-lp155.3.7.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.80-bp155.2.3.1(aarch64|ppc64le|s390x|x86_64)0:2.12.1-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.0.50-bp155.3.9.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.3.8b-bp155.2.3.1(noarch)0:1.3.8b-bp155.2.3.1(aarch64|ppc64le|s390x|x86_64)0:5.12.13-bp155.2.3.1(noarch)0:5.12.13-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.8.1-bp155.2.3.1(x86_64)0:109.0.5097.38-lp155.3.42.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.81-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.80.0-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:3.6.8-bp155.3.3.1(aarch64|ppc64le|x86_64)0:4.8.8-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:8.1.28-bp155.8.1(noarch)0:8.1.28-bp155.8.1(aarch64|i586|ppc64le|s390x|x86_64)0:8.1.28-bp155.8.3(noarch)0:3.0.1-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.11.2-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:8.4.0-bp155.3.3.1(x86_64)0:110.0.5130.23-lp155.3.45.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.12-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.2.2-bp155.2.3.1(noarch)0:2.2.2-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:8.4.0-bp155.3.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.26.2-bp155.2.3.1(aarch64|x86_64)0:125.0.6422.60-bp155.2.82.1(aarch64|x86_64)0:125.0.6422.76-bp155.2.85.2(aarch64|i586|ppc64le|s390x|x86_64)0:6.4.2-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.7.18-bp155.3.3.1(aarch64|x86_64)0:125.0.6422.112-bp155.2.88.1(x86_64)0:110.0.5130.39-lp155.3.48.1(aarch64|i586|ppc64le|s390x|x86_64)0:5.15.2+kde2-bp155.3.3.1(x86_64)0:5.15.2+kde2-bp155.3.3.1(aarch64_ilp32)0:5.15.2+kde2-bp155.3.3.1(noarch)0:5.15.2+kde2-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.95-bp155.3.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.12.5.6924-bp155.3.6.1(aarch64|x86_64)0:125.0.6422.141-bp155.2.91.1(noarch)0:3.0.1-bp155.3.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.5.42-bp156.3.3.1(aarch64|ppc64le|x86_64)0:5.27.9-bp155.2.6.1(noarch)0:5.27.9-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:7.2-bp156.3.3.1(noarch)0:7.2-bp156.3.3.1(x86_64)0:106.0.4998.28-lp155.3.30.1(aarch64|ppc64le|s390x|x86_64)0:3.0.24-bp155.2.4.1(noarch)0:2.14.4-bp155.3.3.1(noarch)0:0.70-bp155.3.3.1(x86_64)0:111.0.5168.43-lp155.3.51.1(aarch64|i586|ppc64le|s390x|x86_64)0:6.2.8-bp156.2.3.1(noarch)0:0.2.1-bp155.3.3.1(x86_64)0:106.0.4998.19-lp155.3.27.1(aarch64|x86_64)0:120.0.6099.216-bp155.2.64.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.19.5-bp155.2.3.1(noarch)0:2.19.5-bp155.2.3.1(x86_64)0:2.19.5-bp155.2.3.1(aarch64_ilp32)0:2.19.5-bp155.2.3.1(aarch64|x86_64)0:126.0.6478.126-bp156.2.6.1(x86_64)0:112.0.5197.25-lp155.3.54.1(noarch)0:0.290.0-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:6.6.9-bp156.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.8.4-bp155.2.3.1(noarch)0:2.8.4-bp155.2.3.1(aarch64|x86_64)0:126.0.6478.182-bp156.2.11.1(noarch)0:0.14.4-bp155.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.97.1-bp155.5.12.1(noarch)0:3.7-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:6.2.8-bp156.2.6.1(aarch64|ppc64le|s390x|x86_64)0:5.3.1-bp156.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.53.0-bp155.2.12.1(noarch)0:2.53.0-bp155.2.12.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.4.1-bp155.3.3.1(noarch)0:5.7.11-bp155.3.3.1(noarch)0:1.2.1-bp155.3.3.1(aarch64|x86_64)0:1.3.0-bp155.3.3.2(noarch)0:1.3.0-bp155.3.3.2(aarch64|i586|ppc64le|s390x|x86_64)0:0.5.0-bp155.2.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.8.1-bp155.2.6.1(aarch64|x86_64)0:120.0.6099.224-bp155.2.67.1(aarch64|ppc64le|s390x|x86_64)0:4.12.1-bp155.3.3.1(x86_64)0:112.0.5197.53-lp155.3.57.1(aarch64|i586|ppc64le|s390x|x86_64)0:8.4.0-bp155.3.9.1(aarch64|x86_64)0:127.0.6533.119-bp156.2.14.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.20240730-bp156.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.69.1-bp156.2.1(noarch)0:1.6.7-bp155.2.9.1(aarch64|x86_64)0:128.0.6613.84-bp156.2.17.1(i586|x86_64)0:2.53.18.1-bp155.2.15.1(aarch64|i586|ppc64le|s390x|x86_64)0:8.1.29-bp155.11.1(noarch)0:8.1.29-bp155.11.1(aarch64|x86_64)0:128.0.6613.113-bp156.2.20.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.54.1-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:0.70.1-bp156.5.1(noarch)0:1.2.27-bp155.2.9.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.2.27-bp155.2.9.1(x86_64)0:113.0.5230.32-lp155.3.60.1(aarch64|x86_64)0:128.0.6613.119-bp155.2.111.1(aarch64|x86_64)0:128.0.6613.137-bp156.2.26.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.9.16-bp155.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.22.0-lp155.3.10.1(x86_64)0:1.22.0-lp155.3.10.1(aarch64_ilp32)0:1.22.0-lp155.3.10.1(noarch)0:1.22.0-lp155.3.10.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.22.0-lp155.3.14.1(x86_64)0:1.22.0-lp155.3.14.1(aarch64_ilp32)0:1.22.0-lp155.3.14.1(noarch)0:1.22.0-lp155.3.14.1(noarch)0:1.2.26-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.2.26-bp155.2.6.1(aarch64|x86_64)0:129.0.6668.58-bp155.2.117.2(aarch64|x86_64)0:129.0.6668.70-bp155.2.120.1(x86_64)0:114.0.5282.21-lp156.2.20.1(aarch64|x86_64)0:129.0.6668.89-bp156.2.35.1(noarch)0:1.6.8-bp156.2.3.1(x86_64)0:106.0.4998.52-lp155.3.33.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.2.3-bp155.2.1(noarch)0:1.2.3-bp155.2.1(aarch64|x86_64)0:129.0.6668.100-bp156.2.38.1(aarch64|x86_64)0:130.0.6723.58-bp156.2.41.1(aarch64|x86_64)0:130.0.6723.69-bp156.2.44.1(aarch64|i586|ppc64le|s390x|x86_64)0:6.0.2-bp156.2.3.1(noarch)0:6.0.2-bp156.2.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.19.5-bp156.3.6.1(noarch)0:2.19.5-bp156.3.6.1(x86_64)0:2.19.5-bp156.3.6.1(aarch64_ilp32)0:2.19.5-bp156.3.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.1.0-bp156.5.3.1(noarch)0:4.1.0-bp156.5.3.1(aarch64|ppc64le|s390x|x86_64)0:2.0.20-bp156.2.3.1(aarch64|x86_64)0:130.0.6723.91-bp155.2.135.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.9.16-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:9.1.0-bp155.3.3.1(noarch)0:2.2.10-bp156.3.3.1(aarch64|x86_64)0:23.08.5-bp156.2.3.1(noarch)0:23.08.5-bp156.2.3.1(aarch64|x86_64)0:130.0.6723.116-bp155.2.138.1(aarch64|i586|ppc64le|s390x|x86_64)0:20240101-bp155.2.3.1(noarch)0:1.26.0-bp155.3.3.1(aarch64|i586|ppc64le|s390x|x86_64)0:2.28.7-bp155.2.3.1(x86_64)0:2.28.7-bp155.2.3.1(aarch64_ilp32)0:2.28.7-bp155.2.3.1(aarch64|i586|ppc64le|x86_64)0:2.13.10-bp155.3.3.1(aarch64|x86_64)0:131.0.6778.69-bp155.2.141.1(aarch64|x86_64)0:131.0.6778.85-bp155.2.144.1(i586|x86_64)0:2.53.19-bp155.2.23.1(noarch)0:3.3.7-bp155.2.3.2(x86_64)0:115.0.5322.68-lp156.2.23.1(aarch64|i586|ppc64le|s390x|x86_64)0:5.9.8-bp155.2.3.1(noarch)0:5.9.8-bp155.2.3.1(aarch64|x86_64)0:6.4.2-bp155.2.6.1(aarch64|x86_64)0:131.0.6778.108-bp155.2.147.1(aarch64|x86_64)0:131.0.6778.139-bp156.2.62.1(noarch)0:1.5.1-bp155.3.6.1(noarch)0:0.2.4-bp155.3.3.1(aarch64|x86_64)0:131.0.6778.204-bp156.2.65.1(aarch64|ppc64le|s390x|x86_64)0:2023.0.0-bp155.2.3.1(aarch64|ppc64le|x86_64)0:4.8.6-bp155.2.3.1(aarch64|ppc64le|s390x|x86_64)0:26.0-bp155.2.3.1(x86_64)0:107.0.5045.21-lp155.3.36.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.27.3-bp155.2.6.1(aarch64|i586|ppc64le|s390x|x86_64)0:4.0.50-bp155.3.12.1(aarch64|ppc64le|s390x|x86_64)0:4.97.1-bp155.5.9.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.3.8b-bp155.2.6.1(noarch)0:1.3.8b-bp155.2.6.1(noarch)0:1.11.29-bp155.4.9.1(noarch)0:4.1.5-bp155.3.3.1(aarch64|x86_64)0:122.0.6261.128-bp155.2.75.1(aarch64|i586|ppc64le|s390x|x86_64)0:17.0.6-bp155.2.2(noarch)0:17.0.6-bp155.2.2(x86_64)0:17.0.6-bp155.2.2(aarch64_ilp32)0:17.0.6-bp155.2.2(aarch64|x86_64)0:17.0.6-bp155.2.2(aarch64|i586|ppc64le|x86_64)0:17.0.6-bp155.2.2(aarch64|i586|ppc64le|s390x|x86_64)0:1.3.3-bp155.2.3.1(aarch64|x86_64)0:1.1.0~rc16~git6.e51d0de-bp155.14.1(x86_64)0:108.0.5067.40-lp155.3.39.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.1.0-bp155.2.1(aarch64|i586|ppc64le|s390x|x86_64)0:1.16.6-bp155.3.3.1(noarch)0:6.7.2-bp155.3.3.1(aarch64|ppc64le|s390x|x86_64)0:5.9.3-150300.15.3.1(x86_64)0:5.9.3-150300.15.3.1(aarch64|ppc64le|s390x|x86_64)0:4.1.90-150200.4.14.1(noarch)0:4.1.90-150200.4.14.1(aarch64|ppc64le|s390x|x86_64)0:2.0.59-150200.3.10.1(noarch)0:2.0.59-150200.3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150400.3.11.1(x86_64)0:1.12.0-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.23.1(x86_64)0:8.0.1-150400.5.23.1(aarch64|ppc64le|s390x|x86_64)0:1.25.0-150200.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.372-150000.3.79.1(noarch)0:1.8.0.372-150000.3.79.1(x86_64)0:20230512-150200.24.1(aarch64|ppc64le|s390x|x86_64)0:2.14.2-150400.24.6.1(aarch64|ppc64le|s390x|x86_64)0:20.06.2-150400.24.6.1(noarch)0:2.14.2-150400.24.6.1(noarch)0:20.06.2-150400.24.6.1(aarch64|ppc64le|s390x|x86_64)0:3.11.0-150200.6.5.1(aarch64|ppc64le|s390x|x86_64)0:3.0.0-150200.6.5.1(noarch)0:1.0.4-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.2.2-150000.1.10.1(aarch64|ppc64le|s390x|x86_64)0:6.3.3-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.9-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:1.21-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:5.3.6-150400.31.3.1(aarch64|x86_64)0:2.1.0beta3-150400.31.3.1(noarch)0:2021.20210325.svn30357-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn27321-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn12688-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn28038-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn57878-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn57089-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn58378-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn3006-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29036-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn57890-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52909-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn18790-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn45266-150400.31.3.1(noarch)0:2021.20210325.svn57273-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn16219-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn17794-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn15543-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25623-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn38300-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52631-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37223-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn51944-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn48871-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34112-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn30408-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn45927-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn50528-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn46996-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn48478-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn24061-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23866-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn58136-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53554-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn17399-150400.31.3.1(noarch)0:2021.20210325.svn37645-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn24759-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29031-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn8329-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn44515-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn58535-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29050-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn18336-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25860-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14752-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14758-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25997-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn13663-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34971-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn54732-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37813-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn56984-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn44835-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn49033-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32101-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn46894-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53999-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn54358-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn30983-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn42296-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn42300-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn16420-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25012-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32150-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn10937-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn27025-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn56352-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn31696-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn26126-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn15093-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn41465-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29005-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32346-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34647-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn43292-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn50281-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37750-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn38769-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23500-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23661-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23406-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14428-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn8457-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn33688-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn18674-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn30534-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37026-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53804-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn10843-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37537-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14387-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52858-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn41779-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn49140-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn40690-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25962-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn16181-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn39165-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29348-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn13364-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52800-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32405-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn7838-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29333-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn44206-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29335-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34996-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn31638-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32919-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn55172-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53577-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn55933-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29688-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn38710-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn21215-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37771-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn13013-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn45011-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn15506-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn12782-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn47948-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29741-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn33155-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn24062-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn43596-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53444-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn6898-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn55132-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25648-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23262-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn6897-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn50419-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn46165-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn49312-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52917-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34398-150400.31.3.1(aarch64|ppc64le|s390x|x86_64)0:2.14.2-150400.24.9.1(aarch64|ppc64le|s390x|x86_64)0:20.06.2-150400.24.9.1(noarch)0:2.14.2-150400.24.9.1(noarch)0:20.06.2-150400.24.9.1(aarch64|ppc64le|s390x|x86_64)0:0.19-150300.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.8.2-150400.9.21.1(aarch64|ppc64le|s390x|x86_64)0:1.18.10.1-150000.1.9.1(aarch64|x86_64)0:1.18.10.1-150000.1.9.1(aarch64|ppc64le|s390x|x86_64)0:1.19.1-150000.3.23.1(x86_64)0:1.19.1-150000.3.23.1(aarch64|ppc64le|s390x|x86_64)0:3.6.14-150000.3.92.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.76.1(x86_64)0:1.0.2p-150000.3.76.1(noarch)0:1.0.2p-150000.3.76.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.28.1(x86_64)0:4.0.9-150000.45.28.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0.9-150400.6.21.1(x86_64)0:7.1.0.9-150400.6.21.1(noarch)0:7.1.0.9-150400.6.21.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.43.1(x86_64)0:2.2.7-150000.3.43.1(noarch)0:1.5-150200.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.5.1-150100.3.7.1(aarch64|ppc64le|s390x|x86_64)0:3.10.11-150400.4.25.1(x86_64)0:3.10.11-150400.4.25.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-150200.3.5.1(x86_64)0:1.0.3-150200.3.5.1(aarch64|ppc64le|s390x|x86_64)0:10.6.13-150400.3.23.1(noarch)0:10.6.13-150400.3.23.1(aarch64|ppc64le|s390x|x86_64)0:2.4.46-150200.14.14.1(x86_64)0:2.4.46-150200.14.14.1(noarch)0:2.4.46-150200.14.14.1(aarch64|ppc64le|s390x|x86_64)0:1.2-150200.14.14.1(aarch64|ppc64le|s390x|x86_64)0:102.12.0-150200.152.90.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.5-150000.3.74.1(x86_64)0:1.8.0_sr8.5-150000.3.74.1(noarch)0:9.0.75-150200.41.1(aarch64|ppc64le|s390x|x86_64)0:1.2.1-150400.4.12.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.3.1(x86_64)0:0.22.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.48.1(x86_64)0:3.6.15-150300.10.48.1(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.19.10-150000.1.34.1(aarch64|ppc64le|s390x|x86_64)0:1.20.5-150000.1.14.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-150100.197.148.1(aarch64|x86_64)0:4.17.1_04-150500.3.3.1(x86_64)0:4.17.1_04-150500.3.3.1(noarch)0:4.17.1_04-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:23.03.0-150500.3.3.1(noarch)0:3.1.0-150500.3.3.1(noarch)0:23.03.0-150500.3.3.1(noarch)0:9.4.51-150200.3.19.2(aarch64|ppc64le|s390x|x86_64)0:1.18.10-150200.5.10.1(aarch64|ppc64le|s390x|x86_64)0:1.23.17-150500.3.3.1(noarch)0:1.23.17-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.24.13-150500.3.3.1(noarch)0:1.24.13-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:5.65-150500.3.3.1(noarch)0:5.65-150500.3.3.1(x86_64)0:5.65-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.4.0-150000.3.9.1(noarch)0:3.10-150000.3.3.4(noarch)0:0.9.3-150000.3.3.4(aarch64|ppc64le|s390x|x86_64)0:3.17.2-150300.3.2.3(aarch64|ppc64le|s390x|x86_64)0:9.5.1-150200.3.41.3(noarch)0:0.1.1681904360.84ef141-150000.1.50.1(noarch)0:4.3.21-150000.3.98.1(aarch64|ppc64le|s390x|x86_64)0:0.5.0-150000.1.12.3(aarch64|ppc64le|s390x|x86_64)0:17.1.2-150000.3.5.2(aarch64|ppc64le|s390x|x86_64)0:0.1-150100.4.17.1(aarch64|ppc64le|s390x|x86_64)0:2.37.6-150100.4.17.1(aarch64|x86_64)0:1.26.0~0-150400.3.7.1(aarch64|x86_64)0:12.2.0-150300.29.1(x86_64)0:12.2.0-150300.29.1(aarch64|ppc64le|s390x|x86_64)0:4.2.8p17-150000.4.25.1(aarch64|ppc64le|s390x|x86_64)0:8.0.29-150400.4.34.1(aarch64|ppc64le|s390x|x86_64)0:102.12.0-150200.8.121.1(aarch64|ppc64le|s390x|x86_64)0:1.6.5-150000.3.30.1(x86_64)0:1.6.5-150000.3.30.1(noarch)0:1.6.5-150000.3.30.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.46.1(x86_64)0:2.2.7-150000.3.46.1(aarch64|ppc64le|s390x|x86_64)0:1.5.1-150100.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0-150500.3.3.1(x86_64)0:1.0.0-150500.3.3.1(noarch)0:0.4.2-150300.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.3.1(x86_64)0:3.0.8-150500.5.3.1(noarch)0:3.0.8-150500.5.3.1(aarch64|ppc64le|s390x|x86_64)0:23.1-150100.8.63.5(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.79.1(x86_64)0:1.0.2p-150000.3.79.1(noarch)0:1.0.2p-150000.3.79.1(aarch64|ppc64le|s390x|x86_64)0:3.9.16-150300.4.27.1(x86_64)0:3.9.16-150300.4.27.1(aarch64|x86_64)0:5.14.21-150500.33.3.1(x86_64)0:5.14.21-150500.33.3.1(noarch)0:5.14.21-150500.33.3.1(noarch)0:2.38.6-150400.4.42.4(aarch64|ppc64le|s390x|x86_64)0:2.38.6-150400.4.42.4(x86_64)0:2.38.6-150400.4.42.4(aarch64|x86_64)0:3.1.1260.0-150000.5.15.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0-150500.6.3.1(x86_64)0:9.0.0-150500.6.3.1(aarch64|x86_64)0:9.0.0-150500.6.3.1(noarch)0:9.0.0-150500.6.3.1(aarch64|ppc64le|s390x|x86_64)0:1.24.15-150500.3.7.1(noarch)0:1.24.15-150500.3.7.1(aarch64|ppc64le|s390x|x86_64)0:2.0.1-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:18.16.1-150400.9.9.1(noarch)0:18.16.1-150400.9.9.1(aarch64|ppc64le|s390x|x86_64)0:1.23.17-150500.3.6.1(noarch)0:1.23.17-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.2.1-150400.4.14.1(aarch64|ppc64le|s390x|x86_64)0:4.1-150500.4.3.1(x86_64)0:4.1-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.11.0-150200.6.7.1(aarch64|ppc64le|s390x|x86_64)0:2.9.0-150200.6.12.1(aarch64|ppc64le|s390x|x86_64)0:3.0.0-150200.6.7.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1(x86_64)0:2.1.0~beta3+git.1624618403.e9577376-150400.4.2.1(aarch64|x86_64)0:1.53.0-150100.4.15.1(aarch64|ppc64le|s390x|x86_64)0:2.63-150400.3.3.1(x86_64)0:2.63-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.18.10-150200.5.12.1(aarch64|ppc64le|s390x|x86_64)0:3.11.3-150400.9.12.1(x86_64)0:3.11.3-150400.9.12.1(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.3.1(noarch)0:6.4.2-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.13-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:20161124-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:0.6.0+git.1685628435.48c4099-150200.4.8.1(aarch64|ppc64le|s390x|x86_64)0:1.3.3+git.1683650163.1000ba6-150200.3.26.1(x86_64)0:5.14.21-150500.13.5.1(noarch)0:5.14.21-150500.13.5.1(aarch64|ppc64le|s390x|x86_64)0:4.2.2-150000.1.12.1(aarch64|ppc64le|s390x|x86_64)0:0.10.0-150300.5.6.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde185-150500.4.3.1(x86_64)0:5.15.8+kde185-150500.4.3.1(noarch)0:5.15.8+kde185-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:7.4.33-150400.4.25.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.167.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-150100.197.151.1(aarch64|ppc64le|s390x|x86_64)0:9.16.42-150500.8.3.1(noarch)0:9.16.42-150500.8.3.1(noarch)0:2.0.7-150000.1.11.1(noarch)0:1.74-150200.3.21.1(aarch64|ppc64le|s390x|x86_64)0:1.19.11-150000.1.37.1(aarch64|ppc64le|s390x|x86_64)0:1.20.6-150000.1.17.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.6-150000.3.77.1(x86_64)0:1.8.0_sr8.6-150000.3.77.1(noarch)0:2.24.0-150300.3.3.1(aarch64)0:5.14.21-150500.55.7.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.7.1(ppc64le|x86_64)0:5.14.21-150500.55.7.1(x86_64)0:5.14.21-150500.55.7.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.7.1.150500.6.2.5(noarch)0:5.14.21-150500.55.7.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.7.1(s390x)0:5.14.21-150500.55.7.1(aarch64|ppc64le|s390x|x86_64)0:1.12.2-150400.18.8.1(x86_64)0:1.12.2-150400.18.8.1(noarch)0:1.12.2-150400.18.8.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0.9-150400.6.24.1(x86_64)0:7.1.0.9-150400.6.24.1(noarch)0:7.1.0.9-150400.6.24.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.14.1(x86_64)0:5.26.1-150300.17.14.1(noarch)0:5.26.1-150300.17.14.1(aarch64|ppc64le|s390x|x86_64)0:3.10.12-150400.4.30.1(x86_64)0:3.10.12-150400.4.30.1(aarch64|ppc64le|s390x|x86_64)0:115.0-150200.152.93.1(aarch64|ppc64le|s390x|x86_64)0:115-150200.9.13.1(noarch)0:115.0-150200.152.93.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.26.1(x86_64)0:8.0.1-150400.5.26.1(aarch64|x86_64)0:5.14.21-150500.33.6.1(x86_64)0:5.14.21-150500.33.6.1(noarch)0:5.14.21-150500.33.6.1(noarch)0:1.23.1-150100.3.13.1(noarch)0:12.13.1-150100.3.10.1(aarch64|ppc64le|s390x|x86_64)0:9.5.5-150200.3.44.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.6.1(x86_64)0:1.1.1l-150500.17.6.1(noarch)0:1.1.1l-150500.17.6.1(aarch64|ppc64le|s390x|x86_64)0:6.2.6-150400.3.22.1(aarch64|ppc64le|s390x|x86_64)0:7.0.8-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.17.9+git.367.dae41ffdd1f-150500.3.5.1(x86_64)0:4.17.9+git.367.dae41ffdd1f-150500.3.5.1(aarch64|x86_64)0:4.17.9+git.367.dae41ffdd1f-150500.3.5.1(noarch)0:4.17.9+git.367.dae41ffdd1f-150500.3.5.1(noarch)0:22.3.1-150400.17.6.1(aarch64|ppc64le|s390x|x86_64)0:3.11.4-150400.9.15.3(x86_64)0:3.11.4-150400.9.15.3(aarch64|ppc64le|s390x|x86_64)0:3.11.4-150400.9.15.1(x86_64)0:3.11.4-150400.9.15.1(aarch64|ppc64le|s390x|x86_64)0:3.11.4-150400.9.15.2(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.22.1(aarch64|ppc64le|s390x|x86_64)0:3.9.17-150300.4.30.1(x86_64)0:3.9.17-150300.4.30.1(aarch64|ppc64le|s390x|x86_64)0:115.0.2-150200.152.96.1(noarch)0:115.0.2-150200.152.96.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.9.1(x86_64)0:1.1.1l-150500.17.9.1(noarch)0:1.1.1l-150500.17.9.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde8-150500.3.3.1(x86_64)0:5.15.8+kde8-150500.3.3.1(noarch)0:5.15.8+kde8-150500.3.3.1(aarch64|ppc64le|x86_64)0:1.2.0-150100.4.6.1(aarch64|ppc64le|s390x|x86_64)0:4.1.94-150200.4.17.1(noarch)0:4.1.94-150200.4.17.1(aarch64|ppc64le|s390x|x86_64)0:2.0.61-150200.3.13.1(noarch)0:2.0.61-150200.3.13.1(noarch)0:8.0.33-150200.3.18.1(aarch64|ppc64le|s390x|x86_64)0:3.5-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.1.7-150500.9.3.1(aarch64|ppc64le|s390x|x86_64)0:1.20.6.1-150000.1.8.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.8.1(x86_64)0:3.0.8-150500.5.8.1(noarch)0:3.0.8-150500.5.8.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde185-150500.4.8.1(x86_64)0:5.15.8+kde185-150500.4.8.1(noarch)0:5.15.8+kde185-150500.4.8.1(noarch)0:20230724-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.52.10-150400.3.6.1(x86_64)0:2.52.10-150400.3.6.1(noarch)0:2.52.10-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:17.0.8.0-150400.3.27.1(noarch)0:17.0.8.0-150400.3.27.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0-150500.6.11.1(x86_64)0:9.0.0-150500.6.11.1(aarch64|x86_64)0:9.0.0-150500.6.11.1(noarch)0:9.0.0-150500.6.11.1(aarch64|ppc64le|s390x|x86_64)0:115.0.1-150200.8.124.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.6.1(noarch)0:7.1.0-150500.49.6.1(noarch)0:1.0.0+-150500.49.6.1(s390x|x86_64)0:7.1.0-150500.49.6.1(noarch)0:1.16.0_0_gd239552-150500.49.6.1(noarch)0:8-150500.49.6.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150300.3.3.1(noarch)0:32.0.1-150200.3.7.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.82.1(x86_64)0:1.0.2p-150000.3.82.1(noarch)0:1.0.2p-150000.3.82.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.12.2(noarch)0:3006.0-150500.4.12.2(aarch64|ppc64le|s390x|x86_64)0:0.24.0-150000.1.20.2(aarch64|ppc64le|s390x|x86_64)0:4.5.3-150000.3.6.1(noarch)0:4.3.22-150000.3.101.1(noarch)0:1.0.0-150000.10.1(aarch64|ppc64le|s390x|x86_64)0:115.1.0-150200.152.99.1(noarch)0:115.1.0-150200.152.99.1(noarch)0:8.0-150200.11.7.1(aarch64)0:5.14.21-150500.55.12.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.12.1(ppc64le|x86_64)0:5.14.21-150500.55.12.1(x86_64)0:5.14.21-150500.55.12.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.12.1.150500.6.4.2(noarch)0:5.14.21-150500.55.12.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.12.1(s390x)0:5.14.21-150500.55.12.1(aarch64|x86_64)0:5.14.21-150500.33.11.1(x86_64)0:5.14.21-150500.33.11.1(noarch)0:5.14.21-150500.33.11.1(aarch64|ppc64le|s390x|x86_64)0:1.20.7-150000.1.20.1(noarch)0:1.3.5-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.7.4(noarch)0:6.4.2-150500.3.7.4(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.7.1(aarch64|ppc64le|s390x|x86_64)0:115.1.0-150200.8.127.1(aarch64|ppc64le|s390x|x86_64)0:5.1.4-150000.3.18.1(aarch64|ppc64le|s390x|x86_64)0:0.6.1-150100.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.15.1(x86_64)0:1.1.1l-150500.17.15.1(noarch)0:1.1.1l-150500.17.15.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.11.1(x86_64)0:3.0.8-150500.5.11.1(noarch)0:3.0.8-150500.5.11.1(noarch)0:6.3.2-150400.4.17.1(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.3.1(x86_64)0:1.22.0-150500.3.3.1(noarch)0:1.22.0-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.4.3.1(x86_64)0:1.22.0-150500.4.3.1(noarch)0:1.22.0-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:1.71.1-150400.9.6.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150000.3.97.1(aarch64|ppc64le|s390x|x86_64)0:0.3.64-150500.3.3.1(x86_64)0:0.3.64-150500.3.3.1(noarch)0:0.3.64-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.19.12-150000.1.40.1(aarch64|ppc64le|s390x|x86_64)0:1.3.3-150200.5.3.1(aarch64|ppc64le|x86_64)0:1.3.3-150200.5.3.1(aarch64|ppc64le|s390x|x86_64)0:23.1-150100.8.66.1(aarch64|ppc64le|s390x|x86_64)0:11.0.20.0-150000.3.99.1(noarch)0:11.0.20.0-150000.3.99.1(noarch)0:20230724-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-150000.4.6.1(x86_64)0:2.1.0-150000.4.6.1(x86_64)0:5.14.21-150500.13.11.1(noarch)0:5.14.21-150500.13.11.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.372-150200.3.33.2(noarch)0:1.8.0.372-150200.3.33.2(aarch64)0:5.14.21-150500.55.19.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.19.1(ppc64le|x86_64)0:5.14.21-150500.55.19.1(x86_64)0:5.14.21-150500.55.19.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.19.1.150500.6.6.4(noarch)0:5.14.21-150500.55.19.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.19.1(s390x)0:5.14.21-150500.55.19.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.3.1(x86_64)0:1.20.1-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:10.39-150400.4.9.1(x86_64)0:10.39-150400.4.9.1(noarch)0:10.39-150400.4.9.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.382-150200.3.36.1(noarch)0:1.8.0.382-150200.3.36.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.85.1(x86_64)0:1.0.2p-150000.3.85.1(noarch)0:1.0.2p-150000.3.85.1(aarch64|ppc64le|s390x|x86_64)0:13.12-150200.5.43.1(noarch)0:13.12-150200.5.43.1(aarch64|ppc64le|s390x|x86_64)0:15.4-150200.5.12.1(x86_64)0:15.4-150200.5.12.1(noarch)0:15.4-150200.5.12.1(aarch64|ppc64le|s390x|x86_64)0:14.9-150200.5.29.1(noarch)0:14.9-150200.5.29.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-150000.3.3.1(noarch)0:5.0.6-150000.3.3.1(aarch64|x86_64)0:5.14.21-150500.33.14.1(x86_64)0:5.14.21-150500.33.14.1(noarch)0:5.14.21-150500.33.14.1(aarch64|ppc64le|s390x|x86_64)0:18.17.1-150400.9.12.1(noarch)0:18.17.1-150400.9.12.1(x86_64)0:20230808-150200.27.1(aarch64|ppc64le|s390x|x86_64)0:12.16-150200.8.47.1(noarch)0:12.16-150200.8.47.1(noarch)0:3.1.10-150200.3.7.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-150100.197.154.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150500.3.5.1(noarch)0:3.7.3-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:22.3-150300.3.8.1(aarch64|ppc64le|x86_64)0:7.5.4.1-150400.17.12.4(noarch)0:7.5.4.1-150400.17.12.4(aarch64|ppc64le|s390x|x86_64)0:1.2.37-150400.14.3.4(noarch)0:2.40.5-150400.4.45.3(aarch64|ppc64le|s390x|x86_64)0:2.40.5-150400.4.45.3(x86_64)0:2.40.5-150400.4.45.3(aarch64_ilp32)0:2.40.5-150400.4.45.3(aarch64|ppc64le|s390x|x86_64)0:2.2.11-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.170.1(aarch64|ppc64le|s390x|x86_64)0:4.2.1-150000.3.3.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.10-150000.3.80.1(x86_64)0:1.8.0_sr8.10-150000.3.80.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.382-150000.3.82.1(noarch)0:1.8.0.382-150000.3.82.1(aarch64|x86_64)0:4.17.2_02-150500.3.6.1(x86_64)0:4.17.2_02-150500.3.6.1(noarch)0:4.17.2_02-150500.3.6.1(noarch)0:2.62-150200.30.1(aarch64|ppc64le|s390x|x86_64)0:0.103.9-150000.3.47.1(aarch64|ppc64le|s390x|x86_64)0:2.10.4-150000.4.15.1(x86_64)0:2.10.4-150000.4.15.1(noarch)0:2.10.4-150000.4.15.1(aarch64|ppc64le|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.16.1(aarch64|ppc64le|s390x|x86_64)0:3.3.15-150000.7.34.1(aarch64|ppc64le|s390x|x86_64)0:9.0.1632-150500.20.3.1(noarch)0:9.0.1632-150500.20.3.1(aarch64|x86_64)0:12.2.0-150300.33.1(x86_64)0:12.2.0-150300.33.1(aarch64|ppc64le|s390x|x86_64)0:2.4.5-150000.3.6.1(x86_64)0:2.4.5-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:115.2.0-150200.152.102.1(noarch)0:115.2.0-150200.152.102.1(aarch64|ppc64le|s390x|x86_64)0:3.5.27-150200.11.14.1(noarch)0:3.5.27-150200.11.14.1(aarch64|x86_64)0:1.53.0-150100.4.17.1(noarch)0:6.3.2-150400.4.20.1(aarch64|x86_64)0:0.4.2~3-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4-150100.9.4.1(noarch)0:2.4-150100.9.4.1(aarch64|ppc64le|s390x|x86_64)0:8.0.30-150400.4.37.1(noarch)0:1.35.0-150400.4.5.1(aarch64|ppc64le|s390x|x86_64)0:1.18.10-150200.5.17.1(aarch64|ppc64le|s390x|x86_64)0:24.0.5_ce-150000.185.1(noarch)0:24.0.5_ce-150000.185.1(aarch64|x86_64)0:3.1.1260.0-150000.5.17.1(aarch64|ppc64le|s390x|x86_64)0:7.4.33-150400.4.28.1(aarch64|ppc64le|s390x|x86_64)0:1.9.0-150000.4.16.1(x86_64)0:1.9.0-150000.4.16.1(noarch)0:2.40.5-150400.4.48.1(aarch64|ppc64le|s390x|x86_64)0:2.40.5-150400.4.48.1(x86_64)0:2.40.5-150400.4.48.1(aarch64_ilp32)0:2.40.5-150400.4.48.1(aarch64|ppc64le|s390x|x86_64)0:1.2.1-150400.4.16.1(aarch64|ppc64le|s390x|x86_64)0:4.2.2-150000.1.14.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150300.11.5.1(aarch64|ppc64le|s390x|x86_64)0:73.2-150000.1.3.1(noarch)0:73.2-150000.1.3.1(aarch64|ppc64le|s390x|x86_64)0:2.9.0-150200.6.14.1(aarch64|ppc64le|s390x|x86_64)0:3.0.0-150200.6.9.1(aarch64|ppc64le|s390x|x86_64)0:3.11.0-150200.6.9.1(aarch64|ppc64le|s390x|x86_64)0:115.2.1-150200.152.105.1(noarch)0:115.2.1-150200.152.105.1(aarch64|ppc64le|s390x|x86_64)0:1.0.3-150200.3.10.1(x86_64)0:1.0.3-150200.3.10.1(aarch64|ppc64le|s390x|x86_64)0:1.3.2-150000.3.14.1(x86_64)0:1.3.2-150000.3.14.1(noarch)0:1.3.2-150000.3.14.1(aarch64|x86_64)0:5.14.21-150500.33.17.1(x86_64)0:5.14.21-150500.33.17.1(noarch)0:5.14.21-150500.33.17.1(aarch64|ppc64le|s390x|x86_64)0:12.3.0+git1204-150000.1.16.1(ppc64le|s390x|x86_64)0:12.3.0+git1204-150000.1.16.1(x86_64)0:12.3.0+git1204-150000.1.16.1(aarch64|s390x|x86_64)0:12.3.0+git1204-150000.1.16.1(aarch64|ppc64le|x86_64)0:12.3.0+git1204-150000.1.16.1(aarch64|ppc64le|s390x)0:12.3.0+git1204-150000.1.16.1(s390x|x86_64)0:12.3.0+git1204-150000.1.16.1(noarch)0:12.3.0+git1204-150000.1.16.1(aarch64)0:12.3.0+git1204-150000.1.16.1(ppc64le|x86_64)0:12.3.0+git1204-150000.1.16.1(aarch64|ppc64le|s390x|x86_64)0:115.2.2-150200.8.130.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.8.1(x86_64)0:2.10.3-150500.5.8.1(noarch)0:2.10.3-150500.5.8.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-150100.197.157.1(aarch64|ppc64le|s390x|x86_64)0:7.5.0+r278197-150000.4.35.1(ppc64le|s390x|x86_64)0:7.5.0+r278197-150000.4.35.1(x86_64)0:7.5.0+r278197-150000.4.35.1(aarch64|s390x|x86_64)0:7.5.0+r278197-150000.4.35.1(aarch64|ppc64le|x86_64)0:7.5.0+r278197-150000.4.35.1(aarch64|ppc64le|s390x)0:7.5.0+r278197-150000.4.35.1(s390x|x86_64)0:7.5.0+r278197-150000.4.35.1(noarch)0:7.5.0+r278197-150000.4.35.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-150000.3.60.1(aarch64|ppc64le|s390x|x86_64)0:1.20.8-150000.1.23.1(aarch64|ppc64le|s390x|x86_64)0:1.21.1-150000.1.6.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.51.2(x86_64)0:2.2.7-150000.3.51.2(aarch64|ppc64le|s390x|x86_64)0:3.9.18-150300.4.33.1(x86_64)0:3.9.18-150300.4.33.1(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.8.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150500.3.6.2(aarch64|ppc64le|s390x|x86_64)0:23.03.0-150500.3.6.2(noarch)0:3.1.0-150500.3.6.2(noarch)0:23.03.0-150500.3.6.2(aarch64|ppc64le|s390x|x86_64)0:7.0.8-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.0.4-150000.4.6.1(aarch64|ppc64le|s390x|x86_64)0:1.72.0-150400.24.24.1(aarch64|ppc64le|s390x|x86_64)0:1.72.0-150400.9.3.1(noarch)0:2.40.5-150400.4.51.1(aarch64|ppc64le|s390x|x86_64)0:2.40.5-150400.4.51.1(x86_64)0:2.40.5-150400.4.51.1(aarch64_ilp32)0:2.40.5-150400.4.51.1(aarch64|ppc64le|s390x|x86_64)0:3.6.16-150000.3.100.1(aarch64|ppc64le|s390x|x86_64)0:0.5.0-150000.1.14.1(aarch64|ppc64le|s390x|x86_64)0:5.1.4-150000.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.6.21-150000.95.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150200.11.31.1(x86_64)0:3.4.2-150200.11.31.1(aarch64|ppc64le|s390x|x86_64)0:1.35.0-150500.10.3.3(aarch64|x86_64)0:1.35.0-150500.10.3.3(aarch64|ppc64le|s390x|x86_64)0:9.16.44-150500.8.12.2(noarch)0:9.16.44-150500.8.12.2(noarch)0:3.1.26-150300.7.35.21.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.29.1(x86_64)0:8.0.1-150400.5.29.1(aarch64|ppc64le|s390x|x86_64)0:3.10.13-150400.4.33.1(x86_64)0:3.10.13-150400.4.33.1(aarch64|ppc64le|s390x|x86_64)0:2.41-150100.7.46.1(x86_64)0:2.41-150100.7.46.1(ppc64le|s390x|x86_64)0:2.41-150100.7.46.1(aarch64|s390x|x86_64)0:2.41-150100.7.46.1(aarch64|ppc64le|x86_64)0:2.41-150100.7.46.1(aarch64|ppc64le|s390x)0:2.41-150100.7.46.1(aarch64|ppc64le|s390x|x86_64)0:1.10.1-150000.3.26.1(noarch)0:1.10.1-150000.3.26.1(aarch64|ppc64le|s390x|x86_64)0:0.7.0-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.51.1(x86_64)0:3.6.15-150300.10.51.1(aarch64|ppc64le|s390x|x86_64)0:0.9.13.1-150200.4.24.1(aarch64|x86_64)0:4.17.2_04-150500.3.9.1(x86_64)0:4.17.2_04-150500.3.9.1(noarch)0:4.17.2_04-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.4.5-150000.3.9.1(x86_64)0:2.4.5-150000.3.9.1(aarch64|x86_64)0:12.3.0-150300.37.1(x86_64)0:12.3.0-150300.37.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1-150400.12.5.1(aarch64|ppc64le|s390x|x86_64)0:1.20.8.1-150000.1.11.1(aarch64|ppc64le|s390x|x86_64)0:1.19.13.1-150000.1.8.1(aarch64|ppc64le|s390x|x86_64)0:2.6-150200.3.4.3(noarch)0:2.6-150200.3.4.3(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150300.3.8.1(noarch)0:3.2.3-150300.3.8.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.19.1(noarch)0:3006.0-150500.4.19.1(aarch64|ppc64le|s390x|x86_64)0:0.4.0-150000.1.18.3(aarch64|ppc64le|s390x|x86_64)0:1.0.0-150000.1.17.2(aarch64|ppc64le|s390x|x86_64)0:0.24.0-150000.1.23.3(aarch64|ppc64le|s390x|x86_64)0:0.10.1-150000.1.14.3(noarch)0:4.3.23-150000.3.104.2(noarch)0:4.3.3-150000.3.21.2(aarch64|ppc64le|s390x|x86_64)0:9.5.5-150200.3.47.1(aarch64|ppc64le|s390x|x86_64)0:3.15-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:0.23.0-150100.4.16.2(aarch64|ppc64le|s390x|x86_64)0:1.5.0-150100.3.26.2(aarch64|ppc64le|s390x|x86_64)0:2.0.6+20220323.758044b-150500.3.3.1(x86_64)0:2.0.6+20220323.758044b-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:115.3.0-150200.152.108.1(noarch)0:115.3.0-150200.152.108.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-150000.54.1(x86_64)0:2.7.18-150000.54.1(noarch)0:2.7.18-150000.54.1(aarch64|ppc64le|s390x|x86_64)0:3.11.5-150400.9.20.2(x86_64)0:3.11.5-150400.9.20.2(aarch64|ppc64le|s390x|x86_64)0:3.11.5-150400.9.20.1(x86_64)0:3.11.5-150400.9.20.1(aarch64|ppc64le|s390x|x86_64)0:1.11.0-150400.3.3.1(x86_64)0:1.11.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:115.3.1-150200.152.111.1(noarch)0:115.3.1-150200.152.111.1(aarch64|ppc64le|s390x|x86_64)0:1.1.8-150000.49.1(aarch64|ppc64le|s390x|x86_64)0:0.5.2-150400.3.6.1(x86_64)0:0.5.2-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:4.3.12-150000.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.6.5-150000.3.33.1(x86_64)0:1.6.5-150000.3.33.1(noarch)0:1.6.5-150000.3.33.1(aarch64|ppc64le|s390x|x86_64)0:3.5.12-150000.3.10.1(x86_64)0:3.5.12-150000.3.10.1(aarch64|ppc64le|s390x|x86_64)0:0.20.2-150400.3.9.1(x86_64)0:0.20.2-150400.3.9.1(aarch64)0:5.14.21-150500.55.28.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.28.1(ppc64le|x86_64)0:5.14.21-150500.55.28.1(x86_64)0:5.14.21-150500.55.28.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.28.1.150500.6.11.2(noarch)0:5.14.21-150500.55.28.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.28.1(s390x)0:5.14.21-150500.55.28.1(aarch64|ppc64le|s390x|x86_64)0:3.4.0-150000.3.12.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.173.2(x86_64)0:5.14.21-150500.13.18.1(noarch)0:5.14.21-150500.13.18.1(aarch64|ppc64le|s390x|x86_64)0:1.40.0-150200.9.1(x86_64)0:1.40.0-150200.9.1(aarch64|ppc64le|s390x|x86_64)0:4.35.2-150500.3.3.1(noarch)0:4.35.2-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:115.3.1-150200.8.133.1(aarch64|ppc64le|s390x|x86_64)0:1.21.2-150000.1.9.1(aarch64|ppc64le|s390x|x86_64)0:1.20.9-150000.1.26.1(aarch64|ppc64le|s390x|x86_64)0:2.1.7-150500.9.6.1(noarch)0:4.8.1-150400.10.12.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150400.10.12.1(x86_64)0:5.14.21-150500.13.21.1(noarch)0:5.14.21-150500.13.21.1(noarch)0:2.2.3-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.32.1(x86_64)0:8.0.1-150400.5.32.1(aarch64|ppc64le|s390x|x86_64)0:4.17.9+git.421.abde31ca5c2-150500.3.11.1(x86_64)0:4.17.9+git.421.abde31ca5c2-150500.3.11.1(aarch64|x86_64)0:4.17.9+git.421.abde31ca5c2-150500.3.11.1(noarch)0:4.17.9+git.421.abde31ca5c2-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0.9-150400.6.27.1(x86_64)0:7.1.0.9-150400.6.27.1(noarch)0:7.1.0.9-150400.6.27.1(aarch64|x86_64)0:4.17.2_06-150500.3.12.1(x86_64)0:4.17.2_06-150500.3.12.1(noarch)0:4.17.2_06-150500.3.12.1(aarch64|x86_64)0:5.14.21-150500.33.20.1(x86_64)0:5.14.21-150500.33.20.1(noarch)0:5.14.21-150500.33.20.1(aarch64|x86_64)0:0.9.2+0-150500.3.3.1(noarch)0:0.9.2+0-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.20.10-150000.1.29.1(aarch64|ppc64le|s390x|x86_64)0:1.21.3-150000.1.12.1(aarch64)0:5.14.21-150500.55.31.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.31.1(ppc64le|x86_64)0:5.14.21-150500.55.31.1(x86_64)0:5.14.21-150500.55.31.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.31.1.150500.6.13.1(noarch)0:5.14.21-150500.55.31.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.31.1(s390x)0:5.14.21-150500.55.31.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1-150500.3.2.1(aarch64|ppc64le|s390x|x86_64)0:1.1.2-150500.3.2.1(aarch64|ppc64le|s390x|x86_64)0:3.6.17-150000.3.103.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.6.1(x86_64)0:0.22.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.1.0-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.2.2-150000.5.3.1(noarch)0:2.0.7-150000.1.14.1(aarch64|ppc64le|s390x|x86_64)0:1.29.1-150500.3.2.1(noarch)0:1.25.10-150300.4.6.1(aarch64|ppc64le|s390x|x86_64)0:23.3.4.19-150300.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.63.1(x86_64)0:2.31-150300.63.1(noarch)0:2.31-150300.63.1(aarch64|ppc64le|s390x|x86_64)0:20.02.7-150100.3.27.1(aarch64|ppc64le|s390x|x86_64)0:3.13.1-150000.1.26.1(noarch)0:3.13.1-150000.1.26.1(noarch)0:9.0.82-150200.46.1(aarch64|ppc64le|s390x|x86_64)0:18.18.2-150400.9.15.1(noarch)0:18.18.2-150400.9.15.1(aarch64|ppc64le|s390x|x86_64)0:15.5.3-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.06-150500.29.8.1(noarch)0:2.06-150500.29.8.1(s390x)0:2.06-150500.29.8.1(aarch64|ppc64le|s390x|x86_64)0:13.2.1+git7813-150000.1.3.3(x86_64)0:13.2.1+git7813-150000.1.3.2(s390x|x86_64)0:13.2.1+git7813-150000.1.3.3(aarch64|s390x|x86_64)0:13.2.1+git7813-150000.1.3.3(noarch)0:13.2.1+git7813-150000.1.3.3(aarch64|x86_64)0:13.2.1+git7813-150000.1.3.3(ppc64le|x86_64)0:13.2.1+git7813-150000.1.3.3(x86_64)0:13.2.1+git7813-150000.1.3.3(aarch64|ppc64le|s390x|x86_64)0:4.1.100-150200.4.20.1(noarch)0:4.1.100-150200.4.20.1(aarch64|ppc64le|s390x|x86_64)0:2.0.62-150200.3.16.1(noarch)0:2.0.62-150200.3.16.1(aarch64|ppc64le|s390x|x86_64)0:2.5.9-150000.4.29.1(noarch)0:2.5.9-150000.4.29.1(aarch64|s390x|x86_64)0:18.13.0-150400.9.3.1(noarch)0:18.13.0-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.14.1(x86_64)0:3.0.8-150500.5.14.1(noarch)0:3.0.8-150500.5.14.1(aarch64|ppc64le|s390x|x86_64)0:1.11.0-150000.4.19.1(x86_64)0:1.11.0-150000.4.19.1(aarch64|ppc64le|s390x|x86_64)0:11.0.21.0-150000.3.107.1(noarch)0:11.0.21.0-150000.3.107.1(aarch64|ppc64le|s390x|x86_64)0:1.40.0-150200.12.1(x86_64)0:1.40.0-150200.12.1(noarch)0:9.4.53-150200.3.22.1(aarch64|ppc64le|s390x|x86_64)0:115.4.0-150200.152.114.1(noarch)0:115.4.0-150200.152.114.1(aarch64|ppc64le|s390x|x86_64)0:1.2.13-150500.4.3.1(x86_64)0:1.2.13-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-150000.57.1(x86_64)0:2.7.18-150000.57.1(noarch)0:2.7.18-150000.57.1(aarch64|ppc64le|s390x|x86_64)0:1.18.1-150300.8.15.1(noarch)0:1.18.1-150300.8.15.1(aarch64|ppc64le|s390x|x86_64)0:1.1.16-150400.3.7.1(aarch64|x86_64)0:12.3.0-150300.43.1(x86_64)0:12.3.0-150300.43.1(aarch64|ppc64le|s390x|x86_64)0:1.4.0-150000.3.3.1(noarch)0:1.4.0-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.7.1(noarch)0:2.3.6-150400.6.6.1(aarch64|ppc64le|s390x|x86_64)0:17.0.9.0-150400.3.33.1(noarch)0:17.0.9.0-150400.3.33.1(aarch64|ppc64le|s390x|x86_64)0:6.2.6-150400.3.25.1(aarch64|ppc64le|s390x|x86_64)0:23.01.0-150500.3.5.2(x86_64)0:23.01.0-150500.3.5.2(aarch64|ppc64le|s390x|x86_64)0:23.01.0-150500.3.5.1(x86_64)0:23.01.0-150500.3.5.1(noarch)0:2.42.1-150400.4.57.2(noarch)0:2.42.1-150400.4.57.3(aarch64|ppc64le|s390x|x86_64)0:2.42.1-150400.4.57.2(x86_64)0:2.42.1-150400.4.57.2(aarch64_ilp32)0:2.42.1-150400.4.57.2(aarch64|ppc64le|s390x|x86_64)0:2.42.1-150400.4.57.3(aarch64|ppc64le|s390x|x86_64)0:115.4.1-150200.8.136.1(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.5.1(aarch64|ppc64le|x86_64)0:20.11.9-150200.6.13.1(aarch64|ppc64le|s390x|x86_64)0:1.0.28-150000.5.20.1(x86_64)0:1.0.28-150000.5.20.1(aarch64|ppc64le|s390x|x86_64)0:23.02.5-150500.5.9.2(noarch)0:23.02.5-150500.5.9.2(x86_64)0:5.14.21-150500.13.24.1(noarch)0:5.14.21-150500.13.24.1(aarch64|ppc64le|s390x|x86_64)0:4.12.14-150100.197.160.1(noarch)0:2.5.2-150200.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.32.1(x86_64)0:4.0.9-150000.45.32.1(aarch64)0:5.14.21-150500.55.36.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.36.1(ppc64le|x86_64)0:5.14.21-150500.55.36.1(x86_64)0:5.14.21-150500.55.36.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.36.1.150500.6.15.3(noarch)0:5.14.21-150500.55.36.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.36.1(s390x)0:5.14.21-150500.55.36.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.24.2(noarch)0:3006.0-150500.4.24.2(aarch64|ppc64le|s390x|x86_64)0:3.17.2-150300.3.4.1(aarch64|x86_64)0:5.14.21-150500.33.23.1(x86_64)0:5.14.21-150500.33.23.1(noarch)0:5.14.21-150500.33.23.1(aarch64|ppc64le|s390x|x86_64)0:0.103.11-150000.3.50.1(aarch64|x86_64)0:535.129.03-150500.11.9.1(aarch64)0:535.129.03-150500.3.13.1(x86_64)0:535.129.03-150500.3.13.1(aarch64|x86_64)0:535.129.03-150500.3.13.1(aarch64)0:535.129.03_k5.14.21_150500.55.31-150500.3.13.1(x86_64)0:535.129.03_k5.14.21_150500.33.20-150500.3.13.1(aarch64|x86_64)0:535.129.03_k5.14.21_150500.55.31-150500.3.13.1(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.14.1(noarch)0:2.4.51-150400.6.14.1(aarch64|ppc64le|s390x|x86_64)0:330-150200.11.12.1(aarch64|ppc64le|s390x|x86_64)0:0.5.3+git20230121-150000.3.6.1(x86_64)0:20231113-150200.32.1(aarch64|ppc64le|s390x|x86_64)0:1.0.4-150300.3.12.1(aarch64|ppc64le|s390x|x86_64)0:12.17-150200.8.54.1(noarch)0:12.17-150200.8.54.1(aarch64|ppc64le|s390x|x86_64)0:13.13-150200.5.50.1(noarch)0:13.13-150200.5.50.1(aarch64|ppc64le|s390x|x86_64)0:13.2.1+git7813-150000.1.6.1(x86_64)0:13.2.1+git7813-150000.1.6.1(s390x|x86_64)0:13.2.1+git7813-150000.1.6.1(aarch64|s390x|x86_64)0:13.2.1+git7813-150000.1.6.1(noarch)0:13.2.1+git7813-150000.1.6.1(aarch64|x86_64)0:13.2.1+git7813-150000.1.6.1(ppc64le|x86_64)0:13.2.1+git7813-150000.1.6.1(aarch64|ppc64le|s390x|x86_64)0:1.18.1-150300.8.18.1(noarch)0:1.18.1-150300.8.18.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-150000.3.63.1(aarch64|ppc64le|s390x|x86_64)0:7.2.0-150300.3.3.1(noarch)0:1.25.10-150300.4.9.1(aarch64|ppc64le|s390x|x86_64)0:1.21.4.1-150000.1.5.1(aarch64|ppc64le|s390x|x86_64)0:1.20.11-150000.1.32.1(aarch64|ppc64le|s390x|x86_64)0:1.21.4-150000.1.15.1(aarch64|ppc64le|s390x|x86_64)0:1.20.11.1-150000.1.14.1(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.11.1(aarch64|x86_64)0:4.17.2_08-150500.3.15.1(x86_64)0:4.17.2_08-150500.3.15.1(noarch)0:4.17.2_08-150500.3.15.1(aarch64|ppc64le|s390x|x86_64)0:14.10-150200.5.36.1(noarch)0:14.10-150200.5.36.1(aarch64|ppc64le|s390x|x86_64)0:16.1-150200.5.7.1(x86_64)0:16.1-150200.5.7.1(noarch)0:16-150500.10.3.2(aarch64|ppc64le|s390x|x86_64)0:15.5-150200.5.19.1(noarch)0:15.5-150200.5.19.1(noarch)0:16.1-150200.5.7.1(noarch)0:1.1.1-150400.9.3.2(aarch64|ppc64le|s390x|x86_64)0:0.18.1-150400.14.3.2(aarch64|ppc64le|s390x|x86_64)0:0.18.1-150400.13.3.2(aarch64|ppc64le|x86_64)0:7.6.2.1-150400.17.17.3(noarch)0:7.6.2.1-150400.17.17.3(noarch)0:2.1.1-150400.9.3.2(x86_64)0:20231114-150200.35.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.10.1(noarch)0:0.8-150400.7.10.1(x86_64)0:0.8-150400.7.10.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.11.1(x86_64)0:2.10.3-150500.5.11.1(noarch)0:2.10.3-150500.5.11.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.392-150000.3.85.1(noarch)0:1.8.0.392-150000.3.85.1(aarch64|ppc64le|s390x|x86_64)0:1.2.49-150100.6.6.1(noarch)0:44.1.1-150400.9.6.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.22.1(x86_64)0:1.1.1l-150500.17.22.1(noarch)0:1.1.1l-150500.17.22.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.88.1(x86_64)0:1.0.2p-150000.3.88.1(noarch)0:1.0.2p-150000.3.88.1(aarch64|ppc64le|s390x|x86_64)0:3.9.4-150200.4.18.1(noarch)0:3.9.4-150200.4.18.1(noarch)0:1.9.15-150200.3.14.2(noarch)0:0.13.18-150200.4.16.1(aarch64|ppc64le|s390x|x86_64)0:4.2.0-150200.3.14.1(noarch)0:4.2.0-150200.3.14.1(aarch64|ppc64le|s390x|x86_64)0:9.5.0-150400.5.6.1(aarch64|ppc64le|s390x|x86_64)0:5.9.11-150500.5.6.1(noarch)0:5.9.11-150500.5.6.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.15.1(aarch64|ppc64le|s390x|x86_64)0:115.5.0-150200.152.117.1(noarch)0:115.5.0-150200.152.117.1(aarch64|ppc64le|s390x|x86_64)0:9.0.2103-150500.20.6.1(noarch)0:9.0.2103-150500.20.6.1(noarch)0:2.42.2-150400.4.64.2(aarch64|ppc64le|s390x|x86_64)0:2.42.2-150400.4.64.2(x86_64)0:2.42.2-150400.4.64.2(aarch64_ilp32)0:2.42.2-150400.4.64.2(ppc64le|s390x|x86_64)0:1.8.0_sr8.15-150000.3.83.1(x86_64)0:1.8.0_sr8.15-150000.3.83.1(aarch64|ppc64le|s390x|x86_64)0:2.14.2-150400.24.14.2(aarch64|ppc64le|s390x|x86_64)0:20.06.2-150400.24.14.2(noarch)0:2.14.2-150400.24.14.2(noarch)0:20.06.2-150400.24.14.2(aarch64|ppc64le|s390x|x86_64)0:0.9.13.1-150200.4.27.1(aarch64|ppc64le|s390x|x86_64)0:23.02.6-150500.5.12.1(noarch)0:23.02.6-150500.5.12.1(aarch64|ppc64le|s390x|x86_64)0:22.05.10-150300.7.6.1(noarch)0:22.05.10-150300.7.6.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150300.3.3.2(x86_64)0:3.2.3-150300.3.3.2(aarch64|ppc64le|s390x|x86_64)0:115.5.0-150200.8.139.1(aarch64|ppc64le|s390x|x86_64)0:4.6.1-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:22.2.0-150400.15.1(noarch)0:22.10.0-150400.5.13.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.392-150200.3.39.1(noarch)0:1.8.0.392-150200.3.39.1(aarch64|ppc64le|s390x|x86_64)0:3.44.0-150000.3.23.1(x86_64)0:3.44.0-150000.3.23.1(noarch)0:3.44.0-150000.3.23.1(aarch64|ppc64le|s390x|x86_64)0:2.0.21-150000.3.3.1(x86_64)0:1.1.0-150500.8.6.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.19.1(x86_64)0:3.0.8-150500.5.19.1(noarch)0:3.0.8-150500.5.19.1(aarch64|ppc64le|s390x|x86_64)0:2.4.22+git0.f8e3218e2-150400.3.19.1(x86_64)0:1.58.0-150500.6.6.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:23.03.0-150500.3.11.1(noarch)0:3.1.0-150500.3.11.1(noarch)0:23.03.0-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.36.1(x86_64)0:8.0.1-150400.5.36.1(noarch)0:20230724-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.14.2-150400.24.17.1(aarch64|ppc64le|s390x|x86_64)0:20.06.2-150400.24.17.1(noarch)0:2.14.2-150400.24.17.1(noarch)0:20.06.2-150400.24.17.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.9.2(noarch)0:7.1.0-150500.49.9.2(noarch)0:1.0.0+-150500.49.9.2(s390x|x86_64)0:7.1.0-150500.49.9.2(noarch)0:1.16.0_0_gd239552-150500.49.9.2(noarch)0:8-150500.49.9.2(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.15.1(noarch)0:12.0-150000.8.37.1(aarch64|ppc64le|s390x|x86_64)0:2.10.30-150400.3.11.1(noarch)0:2.10.30-150400.3.11.1(x86_64)0:2.10.30-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.20.1(aarch64|ppc64le|s390x|x86_64)0:1.20.12-150000.1.35.1(aarch64|ppc64le|s390x|x86_64)0:1.21.5-150000.1.18.1(aarch64|ppc64le|s390x|x86_64)0:3.21.10-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:1.7.8-150000.103.1(aarch64|ppc64le|s390x|x86_64)0:1.1.10-150000.55.1(aarch64)0:5.14.21-150500.55.39.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.39.1(ppc64le|x86_64)0:5.14.21-150500.55.39.1(x86_64)0:5.14.21-150500.55.39.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.39.1.150500.6.17.1(noarch)0:5.14.21-150500.55.39.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.39.1(s390x)0:5.14.21-150500.55.39.1(x86_64)0:5.14.21-150500.13.27.2(noarch)0:5.14.21-150500.13.27.2(x86_64)0:5.14.21-150500.13.27.1(aarch64|x86_64)0:5.14.21-150500.33.26.1(x86_64)0:5.14.21-150500.33.26.1(noarch)0:5.14.21-150500.33.26.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.10.1(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.8.1(noarch)0:2.42.3-150400.4.67.1(aarch64|ppc64le|s390x|x86_64)0:2.42.3-150400.4.67.1(x86_64)0:2.42.3-150400.4.67.1(aarch64|ppc64le|s390x|x86_64)0:41.0.3-150400.16.12.1(aarch64|ppc64le|s390x|x86_64)0:3.3.2-150400.23.1(aarch64|ppc64le|s390x|x86_64)0:3.2.2-150400.3.7.1(noarch)0:3.2.2-150400.3.7.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.35.1(x86_64)0:4.0.9-150000.45.35.1(aarch64|ppc64le|s390x|x86_64)0:2.2.1-150400.3.14.1(aarch64|ppc64le|s390x|x86_64)0:6.1-150000.5.20.1(x86_64)0:6.1-150000.5.20.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-150400.3.23.1(aarch64|ppc64le|s390x|x86_64)0:3.6.5-150200.4.10.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.13.1(noarch)0:0.8-150400.7.13.1(x86_64)0:0.8-150400.7.13.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.27.1(aarch64|ppc64le|s390x|x86_64)0:3.6.0-150100.3.12.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.177.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.13.1(aarch64|ppc64le|s390x|x86_64)0:115.6.0-150200.152.120.1(noarch)0:115.6.0-150200.152.120.1(aarch64|ppc64le|s390x|x86_64)0:1.20.12.1-150000.1.17.1(aarch64|ppc64le|s390x|x86_64)0:1.21.5.1-150000.1.8.1(aarch64|ppc64le|x86_64)0:7.6.2.1-150400.17.20.1(noarch)0:7.6.2.1-150400.17.20.1(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.11.1(aarch64|ppc64le|s390x|x86_64)0:24.0.7_ce-150000.190.4(noarch)0:24.0.7_ce-150000.190.4(aarch64|ppc64le|s390x|x86_64)0:1.1.1-150000.1.3.3(aarch64|ppc64le|s390x|x86_64)0:3.6.19-150000.3.106.1(aarch64|ppc64le|s390x|x86_64)0:3.8.11-150300.3.14.1(aarch64|x86_64)0:4.17.3_02-150500.3.18.1(x86_64)0:4.17.3_02-150500.3.18.1(noarch)0:4.17.3_02-150500.3.18.1(aarch64|ppc64le|s390x|x86_64)0:0.23.1-150300.3.3.1(x86_64)0:0.23.1-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde185-150500.4.13.1(x86_64)0:5.15.8+kde185-150500.4.13.1(noarch)0:5.15.8+kde185-150500.4.13.1(aarch64|ppc64le|s390x|x86_64)0:2.6.2-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.4.7-150000.5.13.1(noarch)0:2.4.7-150000.5.13.1(aarch64|ppc64le|s390x|x86_64)0:2.1-150000.3.5.1(x86_64)0:2.1-150000.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.8.3-150400.9.24.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150500.3.11.1(noarch)0:3.7.3-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.38.1(x86_64)0:3.7.3-150400.4.38.1(noarch)0:22.3.1-150400.17.12.1(aarch64|ppc64le|s390x|x86_64)0:115.9.1-150200.152.131.1(noarch)0:115.9.1-150200.152.131.1(aarch64|ppc64le|s390x|x86_64)0:3.9.19-150300.4.41.2(x86_64)0:3.9.19-150300.4.41.2(aarch64|ppc64le|s390x|x86_64)0:3.9.19-150300.4.41.1(x86_64)0:3.9.19-150300.4.41.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.16.1(noarch)0:0.8-150400.7.16.1(x86_64)0:0.8-150400.7.16.1(aarch64|ppc64le|s390x|x86_64)0:5.1.4-150000.3.29.1(aarch64|ppc64le|s390x|x86_64)0:1.2.4-150400.3.13.1(noarch)0:1.2.4-150400.3.13.1(x86_64)0:1.2.4-150400.3.13.1(aarch64|ppc64le|s390x|x86_64)0:0.38.0-150000.6.3.1(noarch)0:0.38.0-150000.6.3.1(aarch64|ppc64le|s390x|x86_64)0:4.1.108-150200.4.23.1(noarch)0:4.1.108-150200.4.23.1(aarch64|ppc64le|s390x|x86_64)0:2.0.65-150200.3.19.1(noarch)0:2.0.65-150200.3.19.1(aarch64|ppc64le|s390x|x86_64)0:1.66-150300.3.9.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.18.1(aarch64|ppc64le|s390x|x86_64)0:9.0.0-150500.6.20.1(x86_64)0:9.0.0-150500.6.20.1(aarch64|x86_64)0:9.0.0-150500.6.20.1(noarch)0:9.0.0-150500.6.20.1(aarch64|x86_64)0:4.17.3_08-150500.3.27.1(x86_64)0:4.17.3_08-150500.3.27.1(noarch)0:4.17.3_08-150500.3.27.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.12.1(noarch)0:7.1.0-150500.49.12.1(noarch)0:1.0.0+-150500.49.12.1(s390x|x86_64)0:7.1.0-150500.49.12.1(noarch)0:1.16.0_0_gd239552-150500.49.12.1(noarch)0:8-150500.49.12.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.26.1(noarch)0:1.2.1-150200.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.4.1-150200.3.15.1(aarch64|ppc64le|s390x|x86_64)0:4.4.1-150200.3.9.1(noarch)0:2.4.21-150200.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.22.2-150000.1.12.1(aarch64|ppc64le|s390x|x86_64)0:1.21.9-150000.1.30.1(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.17.1(x86_64)0:2.4.4-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:6.1-150000.5.24.1(x86_64)0:6.1-150000.5.24.1(aarch64|ppc64le|s390x|x86_64)0:1.19.1-150000.3.26.1(x86_64)0:1.19.1-150000.3.26.1(aarch64|ppc64le|s390x|x86_64)0:3.13.3-150000.1.32.1(noarch)0:3.13.3-150000.1.32.1(x86_64)0:20240312-150200.38.1(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.14.1(aarch64|ppc64le|s390x|x86_64)0:1.34.1-150500.3.7.1(aarch64|ppc64le|s390x|x86_64)0:4.8.3-150500.3.9.1(noarch)0:4.8.3-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:115.9.0-150200.8.154.1(x86_64)0:5.14.21-150500.13.30.1(noarch)0:5.14.21-150500.13.30.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.44.1(x86_64)0:8.0.1-150400.5.44.1(aarch64|ppc64le|s390x|x86_64)0:7.2.0-150300.3.9.1(x86_64)0:1.58.0-150500.6.12.1(x86_64)0:1.1.1-150500.8.12.1(aarch64|ppc64le|s390x|x86_64)0:3.10.14-150400.4.45.1(x86_64)0:3.10.14-150400.4.45.1(aarch64|ppc64le|s390x|x86_64)0:1.23.17-150500.3.9.1(noarch)0:1.23.17-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.24.17-150500.3.13.1(noarch)0:1.24.17-150500.3.13.1(aarch64|ppc64le|s390x|x86_64)0:1.25.16-150400.9.6.1(aarch64|ppc64le|s390x|x86_64)0:1.26.14-150400.9.6.1(aarch64|ppc64le|s390x|x86_64)0:1.40.0-150200.17.1(x86_64)0:1.40.0-150200.17.1(aarch64|ppc64le|s390x|x86_64)0:2.37.4-150500.9.6.1(x86_64)0:2.37.4-150500.9.6.1(noarch)0:2.37.4-150500.9.6.1(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.17.1(noarch)0:6.4.2-150500.3.17.1(aarch64|ppc64le|s390x|x86_64)0:590-150400.3.6.2(noarch)0:10.1.20-150200.5.22.2(noarch)0:0.21-150100.6.3.1(aarch64|ppc64le|s390x|x86_64)0:9.5.0-150400.5.15.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.26.1(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.22.1(noarch)0:2.44.0-150400.4.78.1(aarch64|ppc64le|s390x|x86_64)0:2.44.0-150400.4.78.1(x86_64)0:2.44.0-150400.4.78.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.44.1(x86_64)0:3.7.3-150400.4.44.1(aarch64|ppc64le|s390x|x86_64)0:23.3-150100.8.71.1(aarch64|ppc64le|s390x|x86_64)0:9.1.0111-150500.20.9.1(noarch)0:9.1.0111-150500.20.9.1(aarch64|ppc64le|s390x|x86_64)0:27.2-150400.3.11.1(noarch)0:27.2-150400.3.11.1(aarch64|x86_64)0:4.17.4_02-150500.3.30.1(x86_64)0:4.17.4_02-150500.3.30.1(noarch)0:4.17.4_02-150500.3.30.1(aarch64|ppc64le|s390x|x86_64)0:20.12.1-150500.11.9.2(noarch)0:20.12.1-150500.11.9.2(aarch64|ppc64le|s390x|x86_64)0:4.15-150200.4.16.4(aarch64|ppc64le|s390x|x86_64)0:2.22.0-150200.4.9.3(noarch)0:2.22.0-150200.4.9.3(aarch64|ppc64le|s390x|x86_64)0:4.15-150200.4.16.5(noarch)0:4.15-150200.4.16.4(noarch)0:4.15-150200.4.16.5(noarch)0:2.22.2-150200.3.9.9.1(noarch)0:1.6.0-150200.4.9.5(noarch)0:1.6.0-150200.4.9.2(aarch64|ppc64le|s390x|x86_64)0:18.20.1-150400.9.21.3(noarch)0:18.20.1-150400.9.21.3(aarch64|ppc64le|s390x|x86_64)0:6.3.3-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:1.3.9-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:1.21-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:5.3.6-150400.31.6.4(aarch64|x86_64)0:2.1.0beta3-150400.31.6.4(noarch)0:2021.20210325.svn30357-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn27321-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn12688-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn28038-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn57878-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn57089-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn58378-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn3006-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29036-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn57890-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52909-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn18790-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn45266-150400.31.6.4(noarch)0:2021.20210325.svn57273-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn16219-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn17794-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn15543-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25623-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn38300-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52631-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37223-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn51944-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn48871-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34112-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn30408-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn45927-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn50528-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn46996-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn48478-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn24061-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23866-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn58136-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53554-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn17399-150400.31.6.4(noarch)0:2021.20210325.svn37645-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn24759-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29031-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn8329-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn44515-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn58535-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29050-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn18336-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25860-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14752-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14758-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25997-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn13663-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34971-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn54732-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37813-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn56984-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn44835-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn49033-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32101-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn46894-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53999-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn54358-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn30983-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn42296-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn42300-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn16420-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25012-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32150-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn10937-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn27025-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn56352-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn31696-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn26126-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn15093-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn41465-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29005-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32346-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34647-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn43292-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn50281-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37750-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn38769-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23500-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23661-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23406-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14428-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn8457-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn33688-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn18674-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn30534-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37026-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53804-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn10843-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37537-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn14387-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52858-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn41779-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn49140-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn40690-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25962-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn16181-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn39165-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29348-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn13364-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52800-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32405-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn7838-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29333-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn44206-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29335-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34996-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn31638-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn32919-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn55172-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53577-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn55933-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29688-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn38710-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn21215-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn37771-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn13013-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn45011-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn15506-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn12782-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn47948-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn29741-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn33155-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn24062-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn43596-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn53444-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn6898-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn55132-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn25648-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn23262-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn6897-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn50419-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn46165-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn49312-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn52917-150400.31.6.4(aarch64|ppc64le|s390x|x86_64)0:2021.20210325.svn34398-150400.31.6.4(x86_64)0:1.1.1-150500.8.15.1(aarch64|ppc64le|s390x|x86_64)0:4.30-150300.3.12.1(noarch)0:4.30-150300.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.3.4-150200.11.14.1(noarch)0:1.3.4-150200.11.14.1(noarch)0:2.1.1-150200.10.8.1(noarch)0:2.4.2-150200.11.8.1(noarch)0:1.2-150200.15.8.1(noarch)0:1.1.1-150000.4.10.1(noarch)0:9.0.87-150200.65.1(aarch64|ppc64le|s390x|x86_64)0:3.6.22-150000.3.112.1(aarch64|ppc64le|s390x|x86_64)0:115.10.0-150200.152.134.1(noarch)0:115.10.0-150200.152.134.1(aarch64|ppc64le|s390x|x86_64)0:2.48.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150000.6.66.1(x86_64)0:1.3.0-150000.6.66.1(noarch)0:1.3.0-150000.6.66.1(noarch)0:2.10.1-150200.5.8.1(aarch64|x86_64)0:15.8-150300.4.20.2(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.74.1(x86_64)0:2.31-150300.74.1(noarch)0:2.31-150300.74.1(aarch64|ppc64le|s390x|x86_64)0:121-150500.3.3.1(x86_64)0:121-150500.3.3.1(noarch)0:121-150500.3.3.1(noarch)0:1.10-150200.3.11.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde185-150500.4.16.1(x86_64)0:5.15.8+kde185-150500.4.16.1(noarch)0:5.15.8+kde185-150500.4.16.1(aarch64|ppc64le|s390x|x86_64)0:0.9.8-150400.3.3.1(x86_64)0:0.9.8-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.9.1(x86_64)0:0.22.0-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.24.17-150500.3.16.1(noarch)0:1.24.17-150500.3.16.1(aarch64|ppc64le|s390x|x86_64)0:1.23.17-150500.3.12.1(noarch)0:1.23.17-150500.3.12.1(aarch64|x86_64)0:5.14.21-150500.33.29.1(x86_64)0:5.14.21-150500.33.29.1(noarch)0:5.14.21-150500.33.29.1(aarch64|ppc64le|s390x|x86_64)0:115.10.1-150200.8.157.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.15.1(noarch)0:7.1.0-150500.49.15.1(noarch)0:1.0.0+-150500.49.15.1(s390x|x86_64)0:7.1.0-150500.49.15.1(noarch)0:1.16.0_0_gd239552-150500.49.15.1(noarch)0:8-150500.49.15.1(noarch)0:2.6-150000.3.3.1(noarch)0:20.1.0-150400.12.6.1(aarch64|ppc64le|s390x|x86_64)0:7.4.33-150400.4.34.1(aarch64|ppc64le|s390x|x86_64)0:8.0.30-150400.4.40.1(aarch64|ppc64le|s390x|x86_64)0:3.23.0-150500.3.3.13(noarch)0:0.40.0-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.40.0-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.412-150000.3.91.1(noarch)0:1.8.0.412-150000.3.91.1(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.20.1(aarch64|ppc64le|s390x|x86_64)0:2.0.14-150000.3.34.1(x86_64)0:2.0.14-150000.3.34.1(x86_64)0:5.14.21-150500.13.47.1(noarch)0:5.14.21-150500.13.47.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150200.11.41.1(x86_64)0:3.4.2-150200.11.41.1(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.3.24.1(x86_64)0:4.4-150400.3.24.1(aarch64)0:5.14.21-150500.55.59.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.59.1(ppc64le|x86_64)0:5.14.21-150500.55.59.1(x86_64)0:5.14.21-150500.55.59.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.59.1.150500.6.25.7(noarch)0:5.14.21-150500.55.59.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.59.1(s390x)0:5.14.21-150500.55.59.1(aarch64|ppc64le|s390x|x86_64)0:2.2.4-150400.3.20.1(aarch64|x86_64)0:5.14.21-150500.33.48.1(x86_64)0:5.14.21-150500.33.48.1(noarch)0:5.14.21-150500.33.48.1(aarch64|ppc64le|s390x|x86_64)0:1.14.2-150300.11.8.1(aarch64|ppc64le|s390x|x86_64)0:11.0.23.0-150000.3.113.1(noarch)0:11.0.23.0-150000.3.113.1(aarch64|ppc64le|s390x|x86_64)0:17.0.11.0-150400.3.42.1(noarch)0:17.0.11.0-150400.3.42.1(noarch)0:0.1.1710765237.46af599-150000.1.21.2(noarch)0:2.9.27-150000.1.17.2(noarch)0:0.1.1710765237.46af599-150000.1.53.2(aarch64|ppc64le|s390x|x86_64)0:0.14.0-150000.3.18.2(noarch)0:4.3.27-150000.3.116.2(aarch64|ppc64le|s390x|x86_64)0:9.5.18-150200.3.56.1(noarch)0:3.5.6-150200.5.6.1(aarch64|ppc64le|s390x|x86_64)0:1.14.5-150500.3.9.1(noarch)0:1.14.5-150500.3.9.1(noarch)0:1.78.1-150200.3.29.1(aarch64|ppc64le|s390x|x86_64)0:3.11.9-150400.9.26.1(x86_64)0:3.11.9-150400.9.26.1(aarch64|ppc64le|s390x|x86_64)0:4.14.3-150400.59.16.1(x86_64)0:4.14.3-150400.59.16.1(aarch64|ppc64le|s390x|x86_64)0:8.6.0-150400.3.6.1(x86_64)0:8.6.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.11.0-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.5.2-150500.10.17.1(x86_64)0:2.5.2-150500.10.17.1(noarch)0:0.65-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.22.3-150000.1.15.1(aarch64|ppc64le|s390x|x86_64)0:1.21.10-150000.1.33.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.188.1(noarch)0:2.3.6-150400.6.9.1(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.3.27.1(x86_64)0:4.4-150400.3.27.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150200.11.44.1(x86_64)0:3.4.2-150200.11.44.1(aarch64|ppc64le|s390x|x86_64)0:590-150400.3.9.1(aarch64)0:5.14.21-150500.55.44.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.44.1(ppc64le|x86_64)0:5.14.21-150500.55.44.1(x86_64)0:5.14.21-150500.55.44.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.44.1.150500.6.19.2(noarch)0:5.14.21-150500.55.44.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.44.1(s390x)0:5.14.21-150500.55.44.1(aarch64|ppc64le|s390x|x86_64)0:7.2.0-150300.3.12.1(noarch)0:0.14.1-150100.6.9.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-150400.3.29.1(noarch)0:1.0.1-150300.3.8.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.30.1(x86_64)0:3.0.8-150500.5.30.1(noarch)0:3.0.8-150500.5.30.1(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150400.3.6.1(x86_64)0:3.1.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:5.2-150400.6.3.1(aarch64|ppc64le|s390x|x86_64)0:1.1.2-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:25.1-150400.9.6.1(x86_64)0:25.1-150400.9.6.1(noarch)0:3.0.1-150400.12.6.1(noarch)0:5.3.1-150400.8.6.1(noarch)0:2023.7.22-150400.12.6.2(aarch64|ppc64le|s390x|x86_64)0:1.15.1-150400.8.7.2(noarch)0:3.1.0-150400.9.7.2(aarch64|ppc64le|s390x|x86_64)0:41.0.3-150400.16.19.1(noarch)0:2.15.0-150400.5.4.1(noarch)0:2.27.0-150400.6.7.1(noarch)0:1.4.0-150400.9.3.1(noarch)0:1.11.0-150400.9.3.1(noarch)0:0.2.5-150400.9.3.1(noarch)0:3.22.0-150400.9.3.1(noarch)0:1.15.0-150400.9.3.1(noarch)0:2.4.1-150400.5.4.1(noarch)0:0.35.0-150400.9.3.1(noarch)0:1.7.1-150400.9.3.1(noarch)0:2.13.0-150400.9.3.1(noarch)0:2.21.0-150400.9.3.1(noarch)0:0.2.2-150400.9.3.1(noarch)0:3.9.0-150400.9.3.1(noarch)0:0.10.1-150400.9.3.1(noarch)0:2.17.0-150400.9.3.1(noarch)0:1.11.1-150400.9.3.1(noarch)0:3.40.1-150400.9.3.1(noarch)0:2.14.0-150400.10.3.1(noarch)0:1.10.0-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:1.5.0-150400.9.3.1(noarch)0:2.7.0-150400.10.4.1(noarch)0:1.62.0-150400.10.4.1(noarch)0:0.13.0-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:1.60.1-150400.9.7.2(noarch)0:1.60.1-150400.9.3.1(noarch)0:3.4-150400.11.6.1(noarch)0:2.0.0-150400.10.6.1(noarch)0:1.23.0-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:4.25.1-150400.9.6.1(noarch)0:1.11.0-150400.12.7.2(noarch)0:23.2.0-150400.3.10.1(noarch)0:0.5.0-150400.12.7.2(noarch)0:0.3.0-150400.12.7.1(noarch)0:2.21-150400.12.7.2(noarch)0:2023.3-150400.6.6.1(noarch)0:2.31.0-150400.6.8.1(noarch)0:4.9-150400.12.7.1(noarch)0:67.7.2-150400.3.12.1(noarch)0:0.4.4-150400.6.4.2(noarch)0:2.0.7-150400.7.14.1(noarch)0:3.4.0-150400.13.10.4(noarch)0:4.66.1-150400.9.7.4(noarch)0:22.10.0-150400.3.7.2(noarch)0:1.2.14-150400.10.7.2(noarch)0:3.2.2-150400.10.4.1(noarch)0:1.57-150400.10.4.4(noarch)0:2.8.0-150400.8.7.2(noarch)0:2.15.1-150400.7.7.4(noarch)0:22.10.0-150400.5.17.4(aarch64|ppc64le|s390x|x86_64)0:3.9.3-150400.10.18.4(noarch)0:1.3.1-150400.9.7.2(noarch)0:4.13.1-150400.10.4.1(noarch)0:3.3.0-150400.12.12.2(noarch)0:3.6.0-150400.9.7.3(noarch)0:4.0.2-150400.10.7.2(noarch)0:1.11.3-150400.10.4.1(noarch)0:1.6.2-150400.12.7.4(noarch)0:5.2.0-150400.13.7.2(noarch)0:15.1.0-150400.12.7.2(noarch)0:5.1.1-150400.12.7.4(noarch)0:1.9.0-150400.12.4.1(noarch)0:7.0.0-150400.8.4.4(noarch)0:2.21.0-150400.9.3.4(noarch)0:0.2.0-150400.9.3.1(noarch)0:0.2.0-150400.10.7.2(aarch64|ppc64le|s390x|x86_64)0:1.3.3-150400.9.7.2(noarch)0:0.22.0-150400.10.4.1(noarch)0:1.1.4-150400.11.4.1(noarch)0:10.0-150400.13.7.4(noarch)0:21.0.0-150400.12.7.4(noarch)0:6.8.0-150400.10.9.2(noarch)0:2.1.2-150400.10.7.4(noarch)0:0.6.1-150400.12.7.2(noarch)0:0.8.1-150400.10.4.4(noarch)0:2.0.0-150400.10.4.1(noarch)0:0.11.0-150400.10.4.4(noarch)0:2.0.1-150400.10.7.1(noarch)0:3.20.2-150400.9.7.1(aarch64|ppc64le|s390x|x86_64)0:6.0.4-150400.7.7.4(noarch)0:3.2.2-150400.12.7.4(noarch)0:0.11.4-150400.10.6.3(noarch)0:0.1.3-150400.10.6.1(noarch)0:0.1.2-150400.10.6.1(noarch)0:1.23.0-150400.10.7.1(noarch)0:0.44b0-150400.9.3.1(noarch)0:0.11.1-150400.9.7.2(noarch)0:22.3.1-150400.17.16.4(noarch)0:1.9.6-150400.7.7.1(noarch)0:2.7.0-150400.10.7.4(aarch64|ppc64le|s390x|x86_64)0:5.9.5-150400.6.9.4(noarch)0:0.0.30-150400.9.3.1(noarch)0:6.0.2-150400.9.4.1(noarch)0:3.0.9-150400.5.7.4(noarch)0:5.0.1-150400.12.4.4(noarch)0:1.3.1-150400.12.7.1(noarch)0:1.3.4-150400.12.4.1(noarch)0:0.14.5-150400.12.7.4(noarch)0:3.0.2-150400.10.4.1(noarch)0:23.1.0-150400.8.7.1(noarch)0:2.4.0-150400.8.7.4(noarch)0:0.4.0-150400.5.4.4(noarch)0:1.7.3-150400.9.3.4(noarch)0:2.0.1-150400.12.4.4(noarch)0:0.9.0-150400.11.7.4(noarch)0:4.5.0-150400.3.9.1(noarch)0:6.0.1-150400.7.4.4(noarch)0:1.5.1-150400.13.7.1(noarch)0:0.40.0-150400.13.7.4(aarch64|ppc64le|s390x|x86_64)0:1.15.0-150400.12.7.1(noarch)0:0.13.0-150400.12.4.1(aarch64|ppc64le|s390x|x86_64)0:1.9.2-150400.8.7.4(noarch)0:3.15.0-150400.10.7.1(aarch64|ppc64le|s390x|x86_64)0:6.0-150400.12.7.4(aarch64|x86_64)0:5.14.21-150500.33.51.1(x86_64)0:5.14.21-150500.33.51.1(noarch)0:5.14.21-150500.33.51.1(aarch64|ppc64le|s390x|x86_64)0:16.3-150200.5.13.1(x86_64)0:16.3-150200.5.13.1(noarch)0:16.3-150200.5.13.1(aarch64)0:5.14.21-150500.55.62.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.62.2(aarch64)0:5.14.21-150500.55.62.1(ppc64le|x86_64)0:5.14.21-150500.55.62.2(x86_64)0:5.14.21-150500.55.62.2(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.62.2.150500.6.27.2(noarch)0:5.14.21-150500.55.62.2(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.62.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.62.1(s390x)0:5.14.21-150500.55.62.2(x86_64)0:5.14.21-150500.13.52.1(noarch)0:5.14.21-150500.13.52.1(aarch64|ppc64le|s390x|x86_64)0:7.2.0-150300.3.15.1(aarch64|ppc64le|s390x|x86_64)0:3.8.6-150400.10.11.1(aarch64|ppc64le|s390x|x86_64)0:3.10.14-150400.4.48.1(x86_64)0:3.10.14-150400.4.48.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150400.11.3.1(x86_64)0:1.16.0-150400.11.3.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.24.1(x86_64)0:3.0.8-150500.5.24.1(noarch)0:3.0.8-150500.5.24.1(aarch64|ppc64le|s390x|x86_64)0:5.26.1-150300.17.17.1(x86_64)0:5.26.1-150300.17.17.1(noarch)0:5.26.1-150300.17.17.1(noarch)0:0.4.4-150400.6.7.1(aarch64|ppc64le|s390x|x86_64)0:14.12-150200.5.44.1(noarch)0:14.12-150200.5.44.1(aarch64|ppc64le|s390x|x86_64)0:115.11.0-150200.152.137.2(noarch)0:115.11.0-150200.152.137.2(x86_64)0:20240514-150200.41.1(aarch64|ppc64le|s390x|x86_64)0:15.7-150200.5.27.1(noarch)0:15.7-150200.5.27.1(aarch64)0:5.14.21-150500.55.65.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.65.1(ppc64le|x86_64)0:5.14.21-150500.55.65.1(x86_64)0:5.14.21-150500.55.65.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.65.1.150500.6.29.1(noarch)0:5.14.21-150500.55.65.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.65.1(s390x)0:5.14.21-150500.55.65.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.33.1(x86_64)0:3.0.8-150500.5.33.1(noarch)0:3.0.8-150500.5.33.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.412-150200.3.45.2(noarch)0:1.8.0.412-150200.3.45.2(aarch64|x86_64)0:5.14.21-150500.33.54.1(x86_64)0:5.14.21-150500.33.54.1(noarch)0:5.14.21-150500.33.54.1(aarch64|ppc64le|s390x|x86_64)0:1.16.0-150500.3.6.1(noarch)0:1.16.0-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.35.3-150300.10.39.1(noarch)0:2.35.3-150300.10.39.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.28.2(x86_64)0:1.1.1l-150500.17.28.2(noarch)0:1.1.1l-150500.17.28.2(x86_64)0:5.14.21-150500.13.55.1(noarch)0:5.14.21-150500.13.55.1(aarch64|ppc64le|s390x|x86_64)0:5.65-150500.3.6.1(noarch)0:5.65-150500.3.6.1(x86_64)0:5.65-150500.3.6.1(noarch)0:2.70.5-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.11.1(x86_64)0:2.70.5-150400.3.11.1(aarch64|x86_64)0:4.5.2-150500.6.13.1(noarch)0:4.5.2-150500.6.13.1(aarch64|ppc64le|s390x|x86_64)0:3.3a-150300.3.6.1(aarch64|ppc64le|s390x|x86_64)0:7.2.0-150300.3.6.1(noarch)0:0.7.11-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-150400.3.32.1(noarch)0:2.31.0-150400.6.12.1(aarch64|ppc64le|s390x|x86_64)0:115.11.0-150200.8.160.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.25-150000.3.89.1(x86_64)0:1.8.0_sr8.25-150000.3.89.1(aarch64|ppc64le|s390x|x86_64)0:0.8.5-150000.3.8.1(x86_64)0:0.8.5-150000.3.8.1(noarch)0:0.4.2-150300.12.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-150000.65.1(x86_64)0:2.7.18-150000.65.1(noarch)0:2.7.18-150000.65.1(noarch)0:2.10.1-150000.3.13.1(aarch64|ppc64le|s390x|x86_64)0:3.1.2-150400.12.6.1(aarch64|ppc64le|s390x|x86_64)0:3.6.23-150000.3.115.1(aarch64|ppc64le|s390x|x86_64)0:3.9.3-150400.10.21.1(aarch64|x86_64)0:12-150100.11.15.2(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.17.1(noarch)0:2.4.51-150400.6.17.1(noarch)0:4.66.4-150400.9.12.1(noarch)0:1.1.2-150200.3.10.2(noarch)0:3.25.3-150200.5.4.3(noarch)0:1.14.16-150200.5.7.1(noarch)0:2.1.4-150200.12.10.2(noarch)0:2.2-150200.12.17.2(noarch)0:2.0.0-150200.5.3.1(noarch)0:1.1.3-150200.12.8.2(noarch)0:5.0.4-150200.3.4.3(noarch)0:4.13.2-150200.3.15.2(noarch)0:5.10.2-150200.3.10.3(noarch)0:5.10.2-150200.3.10.2(noarch)0:9.7-150200.3.15.2(noarch)0:0.1.0~M2-150200.5.7.2(noarch)0:1.0-150200.5.3.3(noarch)0:1.3.9-150200.5.3.3(noarch)0:2.25.1-150300.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.22.0-150500.3.8.2(x86_64)0:1.22.0-150500.3.8.2(noarch)0:1.22.0-150500.3.8.2(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.83.1(x86_64)0:2.31-150300.83.1(noarch)0:2.31-150300.83.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.29.2(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.3.32.1(x86_64)0:4.4-150400.3.32.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150200.11.47.1(x86_64)0:3.4.2-150200.11.47.1(noarch)0:7.0.0-150400.8.7.1(noarch)0:4.2.0-150200.3.5.1(noarch)0:3.4-150400.11.10.1(aarch64|ppc64le|s390x|x86_64)0:1.0.7-150200.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.21.11-150000.1.36.1(aarch64|ppc64le|s390x|x86_64)0:1.22.4-150000.1.18.1(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.23.1(aarch64|ppc64le|s390x|x86_64)0:2.17-150500.3.16.1(aarch64|ppc64le|s390x|x86_64)0:23.01.0-150500.3.8.1(x86_64)0:23.01.0-150500.3.8.1(aarch64|ppc64le|s390x|x86_64)0:3.17.1-150000.3.9.1(aarch64|x86_64)0:1.3.0~git1.db34c02-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:10.6.18-150400.3.33.1(noarch)0:10.6.18-150400.3.33.1(aarch64|ppc64le|s390x|x86_64)0:1.14.4-150300.11.11.1(x86_64)0:1.58.0-150500.6.15.1(aarch64|x86_64)0:550.90.07-150500.11.29.1(aarch64)0:550.90.07-150500.3.47.1(x86_64)0:550.90.07-150500.3.47.1(aarch64|x86_64)0:550.90.07-150500.3.47.1(aarch64)0:550.90.07_k5.14.21_150500.55.65-150500.3.47.1(x86_64)0:550.90.07_k5.14.21_150500.33.54-150500.3.47.1(aarch64|x86_64)0:550.90.07_k5.14.21_150500.55.65-150500.3.47.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.13.1(noarch)0:1.20.0-150100.10.13.1(aarch64|ppc64le|s390x|x86_64)0:7.0.8-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.2.7-150000.3.59.1(x86_64)0:2.2.7-150000.3.59.1(x86_64)0:5.14.21-150500.13.58.1(noarch)0:5.14.21-150500.13.58.1(aarch64|x86_64)0:5.14.21-150500.33.57.1(x86_64)0:5.14.21-150500.33.57.1(noarch)0:5.14.21-150500.33.57.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.36.1(x86_64)0:3.0.8-150500.5.36.1(noarch)0:3.0.8-150500.5.36.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.44.1(x86_64)0:4.0.9-150000.45.44.1(aarch64|ppc64le|s390x|x86_64)0:0.23.2-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.12.1(noarch)0:4.9.5-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:7.4.33-150400.4.37.1(aarch64|ppc64le|s390x|x86_64)0:8.0.30-150400.4.43.1(aarch64|ppc64le|s390x|x86_64)0:9.5.0-150400.5.9.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.31.1(x86_64)0:1.1.1l-150500.17.31.1(noarch)0:1.1.1l-150500.17.31.1(aarch64|ppc64le|s390x|x86_64)0:3.2.0-150400.3.6.1(noarch)0:3.2.0-150400.3.6.1(x86_64)0:3.2.0-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:115.12.0-150200.152.140.2(noarch)0:115.12.0-150200.152.140.2(aarch64|ppc64le|s390x|x86_64)0:1.0+20220815.f40c2d5-150500.3.3.1(noarch)0:2.44.2-150400.4.83.2(aarch64|ppc64le|s390x|x86_64)0:2.44.2-150400.4.83.2(x86_64)0:2.44.2-150400.4.83.2(aarch64|ppc64le|s390x|x86_64)0:115.12.0-150200.8.163.1(aarch64|ppc64le|s390x|x86_64)0:2.42.12-150400.5.9.1(x86_64)0:2.42.12-150400.5.9.1(noarch)0:2.42.12-150400.5.9.1(noarch)0:10.1.18-150200.5.8.1(aarch64|ppc64le|s390x|x86_64)0:23.3.4.19-150300.3.14.1(aarch64|ppc64le|s390x|x86_64)0:1.0.5-150000.5.3.1(noarch)0:2.2.3-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.7.17-150000.111.3(noarch)0:1.7.17-150000.111.3(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.17.1(aarch64|ppc64le|s390x|x86_64)0:0.9.6-150300.3.9.1(aarch64|ppc64le|s390x|x86_64)0:41.0-150500.4.3.1(noarch)0:41.0-150500.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.5.1-150400.3.15.1(x86_64)0:3.5.1-150400.3.15.1(aarch64|ppc64le|s390x|x86_64)0:1.20.3-150000.3.20.1(noarch)0:1.20.3-150000.3.20.1(aarch64|ppc64le|s390x|x86_64)0:0.66.2-150400.3.5.1(noarch)0:0.66.2-150400.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2022.5.17-150000.3.21.1(aarch64)0:5.14.21-150500.55.68.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.68.1(ppc64le|x86_64)0:5.14.21-150500.55.68.1(x86_64)0:5.14.21-150500.55.68.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.68.1.150500.6.31.1(noarch)0:5.14.21-150500.55.68.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.68.1(s390x)0:5.14.21-150500.55.68.1(noarch)0:1.10.11-150400.3.17.1(noarch)0:1.10.11-150400.3.17.2(aarch64|ppc64le|s390x|x86_64)0:1.10.11-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:1.10.11-150400.3.17.2(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150300.3.10.1(aarch64|ppc64le|s390x|x86_64)0:4.1.4-150500.3.2.1(aarch64|ppc64le|s390x|x86_64)0:34.1.1-150200.3.5.1(aarch64|ppc64le|s390x|x86_64)0:0.07-150000.5.5.1(noarch)0:34.1.1-150200.3.5.1(aarch64|ppc64le|s390x|x86_64)0:4.0.2-150500.3.2.1(noarch)0:4.0.2-150500.3.2.1(aarch64|ppc64le|s390x|x86_64)0:2.3.7-150500.3.2.1(noarch)0:2.3.7-150500.3.2.1(x86_64)0:2.3.7-150500.3.2.1(noarch)0:4.1.4-150500.3.2.1(x86_64)0:4.1.4-150500.3.2.1(noarch)0:3.2.3-150300.3.10.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.191.1(noarch)0:31-150200.3.12.1(noarch)0:2.12.0-150200.5.8.1(x86_64)0:1.1.1-150500.8.18.1(aarch64|ppc64le|s390x|x86_64)0:3.10.14-150400.4.51.1(x86_64)0:3.10.14-150400.4.51.1(aarch64|ppc64le|x86_64)0:24.2.4.2-150500.20.6.5(noarch)0:24.2.4.2-150500.20.6.5(aarch64|ppc64le|s390x|x86_64)0:2.9.7-150000.3.70.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.32.1(aarch64|ppc64le|s390x|x86_64)0:3.9.19-150300.4.46.1(x86_64)0:3.9.19-150300.4.46.1(aarch64|ppc64le|s390x|x86_64)0:0.9.6-150300.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.6-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.15.1(noarch)0:4.9.5-150500.3.15.1(aarch64|ppc64le|s390x|x86_64)0:115.7.0-150200.152.123.1(noarch)0:115.7.0-150200.152.123.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.17.1(x86_64)0:2.10.3-150500.5.17.1(noarch)0:2.10.3-150500.5.17.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.194.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.9.1(x86_64)0:1.20.1-150500.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.21.12-150000.1.39.1(aarch64|ppc64le|s390x|x86_64)0:1.22.5-150000.1.21.1(noarch)0:3.10.6-150200.3.10.1(noarch)0:2.0.7-150400.7.18.1(aarch64|ppc64le|s390x|x86_64)0:23.01.0-150500.3.11.1(x86_64)0:23.01.0-150500.3.11.1(aarch64|ppc64le|s390x|x86_64)0:3.0.25-150400.4.7.1(aarch64|x86_64)0:5.14.21-150500.33.60.1(x86_64)0:5.14.21-150500.33.60.1(noarch)0:5.14.21-150500.33.60.1(aarch64|ppc64le|s390x|x86_64)0:2.13-150400.3.3.1(noarch)0:2.13-150400.3.3.1(x86_64)0:5.14.21-150500.13.61.1(noarch)0:5.14.21-150500.13.61.1(aarch64|ppc64le|s390x|x86_64)0:115.13.0-150200.152.143.1(noarch)0:115.13.0-150200.152.143.1(noarch)0:3.15.0-150400.10.10.1(aarch64|ppc64le|s390x|x86_64)0:6.7.0-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.11.0-150400.3.7.1(x86_64)0:1.11.0-150400.3.7.1(aarch64|ppc64le|s390x|x86_64)0:2.0.14-150000.3.31.1(x86_64)0:2.0.14-150000.3.31.1(noarch)0:10.1.25-150200.5.25.1(aarch64|ppc64le|s390x|x86_64)0:3.11.9-150400.9.29.1(x86_64)0:3.11.9-150400.9.29.1(aarch64|ppc64le|s390x|x86_64)0:115.12.2-150200.8.168.1(aarch64|ppc64le|s390x|x86_64)0:115.7.0-150200.8.145.1(ppc64le|x86_64)0:2.3.a-150300.21.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.65.1(x86_64)0:3.6.15-150300.10.65.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.65.2(noarch)0:9.0.91-150200.68.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.21.1(x86_64)0:0.4.3-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:18.20.4-150400.9.24.2(noarch)0:18.20.4-150400.9.24.2(aarch64|ppc64le|s390x|x86_64)0:20.15.1-150500.11.12.2(noarch)0:20.15.1-150500.11.12.2(noarch)0:2.0.7-150000.1.20.1(aarch64|ppc64le|s390x|x86_64)0:27.2-150400.3.17.1(noarch)0:27.2-150400.3.17.1(noarch)0:5.11.0-150200.3.7.1(noarch)0:2.2-150200.3.15.1(noarch)0:7.10.1-150200.3.10.1(noarch)0:2.0.7-150000.1.23.1(aarch64|ppc64le|s390x|x86_64)0:41.9-150400.3.11.1(noarch)0:41.9-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:1.3.0-150400.3.9.1(x86_64)0:1.3.0-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.29.1(noarch)0:2.4.51-150400.6.29.1(aarch64|ppc64le|s390x|x86_64)0:16.02-150200.14.12.1(noarch)0:16.02-150200.14.12.1(noarch)0:2.3.0-150400.12.6.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.197.1(aarch64|ppc64le|s390x|x86_64)0:17.0.12.0-150400.3.45.1(noarch)0:17.0.12.0-150400.3.45.1(aarch64|ppc64le|s390x|x86_64)0:11.0.24.0-150000.3.116.1(noarch)0:11.0.24.0-150000.3.116.1(aarch64|ppc64le|s390x|x86_64)0:1.50-150300.3.3.1(aarch64|x86_64)0:4.17.4_04-150500.3.33.1(x86_64)0:4.17.4_04-150500.3.33.1(noarch)0:4.17.4_04-150500.3.33.1(noarch)0:1.15.0-150000.3.5.1(aarch64|ppc64le|s390x|x86_64)0:2.35.3-150300.10.42.1(noarch)0:2.35.3-150300.10.42.1(noarch)0:4.8.1-150400.10.18.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150400.10.18.1(aarch64|x86_64)0:4.17.3_04-150500.3.21.1(x86_64)0:4.17.3_04-150500.3.21.1(noarch)0:4.17.3_04-150500.3.21.1(noarch)0:2.24.33-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:2.24.33-150400.4.3.1(x86_64)0:2.24.33-150400.4.3.1(aarch64|ppc64le|s390x|x86_64)0:3.24.34-150400.3.9.1(noarch)0:3.24.34-150400.3.9.1(x86_64)0:3.24.34-150400.3.9.1(noarch)0:1.25.10-150300.4.12.1(aarch64|ppc64le|s390x|x86_64)0:0.4.28-150000.3.6.1(x86_64)0:0.4.28-150000.3.6.1(x86_64)0:1.59.0-150500.6.18.1(x86_64)0:1.2.2-150500.8.21.1(aarch64|ppc64le|s390x|x86_64)0:3.101.2-150400.3.48.1(x86_64)0:3.101.2-150400.3.48.1(aarch64|ppc64le|s390x|x86_64)0:1.2-150100.6.3.1(aarch64|ppc64le|s390x|x86_64)0:20.02.7-150100.3.30.1(aarch64|ppc64le|s390x|x86_64)0:2.7.6-150000.5.6.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.422-150000.3.97.1(noarch)0:1.8.0.422-150000.3.97.1(aarch64|ppc64le|s390x|x86_64)0:1.18.5-150300.8.21.1(noarch)0:1.18.5-150300.8.21.1(aarch64|ppc64le|s390x|x86_64)0:115.13.0-150200.8.171.4(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.3.37.1(x86_64)0:4.4-150400.3.37.1(noarch)0:4.8.1-150400.10.21.1(aarch64|ppc64le|s390x|x86_64)0:4.8.1-150400.10.21.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150200.11.50.1(x86_64)0:3.4.2-150200.11.50.1(noarch)0:2.0.7-150000.1.27.1(aarch64|ppc64le|s390x|x86_64)0:22.05.11-150300.7.9.1(noarch)0:22.05.11-150300.7.9.1(aarch64|ppc64le|s390x|x86_64)0:23.02.7-150500.5.15.1(noarch)0:23.02.7-150500.5.15.1(aarch64|ppc64le|s390x|x86_64)0:1.23.17-150500.3.15.1(noarch)0:1.23.17-150500.3.15.1(aarch64|ppc64le|s390x|x86_64)0:1.24.17-150500.3.19.1(noarch)0:1.24.17-150500.3.19.1(aarch64|ppc64le|s390x|x86_64)0:22.2.0-150400.21.1(noarch)0:2.0.7-150000.1.30.1(aarch64|ppc64le|s390x|x86_64)0:9.16.50-150500.8.21.1(noarch)0:9.16.50-150500.8.21.1(noarch)0:2.68-150200.33.1(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.20.2(noarch)0:6.4.2-150500.3.20.2(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.20.1(aarch64|ppc64le|x86_64)0:20.11.9-150200.6.16.1(noarch)0:22.10.0-150400.5.23.1(noarch)0:19.7.1-150000.3.7.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde185-150500.4.22.1(x86_64)0:5.15.8+kde185-150500.4.22.1(noarch)0:5.15.8+kde185-150500.4.22.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.34.1(x86_64)0:1.1.1l-150500.17.34.1(noarch)0:1.1.1l-150500.17.34.1(x86_64)0:5.14.21-150500.13.64.1(noarch)0:5.14.21-150500.13.64.1(noarch)0:44.1.1-150300.7.9.1(noarch)0:67.6.1-150400.4.9.1(aarch64|ppc64le|s390x|x86_64)0:7.2.0-150300.3.18.1(aarch64|ppc64le|s390x|x86_64)0:1.25.16-150400.9.10.1(aarch64)0:5.14.21-150500.55.73.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.73.1(ppc64le|x86_64)0:5.14.21-150500.55.73.1(x86_64)0:5.14.21-150500.55.73.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.73.1.150500.6.33.8(noarch)0:5.14.21-150500.55.73.1(noarch)0:5.14.21-150500.55.73.2(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.73.1(s390x)0:5.14.21-150500.55.73.1(aarch64|x86_64)0:5.14.21-150500.33.63.1(x86_64)0:5.14.21-150500.33.63.1(noarch)0:5.14.21-150500.33.63.1(aarch64|ppc64le|s390x|x86_64)0:1.1.11-150000.58.1(noarch)0:1.9.0-150400.10.6.1(aarch64|ppc64le|s390x|x86_64)0:3.10.14-150400.4.54.1(x86_64)0:3.10.14-150400.4.54.1(aarch64|ppc64le|s390x|x86_64)0:8.6.0-150400.3.3.1(x86_64)0:8.6.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:128.1.0-150200.152.146.1(aarch64|ppc64le|s390x|x86_64)0:128-150200.9.16.1(noarch)0:128.1.0-150200.152.146.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.39.1(x86_64)0:3.0.8-150500.5.39.1(noarch)0:3.0.8-150500.5.39.1(aarch64|ppc64le|s390x|x86_64)0:2.13-150400.3.6.1(noarch)0:2.13-150400.3.6.1(noarch)0:44.1.1-150400.9.9.1(noarch)0:67.7.2-150400.3.16.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.16.1(noarch)0:1.20.0-150100.10.16.1(aarch64|x86_64)0:4.17.5_02-150500.3.36.1(x86_64)0:4.17.5_02-150500.3.36.1(noarch)0:4.17.5_02-150500.3.36.1(aarch64|ppc64le|s390x|x86_64)0:3.9.19-150300.4.49.1(x86_64)0:3.9.19-150300.4.49.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.18.1(noarch)0:7.1.0-150500.49.18.1(noarch)0:1.0.0+-150500.49.18.1(s390x|x86_64)0:7.1.0-150500.49.18.1(noarch)0:1.16.0_0_gd239552-150500.49.18.1(noarch)0:8-150500.49.18.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde1-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:5.15.8+kde0-150500.3.3.1(noarch)0:5.15.8+kde0-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.47.1(x86_64)0:8.0.1-150400.5.47.1(noarch)0:20230724-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:2.2.10~git2.345056d3-150500.3.21.1(aarch64|ppc64le|s390x|x86_64)0:0.13.69-150000.3.20.1(x86_64)0:0.13.69-150000.3.20.1(noarch)0:2.70.5-150400.3.14.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.14.1(x86_64)0:2.70.5-150400.3.14.1(aarch64|ppc64le|s390x|x86_64)0:1.21.13.1-150000.1.11.1(noarch)0:2.44.3-150400.4.88.1(aarch64|ppc64le|s390x|x86_64)0:2.44.3-150400.4.88.1(x86_64)0:2.44.3-150400.4.88.1(aarch64|ppc64le|s390x|x86_64)0:1.26.15-150400.9.11.1(x86_64)0:20240813-150200.44.1(aarch64|ppc64le|s390x|x86_64)0:1.28.13-150400.9.8.1(aarch64|ppc64le|s390x|x86_64)0:1.27.16-150400.9.10.1(aarch64|ppc64le|s390x|x86_64)0:0.8.0-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:1.14.5-150500.3.12.1(noarch)0:1.14.5-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.42.1(x86_64)0:3.0.8-150500.5.42.1(noarch)0:3.0.8-150500.5.42.1(aarch64|ppc64le|s390x|x86_64)0:8.4-150500.4.26.1(aarch64|ppc64le|s390x|x86_64)0:3.9.3-150400.10.24.1(aarch64|ppc64le|s390x|x86_64)0:115.14.0-150200.8.174.1(aarch64|ppc64le|s390x|x86_64)0:3.4.2-150200.11.57.1(x86_64)0:3.4.2-150200.11.57.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.47.1(x86_64)0:4.0.9-150000.45.47.1(noarch)0:1.7.4-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.3.15-150200.65.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.94.1(x86_64)0:1.0.2p-150000.3.94.1(noarch)0:1.0.2p-150000.3.94.1(aarch64|ppc64le|s390x|x86_64)0:25.0.6_ce-150000.207.1(noarch)0:25.0.6_ce-150000.207.1(noarch)0:2.0.7-150000.1.33.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.422-150200.3.48.2(noarch)0:1.8.0.422-150200.3.48.2(aarch64|ppc64le|s390x|x86_64)0:249.17-150400.8.43.1(x86_64)0:249.17-150400.8.43.1(noarch)0:249.17-150400.8.43.1(aarch64|ppc64le|s390x|x86_64)0:1.35.4-150500.3.10.1(aarch64|ppc64le|s390x|x86_64)0:12.20-150200.8.63.1(noarch)0:12.20-150200.8.63.1(aarch64|ppc64le|s390x|x86_64)0:1.26.15-150400.9.14.1(aarch64|ppc64le|s390x|x86_64)0:128.2.0-150200.152.149.1(noarch)0:128.2.0-150200.152.149.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.30-150000.3.92.1(x86_64)0:1.8.0_sr8.30-150000.3.92.1(aarch64|ppc64le|s390x|x86_64)0:4.4.1-150200.3.24.1(aarch64|ppc64le|s390x|x86_64)0:15.8-150200.5.30.1(noarch)0:15.8-150200.5.30.1(aarch64|ppc64le|s390x|x86_64)0:14.13-150200.5.47.1(noarch)0:14.13-150200.5.47.1(aarch64|ppc64le|s390x|x86_64)0:2.6.2-150000.3.5.1(aarch64|ppc64le|s390x|x86_64)0:9.12-150400.15.3.1(aarch64|ppc64le|s390x|x86_64)0:0.81-150400.13.2.1(noarch)0:2.6.2-150000.3.5.1(noarch)0:9.12-150400.15.3.1(aarch64|ppc64le|s390x|x86_64)0:16.4-150200.5.16.1(x86_64)0:16.4-150200.5.16.1(noarch)0:16.4-150200.5.16.1(aarch64|ppc64le|s390x|x86_64)0:13.16-150200.5.61.1(noarch)0:13.16-150200.5.61.1(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.34.1(noarch)0:2.4.51-150400.6.34.1(noarch)0:2.0.7-150000.1.36.1(aarch64|x86_64)0:5.14.21-150500.33.66.1(x86_64)0:5.14.21-150500.33.66.1(noarch)0:5.14.21-150500.33.66.1(aarch64|ppc64le|s390x|x86_64)0:3.2.3-150300.3.6.1(x86_64)0:3.2.3-150300.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.11.9-150400.9.32.3(x86_64)0:3.11.9-150400.9.32.3(aarch64|ppc64le|s390x|x86_64)0:3.11.9-150400.9.32.4(x86_64)0:3.11.9-150400.9.32.4(aarch64|ppc64le|s390x|x86_64)0:3.11.9-150400.9.32.1(x86_64)0:5.14.21-150500.13.67.3(noarch)0:5.14.21-150500.13.67.3(x86_64)0:5.14.21-150500.13.67.1(aarch64|ppc64le|s390x|x86_64)0:11.0.22.0-150000.3.110.1(noarch)0:11.0.22.0-150000.3.110.1(aarch64|ppc64le|s390x|x86_64)0:1.10.1-150400.3.3.2(x86_64)0:1.10.1-150400.3.3.2(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.50.1(x86_64)0:8.0.1-150400.5.50.1(aarch64|ppc64le|s390x|x86_64)0:1.22.7-150000.1.27.1(aarch64|ppc64le|s390x|x86_64)0:1.23.1-150000.1.6.1(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.22.1(x86_64)0:2.4.4-150400.3.22.1(aarch64|ppc64le|s390x|x86_64)0:1.7.21-150000.117.1(aarch64|ppc64le|s390x|x86_64)0:1.1.14-150000.70.1(aarch64|ppc64le|s390x|x86_64)0:1.5.3-150100.4.10.1(aarch64|ppc64le|s390x|x86_64)0:17.0.10.0-150400.3.36.1(noarch)0:17.0.10.0-150400.3.36.1(noarch)0:5.0.9-150000.3.124.1(noarch)0:1.77-150200.3.24.1(noarch)0:0.2.15-150200.11.13.1(aarch64|ppc64le|s390x|x86_64)0:0.1-150100.4.20.1(aarch64|ppc64le|s390x|x86_64)0:2.45.6-150100.4.20.1(x86_64)0:2023.0.0-150500.3.2.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-150000.60.1(x86_64)0:2.7.18-150000.60.1(noarch)0:2.7.18-150000.60.1(noarch)0:1.15.0-150000.3.10.2(aarch64|ppc64le|s390x|x86_64)0:3.8.5-150400.10.8.1(aarch64|ppc64le|s390x|x86_64)0:0.103.12-150000.3.53.1(x86_64)0:20240910-150200.47.1(aarch64|ppc64le|s390x|x86_64)0:3.6.24-150000.3.118.1(x86_64)0:5.14.21-150500.13.70.2(noarch)0:5.14.21-150500.13.70.2(x86_64)0:5.14.21-150500.13.70.1(x86_64)0:22.6.1-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:1.24.17-150500.3.22.1(noarch)0:1.24.17-150500.3.22.1(aarch64|ppc64le|s390x|x86_64)0:1.25.16-150400.9.16.1(noarch)0:1.15.0-150400.11.6.1(aarch64|ppc64le|s390x|x86_64)0:3.10.15-150400.4.57.1(x86_64)0:3.10.15-150400.4.57.1(aarch64|ppc64le|s390x|x86_64)0:4.4-150400.3.42.1(x86_64)0:4.4-150400.3.42.1(aarch64|ppc64le|s390x|x86_64)0:3.6.0-150100.3.15.1(aarch64|x86_64)0:0.10.0+0-150500.3.6.1(noarch)0:0.10.0+0-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.9.20-150300.4.52.1(x86_64)0:3.9.20-150300.4.52.1(aarch64|ppc64le|s390x|x86_64)0:3.11.10-150400.9.35.1(x86_64)0:3.11.10-150400.9.35.1(aarch64|x86_64)0:4.17.5_04-150500.3.39.1(x86_64)0:4.17.5_04-150500.3.39.1(noarch)0:4.17.5_04-150500.3.39.1(aarch64|ppc64le|s390x|x86_64)0:1.6.3-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:0.22.0-150400.3.12.1(x86_64)0:0.22.0-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.24.17-150500.3.24.1(noarch)0:1.24.17-150500.3.24.1(aarch64|ppc64le|s390x|x86_64)0:1.28.13-150400.9.10.1(aarch64|ppc64le|s390x|x86_64)0:1.27.16-150400.9.12.1(aarch64|ppc64le|s390x|x86_64)0:1.26.15-150400.9.16.1(aarch64|ppc64le|s390x|x86_64)0:1.25.16-150400.9.18.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.72.1(x86_64)0:3.6.15-150300.10.72.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1-150400.12.8.1(aarch64)0:5.14.21-150500.55.80.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.80.2(aarch64)0:5.14.21-150500.55.80.1(ppc64le|x86_64)0:5.14.21-150500.55.80.2(x86_64)0:5.14.21-150500.55.80.2(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.80.2.150500.6.35.6(noarch)0:5.14.21-150500.55.80.2(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.80.2(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.80.1(s390x)0:5.14.21-150500.55.80.2(noarch)0:3.4.0-150400.13.6.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.45.1(x86_64)0:3.0.8-150500.5.45.1(noarch)0:3.0.8-150500.5.45.1(aarch64|ppc64le|s390x|x86_64)0:128.2.3-150200.8.177.1(aarch64|ppc64le|s390x|x86_64)0:128.3.0-150200.152.152.1(noarch)0:128.3.0-150200.152.152.1(aarch64|ppc64le|s390x|x86_64)0:1.25.0-150200.3.16.1(noarch)0:2.4-150200.3.7.1(aarch64|ppc64le|s390x|x86_64)0:1.35.4-150500.3.13.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.18.1(noarch)0:4.9.5-150500.3.18.1(aarch64|ppc64le|s390x|x86_64)0:22.3.5-150500.77.5.1(x86_64)0:22.3.5-150500.77.5.1(aarch64|ppc64le|x86_64)0:22.3.5-150500.77.5.1(aarch64)0:22.3.5-150500.77.5.1(aarch64|x86_64)0:22.3.5-150500.77.5.1(aarch64|ppc64le|x86_64)0:1.0.0-150500.77.5.1(aarch64|ppc64le|s390x|x86_64)0:7.0.8-150500.3.12.1(aarch64|ppc64le|s390x|x86_64)0:0.9.6-150300.3.15.1(aarch64|ppc64le|s390x|x86_64)0:4.30-150300.3.15.1(noarch)0:4.30-150300.3.15.1(aarch64|ppc64le|s390x|x86_64)0:78.15.0-150400.3.6.2(aarch64)0:5.14.21-150500.55.83.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.83.1(ppc64le|x86_64)0:5.14.21-150500.55.83.1(x86_64)0:5.14.21-150500.55.83.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.83.1.150500.6.37.1(noarch)0:5.14.21-150500.55.83.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.83.1(s390x)0:5.14.21-150500.55.83.1(aarch64|ppc64le|s390x|x86_64)0:6.2.6-150400.3.28.1(aarch64|ppc64le|x86_64)0:24.8.1.2-150500.20.11.2(aarch64|ppc64le|s390x|x86_64)0:24.8.1.2-150500.20.11.2(noarch)0:24.8.1.2-150500.20.11.2(aarch64|x86_64)0:5.14.21-150500.33.69.1(x86_64)0:5.14.21-150500.33.69.1(noarch)0:5.14.21-150500.33.69.1(x86_64)0:5.14.21-150500.13.73.1(noarch)0:5.14.21-150500.13.73.1(noarch)0:2.31.0-150400.6.15.1(aarch64|ppc64le|s390x|x86_64)0:2.0.31-150400.3.5.1(aarch64|ppc64le|s390x|x86_64)0:128.3.1-150200.152.155.1(noarch)0:128.3.1-150200.152.155.1(aarch64|ppc64le|s390x|x86_64)0:128.3.0-150200.8.182.1(aarch64|ppc64le|s390x|x86_64)0:2.2.2-150500.8.5.1(aarch64|ppc64le|s390x|x86_64)0:4.3.12-150000.3.15.1(aarch64|ppc64le|s390x|x86_64)0:1.20.0-150100.10.19.1(noarch)0:1.20.0-150100.10.19.1(aarch64|ppc64le|s390x|x86_64)0:3.5.12-150000.7.6.1(aarch64|ppc64le|s390x|x86_64)0:8.0.30-150400.4.46.1(noarch)0:9.4.56-150200.3.28.1(aarch64|ppc64le|s390x|x86_64)0:1.35.4-150500.3.16.1(aarch64|ppc64le|s390x|x86_64)0:128.3.1-150200.8.185.1(aarch64|ppc64le|s390x|x86_64)0:7.4.33-150400.4.40.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.25.1(noarch)0:4.9.5-150500.3.25.1(aarch64|ppc64le|s390x|x86_64)0:25.1-150500.12.5.1(x86_64)0:25.1-150500.12.5.1(aarch64|ppc64le|s390x|x86_64)0:4.25.1-150500.12.5.1(aarch64|ppc64le|s390x|x86_64)0:4.9.5-150500.3.28.1(noarch)0:4.9.5-150500.3.28.1(aarch64|ppc64le|s390x|x86_64)0:1.35.4-150500.3.19.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.37.1(x86_64)0:1.1.1l-150500.17.37.1(noarch)0:1.1.1l-150500.17.37.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.48.1(x86_64)0:3.0.8-150500.5.48.1(noarch)0:3.0.8-150500.5.48.1(aarch64|ppc64le|s390x|x86_64)0:1.22.7.1-150000.1.3.1(aarch64|ppc64le|s390x|x86_64)0:1.23.2.2-150000.1.3.1(aarch64|ppc64le|s390x|x86_64)0:6.2.0-150500.8.6.1(noarch)0:6.2.0-150500.8.6.1(aarch64|ppc64le|x86_64)0:6.2.0-150500.8.6.1(aarch64|ppc64le|s390x|x86_64)0:21.1.4-150500.7.29.1(aarch64|ppc64le|s390x|x86_64)0:22.1.5-150500.7.25.1(aarch64|ppc64le|s390x|x86_64)0:1.21.13.4-150000.1.14.1(noarch)0:2.3.6-150400.6.12.1(noarch)0:0.0.20241028T152002-150000.1.6.1(aarch64|ppc64le|s390x|x86_64)0:2.2.10~git18.20ce9289-150500.3.24.1(aarch64|ppc64le|s390x|x86_64)0:2.0.19.1-150400.8.3.1(aarch64|ppc64le|s390x|x86_64)0:1.25.0-150200.3.19.2(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.37.1(noarch)0:2.4.51-150400.6.37.1(noarch)0:2.46.0-150400.4.91.1(aarch64|ppc64le|s390x|x86_64)0:2.46.0-150400.4.91.1(x86_64)0:2.46.0-150400.4.91.1(aarch64|ppc64le|s390x|x86_64)0:1.16.1-150000.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.5.9-150000.4.32.1(noarch)0:2.5.9-150000.4.32.1(aarch64|ppc64le|s390x|x86_64)0:11.0.25.0-150000.3.119.1(noarch)0:11.0.25.0-150000.3.119.1(noarch)0:2.1.2-150400.12.7.1(aarch64|ppc64le|s390x|x86_64)0:5.1.4-150000.3.32.1(aarch64|ppc64le|s390x|x86_64)0:5.1.4-150000.3.3.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.75.1(x86_64)0:3.6.15-150300.10.75.1(aarch64|ppc64le|s390x|x86_64)0:128.4.0-150200.152.158.1(noarch)0:128.4.0-150200.152.158.1(noarch)0:0.0.20241030T212825-150000.1.9.1(aarch64|ppc64le|s390x|x86_64)0:1.14.50-150400.3.6.1(x86_64)0:1.14.50-150400.3.6.1(noarch)0:1.14.50-150400.3.6.1(aarch64|ppc64le|s390x|x86_64)0:4.4.1-150200.3.27.1(aarch64|ppc64le|s390x|x86_64)0:3.10.15-150400.4.60.1(x86_64)0:3.10.15-150400.4.60.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.56.1(x86_64)0:8.0.1-150400.5.56.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.200.1(aarch64|ppc64le|s390x|x86_64)0:3.9.20-150300.4.55.2(x86_64)0:3.9.20-150300.4.55.2(aarch64|ppc64le|s390x|x86_64)0:3.9.20-150300.4.55.1(x86_64)0:3.9.20-150300.4.55.1(aarch64|ppc64le|s390x|x86_64)0:7.1.0-150500.49.24.1(noarch)0:7.1.0-150500.49.24.1(noarch)0:1.0.0+-150500.49.24.1(s390x|x86_64)0:7.1.0-150500.49.24.1(noarch)0:1.16.0_0_gd239552-150500.49.24.1(noarch)0:8-150500.49.24.1(noarch)0:0.0.20241104T154416-150000.1.12.1(aarch64|ppc64le|s390x|x86_64)0:3.11.10-150400.9.38.2(x86_64)0:3.11.10-150400.9.38.2(aarch64|ppc64le|s390x|x86_64)0:3.11.10-150400.9.38.1(aarch64|ppc64le|s390x|x86_64)0:1.12.0-150400.3.14.1(x86_64)0:1.12.0-150400.3.14.1(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.40.1(noarch)0:2.4.51-150400.6.40.1(aarch64|ppc64le|s390x|x86_64)0:17.0.13.0-150400.3.48.2(noarch)0:17.0.13.0-150400.3.48.2(noarch)0:3.16.0-150200.3.9.2(noarch)0:6.10.0-150200.11.6.2(noarch)0:82-150200.3.10.1(noarch)0:3.10.6-150200.3.13.2(noarch)0:2.7.3-150200.11.7.1(noarch)0:2.12.2-150200.3.10.2(aarch64|x86_64)0:4.17.5_06-150500.3.42.1(x86_64)0:4.17.5_06-150500.3.42.1(noarch)0:4.17.5_06-150500.3.42.1(aarch64|x86_64)0:5.14.21-150500.33.72.1(x86_64)0:5.14.21-150500.33.72.1(noarch)0:5.14.21-150500.33.72.1(x86_64)0:5.14.21-150500.13.76.1(noarch)0:5.14.21-150500.13.76.1(aarch64|ppc64le|s390x|x86_64)0:4.1.1-150400.10.1(aarch64|ppc64le|s390x|x86_64)0:2.4.51-150400.6.43.1(noarch)0:2.4.51-150400.6.43.1(noarch)0:2.42.4-150400.4.70.3(aarch64|ppc64le|s390x|x86_64)0:2.42.4-150400.4.70.3(x86_64)0:2.42.4-150400.4.70.3(aarch64|ppc64le|s390x|x86_64)0:1.0.8-150000.1.23.3(aarch64|ppc64le|s390x|x86_64)0:0.16.0-150000.3.21.4(noarch)0:5.0.10-150000.3.127.3(aarch64|ppc64le|s390x|x86_64)0:0.6.0-150000.1.17.4(aarch64|ppc64le|s390x|x86_64)0:2.4.4-150400.3.25.1(x86_64)0:2.4.4-150400.3.25.1(noarch)0:4.5.14-150200.3.9.1(noarch)0:4.4.14-150200.3.9.1(noarch)0:1.2.0-150200.11.3.1(noarch)0:1.4.21-150200.3.28.1(noarch)0:0.0.20241112T145010-150000.1.17.1(aarch64|ppc64le|s390x|x86_64)0:128.4.3-150200.8.188.1(x86_64)0:20241112-150200.50.1(aarch64|ppc64le|s390x|x86_64)0:6.3.4-150200.3.15.1(noarch)0:6.3.4-150200.3.15.1(noarch)0:1.18-150200.4.10.2(noarch)0:2.10-150200.3.10.2(noarch)0:2.10-150200.13.10.1(aarch64|ppc64le|s390x|x86_64)0:3.21.10-150400.3.14.1(aarch64|ppc64le|s390x|x86_64)0:3.9.3-150400.10.27.1(noarch)0:2.70.5-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:2.70.5-150400.3.17.1(x86_64)0:2.70.5-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:128.5.0-150200.152.161.1(noarch)0:128.5.0-150200.152.161.1(aarch64|x86_64)0:202208-150500.6.3.1(noarch)0:202208-150500.6.3.1(x86_64)0:202208-150500.6.3.1(aarch64|ppc64le|s390x|x86_64)0:8.5.6-150500.4.30.1(noarch)0:20.22.0-150400.9.6.1(aarch64|ppc64le|s390x|x86_64)0:12.22-150200.8.66.1(noarch)0:12.22-150200.8.66.1(noarch)0:10.1.33-150200.5.28.1(noarch)0:9.0.97-150200.71.1(noarch)0:1.4.3-150000.3.9.1(aarch64|ppc64le|s390x|x86_64)0:1.44.2-150500.3.5.1(x86_64)0:1.44.2-150500.3.5.1(aarch64|ppc64le|s390x|x86_64)0:3.6.0-150100.3.18.1(noarch)0:2.46.3-150400.4.97.1(aarch64|ppc64le|s390x|x86_64)0:2.46.3-150400.4.97.1(x86_64)0:2.46.3-150400.4.97.1(aarch64|ppc64le|s390x|x86_64)0:3.9.20-150300.4.58.1(x86_64)0:3.9.20-150300.4.58.1(aarch64|ppc64le|s390x|x86_64)0:6.3.2-150400.9.6.1(aarch64|ppc64le|s390x|x86_64)0:1.20.3-150000.3.26.1(noarch)0:1.20.3-150000.3.26.1(aarch64|ppc64le|s390x|x86_64)0:7.4.33-150400.4.43.1(aarch64|ppc64le|s390x|x86_64)0:128.5.0-150200.8.191.1(aarch64|ppc64le|s390x|x86_64)0:2.7.18-150000.68.1(x86_64)0:2.7.18-150000.68.1(noarch)0:2.7.18-150000.68.1(aarch64|ppc64le|s390x|x86_64)0:3.10.15-150400.4.63.1(x86_64)0:3.10.15-150400.4.63.1(aarch64|ppc64le|s390x|x86_64)0:17.2-150200.5.5.1(x86_64)0:17.2-150200.5.5.1(noarch)0:17-150500.10.9.1(aarch64|ppc64le|s390x|x86_64)0:16.6-150200.5.21.1(noarch)0:16.6-150200.5.21.1(noarch)0:17.2-150200.5.5.1(aarch64|ppc64le|s390x|x86_64)0:15.10-150200.5.33.1(noarch)0:15.10-150200.5.33.1(aarch64|ppc64le|s390x|x86_64)0:13.18-150200.5.64.1(noarch)0:13.18-150200.5.64.1(aarch64|ppc64le|s390x|x86_64)0:14.15-150200.5.50.1(noarch)0:14.15-150200.5.50.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.78.1(x86_64)0:3.6.15-150300.10.78.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.432-150000.3.100.1(noarch)0:1.8.0.432-150000.3.100.1(aarch64|ppc64le|s390x|x86_64)0:24.0.9_ce-150000.1.5.1(noarch)0:24.0.9_ce-150000.1.5.1(noarch)0:0.5.4-150100.3.6.1(aarch64|ppc64le|s390x|x86_64)0:3.16.3-150000.1.38.1(noarch)0:3.16.3-150000.1.38.1(aarch64|ppc64le|s390x|x86_64)0:8.0.30-150400.4.49.1(aarch64|ppc64le|s390x|x86_64)0:0.9.3-150400.3.3.1(x86_64)0:0.9.3-150400.3.3.1(noarch)0:0.0.20241209T183251-150000.1.20.1(aarch64|ppc64le|s390x|x86_64)0:2.2.3-150400.3.17.1(aarch64|ppc64le|s390x|x86_64)0:20.18.1-150500.11.15.1(noarch)0:20.18.1-150500.11.15.1(aarch64|ppc64le|s390x|x86_64)0:18.20.5-150400.9.30.1(noarch)0:18.20.5-150400.9.30.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.0-150400.14.6.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.35-150000.3.95.1(x86_64)0:1.8.0_sr8.35-150000.3.95.1(x86_64)0:5.14.21-150500.13.79.1(noarch)0:5.14.21-150500.13.79.1(aarch64|ppc64le|s390x|x86_64)0:128.5.1-150200.152.164.1(noarch)0:128.5.1-150200.152.164.1(aarch64|ppc64le|s390x|x86_64)0:128.5.2-150200.8.194.1(aarch64|ppc64le|s390x|x86_64)0:3.9.3-150400.10.30.1(aarch64|ppc64le|s390x|x86_64)0:3.6.0-150100.3.21.1(aarch64|ppc64le|s390x|x86_64)0:0.5.3-150000.1.12.1(aarch64|ppc64le|s390x|x86_64)0:9.1.0836-150500.20.15.1(noarch)0:9.1.0836-150500.20.15.1(aarch64|ppc64le|s390x|x86_64)0:3.7.1-150400.3.9.1(noarch)0:3.7.1-150400.3.9.1(x86_64)0:3.7.1-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:20230517+a377993-150400.9.3.1(x86_64)0:20230517+a377993-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:2.74.2-150400.3.3.1(x86_64)0:2.74.2-150400.3.3.1(noarch)0:2.74.2-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:10.80.1-150000.3.14.1(x86_64)0:10.80.1-150000.3.14.1(aarch64|ppc64le|s390x|x86_64)0:3.0.4-150400.3.3.1(x86_64)0:3.0.4-150400.3.3.1(noarch)0:3.0.4-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:8.0.1-150400.5.59.1(x86_64)0:8.0.1-150400.5.59.1(aarch64|ppc64le|s390x|x86_64)0:26.1.5_ce-150000.212.1(noarch)0:26.1.5_ce-150000.212.1(aarch64)0:5.14.21-150500.55.88.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.88.1(ppc64le|x86_64)0:5.14.21-150500.55.88.1(x86_64)0:5.14.21-150500.55.88.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.88.1.150500.6.39.4(ppc64le|s390x|x86_64)0:5.14.21-150500.55.88.1(noarch)0:5.14.21-150500.55.88.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.88.1(s390x)0:5.14.21-150500.55.88.1(aarch64|ppc64le|s390x|x86_64)0:1.14.1-150400.5.3.1(noarch)0:1.14.1-150400.5.3.1(aarch64|x86_64)0:5.14.21-150500.33.75.1(x86_64)0:5.14.21-150500.33.75.1(noarch)0:5.14.21-150500.33.75.1(aarch64|ppc64le|s390x|x86_64)0:0.8-150400.7.20.1(noarch)0:0.8-150400.7.20.1(x86_64)0:0.8-150400.7.20.1(aarch64|ppc64le|s390x|x86_64)0:24.0.9_ce-150000.1.8.1(noarch)0:24.0.9_ce-150000.1.8.1(aarch64|ppc64le|s390x|x86_64)0:27.2-150400.3.20.2(noarch)0:27.2-150400.3.20.2(aarch64|ppc64le|s390x|x86_64)0:3.6.0-150100.3.24.1(aarch64|ppc64le|s390x|x86_64)0:115.6.0-150200.8.142.2(noarch)0:4.0.5-150200.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.1.115-150200.4.26.1(noarch)0:4.1.115-150200.4.26.1(aarch64|ppc64le|s390x|x86_64)0:2.0.69-150200.3.22.1(noarch)0:2.0.69-150200.3.22.1(x86_64)0:1.1.1-150500.8.9.1(aarch64|ppc64le|s390x|x86_64)0:78.15.0-150400.3.11.1(aarch64|ppc64le|s390x|x86_64)0:14.2-150400.15.20.1(x86_64)0:1.58.0-150500.6.9.1(aarch64|ppc64le|s390x|x86_64)0:23.01.0-150500.3.14.1(x86_64)0:23.01.0-150500.3.14.1(aarch64|ppc64le|s390x|x86_64)0:1.60.1-150500.12.6.1(noarch)0:0.0.20241218T202206-150000.1.23.1(aarch64|ppc64le|s390x|x86_64)0:1.60.0-150500.11.8.1(noarch)0:1.60.0-150500.11.8.1(noarch)0:12.0-150000.8.40.1(aarch64|ppc64le|s390x|x86_64)0:5.7-150400.3.23.1(aarch64|ppc64le|s390x|x86_64)0:1.1.12-150000.61.2(aarch64|ppc64le|s390x|x86_64)0:1.3.5-150400.4.19.1(aarch64|ppc64le|s390x|x86_64)0:2.9.7-150000.3.66.1(x86_64)0:5.14.21-150500.13.35.1(noarch)0:5.14.21-150500.13.35.1(noarch)0:9.0.85-150200.57.1(noarch)0:10.1.18-150200.5.11.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.402-150200.3.42.1(noarch)0:1.8.0.402-150200.3.42.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0-150000.1.20.1(aarch64|ppc64le|s390x|x86_64)0:0.10.1-150000.1.17.1(noarch)0:4.3.26-150000.3.113.1(aarch64|ppc64le|s390x|x86_64)0:3006.0-150500.4.29.1(noarch)0:3006.0-150500.4.29.1(aarch64|ppc64le|s390x|x86_64)0:9.5.8-150200.3.53.2(aarch64|ppc64le|s390x|x86_64)0:0.26.0-150100.4.19.1(aarch64|x86_64)0:5.14.21-150500.33.34.1(x86_64)0:5.14.21-150500.33.34.1(noarch)0:5.14.21-150500.33.34.1(aarch64)0:5.14.21-150500.55.49.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.49.1(ppc64le|x86_64)0:5.14.21-150500.55.49.1(x86_64)0:5.14.21-150500.55.49.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.49.1.150500.6.21.2(noarch)0:5.14.21-150500.55.49.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.49.1(s390x)0:5.14.21-150500.55.49.1(aarch64|ppc64le|s390x|x86_64)0:3.2.0-150400.3.3.1(noarch)0:3.2.0-150400.3.3.1(x86_64)0:3.2.0-150400.3.3.1(aarch64|ppc64le|s390x|x86_64)0:13.14-150200.5.53.1(noarch)0:13.14-150200.5.53.1(aarch64|ppc64le|s390x|x86_64)0:12.18-150200.8.57.1(noarch)0:12.18-150200.8.57.1(aarch64|ppc64le|x86_64)0:19.11.10-150500.5.3.1(noarch)0:19.11.10-150500.5.3.1(aarch64|ppc64le|x86_64)0:19.11.10_k5.14.21_150500.55.44-150500.5.3.1(aarch64)0:19.11.10-150500.5.3.1(aarch64)0:19.11.10_k5.14.21_150500.55.44-150500.5.3.1(noarch)0:1.10.11-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:1.10.11-150400.3.12.1(noarch)0:2.42.5-150400.4.75.1(aarch64|ppc64le|s390x|x86_64)0:2.42.5-150400.4.75.1(x86_64)0:2.42.5-150400.4.75.1(aarch64|ppc64le|s390x|x86_64)0:1.1.1l-150500.17.25.1(x86_64)0:1.1.1l-150500.17.25.1(noarch)0:1.1.1l-150500.17.25.1(aarch64|ppc64le|s390x|x86_64)0:16.2-150200.5.10.1(x86_64)0:16.2-150200.5.10.1(noarch)0:16.2-150200.5.10.1(aarch64|ppc64le|s390x|x86_64)0:15.6-150200.5.22.1(noarch)0:15.6-150200.5.22.1(aarch64|ppc64le|s390x|x86_64)0:14.11-150200.5.39.1(noarch)0:14.11-150200.5.39.1(aarch64|ppc64le|s390x|x86_64)0:2.14.2-150400.24.20.1(aarch64|ppc64le|s390x|x86_64)0:20.06.2-150400.24.20.1(noarch)0:2.14.2-150400.24.20.1(noarch)0:20.06.2-150400.24.20.1(aarch64|ppc64le|s390x|x86_64)0:2.10.3-150500.5.14.1(x86_64)0:2.10.3-150500.5.14.1(noarch)0:2.10.3-150500.5.14.1(aarch64|ppc64le|s390x|x86_64)0:3.9.9-150300.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.11.0-150000.4.25.1(x86_64)0:1.11.0-150000.4.25.1(noarch)0:3.6.1-150200.3.7.3(noarch)0:3.6.0-150200.3.7.2(noarch)0:3.3.2-150200.3.7.3(noarch)0:3.11.0-150200.3.7.1(noarch)0:1.13.2-150200.3.7.2(noarch)0:3.2.1-150200.3.7.2(noarch)0:3.4.1-150200.3.7.2(noarch)0:3.9.0-150200.3.7.3(noarch)0:3.9.0-150200.3.7.5(noarch)0:3.9.0-150200.3.7.1(noarch)0:9.6-150200.3.11.3(noarch)0:4.8.0-150200.3.7.2(noarch)0:2.14.2-150200.3.9.2(noarch)0:5.11.0-150200.3.15.2(noarch)0:0.2.9-150200.11.10.1(aarch64|ppc64le|s390x|x86_64)0:20230802.1-150400.10.4.1(aarch64|ppc64le|s390x|x86_64)0:1.60.0-150400.8.3.2(noarch)0:1.60.0-150400.8.3.2(x86_64)0:20230802.1-150400.10.4.1(aarch64|ppc64le|s390x|x86_64)0:25.1-150400.9.3.1(x86_64)0:25.1-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:20240201-150400.9.3.1(x86_64)0:20240201-150400.9.3.1(noarch)0:0.3.0+git.20200721-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:1.60.0-150400.9.3.2(aarch64|ppc64le|s390x|x86_64)0:4.25.1-150400.9.3.1(aarch64|ppc64le|s390x|x86_64)0:9.16.48-150500.8.16.1(noarch)0:9.16.48-150500.8.16.1(aarch64|ppc64le|s390x|x86_64)0:3.9.3-150400.10.14.1(aarch64|ppc64le|s390x|x86_64)0:3.6.20-150000.3.109.1(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.54.1(x86_64)0:3.6.15-150300.10.54.1(aarch64|ppc64le|s390x|x86_64)0:24.0.7_ce-150000.193.1(noarch)0:24.0.7_ce-150000.193.1(aarch64|ppc64le|s390x|x86_64)0:1.5.3-150100.4.13.1(noarch)0:2.2.3-150400.3.9.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.38.1(x86_64)0:4.0.9-150000.45.38.1(aarch64|ppc64le|s390x|x86_64)0:3.10.13-150400.4.39.1(x86_64)0:3.10.13-150400.4.39.1(aarch64|ppc64le|s390x|x86_64)0:8.4p1-150300.3.30.1(aarch64|ppc64le|s390x|x86_64)0:3.90.2-150400.3.39.1(x86_64)0:3.90.2-150400.3.39.1(aarch64|ppc64le|s390x|x86_64)0:1.11.0-150000.4.22.1(x86_64)0:1.11.0-150000.4.22.1(aarch64|ppc64le|s390x|x86_64)0:3.9.0-150200.9.1(aarch64|ppc64le|s390x|x86_64)0:115.8.0-150200.152.126.3(noarch)0:115.8.0-150200.152.126.3(aarch64|ppc64le|s390x|x86_64)0:115.8.0-150200.8.148.1(ppc64le|s390x|x86_64)0:1.8.0_sr8.20-150000.3.86.1(x86_64)0:1.8.0_sr8.20-150000.3.86.1(aarch64|ppc64le|s390x|x86_64)0:6.4.2-150500.3.14.1(noarch)0:6.4.2-150500.3.14.1(aarch64|ppc64le|s390x|x86_64)0:3.7.3-150400.4.41.3(x86_64)0:3.7.3-150400.4.41.3(aarch64|ppc64le|s390x|x86_64)0:20.11.1-150500.11.6.1(noarch)0:20.11.1-150500.11.6.1(aarch64|ppc64le|s390x|x86_64)0:2.4.0-150400.3.26.1(ppc64le|x86_64)0:2.7-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:1.34-150000.3.34.1(noarch)0:1.34-150000.3.34.1(noarch)0:1.16.1-150200.3.9.1(noarch)0:1.26.0-150200.3.16.1(noarch)0:2.9.0-150200.5.5.1(noarch)0:2.15.1-150200.3.12.1(noarch)0:6.2.0-150200.3.7.1(aarch64|ppc64le|s390x|x86_64)0:3.9.6-150200.4.21.2(noarch)0:3.6.0-150200.3.10.1(noarch)0:1.12.0-150200.4.7.2(noarch)0:1.11.1-150200.3.7.1(noarch)0:3.3.0-150200.3.10.1(noarch)0:3.9.6-150200.4.21.2(noarch)0:3.6.0-150200.4.10.1(noarch)0:3.1.1-150200.3.7.1(noarch)0:3.2.0-150200.4.6.2(noarch)0:1.9.18-150200.3.17.2(noarch)0:3.3.1-150200.3.12.1(noarch)0:0.13.18-150200.4.19.7(aarch64|ppc64le|s390x|x86_64)0:4.2.0-150200.3.18.1(noarch)0:4.2.0-150200.3.18.1(aarch64|ppc64le|s390x|x86_64)0:18.19.1-150400.9.18.2(noarch)0:18.19.1-150400.9.18.2(aarch64|ppc64le|s390x|x86_64)0:3.1.0-150500.3.16.1(aarch64|ppc64le|s390x|x86_64)0:23.03.0-150500.3.16.1(noarch)0:3.1.0-150500.3.16.1(noarch)0:23.03.0-150500.3.16.1(noarch)0:8.15.2-150000.8.12.1(aarch64|ppc64le|s390x|x86_64)0:8.15.2-150000.8.12.1(aarch64|ppc64le|s390x|x86_64)0:2.3.8-150100.3.28.1(aarch64|ppc64le|s390x|x86_64)0:2.6.4+git.1702030539.5fb7d91b-150000.3.39.1(aarch64|ppc64le|s390x|x86_64)0:41.0.3-150400.16.15.1(aarch64|ppc64le|s390x|x86_64)0:2.10-150500.3.3.1(aarch64|ppc64le|s390x|x86_64)0:2.0.8-150000.3.21.2(aarch64|x86_64)0:550.54.14-150500.11.18.1(aarch64)0:550.54.14-150500.3.36.1(x86_64)0:550.54.14-150500.3.36.1(aarch64|x86_64)0:550.54.14-150500.3.36.1(aarch64)0:550.54.14_k5.14.21_150500.55.49-150500.3.36.1(x86_64)0:550.54.14_k5.14.21_150500.33.34-150500.3.36.1(aarch64|x86_64)0:550.54.14_k5.14.21_150500.55.49-150500.3.36.1(noarch)0:42.2.25-150400.3.12.1(aarch64|ppc64le|s390x|x86_64)0:3.11.8-150400.9.23.1(x86_64)0:3.11.8-150400.9.23.1(aarch64|ppc64le|s390x|x86_64)0:3.9.18-150300.4.38.1(x86_64)0:3.9.18-150300.4.38.1(aarch64|ppc64le|s390x|x86_64)0:5.2.2-150000.4.13.1(x86_64)0:5.2.2-150000.4.13.1(noarch)0:1.22.0-150200.3.7.1(noarch)0:1.17-150200.4.7.1(aarch64|ppc64le|s390x|x86_64)0:1.21.8-150000.1.27.1(aarch64|ppc64le|s390x|x86_64)0:1.22.1-150000.1.9.1(aarch64|ppc64le|s390x|x86_64)0:3.0.8-150500.5.27.1(x86_64)0:3.0.8-150500.5.27.1(noarch)0:3.0.8-150500.5.27.1(noarch)0:9.4.54-150200.3.25.1(aarch64|ppc64le|s390x|x86_64)0:3.10.13-150400.4.42.1(x86_64)0:3.10.13-150400.4.42.1(aarch64|x86_64)0:4.17.3_06-150500.3.24.1(x86_64)0:4.17.3_06-150500.3.24.1(noarch)0:4.17.3_06-150500.3.24.1(aarch64|ppc64le|s390x|x86_64)0:1.0.2p-150000.3.91.1(x86_64)0:1.0.2p-150000.3.91.1(noarch)0:1.0.2p-150000.3.91.1(aarch64|ppc64le|s390x|x86_64)0:1.8.0.402-150000.3.88.1(noarch)0:1.8.0.402-150000.3.88.1(noarch)0:1.4-150200.13.9.1(aarch64|x86_64)0:5.14.21-150500.33.37.1(x86_64)0:5.14.21-150500.33.37.1(noarch)0:5.14.21-150500.33.37.1(aarch64)0:5.14.21-150500.55.52.1(aarch64|ppc64le|s390x|x86_64)0:5.14.21-150500.55.52.1(ppc64le|x86_64)0:5.14.21-150500.55.52.1(x86_64)0:5.14.21-150500.55.52.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.52.1.150500.6.23.1(noarch)0:5.14.21-150500.55.52.1(aarch64|ppc64le|x86_64)0:5.14.21-150500.55.52.1(s390x)0:5.14.21-150500.55.52.1(aarch64|ppc64le|s390x|x86_64)0:20200314-150200.3.6.1(noarch)0:20200314-150200.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.31-150300.68.1(x86_64)0:2.31-150300.68.1(noarch)0:2.31-150300.68.1(aarch64|ppc64le|s390x|x86_64)0:1.9.12p1-150500.7.10.1(x86_64)0:0.46-150100.3.9.1(aarch64|ppc64le|s390x|x86_64)0:115.8.1-150200.8.151.1(aarch64|ppc64le|s390x|x86_64)0:13.2-150400.15.14.1(aarch64|ppc64le|s390x|x86_64)0:13.2-150400.15.14.4(aarch64|ppc64le|s390x|x86_64)0:3.6.15-150300.10.57.1(x86_64)0:3.6.15-150300.10.57.1(noarch)0:2.0.7-150000.1.17.1(aarch64|ppc64le|s390x|x86_64)0:2.2.8~git65.347aae6-150500.3.17.1(x86_64)0:5.14.21-150500.13.38.1(noarch)0:5.14.21-150500.13.38.1(aarch64|ppc64le|s390x|x86_64)0:9.52-150000.185.1(aarch64|ppc64le|s390x|x86_64)0:2.14.2-150400.24.23.1(aarch64|ppc64le|s390x|x86_64)0:20.06.2-150400.24.23.1(noarch)0:2.14.2-150400.24.23.1(noarch)0:20.06.2-150400.24.23.1(aarch64|ppc64le|s390x|x86_64)0:1.5.3-150100.4.18.1(aarch64|ppc64le|s390x|x86_64)0:1.0.0-150500.3.6.1(x86_64)0:1.0.0-150500.3.6.1(aarch64|ppc64le|s390x|x86_64)0:2.2.11-150000.3.9.1(aarch64|ppc64le|s390x|x86_64)0:0.13.69-150000.3.17.1(x86_64)0:0.13.69-150000.3.17.1(noarch)0:217.293.v56de4d4d3515-150200.3.7.1(aarch64|ppc64le|s390x|x86_64)0:4.0.9-150000.45.41.1(x86_64)0:4.0.9-150000.45.41.1(noarch)0:0.0.9-150200.3.7.1(aarch64|ppc64le|s390x|x86_64)0:1.20.1-150500.3.6.1(x86_64)0:1.20.1-150500.3.6.1(noarch)0:2.10.1-150000.3.18.1(aarch64|ppc64le|s390x|x86_64)0:3.1.2-150400.12.11.1